-
trollge
Is anyone in here moderately familiar with OMEMO standard?..
-
Guus
tollge: if you're looking for knowledge about the standard, you might also search for it in the xsf@ room.
-
lovetox
trollge, yes
-
trollge
lovetox: does omemo say anything about renaming filenames before sending it via the xmpp server to the user?
-
moparisthebest
That should probably be documented here: https://xmpp.org/extensions/xep-0363.html#uploader
-
lovetox
tollge omemo has nothing to do with file uploads
-
lovetox
so no
-
lovetox
there is a historical standard about sharing aesgcm links
-
lovetox
https://xmpp.org/extensions/xep-0454.html
-
lovetox
this is what clients use for "OMEMO" filetransfer
-
lovetox
but as far as i see nothing mentioned about filenames
-
techmetx11
hi people
-
techmetx11
is there a mechanism in non-anonymous MUCs, to verify if a message sent by a user is indeed sent by that user, and not tamperd by the MUC server
-
singpolyma
techmetx11: there are a few XEP that can be used for signing, but none in common use
-
Link Mauve
techmetx11, OMEMO is one such mechanism.
-
Link Mauve
OX is another.
-
techmetx11
Link Mauve: i meant signing messages, not encrypting
-
singpolyma
I guess if you're using OMEMO for encryption then it provides authenticity too, yeah
-
singpolyma
OX can do signing only. There's also a XEP that uses x509 for similar
-
singpolyma
If you trust the user's server for key discovery either can work for this
-
techmetx11
the difficulty would be verifying messages in a semi-anonymous MUC
-
singpolyma
I've thought you almost could do something DKIM style for this if you trust the user's server anyway, but I'm not aware of any effort in that shape
-
singpolyma
techmetx11: well, if it's semi-anonymous what would you even be verifying? You don't know who they are anyway
-
techmetx11
true