moparisthebest/xeps
1
0
Fork 0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 08:45:04 -05:00
Code Issues Releases Wiki Activity

Add Security Considerations

Browse Source
This commit is contained in:
Steve Kille 2016-11-30 10:25:14 +00:00
parent 62c9595fbb
commit f99b5cdf79
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
xep-0369.xml
View File

@ -2030,12 +2030,15 @@ A client creates a channel by sending a simple request to the MIX service. A c
<section1 topic='Security Considerations' anchor='security'>
<p>TBD.</p>
<p>Topics to cover:</p>
<ul>
<li>transparent vs. opaque channels</li>
<li>nickname registration and security implications of normalization</li>
</ul>
<p>MIX is built over MAM and PubSub and the security considerations of &xep0313; and &xep0060; should be considered. These services protect MIX channel information, which may be sensitive and needs appropriate protection.</p>
<p>MIX channels may be JID Hidden, in order to hide the JIDs of channel participants from those accessing the channel. Care must be taken to ensure that JIDs are fully hidden. In particular when proxy JIDs are prepared, this MUST be done in a manner which ensure that the real JIDs cannot be determined. Where nicks are assigned by a channel, this MUST be done in a way that does not expose the JID.</p>
<p>
There is no MIX equivalent to &xep0045; password controlled rooms, which avoids a number of security issues.
</p>
<p>
MIX provides flexible access control options, which should be used in a manner appropriate to the security requirements of MIX users and services.
</p>
</section1>