[Standards] XEP-0136 modifications

Peter Saint-Andre stpeter at stpeter.im
Wed Feb 3 18:59:59 UTC 2010


On 2/3/10 11:27 AM, Yann Leboulanger wrote:
> Jonathan Schleifer wrote:
>> Am 02.02.2010 um 20:59 schrieb Yann Leboulanger:
>>
>>> I start encrypting the conversation (GPG or E2E).
>>
>> While this is true for E2E, it indeed makes sense to store GPG-encrypted
>> message encrypted. Here, the replay attack of GPG becomes useful, as you
>> can still decrypt it later. But for E2E, you can't decrypt it anymore
>> after the session has ended.
> 
> ejabberd module (the only server implementation I know) only logs body
> content. And body doesn't contain GPG data. So it's useless if
> save is not message or stream. So this add more complexity to this
> already complexe XEP. If a client wants to log encrypted data, I think
> it's better for it to do it manually after having decrypted the data.

Yann, I agree. I'd rather work to reduce complexity in XEP-0136 than to
increase complexity. Any suggestions? :)

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20100203/a67e3b09/attachment.bin>


More information about the Standards mailing list