[Standards-JIG] Re: UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Joe Hildebrand JHildebrand at jabber.com
Fri Mar 19 03:50:17 UTC 2004


> The hint is harmless, because no possible response could 
> cause a security violation.  It's simply a reminder to the 
> user that his clock might be wrong.  
> The client would not change the local clock to use the server 
> time value, nor would the value even be displayed.  The user 
> would simply say "oops!" and look at his microwave to get the 
> proper time, and fix his computer's clock as necessary.

You must travel a lot less than I do.  I often have no clue what time it is
where I'm currently sitting.  I'd take a hint from a server, and change my
time to the wrong time zone.

> > You 
> > can't rely on the server to always respond the same way to the same 
> > request, as well.
> 
> Stanza Security does not rely on the above time hint.  The 
> procedure is completely optional and not part of the JEP.

This was just a guideline, not a comment about the protocol.

-- 
Joe Hildebrand





More information about the Standards mailing list