Also, I suspect the naive way to implement this will be to hash the bare JID. We probably want to mention that this is a bad idea and that these identifiers should be random (or we should explicitly define the security properties that are required if they're derived, which probably includes using a salt and ensuring high entropy).
The XEP suggests "One way to ensure these properties is to generate a private secret key for every room and use an HMAC algorithm with a sufficiently secure hash function to generate the occupant identifier from the real bare JID and that secret key."
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
