[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Jacek Konieczny jajcus at bnet.pl
Wed Mar 17 08:49:24 UTC 2004


On Tue, Mar 16, 2004 at 10:17:17PM -0800, Justin Karneges wrote:
> The solution to this one is to simply not trust presence packets that are 
> older than a certain signature timestamp, where by "trust" I mean "consider 
> it an accurate representation of the user's presence".

I wonder if we can trust presence anyway. Only "available" presence may
be reliably signed. If the client connection is lost, then the server
sends "unavailable" presence, without user's signature. The server may
send the same "unavailable" presence when user is still online or not
send it when he goes offline. So we cane never be sure that the user is
online, we only know that he was online at the moment when he had sent
his signed "available" presence. What is the use of such information,
other than announcing user's keyid (which could be solved by different
means)?

Greets,
	Jacek



More information about the Standards mailing list