[Standards] XEP-0136 modifications

Yann Leboulanger asterix at lagaule.org
Wed Feb 3 18:27:23 UTC 2010


Jonathan Schleifer wrote:
> Am 02.02.2010 um 20:59 schrieb Yann Leboulanger:
> 
>> I start encrypting the conversation (GPG or E2E).
> 
> While this is true for E2E, it indeed makes sense to store GPG-encrypted
> message encrypted. Here, the replay attack of GPG becomes useful, as you
> can still decrypt it later. But for E2E, you can't decrypt it anymore
> after the session has ended.

ejabberd module (the only server implementation I know) only logs body
content. And body doesn't contain GPG data. So it's useless if
save is not message or stream. So this add more complexity to this
already complexe XEP. If a client wants to log encrypted data, I think
it's better for it to do it manually after having decrypted the data.

-- 
Yann



More information about the Standards mailing list