[Psi-devel] Remote Controlling Psi
jan at gondor.com
Tue Jan 4 09:14:23 PST 2005
On Tue, Jan 04, 2005 at 06:08:58PM +0100, Remko Troncon wrote:
> Also from a pratcical viewpoint, i'm sceptic about this; where do you
> put the timestamp ? How does the client know it has to specify a
> timestamp ? How to solve the issue a clock syncing issue ? It seems to
> me that there's no simple solution for this :(
The sender could put a timestamp inside the signed part of the command.
On the recipient-side, the time stamp is checked against current time
with a wide error margin (perhaps 1h or even more?). Additionally, the
recipient remembers the command and doesn't accept the same command with
the same timestamp a second time.
That way, an evil server admin would be able to delay a command (within
the timestamp-check error-margin), or delete it completely. But he would
not be able to duplicate the command.
The wide error margin should minimize clock syncing issues.
More information about the Psi-devel-affinix.com