jdev - 2023-04-21

  1. trollge

    Is anyone in here moderately familiar with OMEMO standard?..

  2. Guus

    tollge: if you're looking for knowledge about the standard, you might also search for it in the xsf@ room.

  3. lovetox

    trollge, yes

  4. trollge

    lovetox: does omemo say anything about renaming filenames before sending it via the xmpp server to the user?

  5. moparisthebest

    That should probably be documented here: https://xmpp.org/extensions/xep-0363.html#uploader

  6. lovetox

    tollge omemo has nothing to do with file uploads

  7. lovetox

    so no

  8. lovetox

    there is a historical standard about sharing aesgcm links

  9. lovetox


  10. lovetox

    this is what clients use for "OMEMO" filetransfer

  11. lovetox

    but as far as i see nothing mentioned about filenames

  12. techmetx11

    hi people

  13. techmetx11

    is there a mechanism in non-anonymous MUCs, to verify if a message sent by a user is indeed sent by that user, and not tamperd by the MUC server

  14. singpolyma

    techmetx11: there are a few XEP that can be used for signing, but none in common use

  15. Link Mauve

    techmetx11, OMEMO is one such mechanism.

  16. Link Mauve

    OX is another.

  17. techmetx11

    Link Mauve: i meant signing messages, not encrypting

  18. singpolyma

    I guess if you're using OMEMO for encryption then it provides authenticity too, yeah

  19. singpolyma

    OX can do signing only. There's also a XEP that uses x509 for similar

  20. singpolyma

    If you trust the user's server for key discovery either can work for this

  21. techmetx11

    the difficulty would be verifying messages in a semi-anonymous MUC

  22. singpolyma

    I've thought you almost could do something DKIM style for this if you trust the user's server anyway, but I'm not aware of any effort in that shape

  23. singpolyma

    techmetx11: well, if it's semi-anonymous what would you even be verifying? You don't know who they are anyway

  24. techmetx11