I have an idea in my head that I've been playing with for some time now. It involves using Jabber as a communications method for in a control automation setting. One major security issue that I'm not sure about is replay attacks. Even if all the connections are encrypted using SSL it would seem that without some additional measures taken at the application level XMPP would be susceptible to replay attacks. Has any work been done on securing against such attacks?
--adam
