W dniu 08.07.2016, pią o godzinie 17∶28 +0530, użytkownik vaibhav singh napisał: > XMPP XEP's. In Band registration was something that caught my eye, as > the XEP itself said that it is utterly insecure and recommended > people not to use it.
I don't see that wording in XEP. You are probably misinterpretting: "11. Security Considerations [...] The registration methods defined herein are known to be insecure and SHOULD NOT be used unless the channel between the registrant and the entity that accepts registration has been secured." This only means that the channel (i.e. TCP connection) you are doing in-band registration has to be secured (i.e. TLS encrypted). > 1.) Is there anything else people can use in XMPP to bootstrap users > quickly, apart from in-band registration? out-of-band registration. For example - a web based registration form that creates XMPP account - integrating XMPP accounts with some other system accounts See "5. Redirection" [1] for a way of redirecting IBR user to other system for registration. > 2.) If in-band registration is so insecure, and (from the looks of > it) so important (atleast a really good feature to have) why are > there no alternative work flows people can use? IBR is by design extensible [2] so there is no need for competing solution. [1] http://xmpp.org/extensions/xep-0077.html#redirect [2] http://xmpp.org/extensions/xep-0077.html#extensibility -- /o__ (_<^' If you are too busy to read, then you are too busy.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
