-
Seve
Listen to how XMPP is pronounced: https://www.youtube.com/watch?v=fz0yDNwEydU&feature=youtu.be&t=495 It's like a message from God! :D
-
edhelas
èxèmpaÿpeÿ
-
jjrh
In regards to the list message "staleness of devices" When we are talking about 'messages' are we referring to stanza's, or specifically the <message/> stanza?
-
jonasw
given that it’s omemo, we’re probably referring to OMEMO messages
-
jonasw
vanitasvitae, ^
-
vanitasvitae
jjrh: an OMEMO <encrypted/> element
-
vanitasvitae
Which is encrypted for our device
-
jjrh
Ah okay thanks for the clarification.
-
vanitasvitae
jjrh: :)
-
lovetox
jdev seems down
-
lovetox
flow: 3.2 Verification of <openpgp/> Content Recipients MUST verify that the signature is valid, that the signature's key corresponds to the sender's key,
-
jonasw
seems up to me, lovetox
-
lovetox
can we relax this a little bit
-
lovetox
if a contact writes me offline messages, and i dont have the keys yet
-
jonasw
then you have to wait until you have the keys, no?
-
lovetox
this would mean caching all messages for later decryption IF i get the public key
-
jonasw
signature validation sounds kinda important.
-
lovetox
yes, but it doesnt has to be made instantly
-
lovetox
especially not on first contact
-
lovetox
i dont know how omemo does that, but i can read offline messages also without querying keys from the contact first
-
lovetox
especially with other rules in the XEP like "blind trust on first contact" which seem to try and make this as easy and painless as possible
-
jonasw
you can’t be sure those aren’t spoofed though
-
lovetox
we are talking about first contact, if a attacker is a man in the middle, he can supply all the data he wants, it does not help me to query keys
-
lovetox
signature verification makes only sense, if i verified that a fingerprint belongs truly to my contact
-
jonasw
but if it’s an offline message, it’s unclear whether the attacker *still* has the power
-
jonasw
it might be that they hijacked a device and were able to send a spoofed message
-
!XSF_Martin
Why not mark the message as 'unverified'
-
jonasw
but that access to the account was revoked?
-
jonasw
lovetox, the contact also might have untrusted devices which intentionally do not have access to the GPG keys and are not used to send or receive GPG messages
-
jonasw
hmm. but those devices could publish forged keys, so nevermind
-
lovetox
!XSF_Martin, not allowed by the XEP
-
lovetox
im not arguing that there cant be a case found where this rule would help to migitate a attack
-
lovetox
the question is, is it worth the hassle
-
lovetox
it does not help against man in the middle which is the biggest risk, we blind trust all keys, this alone is a HUGE risk
-
jonasw
it boils down to: (a) who controls which keys are considered valid vs. who is able to send a message with this sender? and (b) why sign when verification is optional?
-
lovetox
so why beeing so strict on this thing that does certainly not add a new big risk
-
lovetox
jonasw, im not saying verification should be optional
-
jonasw
anyways, gotta run
-
lovetox
just something like, on first contact we can display the messages until we received the key
-
lovetox
or something like that
-
lovetox
i mean i can do this anyway, this XEP MUST is useless because it cant be enforced
-
lovetox
it should be in the business rules or something, a suggestion with an exception or something like that
-
lovetox
always verify, except you hadnt time to receive the key or something
-
lovetox
what im saying, i will not implement this, its not worth the hassle to make the whole client async decrypt messages