jdev - 2020-05-05

larma, everything's working so far. But I have further questions.

larma, are there any suggestions about trust management? I don't really understand how to implement it within OMEMO, if Signal Protocol trust management mechanism is not recommended.

larma, what about "kex" atribute of "key" element? Now I just treat it as a replacement for "prekey" attribute in old versions of OMEMO. Is that correct?

Yagizа: Yes kex is what prekey was before. For trust management, you should probably realize an implementation of BTBV https://gultsch.de/trust.html

BTBV, the UX nightmare

jonas’: why?

larma, "hey scan my QR code, that’s going to be faster than typing a JID" -- and now you have to verify all future keys of that contact

this is a hyperbolic example of the (for the user) non-obvious implications in BTBV

Well... that's just an issue of Conversations

It's not an inherent issue of BTBV

The verification step should always be visible to the user and also users should be able to reenable blind trust if it wasn't their intent to disable it when verifying a device

Just look at how Dino did it ;)

isn't that just the good old question of where the sweet spot between security and UX is?

yes

it is

though the BT in BTBV is also a security nightmare :)

larma, ok, thanx.

and the answer is probably: it depends on what you want, there is not that one single sweet spot

BTBV is IMO an attempt to have the cake and eat it, which doesn’t quite work

UX secret: don't pop up with a new window to verify fingerprint when sending a message and then automatically close it when blind trust is enabled.

UX secret: don’t pop up a window (unless in response to an action of the user) ✏

jonas’: but the user pressed send :D

Chromium always pops up the "do you want to sign in" popup when I open a random twitter link. I *HATE* it

yeah, that was a stab at pidgin which’ll spam me with fun popup windows on some kind of spam

larma, BTW, what about fingerprints? Do I have to change something in fingerprint generation algorithm? Or should I use the same, used with old version?

Yagizа: you just have to make sure you are generating the fingerprint from the curve25519 and not the ed25519 key

larma, and how can I get that curve25519 key?

larma, ratchet_identity_key_pair_get_public() will return ed25519 key when v4 is used, right?

All `ec_public_key` are now both ed25519 and curve25519 public keys

If you used `ec_public_key_serialize()` before to generate the fingerprint (by removing its first byte) it should still work

You can also directly get it using `ec_public_key_get_mont()`

Yagizа: Also note that in the bundle that is stored on pep, you should now use the ed25519 key in <ik> (which you get by `ec_public_key_get_ed`) ✏

larma, ok, thank you!

larma, so, I should use ec_public_key_serialize() for fingerprint generation and ec_public_key_get_ed for getting data to publish in bundles?

You can also use `get_mont` for fingerprints, it's the same as `serialize` just without the leading byte

But yes, `get_ed` for bundles

larma, IC. So, I don't need ec_public_key_serialize() at all?

larma, and... how can I use IdentityKey, which I extract from bundles information? Now I just store it in local variable, but I don't see any use for it.

larma, should I somehow process it?

Yagizа: Well you probably want to give the user the option to trust a key even before opening a session with it.

larma, IC. So, how can I get fingerprint from the ed25519 key, extracted from bundle data, received over XMPP?

Yagizа, you can use `curve_decode_point` on the key from the bundle to get an `ec_public_key`

larma, ok, thanx!