[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 04:56:31 UTC 2004
On Tuesday 16 March 2004 4:32 pm, Justin Karneges wrote:
> going to need some careful and protected interaction between all the
> resources via the server, in such a way that a server DoS would not enable
> an attack. This does sound quite impossible, but I'll think about it and
Ok, this problem is not solvable this way, but I'm probably thinking too hard.
I've come up with an alternate perspective, which is that it is the user's job
to maintain synchronized endpoints. For instance, keeping multiple
out-of-sync keyrings yet requiring synced replay caches would be a bit
eccentric. If you find yourself syncing your keyrings, you had better sync
your replay cache as well. If you can't sync your secure endpoints, don't
expect good security. Of course, there would be nothing in the protocol to
enforce this kind of organization, but good software should make this process
A security conscious solution is to store all of your private information
(private key, keyring, cert storage, replay cache data) on removable media.
Alternatively you could store it on a server. If you can't trust a server,
and you require multiple secure endpoints, you must use removable media.
There's just no way around it.
The removable media scenario is a bit simpler to work with, because it would
imply that only one endpoint can be secure at any given time. When multiple
endpoints can be sharing the same private key / cache data simultaneously,
this gets very tricky. I'm inclined to say that we should limit the use of
Secure Stanzas to only one logged in resource per user at host.
More information about the Standards