On 10/14/10 5:32 AM, Dave Cridland wrote: > On Thu Oct 14 00:23:16 2010, Alex Milowski wrote: >> I've been playing around with Multi-user Chat and I'm wondering if >> anyone >> has experience with extending the protocol to include alternate room >> password mechanisms? Specifically, I'm interest in using something like >> digest authentication in conjunction with signed stanzas. I'd like >> to have >> better guarantees on who is actually in the room. > > We handle authorization based on XEP-0258, and we're working on putting > together a signed stanzas specification which'd also help authenitcate. > > For taking the "room password" mechanism beyond a simple plaintext > password - which is really not a security thing at all - you'd need to > establish something like a SASL exchange between the user and the room. > It's possible you could do this by provisioning the user with a > XEP-0077 registration exchange embodying a SASL exchange, which'd > leave you having "proven" the user and obtaining their certificate, in > which case the signed stanzas would suffice to authenticate the user. > > So this means writing a SASL-in-77 spec (not impossible), and working > on a signing spec (Kurt, with whom I work, proposed XEP-0285, but I > think we've convinced him into a different approach now).
Why would we do authentication-in-registration, rather than define a new remote authentication extension? XEP-0077 is already overloaded to a great degree, and the two functions of registration and authentication seem quite separate to me. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
