mass at akuma.org
Tue Apr 9 14:20:40 CDT 2002
A couple of notes:
- The signed and encrypted sections don't indicate what you sign or
encrypt against (I assume you sign with your private key, and encrypt
with their public key?)
- Section 2 implies tha6t the body element is used within the encryption
- Notes about replay attacks in known issues; basically - identity is
not validated through either presence stamping or message encryption. If
you get access to their account, you can play back presence stamps for
status; also, if messages are just encrypted with the other party's
public key you can send new content easily.
Other than those, a good informational draft.
Peter Saint-Andre wrote:
>Perhaps we can vote on JEP-0027? It's informational so I don't think it
>needs a position paper.
>email+jabber: stpeter at jabber.org
>Council mailing list
>Council at jabber.org
More information about the Council