I missed this statement about 0389 last time. This is incorrect, 0389
does not use stanzas pre-auth, it just has the ability to use stanzas to
do the same thing post-auth because I wanted to be able to register with
something other than the server. For example, you might want an admin
console that
TL;DR IMO we should be stricter about the sync/async separation and not
add more IQs before the session is established.
I'd like to second this, but not from a security perspective but from a
general dev / separation of concerns prospective (which I suppose is
also a security perspective). An XMPP
Hi Dave,
* Dave Cridland [2020-11-03 22:55]:
> This is a very comprehensively written XEP for an initial submission.
Thank you very much for your review!
> My main concern here is the addition of a further IQ during unauthenticated
> state. In the case of every server I've worked with, the IBR
On Tue, 3 Nov 2020 at 15:59, XEP Editor Pipeline <
xep-editor-pipel...@zombofant.net> wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
>
> Title: Pre-Authenticated In-Band Registration
> Abstract:
> This document extends the In-Band-Registration protocol to use
> invitati
The XMPP Extensions Editor has received a proposal for a new XEP.
Title: Pre-Authenticated In-Band Registration
Abstract:
This document extends the In-Band-Registration protocol to use
invitation tokens, e.g. for registering accounts on non-public
servers.
URL: https://xmpp.org/extensions/inbox/i