[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 23:19:34 UTC 2004
On Wednesday 17 March 2004 2:39 pm, Matthias Wimmer wrote:
> Hi Ian!
> Ian Paterson schrieb am 2004-03-16 10:05:01:
> > What about when a user switches (within five minutes) between two
> > different clients (resources).
> > If the message sender does not specify a resource then the message could
> > be replayed to the second client.
> > Perhaps the message IDs should be stored on the server, not locally on
> > the client.
> I didn't think this thought to end yet ... but what about if the message
> id is not generated sole by the sender, but in cooperation by the sender
> and the receiver? If the receiver does not generate the same part of the
> valid IDs again, the replay would not work, I guess.
Unfortunately this would require the receiver to be available at the time of
send, in order to negotiate this value. Maybe the receiver could leave some
values on the server for use while offline. I discussed this matter with one
of my friends, and he devised a system that could work this way, but it
requires server modification. It is somewhat complicated, maybe I'll write
it up and share it here.
Of course, this doesn't let the receiver off the hook about storing IDs
somewhere (ie, to disk). Instead of storing sender IDs, now it must store
receiver IDs (the IDs it generated).
> Storing on the server does not satisfy me as the client has to trust the
> server that no message IDs have been removed from the storage on the
We must surrender to the fact that the server may DoS a user at any time, by
not delivering messages, eating offline messages, eating any stored values
(as mentioned above), etc. As long as these actions do not cause security
violations, then we should not worry about them.
More information about the Standards