[Standards] XEP-0136 modifications
js-xmpp-standards at webkeks.org
Wed Feb 10 16:22:22 UTC 2010
Am 03.02.2010 um 19:27 schrieb Yann Leboulanger:
> Jonathan Schleifer wrote:
>> Am 02.02.2010 um 20:59 schrieb Yann Leboulanger:
>>> I start encrypting the conversation (GPG or E2E).
>> While this is true for E2E, it indeed makes sense to store GPG-
>> message encrypted. Here, the replay attack of GPG becomes useful,
>> as you
>> can still decrypt it later. But for E2E, you can't decrypt it anymore
>> after the session has ended.
> ejabberd module (the only server implementation I know) only logs body
> content. And body doesn't contain GPG data. So it's useless if
> save is not message or stream. So this add more complexity to this
> already complexe XEP. If a client wants to log encrypted data, I think
> it's better for it to do it manually after having decrypted the data.
I think the whole stanza should be saved, especially as you lose
formattings etc. otherwise.
Storing it unencrypted on the server is not a good idea - we'd need to
move to encrypted archives then. There's already an XEP for that, but
unfortunately, nobody seems to implement it.
More information about the Standards