jonas’CSS is commonly used with HTML, but you can use HTML without CSS just fine, and you can use CSS with things which are not HTML (e.g. GTK or SVR)✎
Ge0rGYou know what they said about PHP? A fractal of bad design.
jonas’CSS is commonly used with HTML, but you can use HTML without CSS just fine, and you can use CSS with things which are not HTML (e.g. GTK or SVG) ✏
jonas’I don’t see that here though
waqasGe0rG: You need to make peace with the fact that everything sucks, and that is unlikely to ever change :)
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Ge0rGwaqas: I can't make peace with it, I can merely try to rant less.
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
waqashas left
olihas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
lorddavidiiihas joined
lhas joined
lhas joined
mrDoctorWhohas joined
vanitasvitaehas left
igoosehas left
Marandahas joined
alacerhas joined
stevenhas joined
alacerhas left
Zashhas left
Zashhas left
!xsf_Martinhas joined
frainzhas left
j.rhas joined
frainzhas joined
Andrew Nenakhovhas joined
Zashhas left
Andrew Nenakhovhas joined
Zashhas left
olihas joined
krauqhas joined
404.cityhas joined
krauqhas joined
404.cityhas left
olihas joined
benpahas joined
uhoreghas joined
_purple_bothas joined
Matthewhas joined
labdsfhas left
labdsfhas joined
igoosehas joined
valohas joined
j.rhas joined
olihas joined
vanitasvitaehas left
olihas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Half-Shothas joined
Half-Shothas left
vanitasvitaehas left
jonas’who’s responsible for the registries? (<https://github.com/xsf/registrar>)
lumihas joined
vanitasvitaehas left
vanitasvitaehas left
vinx55has joined
j.rhas joined
krauqhas joined
danielhas joined
vinx55has left
nycohas left
Yagizahas joined
APachhas left
APachhas left
alacerhas joined
krauqhas joined
igoosehas left
igoosehas joined
nycohas joined
vanitasvitaehas left
nycohas left
lskdjfhas joined
labdsfhas left
Yagizahas left
Yagizahas joined
lhas left
Wiktorhas left
j.rhas joined
Guusjonas’ Until there is a perceived need for a more formal governing body, the functions of the XMPP Registrar shall be managed by the XMPP Extensions Editor [6]
ralphmVacation is almost over here, making more time for all things XMPP this month.
APachhas joined
ralphmIncluding finally getting the items with Peter sorted.
waqashas joined
ralphm2. FOSDEM / Summit
ralphmGuus, any news on hotel?
GuusI've send a request for a quote, but have not received one yet.
GuusI expect that to happen today or tomorrow
Guusafter which I'll forward it to the mailing lists, much like we did last year.
ralphmOtherwise, let's sync tomorrow on all the things
Guus(I'm getting a quote from Thon EU again)
GuusI've also tried to reach out to the same restaurant for the XSF Dinner
Guuscouldn't get someone on the phone, but left a message
Guusthat's it for now.
ralphmOk
ralphmThanks
ralphm3. GSoC
SeveThank you Guus
!xsf_Martinhas joined
GuusJoachim expressed some interest in participating, but communication seems to have broken down over the holidays.
Guus(GSoC, that is)
GuusI'll follow up with him
Guusno others have stepped forward.
GuusLet's aim to have a go/no go in next weeks meeting?
ralphmOk, maybe good to repeat the request now holidays are over
GuusI don't like battering people. I'll publicly follow up Joachim. If someone else is interested, they can chime in.
ralphmOk
MattJHey
SeveGood
MattJSorry, here now
ralphm5. JabberSpam trademark
Guushi MattJ
ralphm(hi)
mightyBroccolihas left
ralphmGood comments, Guus
GuusGe0rG has send in an application, that has had little response. He requests action.
ralphmI'd still like to get guidance from Peter
Ge0rGPeter acknowledged my request some two weeks ago.
ralphmYes, I got a copy
Guusinterestingly, the website speaks of a Trademark WT
Guuswho's that?
Ge0rGIIRC, last time I asked for a trademark license, it ended up being voted by Board (after Peter's principal approval)
ralphmCurrently, just Peter, I think.
Guus(It does not explicilty name it a work team, but it suggests that there's a group of people, plus the executive directory, that are said team).
ralphmDirector
Guussorry 🙂
mightyBroccolihas joined
MattJThe agreement does mention a "trademark committee" iirc
Guusthat might be it, yes.
ralphmAdding it to the list of topics.
ralphmGe0rG: trying to get that resolved soon
GuusI just created a small PR to the website, that should get Peters attention too
Guus(regarding pending trademark applications)
!xsf_Martinhas left
GuusHopefully, we can gain some traction that way too.
ralphm6. E-mail issue for seve
GuusI'm not sure if this is just for Seve
Ge0rGFurther discussion has shown that I might need _two_ trademark permissions actually, one for the Org (requested), and another one for the "Jabber Spam Fighting Manifesto"
!xsf_Martinhas joined
ralphmI saw some discussion and request to remove from RBL
GuusI don't know what RBL is - or if we indeed do have an issue
ralphmSeve: did you get nyco's email?
Guusbut for several weeks, people seem to have email related issues
GuusSeve is one, but mail from the wiki (on account creation) do not show up either
Guusunsure if it is related
ralphmIf this keeps up we may have to start sending through a service like MailGun, I'll ask the iteam what their strategy is.
Severalphm: still no new emails from XSF lists, I was thinking on waiting for a new email to check if I get them now
GuusI'm hoping that iteam can give some kind of status update.
ralphmSeve: ok, that was sent just before this meeting
Guusif only to confirm or reject the notion that we have issues.
ralphmKev, intosi?
Severalphm: then no, I still do not get them
MattJI think someone will have to check the mail server log again then
ralphmAye
ralphmOk, taking that up with iteam.
SeveThank you for this, I really appreciate that
ralphm7. AOB?
Ge0rGI have one AOB
Guusno AOB from me.
MattJNone here
Ge0rGTomorrow is our 20th birthday. Somebody should give a party. https://slashdot.org/story/99/01/04/1621211/open-real-time-messaging-system
ralphmIndeed.
ralphmOf course the party will be distributed, with Disco and lots of Jingle.
Seve:)
Ge0rGralphm: are you going to MIX the drinks?
GuusmusthinkofaMIXjoke...
Guusthanks.
ralphmGe0rG: sure. I'm more Pub than Sub.
Ge0rGthat sounds rather zimpy.
Guusany practical idea's on commemorating the milestone?
Guusapart from bad puns, obviously.
Ge0rGGuus: somebody should write a blog post. I suggest "the half-life of instant messengers"
ralphmI had great ideas and no time, so that didn't work out.
Link MauveI think we wanted to organise one with Nÿco this year.
Ge0rGI'd volunteer, except -EBUSY
waqashas left
Guusthat goes for everyone, I'm afraid.
ralphmBut we might be able to do something around the Summit
Ge0rGmaybe we can crowdsource it? Collect the lifespans of IMs in a pad
mrDoctorWhoWhere does gajim keep the passwords on Windows?
Ge0rGI can manage an hour or two tomorrow to write it down
Ge0rGbut maybe a full history of all abandoned networks will be less funny of a read than I imagine
labdsfhas left
Ge0rGOh, https://waher.se/IoTGateway/SimpleIoTClient.md is back up
vanitasvitaehas left
jjrhhas left
stevenhas left
moparisthebestha I didn't know that "The term "Instant Messenger" is a service mark of Time Warner[11] and may not be used in software not affiliated with AOL in the United States."
labdsfhas joined
neshtaxmpphas joined
danielhas joined
stevenwtf is that true??
MattJThings like that are why we ended up with the term "roster", when at the time everyone was talking about your "buddy list(TM)" (e.g. https://www.bizjournals.com/sanjose/stories/1999/05/31/story7.html )
lovetoxhas joined
krauqhas joined
Ge0rGAlso why we ended up with XMPP.
UsLhas left
ZashTrademarks are why we can't have nice things
UsLhas joined
UsLhas left
UsLhas joined
UsLhas left
jjrhhas left
Ge0rGtrademarks don't expire, right?
MattJThey do
ZashNo they don't
MattJi.e. if you register a trademark you have to renew it after ~10y
Zash> This search session has expired. Please start a search session again by clicking on the TRADEMARK icon, if you wish to continue.
Ge0rGIt's just the "BUDDY LIST" result, it's still registered to AOL
404.cityhas joined
ZashYou also have to actively protect it as well, right? Ie go after people using it without permission and stuff.
ZashHm, but then I'm not sure which is whic hof ™ and ®
Ge0rG🤷
Annhas left
edhelashas left
lovetoxhas joined
edhelashas joined
danielhas joined
404.cityhas left
Annhas joined
sezuanhas left
thorstenhas left
waqashas joined
moparisthebesthas left
vaulorhas left
tahas left
labdsfhas left
lskdjfhas left
lskdjfhas joined
Wiktorhas left
pep.https://slashdot.org/comments.pl?sid=15607&cid=2048734 "clients are quite easy to write", fast forward 20 years later
alacerhas left
Wiktorhas left
thorstenhas joined
lhas joined
lskdjfhas left
Zashhas left
j.rhas joined
jjrhhas left
jjrhhas left
danielhas joined
jjrhhas left
lskdjfhas joined
Zashhas left
jjrhhas left
vanitasvitaehas left
jjrhhas left
lovetoxhas joined
Andrew NenakhovClients are indeed easy to write. It's just good clients that aren't.
jonas’true
tuxhas joined
alacerhas joined
jjrhhas left
lovetoxalso 20 years ago there was no MAM and Carbons no phones etc
efrithas joined
lovetoxno encryption, so it was basically, download the roster, and send a message
Steve Killehas left
Steve Killehas left
genofirehas left
genofirehas left
Steve Killehas joined
goffiHi, happy new year everybody. In XEP-0060, if I have an item with id "abc", I publish an other item with it "def", then I publish a new item with the first id ("abc") which will overwrite it. if I then request items with max=1, should I get "abc" or "def" ? § 7.1.2 says that item is overwritten and § 6.5.7 says that items returned are the "most recent". So I guess it should be "abc", right ?
genofirehas joined
goffiralphm: ^
pep.I think that question was also raised by edhelas a few months ago(?) I don't know if there's a clear answer
ZashIf you think about it as publishing a new item that just happens to also delete an older item, then it makes sense that the 'abc' one is the last item you get
GuusI'd argue, without looking at the xep, that something that's overwritten is not 'new'
goffiI got the same 2 thoughts, so it's confusing because 2 options could make sense.
jjrhhas left
goffithe XEPs states that the mosts recents items must be returned, so even if you overwritte, the "abc" one is the more recent.
goffimost*
GuusThe identity is not new
goffiyes, but the item is
GuusIs it new, or is the old one changed?
ZashI prefer the way where I don't have to throw out all the append-only assumptions from everywhere
waqashas left
alacerhas left
alacerhas joined
erkanfileshas joined
stevenSo I've coined this idea a few times the last few weeks in random MUCs, but I'm not sure how to approach taking it further than an idea:
I (and I'm sure others) have been thinking quite a bit about OMEMO key fetching and how easy it is for server admins to just serve extra keys for contacts etc. I don't think there is a single client that does not automatically accept all keys by default. (Conversations has an "expert setting" that lets you turn of accepting new keys. I think Gajim has something similar.)
I've been thinking about PGP to help improve this. My personal main objection to using PGP for encrypted messaging is that I prefer to not have my private key on my device at all times (in unencrypted form) like you need for XEP-0374. Instead, one could sign OMEMO keys with a PGP key to just have to do this once for each new device. In theory, this would not need to have your PGP key on a mobile device, for example. Since you could verify the OMEMO key fingerprint on on your desktop and then sign it there.
On the mobile device you only need to import your own public key and signed public keys of your contacts.
pep.Hah, Syndace ^
stevenNot sure I'm missing something that makes this hard to use. Also I don't know if PGP is still used at all.
oliwhy not encrypt the messages with pgp?
pep.We've been discussing with Syndace a bit and trying to find solutions about your concerns on the server being able to inject devices etc.
stevenoli, because this needs the pgp private key to be available at all times
stevenOMEMO keys are single-use-case and can easily be replaced when confiscated
pep.The idea with PGP is that the key would be stored on the server and the client can unlock it, but that has other pitfalls
stevenA PGP key is kinda like your ultimate beacon of trust 😀 We use it a lot at work f.e. for automatic deployments etc
stevenSo I never have my laptop or phone have it unencrypted and need to enter a lenghty passphrase for every use.
pep.(Well technically it could be done any way, but that's what I hear the most, that makes the most sense UX-wise)
stevenI don't think it's nice to type a passphrase for every message 😀
pep.Not for every message
Wiktorsteven: good idea, but this would require OpenKeychain on Andoird to verify the signature and/or sign the statement
stevenpep., I don't know how XEP-0374 works, tbh. Does it just use one master key all the time? Or does it use ephemeral subkeys or so?
waqashas joined
stevenWiktor, to verify yes. But to sign your own mobile key, you could do manual fingerprint verification with a desktop client like Gajim and sign your mobile's OMEMO key there and send the signature to the server. (Just thinking out loud here, though.)
pep.You choose? I don't know it that much either, I'm definitely not the reference here. I also know other people have concerns about 374, but I'm waiting on them to tell because I don't have the knowledge to back these claims
WiktorYeah, actually Conversations already has similar code but using X.509 instead of OpenPGP
pep.steven: so you want cross-signing basically right
pep.I think the way you're trying to implement it is going a bit far
mrDoctorWhohas joined
stevenpep., yeah well it's also possible of course to sign on the mobile client
stevenstill you'd have to enter the passphrase only once
steveninstead of very often/every message?
UsLhas joined
mrDoctorWhohas joined
j.rhas joined
SyndaceI saw you proposing that before but I didn't see a way to do that in a way which is not overkill.
SyndaceBut now that I think about it again you could probably do it without too much complexity
SyndaceYou might not even need GPG itself, rather a master key of any soet
SyndaceBut I'm busy right now, I'll take some time to think about it later/tomorrow
stevenSyndace, well, "a master key of any sort" isn't much better. The thing is that quite some people already have some form of web of trust with PGP keys and verified identities. (The company I work for is fully remote so at our annual offsite we do a quick PGP key signing ritual. From then on we can f.e. introduce a new coworker by having him meet a single colleague that signs his key.)
Syndacehas joined
efrithas left
stevenBasically PGP is identity-based while OMEMO is device-based. So to tie a device to an identity, it makes sense to use PGP I think.
Ge0rGsteven: PGP is a can of worms, especially but not exclusively regarding UX. Not even hardcore cryptowhores figure out all of its quirks
Syndacehas joined
Ge0rGI like the matrix idea of a master olm(?) key.
stevenGe0rG, true. But it's an accepted default.
stevenGe0rG, many people say the same about XMPP 😀
Ge0rGNo need to mix different crypto libraries with each other.
Ge0rGsteven [19:58]:
> Ge0rG, true. But it's an accepted default.
Nope. S/MIME is the accepted default.
Ge0rGThe PGP web of trust is just silly. I've verified your identity, therefore I trust you to verify other people's identities?
Ge0rGI think that PGP has a place in xmpp indeed, but without OMEMO then.
Tobiashas joined
Ge0rGJust have an account key, exchange it with your friends, share it between all your devices, problem solved. You leak your key? All of your chat history is compromised.
Ge0rGYou lose your device? Lucky you if you still have the key / recovery password. Then you'll regain all your logs.
Ge0rGOMEMO trust management is just madness. What do you do if you verified one of your friend's devices, but none of your own other device keys?
Ge0rGIt barely works as long as you have exactly one device and it doesn't get lost, stolen or broken.
stevenGe0rG, I don't think you have much experience using OMEMO..
stevenI have the Conversations "paranoid mode" where I have to manually approve new device keys and it works fine.
Andrew NenakhovI don't like the whole idea of omemo/otr. The only improvement in it over gpg is PFS but too many drawbacks. And gpg is good enough to stop any realistic state wide spying efforts. So PFS is needed to those who REALLY has reasons not to be spied and MitMed and traffic decrypted, and we know all too well who these people are. :-/
stevenWhen I first start chatting with a new contact, I will just blindly hit "ok" (I'm not gonna call them to spell it out for me), but after that when I get sent new device keys, I just ask them first if they started using another client.
stevenSo yeah in theory the admin could still hijack the key on the moment someone starts using a new client. That's why I'd prefer to just have my contacts' PGP keys and have them sign their OMEMO keys.
Andrew NenakhovSo, which keys could admin hijack?
Ge0rGsteven [20:05]:
> I have the Conversations "paranoid mode"
> When I first start chatting with a new contact, I will just blindly hit "ok" (I'm not gonna call them to spell it out for me)
I rest my case.
Andrew NenakhovIf he hijacks your public keys, then what?
stevenAndrew Nenakhov, the admin could install a module that whenever a user adds a new device, it broadcasts a different key instead that it owns itself. Because I described that I would only ask "did you start using a new client?" without also verifying the fingerprint.
stevenIdeally I just send them the fingerprint using their first OMEMO key to verify.
Ge0rGAndrew Nenakhov: the server Admin could add another device key to your account, or replace your key with his own.
stevenAndrew Nenakhov, he could but only if he's already doing that at the moment of the first encounter.
Ge0rGsteven: how do you ask your friends whether they got a new device? With the old key? Via SMS?
stevenGe0rG, with the old key(s).
stevenUsually it's someone that opened the webchat for the first time or downloads a desktop client or so.
Ge0rGsteven: so if they lost their phone, you are out of luck.
stevenSo yeah I should ask them to verify the fingerprint. But I don't have such highly sensitive conversations yet. Just thinking that in case I have, I'd prefer PGP instead of manually messing with fingerprints.
edhelashas left
stevenGe0rG, if they lost their phone and have never used a desktop/web client, yes.
moparisthebesthow do you verify their PGP key though?
Ge0rGsteven [20:11]:
> in case I have, I'd prefer PGP instead of manually messing with fingerprints.
Now with *that* I can totally agree.
steven(Also note that I'm the server admin of the server my social network is on, so I should have been targeted by a hacker for shady things to happen.)
stevenmoparisthebest, well, you only have to do that once. And you could delegate that to people you trust to do it thoroughly.
stevenAlso for higher-profile people, their PGP keys might be publicly known and signed by a bunch of people.
Andrew Nenakhovsteven, that what fingerprints check is for, so you should verify your contact fingerprints via an independent means of communication.
WiktorYou already specify your own PGP key in C, one can check if your contacts PGP key is signed by you
stevenAndrew Nenakhov, or with a signature of an authority you trust.
andrey.ghas left
Andrew NenakhovCool. So this authority could be compromised and all your struggle and pain with encryption will be for nothing.
Ge0rGThere is no trusted authority on PGP. This is what S/MIME is for...
stevenLike say some guy from The Guardian contacts you. He uses an OMEMO key. Most likely, his PGP key will be known, online on several websites and signed by people from other newspapers etc. If he signs the OMEMO key with that PGP key that I can find in multiple places with multiple signatures from other keys I can find in even more independent places, I would personally rest assured.
Andrew NenakhovIt never ceases to amaze me how people want security and privacy but not the inconveniences that mandatory come with them.
stevenAndrew Nenakhov, there's several levels of privacy of course. Of course I'd like the conversations with my friends to be private from petty hackers and bad admins getting government orders. But I know that these conversations are not safe from high-profile cyberspecialists. That's fine. If I'm about to become a whistleblower and talking with a newspaper, I'll up my security and me tolerace to the nuisances that come with it.
andrey.ghas joined
pep.> Ge0rG> There is no trusted authority on PGP. This is what S/MIME is for...
Trusting that authority is another story. DANE anybody? Does S/MIME even work with that
Ge0rGsteven: you've heard of https://evil32.com/ already?
Ge0rGpep.: there was a proposal
Ge0rGI'd love to have an implementation of that.
Ge0rGpep.: but not just the fingerprint, store the whole certificate in DNS
edhelashas left
steven> steven: you've heard of https://evil32.com/ already?
Ge0rG, hmm, I don't use the shortIDs personally. Not sure how, but my `gpg --list-keys` prints full IDs.
Ge0rGsteven: the point is that the key of your journalist is fake, together with all the keys that signed it
Wiktorsteven: defaults of gpg change over time, no automated system should use short fingerprints (OpenKeychain follows this)
edhelashas left
WiktorGe0rG: not necessarily, first of all legacy sigs used long key ids not short 32 bit but for years the full fingerprint is embedded in the signature
Ge0rGWhy isn't anyone complaining that HTTP upload to a MUC exposes your domain to all muc participants?
Link MauveGe0rG, because Conversations displays a picture instead of an URL.
Ge0rGWiktor: Chance fifty fifty
moparisthebestyour avatar exposes things too
Link MauveSo people are not aware of that.
moparisthebestprobably a bunch of other things
Link Mauvemoparisthebest, uh, no, it doesn’t.
moparisthebestin a different way, it lets me tell 'dwd' in one channel is the same as 'Dave' in another channel etc etc
moparisthebestif I happen to have the same person in my roster, that too
Ge0rGEverybody should use the same avatar!
WiktorGe0rG: this is 4 years old: https://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys
Ge0rGWiktor: I'm speaking about obtaining a key out of band
edhelashas left
Wiktor> Wiktor: Chance fifty fifty
> Wiktor: I'm speaking about obtaining a key out of band
?
WiktorOpenKeychain uses qr codes, full fingerprint
lorddavidiiihas left
Zashhas left
danielhas left
danielhas joined
lorddavidiiihas joined
winfriedhas joined
tahas left
tahas left
tahas joined
Ge0rGBut you can't scan the fingerprint of some journalist
j.rhas joined
404.cityhas joined
WiktorThis one uses full fingerprint https://theintercept.com/staff/micah-lee/
MattJhas left
mrDoctorWhohas left
lhas joined
oliGe0rG: i complain all the time (in my head)
oliregarding http upload
lovetoxsteven, 1. Gajim doesnt blind trust, but every single user tells me i should implement it
2. you just exchange one verification for another, you dont want to verify the omemo fingerprint, and trust an pgp signature on it, but next you dont want to verify the pgp fingerprint, then you just trust some names on a list that maybe work in a newspaper
lovetoxthats not how it works, if you want to be really secure, you have to put in the work
lovetoxthere is no magic solution how a computer can tell you that you can absolutly be sure that on the other end is Human X
lovetoxat somepoint, someone has to check this in the real world
olivideo
Wiktorlovetox, I think steven mentioned that their company's employees verify their PGP fingerprints in real world
lovetoxand then the next thing you have to realize is, that clients are not developed for 1% paranoid people
lovetoxWiktor, yeah so they know how this works, then they can do it with omemo fingerprints
lovetoxall of your pgp signing theorys are way to complex to implement, its already hard to get omemo as is working in a usable way
Wiktoryes, but for PGP once you sign a key the person can rotate subkeys freely and the trust is retained
Wiktorwith OMEMO there is no master key to hold device keys together
Wiktorjust clarifying what's the scope, I actually had an idea how to implement it outside clients using PGP but without modification from XMPP client developers using verified XMPP URIs (what basically is in the OMEMO QR code)
lovetoxAnd? do you see anyone using pgp in xmpp?
Ge0rGWiktor [21:16]:
> with OMEMO there is no master key to hold device keys together
And you have O(n*m) manual key management overhead
Wiktorpgp has two components, identity verification and signing/encryption, pgp for xmpp as is today is used only for signing/encryption, not identity verification
Ge0rGWhere n is your devices, and m the other users.
Wiktoryou already do M when you verify your users OMEMO keys?
Wiktorthe problem is you need to repeat it for every new device key
lovetoxThats the whole story of signal, no master key, its a feature that enables you easily add new devices
lovetoxthat is what makes it usable for the masses
lovetoxnow you want to "secure" that down to pgp levels
lovetoxjust use pgp
Wiktorthere is no way to use pgp identity verification in xmpp currently
Wiktorpgp fingerprints are transferred in band in all pgp xeps I've seen
tahas joined
lovetoxxmpp is just a transport protocol, everything pgp offers you can use
lovetoxits like email in that sense, it transports the encrypted payload, you can verify around that with keyservers or whatever crazy construct you think up
Yagizahas left
Wiktorverification of pgp keys can be done with QR codes like with OMEMO and with OpenKeychain, nothing uses that so bascially pgp in xmpp as it is now relies on server telling the fingerprints to clients, there is no paranoid mode like in OMEMO
Wiktorbut I think what steven proposed (as far as I understood) would be to use pgp keys that already have trust between them (bidirectional signing) to sign OMEMO device keys
lovetoxand how do i get the public key to verify the sign?
lovetoxdont tell me from a server :D
Wiktoryou get the fingerprint by scanning QR code, this is identical to OMEMO
lovetoxok, so you dont want to scan the omemo qr code, because thats somehow to much work, thats why we sign the omemo key, then scan the pgp key that this was sign with
WiktorI don't want to scan omemo keys every time contact changes devices, pgp key is stable as it is the root of trust
lovetoxto me this sounds like you just moved your problem and added complexity
lovetoxand how does a user add a new device, where does he store his secret master pgp key?
moparisthebestyou also don't really have to involve PGP to get the same thing right?
lovetoxon the phone he just lost?
moparisthebestcan't the device key you trust sign new device keys, and let you know about that?
lovetoxthis is just exactly what people do since 20 years with pgp
lnjhas left
frainzhas left
lovetoxhaving a masterkey and singing sub keys
Wiktorlovetox, usually PGP master keys are more protected than offline keys like OMEMO, e.g. my signing/encryption keys are on hardware tokens, master key is on an airgapped offline machine
Wiktorlovetox, exactly
lovetoxWiktor, thats not usable for the masses
lovetoxthey dont store secret keys on hardware tokens
lovetoxthey get a new phone
lovetoxlog in, and want to chat
moparisthebestI meant something a little less strict, ie "trust any key I've trusted for x@x.com, and any new keys for x@x.com that one of my trusted keys have signed"
Wiktoris verified omemo for masses? but it exists
lovetoxthats what the signal protocol solved, thats why whatsapp is using this protocol for 1 billion people
frainzhas joined
lovetoxso what you describe is not an issue with omemo, its a design decision to make it usable for the masses
lovetoxif thats not secure enough just use pgp
lovetoxand if the pgp UI in clients is not what you think it could be, work on that
lovetoxinstead of making omemo into something it was never designed to be
Guushas left
edhelashas left
lnjhas joined
Wiktorthis is not an issue with "pgp UI" nor pgp as used for encryption, but if you say omemo should stay as close to signal as possible... okay
Wiktormoparisthebest, yep, that sounds lightweight, there is an issue with revoking devices and tracking which device signed which one
moparisthebestuh, revoking is just "now my trusted key for x@x.com said not to trust this other key for x@x.com" ?
stevenhas left
moparisthebestjust have to be careful that the signed message going away alone doesn't revoke trust, since the server operator could pull that off
moparisthebestbut it could also block the revoke message, I don't think there is anything you can do about that
404.cityhas left
moparisthebestit's at best a "my phone was stolen please don't encrypt messages to it anymore" switch
WiktorYep, maybe the signatures and revocation can be embedded in XMPP QR codes as for OMEMO, that is transported out of band
WiktorYes, stolen or unused anymore
moparisthebestyea that'd be pretty great
WiktorThere is alternative to revocations - re-signing expiring signatures every N weeks or so
WiktorJWTs work like that... a little :)
moparisthebestthen an evil server op can revoke keys though
moparisthebesttrying to decide if that's a problem, I mean they can also just block messages
Wiktoryeah
Wiktorbut putting these signatures in random messages would hide them :)