[Council] JEP-0027

Dave Waite mass at akuma.org
Tue Apr 9 14:20:40 CDT 2002


0.

A couple of notes:
- The signed and encrypted sections don't indicate what you sign or 
encrypt against (I assume you sign with your private key, and encrypt 
with their public key?)
- Section 2 implies tha6t the body element is used within the encryption 
process.
- Notes about replay attacks in known issues; basically - identity is 
not validated through either presence stamping or message encryption. If 
you get access to their account, you can play back presence stamps for 
status; also, if messages are just encrypted with the other party's 
public key you can send new content easily.

Other than those, a good informational draft.

-David Waite


Peter Saint-Andre wrote:

>Perhaps we can vote on JEP-0027? It's informational so I don't think it
>needs a position paper.
>
>http://www.jabber.org/jeps/jep-0027.html
>
>Peter
>
>--
>Peter Saint-Andre
>email+jabber: stpeter at jabber.org
>weblog: http://www.saint-andre.com/blog/
>
>_______________________________________________
>Council mailing list
>Council at jabber.org
>http://mailman.jabber.org/listinfo/council
>





More information about the Council mailing list