[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
justin-keyword-jabber.093179 at affinix.com
Thu Mar 18 09:45:49 UTC 2004
On Thursday 18 March 2004 12:52 am, Matthias Wimmer wrote:
> Sure the server can DoS - but if we care about replay attacks at all,
> than we should not allow the server to make replay attacks possible
> (maybe even unintentionally by restoring a backup of the user's
Right, although this is unfortunately possible with both types of ID storage.
For sender ID storage, the server simply deletes the IDs. For receiver ID
storage, the server replays a backup. I pondered about this nearly all day
yesterday, and concluded that it is impossible to securely save any replay
cache data on the server (unless the server is trusted).
However, I don't think this is a big deal. If you change locations, simply
carry your important data with you. Ideally you'd have all of your important
files (keyring, replay cache, etc) in a nice transferrable bundle.
One idea I have in mind is to come up with a non-client-specific file format
for the xmpp replay cache, to allow for easy transferring/sharing between
clients and locations.
More information about the Standards