Re: [Standards] Fwd: Re: [jdev] XEP 0172 in MUCs

2012-03-14 Thread Tobias Markmann 
Hi,

On Tue, Mar 6, 2012 at 17:27, Peter Saint-Andre stpe...@stpeter.im wrote:
 Done:

 http://xmpp.org/extensions/tmp/xep-0172-1.1.html

 http://xmpp.org/extensions/diff/api/xep/0172/diff/1.0/vs/1.1rc1

Changes look fine to me and it's good that we discourage any other
kind of nickname in MUC alongside the existing MUC nickname.

[Standards] Fwd: Re: [jdev] XEP 0172 in MUCs

2012-02-21 Thread Peter Saint-Andre 
FYI, I plan to update XEP-0172 along these lines.

 Original Message 
Subject: Re: [jdev] XEP 0172 in MUCs
Date: Mon, 20 Feb 2012 01:07:47 +0500
From: Waqas Hussain waqa...@gmail.com
Reply-To: Jabber/XMPP software development list j...@jabber.org
To: Jabber/XMPP software development list j...@jabber.org

On Tue, Feb 14, 2012 at 3:54 AM, Peter Saint-Andre stpe...@stpeter.im
wrote:
 Hallo Thijs,

 On 1/4/12 10:26 AM, Thijs Alkemade wrote:
 Hello,

 As a client developer, I'm a bit confused about how XEP 0172 (User
 Nickname) is intended to be used with MUCs. From the XEP:

 A user MAY specify his or her persistent nickname as well. This may
 be desirable because the user's preferred room nickname is already
 taken or because the service locks down room nicknames.

 So should a client should interpret the XEP-0172 nickname as a
 replacement for the MUC-nickname?

 I think it would be supplemental.

 This could lead to confusing
 situations with the same nick being used multiple times. If the
 service locks down room nicknames, then it supposedly has a good
 reason for that, and implementing a way to circumvent that sounds
 like a bad idea.

 I think you're right.

 The reason I'm asking this is because Google Talk (the web interface)
 uses, for ad-hoc private group chats, random strings as room nicks,
 and then sends the user's real name as a nick element. I think all
 users would rather see the real name instead of the random string,
 but I'm worried about the implications of changing this. I've read
 the Security Considerations of XEP-0172, but I don't think that
 really answers this.

 I agree with you that it's preferable to allow real roomnicks. We might
 want to update XEP-0172 to make that clearer, or even deprecate its use
 in chatrooms...


I strongly support deprecating its use in chatrooms.

We've seen this cause issues in the Prosody chatroom. This was on my
list of things to post on the standard list, but somehow I never did.

This issue that we saw was different clients showing users different
nicks for the same user, users auto-completing the wrong nick, and
conversations getting derailed due to that. A quick survey of the
participants in that discussion showed that the affected clients had
no visual indication that the nick being displayed and in the UI
wasn't the real room nick. This has obvious security implications,
e.g., it easily allows impersonation.

--
Waqas Hussain
___
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
___