[Standards-JIG] jep-secure updated

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Mar 19 08:11:11 UTC 2004

Alright I think I've solved this problem, by time-shifting the window forward 
for ids that are on a session boundary.  I've also added in some text 
regarding JEP-0013, as this affects how offline message replay protection is 



On Thursday 18 March 2004 11:50 am, Justin Karneges wrote:
> But now I think I have discovered a hole in the replay protection regarding
> offline messages.  If the timestamp of the last secure message of a session
> is within X/2 time of the previous such session timestamp, then any offline
> messages stamped within that timeframe could be replayed.  For small
> windows, this risk is minimal, but for large windows it becomes more
> apparent.  What we need is a solution that has zero risk no matter what the
> window size is.
> -Justin

More information about the Standards mailing list