mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 16:55:07 -05:00
Add Security Considerations
This commit is contained in:
parent
62c9595fbb
commit
f99b5cdf79
15
xep-0369.xml
15
xep-0369.xml
@ -2030,12 +2030,15 @@ A client creates a channel by sending a simple request to the MIX service. A c
|
||||
|
||||
|
||||
<section1 topic='Security Considerations' anchor='security'>
|
||||
<p>TBD.</p>
|
||||
<p>Topics to cover:</p>
|
||||
<ul>
|
||||
<li>transparent vs. opaque channels</li>
|
||||
<li>nickname registration and security implications of normalization</li>
|
||||
</ul>
|
||||
<p>MIX is built over MAM and PubSub and the security considerations of &xep0313; and &xep0060; should be considered. These services protect MIX channel information, which may be sensitive and needs appropriate protection.</p>
|
||||
<p>MIX channels may be JID Hidden, in order to hide the JIDs of channel participants from those accessing the channel. Care must be taken to ensure that JIDs are fully hidden. In particular when proxy JIDs are prepared, this MUST be done in a manner which ensure that the real JIDs cannot be determined. Where nicks are assigned by a channel, this MUST be done in a way that does not expose the JID.</p>
|
||||
<p>
|
||||
There is no MIX equivalent to &xep0045; password controlled rooms, which avoids a number of security issues.
|
||||
</p>
|
||||
<p>
|
||||
MIX provides flexible access control options, which should be used in a manner appropriate to the security requirements of MIX users and services.
|
||||
</p>
|
||||
|
||||
</section1>
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user