[jdev] Alternate MUC Authentication Mechanisms
Kurt Zeilenga
Kurt.Zeilenga at Isode.COM
Sun Oct 17 06:17:38 CST 2010
On Oct 17, 2010, at 5:06 AM, Kurt Zeilenga wrote:
> Today's XMPP services places a fair amount of trust in the subscriber's server. If we want not to trust the subscriber's server as much as we today, protecting the MUC password is the least of our worries. So I'm going to assume there are other risks that one desires to mitigate here by using a 'digest' method for proving one knows the room's password.
And if one wants to trust the subscribers' servers less, then you might as well jump to use of tunneled encrypted XMPP streams between the subscriber and the MUC service....
-- Kurt
More information about the JDev
mailing list