[Standards-JIG] JEP-0008 vs. JEP-0027
justin-keyword-jabber.093179 at affinix.com
Mon Apr 26 21:00:11 UTC 2004
On Monday 26 April 2004 8:50 am, Joe Hildebrand wrote:
> Yes, as soon as we agree on a replacement.
> Note that there is no actual need for the presence to be signed anymore,
> other than for backward-compatibility. It doesn't provide any real
> security, since it's subject to replay attacks, JEP-115 is a better way to
> signal the capability to do PGP, and pub/sub is a better way of finding and
> distributing keys.
Totally agree. However, signed presence can be useful if done properly.
jep-secure and xmpp-e2e both cover signed presence, and so whatever
supercedes jep-27 will still have the ability to bloat out a presence packet.
However, I think stanza security is a very special scenario, not on the same
level as avatars.
More information about the Standards