[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 06:17:17 UTC 2004


On Monday 15 March 2004 7:14 pm, Justin Karneges wrote:
> 1) Replay protection of delayed presence would not work very well, as these
> are meant to be replayed.  Maybe replay protection should not apply to
> broadcasted presence?

(replying to myself)

The solution to this one is to simply not trust presence packets that are 
older than a certain signature timestamp, where by "trust" I mean "consider 
it an accurate representation of the user's presence".  This will require the 
sender to periodically resign and rebroadcast presence, possibly including 
some time-to-live value.  If the recipient does not receive new presence from 
this user within the specified timeframe, then the signed presence can no 
longer be trusted.  Perhaps 5 minutes could be an acceptable recommended TTL.

-Justin



More information about the Standards mailing list