-
pep.
s2s:show('hardteckno.com') | OK: Total: 60 outgoing, 48 incoming connections
-
pep.
bug? feature?
-
pep.
it's the exact same numbers as if I did without the domain, just that the connections don't get listed
-
pep.
oops.
-
pep.
wrong room
-
Ge0rG
Why is "Simple IoT Client" listed in the XMPP Clients list, again?
-
Ge0rG
It also looks like its link is broken.
-
jonas’
broken link -> expire it immediately
-
Ge0rG
What can I do to expire Pidgin?
-
Ge0rG
> waher.se took too long to respond. Might be a temporary failure.
-
Ge0rG
> broken link -> expire it immediately how long do I need to DDoS pidgin.im to get it removed?
-
jonas’
hrhr
-
waqas
Ge0rG: Try it and let us know how long it takes.
-
Ge0rG
is `<span style=" font-weight:600;">` correct XHTML-IM for bold?
-
Zash
If you allow style
-
Ge0rG
how is a client supposed to know that 600 = bold?
-
jonas’
that’s how bold is defined
-
jonas’
bold is just an alias for 600 or something
-
waqas
Ge0rG: you need a `</span>` for it to be valid
-
jonas’
bold Bold font weight. Same as 700.
-
jonas’
https://developer.mozilla.org/en-US/docs/Web/CSS/font-weight
-
Ge0rG
So 600 is not-quite-bold?
-
jonas’
600 Semi Bold (Demi Bold)
-
Ge0rG
poezio will display as bold if you have font-weight:anything in the CSS
-
waqas
font-weight: normal == 400
-
jonas’
m(
-
waqas
Check out values here: https://developer.mozilla.org/en-US/docs/Web/CSS/font-weight#Values
-
jonas’
https://developer.mozilla.org/en-US/docs/Web/CSS/font-weight#Common_weight_name_mapping rather this table, no?
-
waqas
Yeah
-
waqas
That's a nice piece of documentation
-
Ge0rG
Now I remember again why I hate HTML
-
waqas
Ge0rG: Why exactly? :)
-
jonas’
first, this is CSS
-
jonas’
second, what’s wrong with its✎ -
jonas’
second, what’s wrong with it? ✏
-
Ge0rG
jonas’: CSS is a part of HTML.
-
jonas’
CSS is commonly used with HTML, but you can use HTML without CSS just fine, and you can use CSS with things which are not HTML (e.g. GTK or SVR)✎ -
Ge0rG
You know what they said about PHP? A fractal of bad design.
-
jonas’
CSS is commonly used with HTML, but you can use HTML without CSS just fine, and you can use CSS with things which are not HTML (e.g. GTK or SVG) ✏
-
jonas’
I don’t see that here though
-
waqas
Ge0rG: You need to make peace with the fact that everything sucks, and that is unlikely to ever change :)
-
Ge0rG
waqas: I can't make peace with it, I can merely try to rant less.
-
jonas’
who’s responsible for the registries? (<https://github.com/xsf/registrar>)
-
Guus
jonas’ Until there is a perceived need for a more formal governing body, the functions of the XMPP Registrar shall be managed by the XMPP Extensions Editor [6]
-
Guus
https://xmpp.org/extensions/xep-0053.html
-
ralphm
set the topic to
XSF Board Meeting | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
- ralphm bangs gavel
-
ralphm
0. Welcome + Agenda
-
ralphm
Hi!
-
ralphm
nyco sent regrets
-
jonas’
Guus, thx :)
-
Seve
Hi
-
Guus
hello
-
ralphm
MattJ?
-
ralphm
Anything to add to the agenda?
-
Seve
Not me
-
Guus
I just added things to Trello
-
Guus
trademark, email server status
- Seve can't get to a computer but is on his phone
-
ralphm
Ok
-
ralphm
Me too
-
ralphm
1. Commitments
- Guus eyes dwd
-
ralphm
Vacation is almost over here, making more time for all things XMPP this month.
-
ralphm
Including finally getting the items with Peter sorted.
-
ralphm
2. FOSDEM / Summit
-
ralphm
Guus, any news on hotel?
-
Guus
I've send a request for a quote, but have not received one yet.
-
Guus
I expect that to happen today or tomorrow
-
Guus
after which I'll forward it to the mailing lists, much like we did last year.
-
ralphm
Otherwise, let's sync tomorrow on all the things
-
Guus
(I'm getting a quote from Thon EU again)
-
Guus
I've also tried to reach out to the same restaurant for the XSF Dinner
-
Guus
couldn't get someone on the phone, but left a message
-
Guus
that's it for now.
-
ralphm
Ok
-
ralphm
Thanks
-
ralphm
3. GSoC
-
Seve
Thank you Guus
-
Guus
Joachim expressed some interest in participating, but communication seems to have broken down over the holidays.
-
Guus
(GSoC, that is)
-
Guus
I'll follow up with him
-
Guus
no others have stepped forward.
-
Guus
Let's aim to have a go/no go in next weeks meeting?
-
ralphm
Ok, maybe good to repeat the request now holidays are over
-
Guus
I don't like battering people. I'll publicly follow up Joachim. If someone else is interested, they can chime in.
-
ralphm
Ok
-
MattJ
Hey
-
Seve
Good
-
MattJ
Sorry, here now
-
ralphm
5. JabberSpam trademark
-
Guus
hi MattJ
-
ralphm
(hi)
-
ralphm
Good comments, Guus
-
Guus
Ge0rG has send in an application, that has had little response. He requests action.
-
ralphm
I'd still like to get guidance from Peter
-
Ge0rG
Peter acknowledged my request some two weeks ago.
-
ralphm
Yes, I got a copy
-
Guus
interestingly, the website speaks of a Trademark WT
-
Guus
who's that?
-
Ge0rG
IIRC, last time I asked for a trademark license, it ended up being voted by Board (after Peter's principal approval)
-
ralphm
Currently, just Peter, I think.
-
Guus
(It does not explicilty name it a work team, but it suggests that there's a group of people, plus the executive directory, that are said team).
-
ralphm
Director
-
Guus
sorry 🙂
-
MattJ
The agreement does mention a "trademark committee" iirc
-
Guus
that might be it, yes.
-
ralphm
Adding it to the list of topics.
-
ralphm
Ge0rG: trying to get that resolved soon
-
Guus
I just created a small PR to the website, that should get Peters attention too
-
Guus
(regarding pending trademark applications)
-
Guus
Hopefully, we can gain some traction that way too.
-
ralphm
6. E-mail issue for seve
-
Guus
I'm not sure if this is just for Seve
-
Ge0rG
Further discussion has shown that I might need _two_ trademark permissions actually, one for the Org (requested), and another one for the "Jabber Spam Fighting Manifesto"
-
ralphm
I saw some discussion and request to remove from RBL
-
Guus
I don't know what RBL is - or if we indeed do have an issue
-
ralphm
Seve: did you get nyco's email?
-
Guus
but for several weeks, people seem to have email related issues
-
Guus
Seve is one, but mail from the wiki (on account creation) do not show up either
-
Guus
unsure if it is related
-
ralphm
If this keeps up we may have to start sending through a service like MailGun, I'll ask the iteam what their strategy is.
-
Seve
ralphm: still no new emails from XSF lists, I was thinking on waiting for a new email to check if I get them now
-
Guus
I'm hoping that iteam can give some kind of status update.
-
ralphm
Seve: ok, that was sent just before this meeting
-
Guus
if only to confirm or reject the notion that we have issues.
-
ralphm
Kev, intosi?
-
Seve
ralphm: then no, I still do not get them
-
MattJ
I think someone will have to check the mail server log again then
-
ralphm
Aye
-
ralphm
Ok, taking that up with iteam.
-
Seve
Thank you for this, I really appreciate that
-
ralphm
7. AOB?
-
Ge0rG
I have one AOB
-
Guus
no AOB from me.
-
MattJ
None here
-
Ge0rG
Tomorrow is our 20th birthday. Somebody should give a party. https://slashdot.org/story/99/01/04/1621211/open-real-time-messaging-system
-
ralphm
Indeed.
-
ralphm
Of course the party will be distributed, with Disco and lots of Jingle.
-
Seve
:)
-
Ge0rG
ralphm: are you going to MIX the drinks?
-
Guus
musthinkofaMIXjoke...
-
Guus
thanks.
-
ralphm
Ge0rG: sure. I'm more Pub than Sub.
-
Ge0rG
that sounds rather zimpy.
-
Guus
any practical idea's on commemorating the milestone?
-
Guus
apart from bad puns, obviously.
-
Ge0rG
Guus: somebody should write a blog post. I suggest "the half-life of instant messengers"
-
ralphm
I had great ideas and no time, so that didn't work out.
-
Link Mauve
I think we wanted to organise one with Nÿco this year.
-
Ge0rG
I'd volunteer, except -EBUSY
-
Guus
that goes for everyone, I'm afraid.
-
ralphm
But we might be able to do something around the Summit
-
Ge0rG
maybe we can crowdsource it? Collect the lifespans of IMs in a pad
-
mrDoctorWho
Where does gajim keep the passwords on Windows?
-
Ge0rG
I can manage an hour or two tomorrow to write it down
-
mrDoctorWho
Oops
-
mrDoctorWho
Sorry, wrong chat
-
Zash
lol https://slashdot.org/comments.pl?sid=15607&cid=2048739
-
ralphm
Hehe
-
ralphm
Ok, with that.
-
ralphm
8. Date of Next
-
ralphm
+1W
-
MattJ
wfm
-
ralphm
9. Close Thanks all!
-
Seve
+1
-
Guus
until we meet again!
- ralphm bangs gavel
-
Seve
Thank you!
-
ralphm
set the topic to
XSF Discussion | Logs: http://logs.xmpp.org/xsf/ | Agenda https://trello.com/b/Dn6IQOu0/board-meetings
-
Ge0rG
Zash: XMPP, a story of NIH
-
Zash
Ge0rG: All of humanity probably
-
Ge0rG
So does anyone volunteer to collect data about IM networks/apps and their lifetimes?
-
Zash
https://en.wikipedia.org/wiki/Instant_messaging#History
-
Ge0rG
Zash: that's very coarse
-
Ge0rG
but maybe a full history of all abandoned networks will be less funny of a read than I imagine
-
Ge0rG
Oh, https://waher.se/IoTGateway/SimpleIoTClient.md is back up
-
moparisthebest
ha I didn't know that "The term "Instant Messenger" is a service mark of Time Warner[11] and may not be used in software not affiliated with AOL in the United States."
-
steven
wtf is that true??
-
MattJ
Things like that are why we ended up with the term "roster", when at the time everyone was talking about your "buddy list(TM)" (e.g. https://www.bizjournals.com/sanjose/stories/1999/05/31/story7.html )
-
Ge0rG
Also why we ended up with XMPP.
-
Zash
Trademarks are why we can't have nice things
-
Ge0rG
trademarks don't expire, right?
-
MattJ
They do
-
Zash
No they don't
-
MattJ
i.e. if you register a trademark you have to renew it after ~10y
-
Zash
Right
-
Zash
Which they'll do, forever
-
Ge0rG
http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4802:35rtkj.4.26
-
Zash
> This search session has expired. Please start a search session again by clicking on the TRADEMARK icon, if you wish to continue.
-
Ge0rG
It's just the "BUDDY LIST" result, it's still registered to AOL
-
Zash
You also have to actively protect it as well, right? Ie go after people using it without permission and stuff.
-
Zash
Hm, but then I'm not sure which is whic hof ™ and ®
-
Ge0rG
🤷
-
pep.
https://slashdot.org/comments.pl?sid=15607&cid=2048734 "clients are quite easy to write", fast forward 20 years later
-
Andrew Nenakhov
Clients are indeed easy to write. It's just good clients that aren't.
-
jonas’
true
-
lovetox
also 20 years ago there was no MAM and Carbons no phones etc
-
lovetox
no encryption, so it was basically, download the roster, and send a message
-
goffi
Hi, happy new year everybody. In XEP-0060, if I have an item with id "abc", I publish an other item with it "def", then I publish a new item with the first id ("abc") which will overwrite it. if I then request items with max=1, should I get "abc" or "def" ? § 7.1.2 says that item is overwritten and § 6.5.7 says that items returned are the "most recent". So I guess it should be "abc", right ?
-
goffi
ralphm: ^
-
pep.
I think that question was also raised by edhelas a few months ago(?) I don't know if there's a clear answer
-
Zash
If you think about it as publishing a new item that just happens to also delete an older item, then it makes sense that the 'abc' one is the last item you get
-
Guus
I'd argue, without looking at the xep, that something that's overwritten is not 'new'
-
goffi
I got the same 2 thoughts, so it's confusing because 2 options could make sense.
-
goffi
the XEPs states that the mosts recents items must be returned, so even if you overwritte, the "abc" one is the more recent.
-
goffi
most*
-
Guus
The identity is not new
-
goffi
yes, but the item is
-
Guus
Is it new, or is the old one changed?
-
Zash
I prefer the way where I don't have to throw out all the append-only assumptions from everywhere
-
steven
So I've coined this idea a few times the last few weeks in random MUCs, but I'm not sure how to approach taking it further than an idea: I (and I'm sure others) have been thinking quite a bit about OMEMO key fetching and how easy it is for server admins to just serve extra keys for contacts etc. I don't think there is a single client that does not automatically accept all keys by default. (Conversations has an "expert setting" that lets you turn of accepting new keys. I think Gajim has something similar.) I've been thinking about PGP to help improve this. My personal main objection to using PGP for encrypted messaging is that I prefer to not have my private key on my device at all times (in unencrypted form) like you need for XEP-0374. Instead, one could sign OMEMO keys with a PGP key to just have to do this once for each new device. In theory, this would not need to have your PGP key on a mobile device, for example. Since you could verify the OMEMO key fingerprint on on your desktop and then sign it there. On the mobile device you only need to import your own public key and signed public keys of your contacts.
-
pep.
Hah, Syndace ^
-
steven
Not sure I'm missing something that makes this hard to use. Also I don't know if PGP is still used at all.
-
oli
why not encrypt the messages with pgp?
-
pep.
We've been discussing with Syndace a bit and trying to find solutions about your concerns on the server being able to inject devices etc.
-
steven
oli, because this needs the pgp private key to be available at all times
-
steven
OMEMO keys are single-use-case and can easily be replaced when confiscated
-
pep.
The idea with PGP is that the key would be stored on the server and the client can unlock it, but that has other pitfalls
-
steven
A PGP key is kinda like your ultimate beacon of trust 😀 We use it a lot at work f.e. for automatic deployments etc
-
steven
So I never have my laptop or phone have it unencrypted and need to enter a lenghty passphrase for every use.
-
pep.
(Well technically it could be done any way, but that's what I hear the most, that makes the most sense UX-wise)
-
steven
I don't think it's nice to type a passphrase for every message 😀
-
pep.
Not for every message
-
Wiktor
steven: good idea, but this would require OpenKeychain on Andoird to verify the signature and/or sign the statement
-
steven
pep., I don't know how XEP-0374 works, tbh. Does it just use one master key all the time? Or does it use ephemeral subkeys or so?
-
steven
Wiktor, to verify yes. But to sign your own mobile key, you could do manual fingerprint verification with a desktop client like Gajim and sign your mobile's OMEMO key there and send the signature to the server. (Just thinking out loud here, though.)
-
pep.
You choose? I don't know it that much either, I'm definitely not the reference here. I also know other people have concerns about 374, but I'm waiting on them to tell because I don't have the knowledge to back these claims
-
Wiktor
Yeah, actually Conversations already has similar code but using X.509 instead of OpenPGP
-
pep.
steven: so you want cross-signing basically right
-
pep.
I think the way you're trying to implement it is going a bit far
-
steven
pep., yeah well it's also possible of course to sign on the mobile client
-
steven
still you'd have to enter the passphrase only once
-
steven
instead of very often/every message?
-
Syndace
I saw you proposing that before but I didn't see a way to do that in a way which is not overkill.
-
Syndace
But now that I think about it again you could probably do it without too much complexity
-
Syndace
You might not even need GPG itself, rather a master key of any soet
-
Syndace
But I'm busy right now, I'll take some time to think about it later/tomorrow
-
steven
Syndace, well, "a master key of any sort" isn't much better. The thing is that quite some people already have some form of web of trust with PGP keys and verified identities. (The company I work for is fully remote so at our annual offsite we do a quick PGP key signing ritual. From then on we can f.e. introduce a new coworker by having him meet a single colleague that signs his key.)
-
steven
Basically PGP is identity-based while OMEMO is device-based. So to tie a device to an identity, it makes sense to use PGP I think.
-
Ge0rG
steven: PGP is a can of worms, especially but not exclusively regarding UX. Not even hardcore cryptowhores figure out all of its quirks
-
Ge0rG
I like the matrix idea of a master olm(?) key.
-
steven
Ge0rG, true. But it's an accepted default.
-
steven
Ge0rG, many people say the same about XMPP 😀
-
Ge0rG
No need to mix different crypto libraries with each other.
-
Ge0rG
steven [19:58]: > Ge0rG, true. But it's an accepted default. Nope. S/MIME is the accepted default.
-
Ge0rG
The PGP web of trust is just silly. I've verified your identity, therefore I trust you to verify other people's identities?
-
Ge0rG
I think that PGP has a place in xmpp indeed, but without OMEMO then.
-
Ge0rG
Just have an account key, exchange it with your friends, share it between all your devices, problem solved. You leak your key? All of your chat history is compromised.
-
Ge0rG
You lose your device? Lucky you if you still have the key / recovery password. Then you'll regain all your logs.
-
Ge0rG
OMEMO trust management is just madness. What do you do if you verified one of your friend's devices, but none of your own other device keys?
-
Ge0rG
It barely works as long as you have exactly one device and it doesn't get lost, stolen or broken.
-
steven
Ge0rG, I don't think you have much experience using OMEMO..
-
steven
I have the Conversations "paranoid mode" where I have to manually approve new device keys and it works fine.
-
Andrew Nenakhov
I don't like the whole idea of omemo/otr. The only improvement in it over gpg is PFS but too many drawbacks. And gpg is good enough to stop any realistic state wide spying efforts. So PFS is needed to those who REALLY has reasons not to be spied and MitMed and traffic decrypted, and we know all too well who these people are. :-/
-
steven
When I first start chatting with a new contact, I will just blindly hit "ok" (I'm not gonna call them to spell it out for me), but after that when I get sent new device keys, I just ask them first if they started using another client.
-
steven
So yeah in theory the admin could still hijack the key on the moment someone starts using a new client. That's why I'd prefer to just have my contacts' PGP keys and have them sign their OMEMO keys.
-
Andrew Nenakhov
So, which keys could admin hijack?
-
Ge0rG
steven [20:05]: > I have the Conversations "paranoid mode" > When I first start chatting with a new contact, I will just blindly hit "ok" (I'm not gonna call them to spell it out for me) I rest my case.
-
Andrew Nenakhov
If he hijacks your public keys, then what?
-
steven
Andrew Nenakhov, the admin could install a module that whenever a user adds a new device, it broadcasts a different key instead that it owns itself. Because I described that I would only ask "did you start using a new client?" without also verifying the fingerprint.
-
steven
Ideally I just send them the fingerprint using their first OMEMO key to verify.
-
Ge0rG
Andrew Nenakhov: the server Admin could add another device key to your account, or replace your key with his own.
-
steven
Andrew Nenakhov, he could but only if he's already doing that at the moment of the first encounter.
-
Ge0rG
steven: how do you ask your friends whether they got a new device? With the old key? Via SMS?
-
steven
Ge0rG, with the old key(s).
-
steven
Usually it's someone that opened the webchat for the first time or downloads a desktop client or so.
-
Ge0rG
steven: so if they lost their phone, you are out of luck.
-
steven
So yeah I should ask them to verify the fingerprint. But I don't have such highly sensitive conversations yet. Just thinking that in case I have, I'd prefer PGP instead of manually messing with fingerprints.
-
steven
Ge0rG, if they lost their phone and have never used a desktop/web client, yes.
-
moparisthebest
how do you verify their PGP key though?
-
Ge0rG
steven [20:11]: > in case I have, I'd prefer PGP instead of manually messing with fingerprints. Now with *that* I can totally agree.
-
steven
(Also note that I'm the server admin of the server my social network is on, so I should have been targeted by a hacker for shady things to happen.)
-
steven
moparisthebest, well, you only have to do that once. And you could delegate that to people you trust to do it thoroughly.
-
steven
Also for higher-profile people, their PGP keys might be publicly known and signed by a bunch of people.
-
Andrew Nenakhov
steven, that what fingerprints check is for, so you should verify your contact fingerprints via an independent means of communication.
-
Wiktor
You already specify your own PGP key in C, one can check if your contacts PGP key is signed by you
-
steven
Andrew Nenakhov, or with a signature of an authority you trust.
-
Andrew Nenakhov
Cool. So this authority could be compromised and all your struggle and pain with encryption will be for nothing.
-
Ge0rG
There is no trusted authority on PGP. This is what S/MIME is for...
-
steven
Like say some guy from The Guardian contacts you. He uses an OMEMO key. Most likely, his PGP key will be known, online on several websites and signed by people from other newspapers etc. If he signs the OMEMO key with that PGP key that I can find in multiple places with multiple signatures from other keys I can find in even more independent places, I would personally rest assured.
-
Andrew Nenakhov
It never ceases to amaze me how people want security and privacy but not the inconveniences that mandatory come with them.
-
steven
Andrew Nenakhov, there's several levels of privacy of course. Of course I'd like the conversations with my friends to be private from petty hackers and bad admins getting government orders. But I know that these conversations are not safe from high-profile cyberspecialists. That's fine. If I'm about to become a whistleblower and talking with a newspaper, I'll up my security and me tolerace to the nuisances that come with it.
-
pep.
> Ge0rG> There is no trusted authority on PGP. This is what S/MIME is for... Trusting that authority is another story. DANE anybody? Does S/MIME even work with that
-
Ge0rG
steven: you've heard of https://evil32.com/ already?
-
Ge0rG
pep.: there was a proposal
-
Ge0rG
I'd love to have an implementation of that.
-
Ge0rG
pep.: but not just the fingerprint, store the whole certificate in DNS
-
steven
> steven: you've heard of https://evil32.com/ already? Ge0rG, hmm, I don't use the shortIDs personally. Not sure how, but my `gpg --list-keys` prints full IDs.
-
Ge0rG
steven: the point is that the key of your journalist is fake, together with all the keys that signed it
-
Wiktor
steven: defaults of gpg change over time, no automated system should use short fingerprints (OpenKeychain follows this)
-
Wiktor
Ge0rG: not necessarily, first of all legacy sigs used long key ids not short 32 bit but for years the full fingerprint is embedded in the signature
-
Ge0rG
Why isn't anyone complaining that HTTP upload to a MUC exposes your domain to all muc participants?
-
Link Mauve
Ge0rG, because Conversations displays a picture instead of an URL.
-
Ge0rG
Wiktor: Chance fifty fifty
-
moparisthebest
your avatar exposes things too
-
Link Mauve
So people are not aware of that.
-
moparisthebest
probably a bunch of other things
-
Link Mauve
moparisthebest, uh, no, it doesn’t.
-
moparisthebest
in a different way, it lets me tell 'dwd' in one channel is the same as 'Dave' in another channel etc etc
-
moparisthebest
if I happen to have the same person in my roster, that too
-
Ge0rG
Everybody should use the same avatar!
-
Wiktor
Ge0rG: this is 4 years old: https://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys
-
Ge0rG
Wiktor: I'm speaking about obtaining a key out of band
-
Wiktor
> Wiktor: Chance fifty fifty > Wiktor: I'm speaking about obtaining a key out of band ?
-
Wiktor
OpenKeychain uses qr codes, full fingerprint
-
Ge0rG
But you can't scan the fingerprint of some journalist
-
Wiktor
This one uses full fingerprint https://theintercept.com/staff/micah-lee/
-
oli
Ge0rG: i complain all the time (in my head)
-
oli
regarding http upload
-
lovetox
steven, 1. Gajim doesnt blind trust, but every single user tells me i should implement it 2. you just exchange one verification for another, you dont want to verify the omemo fingerprint, and trust an pgp signature on it, but next you dont want to verify the pgp fingerprint, then you just trust some names on a list that maybe work in a newspaper
-
lovetox
thats not how it works, if you want to be really secure, you have to put in the work
-
lovetox
there is no magic solution how a computer can tell you that you can absolutly be sure that on the other end is Human X
-
lovetox
at somepoint, someone has to check this in the real world
-
oli
video
-
Wiktor
lovetox, I think steven mentioned that their company's employees verify their PGP fingerprints in real world
-
lovetox
and then the next thing you have to realize is, that clients are not developed for 1% paranoid people
-
lovetox
Wiktor, yeah so they know how this works, then they can do it with omemo fingerprints
-
lovetox
all of your pgp signing theorys are way to complex to implement, its already hard to get omemo as is working in a usable way
-
Wiktor
yes, but for PGP once you sign a key the person can rotate subkeys freely and the trust is retained
-
Wiktor
with OMEMO there is no master key to hold device keys together
-
Wiktor
just clarifying what's the scope, I actually had an idea how to implement it outside clients using PGP but without modification from XMPP client developers using verified XMPP URIs (what basically is in the OMEMO QR code)
-
lovetox
And? do you see anyone using pgp in xmpp?
-
Ge0rG
Wiktor [21:16]: > with OMEMO there is no master key to hold device keys together And you have O(n*m) manual key management overhead
-
Wiktor
pgp has two components, identity verification and signing/encryption, pgp for xmpp as is today is used only for signing/encryption, not identity verification
-
Ge0rG
Where n is your devices, and m the other users.
-
Wiktor
you already do M when you verify your users OMEMO keys?
-
Wiktor
the problem is you need to repeat it for every new device key
-
lovetox
Thats the whole story of signal, no master key, its a feature that enables you easily add new devices
-
lovetox
that is what makes it usable for the masses
-
lovetox
now you want to "secure" that down to pgp levels
-
lovetox
just use pgp
-
Wiktor
there is no way to use pgp identity verification in xmpp currently
-
Wiktor
pgp fingerprints are transferred in band in all pgp xeps I've seen
-
lovetox
xmpp is just a transport protocol, everything pgp offers you can use
-
lovetox
its like email in that sense, it transports the encrypted payload, you can verify around that with keyservers or whatever crazy construct you think up
-
Wiktor
verification of pgp keys can be done with QR codes like with OMEMO and with OpenKeychain, nothing uses that so bascially pgp in xmpp as it is now relies on server telling the fingerprints to clients, there is no paranoid mode like in OMEMO
-
Wiktor
but I think what steven proposed (as far as I understood) would be to use pgp keys that already have trust between them (bidirectional signing) to sign OMEMO device keys
-
lovetox
and how do i get the public key to verify the sign?
-
lovetox
dont tell me from a server :D
-
Wiktor
you get the fingerprint by scanning QR code, this is identical to OMEMO
-
Wiktor
see: https://github.com/open-keychain/open-keychain/wiki/QR-Codes
-
lovetox
ok, so you dont want to scan the omemo qr code, because thats somehow to much work, thats why we sign the omemo key, then scan the pgp key that this was sign with
-
Wiktor
I don't want to scan omemo keys every time contact changes devices, pgp key is stable as it is the root of trust
-
lovetox
to me this sounds like you just moved your problem and added complexity
-
lovetox
and how does a user add a new device, where does he store his secret master pgp key?
-
moparisthebest
you also don't really have to involve PGP to get the same thing right?
-
lovetox
on the phone he just lost?
-
moparisthebest
can't the device key you trust sign new device keys, and let you know about that?
-
lovetox
this is just exactly what people do since 20 years with pgp
-
lovetox
having a masterkey and singing sub keys
-
Wiktor
lovetox, usually PGP master keys are more protected than offline keys like OMEMO, e.g. my signing/encryption keys are on hardware tokens, master key is on an airgapped offline machine
-
Wiktor
lovetox, exactly
-
lovetox
Wiktor, thats not usable for the masses
-
lovetox
they dont store secret keys on hardware tokens
-
lovetox
they get a new phone
-
lovetox
log in, and want to chat
-
moparisthebest
I meant something a little less strict, ie "trust any key I've trusted for x@x.com, and any new keys for x@x.com that one of my trusted keys have signed"
-
Wiktor
is verified omemo for masses? but it exists
-
lovetox
thats what the signal protocol solved, thats why whatsapp is using this protocol for 1 billion people
-
lovetox
so what you describe is not an issue with omemo, its a design decision to make it usable for the masses
-
lovetox
if thats not secure enough just use pgp
-
lovetox
and if the pgp UI in clients is not what you think it could be, work on that
-
lovetox
instead of making omemo into something it was never designed to be
-
Wiktor
this is not an issue with "pgp UI" nor pgp as used for encryption, but if you say omemo should stay as close to signal as possible... okay
-
Wiktor
moparisthebest, yep, that sounds lightweight, there is an issue with revoking devices and tracking which device signed which one
-
moparisthebest
uh, revoking is just "now my trusted key for x@x.com said not to trust this other key for x@x.com" ?
-
moparisthebest
just have to be careful that the signed message going away alone doesn't revoke trust, since the server operator could pull that off
-
moparisthebest
but it could also block the revoke message, I don't think there is anything you can do about that
-
moparisthebest
it's at best a "my phone was stolen please don't encrypt messages to it anymore" switch
-
Wiktor
Yep, maybe the signatures and revocation can be embedded in XMPP QR codes as for OMEMO, that is transported out of band
-
Wiktor
Yes, stolen or unused anymore
-
moparisthebest
yea that'd be pretty great
-
Wiktor
There is alternative to revocations - re-signing expiring signatures every N weeks or so
-
Wiktor
JWTs work like that... a little :)
-
moparisthebest
then an evil server op can revoke keys though
-
moparisthebest
trying to decide if that's a problem, I mean they can also just block messages
-
Wiktor
yeah
-
Wiktor
but putting these signatures in random messages would hide them :)