-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The security considerations section of XEP-0249 (Direct MUC Invitations) is void of content. I suppose that a few attacks are possible:
1. The sender of the invitation could overload the 'reason' attribute with malicious or offensive text. 2. The sender of the invitation could use a mimicked JID (see XEP-0156) to fool you into thinking that you are receiving an invitation from a known or trusted entity. 3. A malicious entity could flood you with chatroom invitations. 4. A malicious entity in the middle could modify the invitation in transit so that you are directed to a different room than intended by the sender. 5. A malicious entity in the middle could listen in on the chatroom invitations you send or receive. Anything else? I don't know if we think these attacks are serious, but we might want to mention them (or refer to other specifications that discuss them). Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoxOWUACgkQNL8k5A2w/vxDnwCgzr4K1ceL77haiZCHrnhXvfdS NesAn2hcGhH/BOWoXK43sm8eJZORqyiW =yM4W -----END PGP SIGNATURE-----
