[Standards-JIG] jep-secure updated

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Mar 19 08:11:11 UTC 2004


Alright I think I've solved this problem, by time-shifting the window forward 
for ids that are on a session boundary.  I've also added in some text 
regarding JEP-0013, as this affects how offline message replay protection is 
handled.

  http://delta.affinix.com/specs/jep-secure.html

-Justin

On Thursday 18 March 2004 11:50 am, Justin Karneges wrote:
> But now I think I have discovered a hole in the replay protection regarding
> offline messages.  If the timestamp of the last secure message of a session
> is within X/2 time of the previous such session timestamp, then any offline
> messages stamped within that timeframe could be replayed.  For small
> windows, this risk is minimal, but for large windows it becomes more
> apparent.  What we need is a solution that has zero risk no matter what the
> window size is.
>
> -Justin



More information about the Standards mailing list