From f99b5cdf79863233511f7da92789f69b587c380f Mon Sep 17 00:00:00 2001
From: Steve Kille <Steve Kille>
Date: Wed, 30 Nov 2016 10:25:14 +0000
Subject: [PATCH] Add Security Considerations

---
 xep-0369.xml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/xep-0369.xml b/xep-0369.xml
index 18a10874..8298ca3d 100644
--- a/xep-0369.xml
+++ b/xep-0369.xml
@@ -2030,12 +2030,15 @@ A client creates a channel by sending a simple request to the MIX service.   A c
   
   
 <section1 topic='Security Considerations' anchor='security'>
-  <p>TBD.</p>
-  <p>Topics to cover:</p>
-  <ul>
-    <li>transparent vs. opaque channels</li>
-    <li>nickname registration and security implications of normalization</li>
-  </ul>
+  <p>MIX is built over MAM and PubSub and the security considerations of &xep0313; and &xep0060; should be considered. These services protect MIX channel information, which may be sensitive and needs appropriate protection.</p>
+  <p>MIX channels may be JID Hidden, in order to hide the JIDs of channel participants from those accessing the channel.  Care must be taken to ensure that JIDs are fully hidden. In particular when proxy JIDs are prepared, this MUST be done in a manner which ensure that the real JIDs cannot be determined.   Where nicks are assigned by a channel, this MUST be done in a way that does not expose the JID.</p>
+  <p>
+    There is no MIX equivalent to &xep0045; password controlled rooms, which avoids a number of security issues.
+  </p>
+  <p>
+    MIX provides flexible access control options, which should be used in a manner appropriate to the security requirements of MIX users and services.
+  </p>
+
 </section1>