[Standards] XEP-0136 modifications

Jonathan Schleifer js-xmpp-standards at webkeks.org
Wed Feb 10 16:22:22 UTC 2010


Am 03.02.2010 um 19:27 schrieb Yann Leboulanger:

> Jonathan Schleifer wrote:
>> Am 02.02.2010 um 20:59 schrieb Yann Leboulanger:
>>
>>> I start encrypting the conversation (GPG or E2E).
>>
>> While this is true for E2E, it indeed makes sense to store GPG- 
>> encrypted
>> message encrypted. Here, the replay attack of GPG becomes useful,  
>> as you
>> can still decrypt it later. But for E2E, you can't decrypt it anymore
>> after the session has ended.
>
> ejabberd module (the only server implementation I know) only logs body
> content. And body doesn't contain GPG data. So it's useless if
> save is not message or stream. So this add more complexity to this
> already complexe XEP. If a client wants to log encrypted data, I think
> it's better for it to do it manually after having decrypted the data.


I think the whole stanza should be saved, especially as you lose  
formattings etc. otherwise.

Storing it unencrypted on the server is not a good idea - we'd need to  
move to encrypted archives then. There's already an XEP for that, but  
unfortunately, nobody seems to implement it.

--
Jonathan




More information about the Standards mailing list