[Standards] Proposed XMPP Extension: Simplified Encrypted Session Negotiation
stpeter at jabber.org
Wed May 30 15:36:22 UTC 2007
Ian Paterson wrote:
> Mridul wrote:
>> What happens when an xmpp session is 'lost' while an entity is in the
>> middle of an esession with another ? And so by extension, if it does
>> not terminate all active esession(s) when it goes offline.
> Hmm, I guess any messages the other entity sends to you after you go
> offline without terminating the session are going to be stored by your
> server for when you come online. But, even if you come back online
> immediately, you might well not be able to decrypt them (Diffie-Hellman
> keys shouldn't really be kept in persistent storage).
> I'm not sure if it is even possible to minimise the damage while
> maximising the security. This issue needs more thought.
Agreed. It seems that when you come back online, you will have some
unreadable messages from the other person, at which point you'll have to
negotiate a new session with new keys etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards