[Psi-devel] Re: Re: Re: Remote Controlling Psi
halr9000 at gmail.com
Tue Jan 4 08:46:21 PST 2005
> > Alternatively, you don't necessarily need encryption, but rather you need
> > signing. Or perhaps both.
> Well, there's the problem that a server admin can intercept any package
> and (immediately) resend it from his own JID. Encrypting does not solve
> this problem, but it makes it less obvious for an admin what commands
> are interesting to him and which ones aren't. But again, this is no
> solution to a security problem; i'm affraid i don't really see an easy
> 'secure' way to execute ad-hoc commands.
No, with a proper implementation, you can protect against replay
attacks as mentinoed before by signing and verifying the timestamps
match within a small threshold to allow for latency.
More information about the Psi-devel-affinix.com