[Council] JEP-0027
Dave Waite
mass at akuma.org
Tue Apr 9 14:20:40 CDT 2002
0.
A couple of notes:
- The signed and encrypted sections don't indicate what you sign or
encrypt against (I assume you sign with your private key, and encrypt
with their public key?)
- Section 2 implies tha6t the body element is used within the encryption
process.
- Notes about replay attacks in known issues; basically - identity is
not validated through either presence stamping or message encryption. If
you get access to their account, you can play back presence stamps for
status; also, if messages are just encrypted with the other party's
public key you can send new content easily.
Other than those, a good informational draft.
-David Waite
Peter Saint-Andre wrote:
>Perhaps we can vote on JEP-0027? It's informational so I don't think it
>needs a position paper.
>
>http://www.jabber.org/jeps/jep-0027.html
>
>Peter
>
>--
>Peter Saint-Andre
>email+jabber: stpeter at jabber.org
>weblog: http://www.saint-andre.com/blog/
>
>_______________________________________________
>Council mailing list
>Council at jabber.org
>http://mailman.jabber.org/listinfo/council
>
More information about the Council
mailing list