[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 06:17:17 UTC 2004
On Monday 15 March 2004 7:14 pm, Justin Karneges wrote:
> 1) Replay protection of delayed presence would not work very well, as these
> are meant to be replayed. Maybe replay protection should not apply to
> broadcasted presence?
(replying to myself)
The solution to this one is to simply not trust presence packets that are
older than a certain signature timestamp, where by "trust" I mean "consider
it an accurate representation of the user's presence". This will require the
sender to periodically resign and rebroadcast presence, possibly including
some time-to-live value. If the recipient does not receive new presence from
this user within the specified timeframe, then the signed presence can no
longer be trusted. Perhaps 5 minutes could be an acceptable recommended TTL.
More information about the Standards