* Dave Cridland <d...@cridland.net> [2018-01-10 18:30]: > 4) ProtoXEP: PEP Avatar to vCard conversion.
+1. I like the general idea and I'm pretty sure the security issue I outlined on standards@ can be sorted out. > 6) ProtoXEP: TOTP 2FA +1 I'm not quite sure how the interop between the TOTP Device and the XMPP client will be performed in practice (client displays QR code to camera-equipped Device / shares URI with local TOTP app?), and the explanation in §4 suddenly Furthermore, there are some places in the XEP with less-than-formal wording. If those are meant to stay, I recommend promoting this XEP to type "Humorous". My main issue however is §3.2, which REQUIREs the exact parameters of the TOTP generator to be fixed values. I can see how §6.2 TOTP could be used with a physical Device distributed to the user without ever performing §5.1 Voluntary Account Enrollment or §6.1 TOTP-INIT. Those physical Devices might not be configurable, so I suggest changing the wording to be only mandatory for Devices configured by TOTP URIs transmitted in the context of this XEP. > 7) Deprecate XEP-0126: Invisibility +1 Georg
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________