[Standards-JIG] The Great Encryption Debate

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Thu Aug 4 01:38:37 UTC 2005


On Wednesday 03 August 2005 06:16 pm, Ian Paterson wrote:
> Unless I've neglected something, offline session replay attacks are
> easily prevented without resorting to comparing timestamps. So there are
> no clock synchronization issues to deal with.

Yes, this looks good.

Now, another issue: what if the user is unable to publish new values prior to 
logging off, such as in the event of a network outage (or worse, some sort of 
attack) ?  It seems to me that the client should submit new values as soon as 
possible, perhaps right after logging in.  The client would then use both the 
old and new values for decoding messages received during that session.

-Justin



More information about the Standards mailing list