On Wed, 11 Feb 2009 10:45:34 -0800 Justin Karneges <[email protected]> wrote:
> On Wednesday 11 February 2009 05:06:24 Kevin Smith wrote: > > On Wed, Feb 11, 2009 at 12:58 PM, Kurt Zeilenga > > <[email protected]> > wrote: > > > I'm thinking more about a non-comprised server case, but just the > > > case of poor administrative practices. > > > > Ok, I follow, thanks. Given that, maybe keeping password > > requirements on all affiliations is sensible. > > There are quite many XMPP services (bots and such) that you > authenticate with just by JID. Why would those things be okay, but > MUC is somehow more secure and requires a password? > > I smell a new security discussion. Wouldn't these be better on the security list? I'm also against over-specific password authentication in individual XEPS. If we want better authentication, it may be reused by several XEPs and may be optional, too. Pavel > -Justin -- Freelance consultant and trainer in networking, communications and security. Web: http://www.pavlix.net/ Jabber, Mail: pavlix(at)pavlix.net OpenID: pavlix.net
