[Standards-JIG] JEP-0008 vs. JEP-0027

Joe Hildebrand JHildebrand at jabber.com
Mon Apr 26 15:50:03 UTC 2004


Yes, as soon as we agree on a replacement.

Note that there is no actual need for the presence to be signed anymore,
other than for backward-compatibility.  It doesn't provide any real
security, since it's subject to replay attacks, JEP-115 is a better way to
signal the capability to do PGP, and pub/sub is a better way of finding and
distributing keys.

-- 
Joe Hildebrand

 

> -----Original Message-----
> From: Tomasz Sterna [mailto:tomek at xiaoka.com] 
> Sent: Monday, April 26, 2004 8:05 AM
> To: Jabber protocol discussion list
> Subject: [Standards-JIG] JEP-0008 vs. JEP-0027
> 
> As I understand JEP-0008 was Retracted, becouse it used 
> <presence/> packet incorrectly sending jabber:x: informations 
> to an entity that neither requested it or understands it, 
> thus being network heavy.
> 
> eg.
> 
> <presence ... >
>   ...
>   <x xmlns='jabber:x:avatar'>
>     <hash>SHA1 of image data</hash>
>   </x>
> </presence>
> 
> 
> Why then JEP-0027 is still active, though it is designed the 
> same way, and sends superfluous data to an entity not requesting it.
> 
> eg.
> 
> <presence ... >
>   ...
>   <x xmlns='jabber:x:signed'>
>     PGP sign data
>   </x>
> </presence>
> 
> 
> Souldn't it be Retracted also?
> 
> --
> smk / JID:smoku(at)chrome.pl
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> https://jabberstudio.org/mailman/listinfo/standards-jig
> 



More information about the Standards mailing list