[Standards-JIG] JEP-0008 vs. JEP-0027

Ralph Meijer jabber.org at ralphm.ik.nu
Mon Apr 26 15:58:52 UTC 2004


On Mon, Apr 26, 2004 at 09:50:03AM -0600, Joe Hildebrand wrote:
> Yes, as soon as we agree on a replacement.
> 
> Note that there is no actual need for the presence to be signed anymore,
> other than for backward-compatibility.  It doesn't provide any real
> security, since it's subject to replay attacks, JEP-115 is a better way to
> signal the capability to do PGP, and pub/sub is a better way of finding and
> distributing keys.

Ah, so true. I thought about this while pressing 'y' for sending the other
message. ;-) Then again, apart from the security aspects, my statement stands.

-- 
Groetjes,

Ralphm



More information about the Standards mailing list