Hello Vaibhav There are various extensions that can be used together with In-band registration to make it more secure.
One way, it to secure it using CAPTCHA, as outlined in XEP-0158: http://xmpp.org/extensions/xep-0158.html. This method tries to seed out bots by assuring a human user creates the account. Another way, more suitable for controlled creation of accounts by machines (for instance, for IoT), is outlined in XEP-0348, and is based on signing IBR forms, using some other credentials that can be used to distinguish approved account creators from others. Best regards, Peter Waher Message: 3 Date: Fri, 8 Jul 2016 17:28:25 +0530 From: vaibhav singh <[email protected]> Hi All, I realised the subject was not in the correct format for the email I sent in the morning. Please ignore that email. I am a newbie software developer who recently started looking into XMPP XEP's. In Band registration was something that caught my eye, as the XEP itself said that it is utterly insecure and recommended people not to use it. I had some questions I wanted to clarify: 1.) Is there anything else people can use in XMPP to bootstrap users quickly, apart from in-band registration? 2.) If in-band registration is so insecure, and (from the looks of it) so important (atleast a really good feature to have) why are there no alternative work flows people can use? 3.) If there is no simple alternative to In Band Registration, I can probable try to create an XEP for an alternative protocol, or maybe suggest some changes to the existing work flow. Can someone describe to me concisely how to go about suggesting changes to an existing XEP/ writing an Internet Draft? Regards, Vaibhav Singh -- Regards, Vaibhav Singh
_______________________________________________ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
