[SIP Beyond VoIP] Sylkserver Participant Management

Michiel Leenaars michiel.ml at nlnet.nl
Tue Jul 16 12:18:58 CEST 2013


Hi Adrian,

>> It worked well for me, I'm happy to report. I played around with
>> participant management. One thing I noticed: am I correct that I could
>> not only remove people in the room that I had invited to a Sylkserver
>> conference myself - with add_participant user at domain.com - but also
>> other people unrelated to me (as in: my other account when it had
>> registered itself independently to the chatroom)? That seems undesirable
>> to me - some chatbot can come in and kick out all the participants from
>> all rooms.
> 
> How do you know the room names?

I think security by obscurity works reasonably well for ad hoc meetings,
although probing is cheap (e.g. dictionary attack). You could add
something to the server that allows to see if someone is trying out many
different rooms for activity sequentially. That would raise that cost
and help prevent abuse.

Other use cases are different from ad hoc conferences like you mention,
I guess more like a classic IRC channel that is persistent and
publically known. This would be akin to a publicly announced conference
room where potentially many people participate over a longer period. In
that case confidentiality is not the issue, but it would be embarassing
if thousands of people are dropped off because of one person trolling.
Also, it would be great if someone could somehow be granted a channel
operator role (perhaps not on sip2sip.info service, but in case of a
self installed system).

> Yes, it would be nice to have such controls, but without extra
> developments they are not possible out of the box.

Understood. We definitely need more manpower to work on these important
projects. We can't expect you and your team to solve everything for us.

Best,
Michiel Leenaars

-- 
drs. M.A.G.J. Leenaars
Director of Strategy
NLnet foundation
Science Park 400
1098 XH Amsterdam
Netherlands
http://nlnet.nl
sip/xmpp: michiel [@t] nlnet.nl

---------------
'If you want the Internet to grow strong, safe and free,
but you don't know how to help, contribute to NLNet:
they do know and care."
                            Giorgio Maone, NoScript

Interested what Richard Stallman, Karsten Nohl, Andy Tanenbaum and
many others have to say about what NLnet helped them do for you?
Feel your wallet tingling already? Check out:

                         http://nlnet.nl/donating/quotes.html



More information about the SIPBeyondVoIP mailing list