[Standards] Proposed XMPP Extension: Simplified Encrypted Session Negotiation

Peter Saint-Andre stpeter at jabber.org
Wed May 30 15:36:22 UTC 2007


Ian Paterson wrote:
> Mridul wrote:
>> What happens when an xmpp session is 'lost' while an entity is in the
>> middle of an esession with another ? And so by extension, if it does 
>> not terminate all active esession(s) when it goes offline.
>>   
> 
> Hmm, I guess any messages the other entity sends to you after you go 
> offline without terminating the session are going to be stored by your 
> server for when you come online. But, even if you come back online 
> immediately, you might well not be able to decrypt them (Diffie-Hellman 
> keys shouldn't really be kept in persistent storage).
> 
> I'm not sure if it is even possible to minimise the damage while 
> maximising the security. This issue needs more thought.

Agreed. It seems that when you come back online, you will have some 
unreadable messages from the other person, at which point you'll have to 
negotiate a new session with new keys etc.

Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070530/ecacc913/attachment.bin>


More information about the Standards mailing list