[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Mar 16 20:29:08 UTC 2004


On Tuesday 16 March 2004 2:05 am, Ian Paterson wrote:
> Justin wrote:
> > A message is valid so as long the timestamp is +/-5 minutes
> > of the delivery time and the ID does not exist in the cache.
>
> What about when a user switches (within five minutes) between two different
> clients (resources).

This would appear to be a problem in my current spec if you logout and login 
from even the same client/resource within the timeframe.  The client would 
need to cache all the jid/id/timestamp mappings to disk.

> If the message sender does not specify a resource then the message could be
> replayed to the second client.
>
> Perhaps the message IDs should be stored on the server, not locally on the
> client.

I thought of this too, but then couldn't a malicious server enable replay 
attacks by simply not providing the ID list to other resources?  I don't see 
a good solution for this one...  Maybe a client could provide an option:

  [ X ] - Trust server for replay attack prevention across multiple logins.

Although I think most users would not know what the heck this even means.

> > the client should only consider offline messages valid if
> > they are timestamped between the current and previous
> > login time (this means saving a single timestamp to disk),
>
> The client would have to allow messages stamped up to five minutes before
> the logout time.

Good point.  Along the same lines, the client should not delete the previous 
session cache until 10 minutes into the new session.

New question: what if the client or client machine crashes and is unable to 
record a proper logout time?

-Justin



More information about the Standards mailing list