[standards-jig] Security problems with JEP-115
justin-jdev at affinix.com
Mon Sep 22 21:26:24 UTC 2003
On Sunday 21 September 2003 11:55 pm, Jacek Konieczny wrote:
> My proposition is following:
> client would concatenate category/type information and all supported
> namespaces (both sorted alphabetically first) and compute MD5 hash of
> resulting string.
> The MD5 hash would be announced in <presence/> stanzas as "feature tag".
This might work, but I think we're making everything needlessly complicated
for little gain.
My proposition is the following:
Client generates an opaque string to represent a particular persistant
instance of itself. Recipients can cache this string (bound to the JID that
sent it), knowing that the sender might reuse it again. The use of an opaque
string has the additional benefit that other "static" requests could be
cached (like iq:version).
More information about the Standards