Forwarding to standards@ so that we can have a public discussion... -------- Original Message -------- Subject: Re: [Council] Minutes of Council 2009-11-23 Date: Tue, 24 Nov 2009 17:03:54 +0000 From: Dave Cridland <[email protected]> Reply-To: XMPP Council <[email protected]> To: XMPP Council <[email protected]> References: <[email protected]> <27382.1259079316.574...@puncture> <[email protected]>
On Tue Nov 24 16:42:17 2009, Peter Saint-Andre wrote: > And do feel free to weigh in on XEP-0249. :) Yes, I'll weigh in on this with a -1, I'm afraid. The security considerations should be referencing XEP-0045, but it also needs to draw specific attention to the fact the password is included in the clear, and may be intercepted. This is no more or less secure than existing mediated invitations, of course - all parties with the ability to snoop the password still have it with direct invitations. Also, it's probably worth noting that the common alternative to password, being member-only rooms with the service automatically adding invited user to the member list, won't work as transparently here, so inviters shoudl send invitees both mediated and direct invitations. Dave. -- Dave Cridland - mailto:[email protected] - xmpp:[email protected] - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
smime.p7s
Description: S/MIME Cryptographic Signature
