XSF Discussion - 2018-08-29

  1. Seve

    Listen to how XMPP is pronounced: https://www.youtube.com/watch?v=fz0yDNwEydU&feature=youtu.be&t=495 It's like a message from God! :D

  2. edhelas

    èxèmpaÿpeÿ

  3. jjrh

    In regards to the list message "staleness of devices" When we are talking about 'messages' are we referring to stanza's, or specifically the <message/> stanza?

  4. jonasw

    given that it’s omemo, we’re probably referring to OMEMO messages

  5. jonasw

    vanitasvitae, ^

  6. vanitasvitae

    jjrh: an OMEMO <encrypted/> element

  7. vanitasvitae

    Which is encrypted for our device

  8. jjrh

    Ah okay thanks for the clarification.

  9. vanitasvitae

    jjrh: :)

  10. lovetox

    jdev seems down

  11. lovetox

    flow: 3.2 Verification of <openpgp/> Content Recipients MUST verify that the signature is valid, that the signature's key corresponds to the sender's key,

  12. jonasw

    seems up to me, lovetox

  13. lovetox

    can we relax this a little bit

  14. lovetox

    if a contact writes me offline messages, and i dont have the keys yet

  15. jonasw

    then you have to wait until you have the keys, no?

  16. lovetox

    this would mean caching all messages for later decryption IF i get the public key

  17. jonasw

    signature validation sounds kinda important.

  18. lovetox

    yes, but it doesnt has to be made instantly

  19. lovetox

    especially not on first contact

  20. lovetox

    i dont know how omemo does that, but i can read offline messages also without querying keys from the contact first

  21. lovetox

    especially with other rules in the XEP like "blind trust on first contact" which seem to try and make this as easy and painless as possible

  22. jonasw

    you can’t be sure those aren’t spoofed though

  23. lovetox

    we are talking about first contact, if a attacker is a man in the middle, he can supply all the data he wants, it does not help me to query keys

  24. lovetox

    signature verification makes only sense, if i verified that a fingerprint belongs truly to my contact

  25. jonasw

    but if it’s an offline message, it’s unclear whether the attacker *still* has the power

  26. jonasw

    it might be that they hijacked a device and were able to send a spoofed message

  27. !XSF_Martin

    Why not mark the message as 'unverified'

  28. jonasw

    but that access to the account was revoked?

  29. jonasw

    lovetox, the contact also might have untrusted devices which intentionally do not have access to the GPG keys and are not used to send or receive GPG messages

  30. jonasw

    hmm. but those devices could publish forged keys, so nevermind

  31. lovetox

    !XSF_Martin, not allowed by the XEP

  32. lovetox

    im not arguing that there cant be a case found where this rule would help to migitate a attack

  33. lovetox

    the question is, is it worth the hassle

  34. lovetox

    it does not help against man in the middle which is the biggest risk, we blind trust all keys, this alone is a HUGE risk

  35. jonasw

    it boils down to: (a) who controls which keys are considered valid vs. who is able to send a message with this sender? and (b) why sign when verification is optional?

  36. lovetox

    so why beeing so strict on this thing that does certainly not add a new big risk

  37. lovetox

    jonasw, im not saying verification should be optional

  38. jonasw

    anyways, gotta run

  39. lovetox

    just something like, on first contact we can display the messages until we received the key

  40. lovetox

    or something like that

  41. lovetox

    i mean i can do this anyway, this XEP MUST is useless because it cant be enforced

  42. lovetox

    it should be in the business rules or something, a suggestion with an exception or something like that

  43. lovetox

    always verify, except you hadnt time to receive the key or something

  44. lovetox

    what im saying, i will not implement this, its not worth the hassle to make the whole client async decrypt messages