[Standards-JIG] Questions on RFC 3923
gyldenskjold at mail.dk
Tue Dec 7 22:02:41 UTC 2004
I have been looking at RFC 3923
"End-to-End Signing and Object Encryption for the Extensible Messaging
and Presence Protocol (XMPP)"
and I have a few questions I was hoping you could help me figure out.
* When A establishes a SUBSCRIPTION to B's PRESENCE INFORMATION,
the protocol MUST provide A means of verifying the accurate
receipt of the content B chooses to disclose to A. (Section
* The protocol MUST provide A means of verifying that the
presence information is accurate, as sent by B. (Section
This seems strange. How can you ensure this when the server is like an
arbitrator between the presence informator and the presence subscribers.
This breaks with the jabber idea, as I see it. Now you have to broadcast
precense because you need to sign it. Right?
* Prior to signing and/or encrypting, the format of an instant
message MUST conform to the CPIM Message Format defined in
Hmmm... As I see it, this destroys the jabber protocol. Wrapping the
message in a M | Content-type: Message/CPIM
| <message to='romeo at example.net/orchard' type='chat'>
| <e2e xmlns='urn:ietf:params:xml:ns:xmpp-e2e'>
| From: Juliet Capulet <im:juliet at example.com>
| To: Romeo Montague <im:romeo at example.net>
| DateTime: 2003-12-09T11:45:36.66Z
| Subject: Imploring
| Content-type: text/plain; charset=utf-8
| Content-ID: <1234567890 at example.com>
| Wherefore art thou, Romeo?essage/CPIM like this:
seems to make the jabber XML despesible. There's no reason to extend the
packet to contain more than one "to" and "from" fields.
The same counts for presence packets.
Further regarding timestamps:
o It MUST verify that the timestamp received is within five minutes
of the current time.
Dosn't this break with the idea of a message waiting on the server for
you untill you get online?
This whole RFC seems to be destroying the idea of jabber. Probably
everyone will use encrypted IMs in a few years, so this should be
Why don't continue with the jabber XML?
My first idea was that for instance the message protocol could be used
with a child that told what the encryption whas like this:
<message type='chat' to='example at jabber.org/Home'>
an encrypted and signed message using RSA encryption
Is this totaly stupid?
Hope you can give me some input on this.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Standards