[Standards-JIG] Re: UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
JHildebrand at jabber.com
Fri Mar 19 03:50:17 UTC 2004
> The hint is harmless, because no possible response could
> cause a security violation. It's simply a reminder to the
> user that his clock might be wrong.
> The client would not change the local clock to use the server
> time value, nor would the value even be displayed. The user
> would simply say "oops!" and look at his microwave to get the
> proper time, and fix his computer's clock as necessary.
You must travel a lot less than I do. I often have no clue what time it is
where I'm currently sitting. I'd take a hint from a server, and change my
time to the wrong time zone.
> > You
> > can't rely on the server to always respond the same way to the same
> > request, as well.
> Stanza Security does not rely on the above time hint. The
> procedure is completely optional and not part of the JEP.
This was just a guideline, not a comment about the protocol.
More information about the Standards