[Standards] Proposed XMPP Extension: Simplified Encrypted Session Negotiation

Ian Paterson ian.paterson at clientside.co.uk
Wed May 30 15:28:10 UTC 2007


Mridul wrote:
> What happens when an xmpp session is 'lost' while an entity is in the
> middle of an esession with another ? And so by extension, if it does not terminate all active esession(s) when it goes offline.
>   

Hmm, I guess any messages the other entity sends to you after you go 
offline without terminating the session are going to be stored by your 
server for when you come online. But, even if you come back online 
immediately, you might well not be able to decrypt them (Diffie-Hellman 
keys shouldn't really be kept in persistent storage).

I'm not sure if it is even possible to minimise the damage while 
maximising the security. This issue needs more thought.

- Ian




More information about the Standards mailing list