[JDEV] Registration questions

[Jens Alfke]

Now I'm adding support for registering a new account, working from the 
JPG pp.58-61. Mostly straightforward, except:

(1) I'm somewhat confused about the "already registered" response. As 
far as I can tell, it indicates that the requested username is already 
taken, so the client should prompt the user to enter a different 
username. (The JPG says "If the user is already registered with this 
service..." when I think what it really means is "If the chosen username 
is already registered by another user...")

(2) The docs are unclear on how modifying and deleting existing 
registrations work. My hunch is that you have to first log in normally, 
then send the jabber:iq:register query to update or delete the 
registration. Otherwise there's no authentication that prevents others 
from maliciously messing with your account. Correct?

(3) One minute after it sends the reply to my initial jabber:iq:register 
query, jabber.org disconnects me, saying that authentication timed out. 
Shouldn't the user be given more than a minute to fill out the form?

(4) jabber.org isn't sending me a <key>, which I had thought was 
required. I'm special casing this and just not sending back a <key> if 
the server didn't send me one. I'm actually unclear on what the <key> is 
for anyway. It sounds like a security thing but I'm at a loss to see how 
it makes the transaction any more secure since it's being sent back over 
the same socket it was received from.

As always, thanks for any clarifications...

—Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1693 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010410/392032e4/attachment-0002.bin>