XSF Discussion - 2021-06-06


  1. karoshi has left
  2. pasdesushi has left
  3. pasdesushi has joined
  4. pasdesushi has left
  5. pasdesushi has joined
  6. paul has left
  7. pasdesushi has left
  8. pasdesushi has joined
  9. pasdesushi has left
  10. pasdesushi has joined
  11. pasdesushi has left
  12. pasdesushi has joined
  13. deuill has left
  14. tutenote has joined
  15. pasdesushi has left
  16. pasdesushi has joined
  17. deuill has joined
  18. pasdesushi has left
  19. Maranda has left
  20. Maranda has joined
  21. wurstsalat has left
  22. croax has left
  23. debacle has left
  24. millesimus has left
  25. tutenote has left
  26. stp has left
  27. roro has left
  28. millesimus has joined
  29. stp has joined
  30. marc has left
  31. mukt2 has left
  32. marc has joined
  33. moparisthebest has left
  34. moparisthebest has joined
  35. wendy has left
  36. mukt2 has joined
  37. Calvin has left
  38. stp has left
  39. wendy has joined
  40. Chan Shen has joined
  41. millesimus has left
  42. millesimus has joined
  43. mukt2 has left
  44. moparisthebest has left
  45. adiaholic has joined
  46. moparisthebest has joined
  47. wendy has left
  48. wendy has joined
  49. mukt2 has joined
  50. millesimus has left
  51. mukt2 has left
  52. moparisthebest has left
  53. moparisthebest has joined
  54. roro has joined
  55. millesimus has joined
  56. millesimus has left
  57. Menel has joined
  58. millesimus has joined
  59. burn has joined
  60. lorddavidiii has joined
  61. mukt2 has joined
  62. lskdjf has left
  63. mukt2 has left
  64. DebXWoody has joined
  65. wendy has left
  66. babacb has joined
  67. eevvoor has joined
  68. mukt2 has joined
  69. deuill has left
  70. deuill has joined
  71. mukt2 has left
  72. chronosx88 has left
  73. alexbay218 has left
  74. deuill has left
  75. jcbrand has joined
  76. deuill has joined
  77. mukt2 has joined
  78. adiaholic has left
  79. moparisthebest has left
  80. adiaholic has joined
  81. hamish has left
  82. hamish has joined
  83. ti_gj06 has joined
  84. adiaholic has left
  85. adiaholic has joined
  86. deuill has left
  87. wurstsalat has joined
  88. bean has joined
  89. goffi has joined
  90. deuill has joined
  91. govanify has left
  92. govanify has joined
  93. Steve Kille has left
  94. lorddavidiii has left
  95. lorddavidiii has joined
  96. Tobias has joined
  97. mukt2 has left
  98. LNJ has joined
  99. ti_gj06 has left
  100. ti_gj06 has joined
  101. goffi has left
  102. mukt2 has joined
  103. chronosx88 has joined
  104. COM8 has joined
  105. COM8 has left
  106. COM8 has joined
  107. COM8 has left
  108. andy has joined
  109. ti_gj06 has left
  110. debacle has joined
  111. chronosx88 has left
  112. chronosx88 has joined
  113. lorddavidiii has left
  114. floretta has left
  115. floretta has joined
  116. lorddavidiii has joined
  117. paul has joined
  118. nyco has left
  119. debacle has left
  120. xecks has joined
  121. goffi has joined
  122. chronosx88 has left
  123. chronosx88 has joined
  124. chronosx88 has left
  125. chronosx88 has joined
  126. karoshi has joined
  127. chronosx88 has left
  128. chronosx88 has joined
  129. chronosx88 has left
  130. chronosx88 has joined
  131. floretta has left
  132. floretta has joined
  133. marc0s has left
  134. marc0s has joined
  135. marc0s has left
  136. marc0s has joined
  137. mukt2 has left
  138. marc0s has left
  139. marc0s has joined
  140. marc0s has left
  141. marc0s has joined
  142. marc0s has left
  143. marc0s has joined
  144. BASSGOD has left
  145. BASSGOD has joined
  146. floretta has left
  147. floretta has joined
  148. lorddavidiii has left
  149. lorddavidiii has joined
  150. govanify has left
  151. govanify has joined
  152. stp has joined
  153. Andrzej has joined
  154. goffi has left
  155. stp has left
  156. şişio has joined
  157. croax has joined
  158. mukt2 has joined
  159. pasdesushi has joined
  160. deuill has left
  161. pasdesushi has left
  162. papatutuwawa has joined
  163. pasdesushi has joined
  164. mukt2 has left
  165. pasdesushi has left
  166. pasdesushi has joined
  167. COM8 has joined
  168. BASSGOD has left
  169. andy has left
  170. pasdesushi has left
  171. pasdesushi has joined
  172. BASSGOD has joined
  173. adiaholic has left
  174. govanify has left
  175. govanify has joined
  176. pasdesushi has left
  177. COM8 has left
  178. andy has joined
  179. pasdesushi has joined
  180. werdan has joined
  181. adiaholic has joined
  182. govanify has left
  183. govanify has joined
  184. LNJ has left
  185. pasdesushi has left
  186. andrey.g has joined
  187. adiaholic has left
  188. govanify has left
  189. burn has left
  190. govanify has joined
  191. adiaholic has joined
  192. ti_gj06 has joined
  193. hamish has left
  194. şişio has left
  195. şişio has joined
  196. hamish has joined
  197. adiaholic has left
  198. BASSGOD has left
  199. adiaholic has joined
  200. BASSGOD has joined
  201. deuill has joined
  202. marc0s has left
  203. marc0s has joined
  204. adiaholic has left
  205. adiaholic has joined
  206. DebXWoody has left
  207. mukt2 has joined
  208. Andrzej has left
  209. Andrzej has joined
  210. burn has joined
  211. pasdesushi has joined
  212. pasdesushi has left
  213. pasdesushi has joined
  214. hamish has left
  215. nyco has joined
  216. hamish has joined
  217. pasdesushi has left
  218. pasdesushi has joined
  219. adiaholic has left
  220. chronosx88 has left
  221. chronosx88 has joined
  222. pasdesushi has left
  223. pasdesushi has joined
  224. adiaholic has joined
  225. ti_gj06 has left
  226. millesimus has left
  227. millesimus has joined
  228. pasdesushi has left
  229. pasdesushi has joined
  230. pasdesushi has left
  231. pasdesushi has joined
  232. ti_gj06 has joined
  233. mukt2 has left
  234. pasdesushi has left
  235. pasdesushi has joined
  236. mathijs has left
  237. mathijs has joined
  238. deuill has left
  239. pasdesushi has left
  240. sonny has left
  241. sonny has joined
  242. deuill has joined
  243. hamish has left
  244. hamish has joined
  245. adiaholic has left
  246. adiaholic has joined
  247. chronosx88 has left
  248. chronosx88 has joined
  249. adiaholic has left
  250. adiaholic has joined
  251. deuill has left
  252. deuill has joined
  253. sonny has left
  254. sonny has joined
  255. govanify has left
  256. govanify has joined
  257. ti_gj06 has left
  258. govanify has left
  259. govanify has joined
  260. deuill has left
  261. wendy has joined
  262. pasdesushi has joined
  263. adiaholic has left
  264. LNJ has joined
  265. pasdesushi has left
  266. pasdesushi has joined
  267. pasdesushi has left
  268. pasdesushi has joined
  269. adiaholic has joined
  270. pasdesushi has left
  271. pasdesushi has joined
  272. pasdesushi has left
  273. pasdesushi has joined
  274. deuill has joined
  275. goffi has joined
  276. pasdesushi has left
  277. pasdesushi has joined
  278. Andrzej has left
  279. pasdesushi has left
  280. pasdesushi has joined
  281. L29Ah has left
  282. Alex has left
  283. Alex has joined
  284. adiaholic has left
  285. pasdesushi has left
  286. COM8 has joined
  287. COM8 has left
  288. COM8 has joined
  289. COM8 has left
  290. ti_gj06 has joined
  291. COM8 has joined
  292. DebXWoody has joined
  293. COM8 has left
  294. COM8 has joined
  295. paul has left
  296. nyco has left
  297. BASSGOD has left
  298. marc has left
  299. nyco has joined
  300. govanify has left
  301. govanify has joined
  302. marc has joined
  303. BASSGOD has joined
  304. şişio has left
  305. COM8 has left
  306. COM8 has joined
  307. COM8 has left
  308. andy has left
  309. govanify has left
  310. govanify has joined
  311. BASSGOD has left
  312. lskdjf has joined
  313. COM8 has joined
  314. COM8 has left
  315. adiaholic has joined
  316. xecks has left
  317. Calvin has joined
  318. xecks has joined
  319. nyco has left
  320. şişio has joined
  321. BASSGOD has joined
  322. adiaholic has left
  323. BASSGOD has left
  324. Andrzej has joined
  325. hamish has left
  326. stp has joined
  327. hamish has joined
  328. paul has joined
  329. mathijs has left
  330. BASSGOD has joined
  331. adiaholic has joined
  332. adiaholic has left
  333. Adi has left
  334. floretta has left
  335. floretta has joined
  336. nyco has joined
  337. pjn has left
  338. wurstsalat has left
  339. adiaholic has joined
  340. nyco has left
  341. pjn has joined
  342. lorddavidiii has left
  343. mathijs has joined
  344. şişio has left
  345. govanify has left
  346. govanify has joined
  347. şişio has joined
  348. lorddavidiii has joined
  349. lorddavidiii has left
  350. lorddavidiii has joined
  351. nyco has joined
  352. wurstsalat has joined
  353. wgreenhouse has left
  354. wgreenhouse has joined
  355. wendy has left
  356. Andrzej has left
  357. adiaholic has left
  358. adiaholic has joined
  359. nyco has left
  360. BASSGOD has left
  361. BASSGOD has joined
  362. Calvin has left
  363. xecks has left
  364. moparisthebest has joined
  365. nyco has joined
  366. adiaholic has left
  367. adiaholic has joined
  368. mathijs has left
  369. mathijs has joined
  370. burn has left
  371. Guus has joined
  372. floretta has left
  373. floretta has joined
  374. floretta has left
  375. floretta has joined
  376. Guus has left
  377. marc has left
  378. burn has joined
  379. pjn has left
  380. debacle has joined
  381. adiaholic has left
  382. adiaholic has joined
  383. robertooo has joined
  384. marc0s has left
  385. marc0s has joined
  386. govanify has left
  387. marc0s has left
  388. marc0s has joined
  389. pjn has joined
  390. govanify has joined
  391. xecks has joined
  392. ti_gj06 has left
  393. andy has joined
  394. marc0s has left
  395. marc0s has joined
  396. adiaholic has left
  397. adiaholic has joined
  398. nyco has left
  399. govanify has left
  400. govanify has joined
  401. marc0s has left
  402. marc0s has joined
  403. marc has joined
  404. Alex has left
  405. Alex has joined
  406. hamish has left
  407. hamish has joined
  408. Calvin has joined
  409. marc0s has left
  410. marc0s has joined
  411. burn has left
  412. raghavgururajan has left
  413. adiaholic has left
  414. adiaholic has joined
  415. Steve Kille has joined
  416. marc0s has left
  417. marc0s has joined
  418. marc0s has left
  419. marc0s has joined
  420. burn has joined
  421. marc0s has left
  422. marc0s has joined
  423. Calvin has left
  424. marc0s has left
  425. marc0s has joined
  426. adiaholic has left
  427. adiaholic has joined
  428. nyco has joined
  429. pjn has left
  430. wendy has joined
  431. burn has left
  432. burn has joined
  433. papatutuwawa has left
  434. sonny has left
  435. sonny has joined
  436. stp has left
  437. papatutuwawa has joined
  438. bean has left
  439. andrey.g has left
  440. mathijs has left
  441. chronosx88 has left
  442. chronosx88 has joined
  443. Calvin has joined
  444. adiaholic has left
  445. lovetox_ has joined
  446. raghavgururajan has joined
  447. Yagiza has joined
  448. adiaholic has joined
  449. marc0s has left
  450. marc0s has joined
  451. adiaholic has left
  452. robertooo vanitasvitae and others: I've watched the "Cryptographic Identity: Conquering the Fingerprint Chaos" presentation and I'm worried about the direction this is headed. What's the point of 1:1 copying what matrixorg does? Why not do things differently, why not do them better? Better for privacy, security, decentralization? Storing E2EE secrets server-side is a horrible idea. It's no longer E2E. It's dishonest to the users who don't have a clue keys are stored on servers. Yes, I know, matrix uses passwords to make it "secure". When protonmail originated the idea and marketing that a passphrase is E2E, I didn't think anyone, especially not libre software, would take this seriously. Think about it for a second, do you really believe people are capable of risk-management required for proper password creation and maintenance to secure encryption keys on public (often of undefined trust) servers? First, you create an easy to use app for average Joe and then tell him to upload his "legit E2EE" keys to random server and secure it with a password? How about he uses his account password (123456, stored in plaintext) for this?
  453. LNJ has left
  454. robertooo You can do the same (but more securely) without uploading keys to server nor using password to "secure" them. I talked about this with matrixorg team and they said it's completely doable and they know how to do it. I think it's in one of the specs they wrote. In short, it's not hard to securely transfer keys if you already have a secure layer designed for this, ie. OMEMO, that's the way to go. Matrix folks promised me back in a day (that was before they landed cross signing last year) that they will 100% give people choice on whether they want to upload keys to server or not. Even their cross signing release announcement mentions this. A year has passed since they released that, so I asked them recently, what's the plan, is this ever going to land? No reply. Currently element forces server-side storage even on users who actively opt-out. I think their plan is to use this to aid in rapid user growth, it's E2EE, but easy. Welp, more like faux-E2EE. They want people to store server-side, they will gradually expand what's stored server-side, people will get used to it and that's going to be the new legit E2EE. They may implement what they promised, but likely in 5 or 10 years, when everyone forgets and so that the feature isn't popular. This is clearly something both protocols can implement, it's more secure, it gives users freedom, and respects them by being honest. Meanwhile the developments around XMPP cross signing - as I see it - are aiming to blindly copycat another protocol's shortcomings. And its shortcomings are the prime qualities in which XMPP excels and why it's so good and so strong.
  455. BASSGOD has left
  456. Paganini has left
  457. BASSGOD has joined
  458. robertooo Disclaimer: I'm not categorically against storing anything server-side. I can understand that some people may be ok with that. And with not verifying fingerprints. But then, why even bother with encryption. XMPP provides superior privacy even without it. We don't need to cut corners.
  459. vanitasvitae robertooo: sharing keys across devices by uploading them encrypted to the server is only one possible way of syncing.
  460. vanitasvitae There are certainly other ways like manually copying them around, but thats not very user friendly
  461. vanitasvitae > Disclaimer: I'm not categorically against storing anything server-side. I can understand that some people may be ok with that. And with not verifying fingerprints. But then, why even bother with encryption. XMPP provides superior privacy even without it. We don't need to cut corners. Raise the floor instead of the ceiling.
  462. vanitasvitae I.e. a bit of crypto is better than none.
  463. robertooo I do understand that. I know XMPP is not P2P. But there's an immense difference between sharing keys in a secure OMEMO session and sharing keys by encrypting them with password (123456, stored in plaintext on user's server) and uploading to a random server...
  464. robertooo You may want to dig deeper into matrix's cross-signing story. Fe. this is a quote from their announcement: > Currently cross-signing requires that you store your encrypted cross-signing keys on the server, meaning that an attacker on the server who guesses your recovery passphrase/key could cross-sign a malicious device to spy on your account. Generally this is fine, as if you lose all your devices it’s the only way to recover your account’s cross-signing state. However, if you are super paranoid, you may wish to share (gossip) the keys between devices instead rather than storing them encrypted on the server. The protocol supports that - we just haven’t hooked it up yet. - https://element.io/blog/e2e-encryption-by-default-cross-signing-is-here/
  465. robertooo Please don't dismiss my concerns as proposing "manually copying keys". This is not what I'm talking about.
  466. peetah has joined
  467. adiaholic has joined
  468. robertooo And yes, a bit of crypto is good, but my proposal still allows for this without hurting UX for such less concerned people.
  469. lorddavidiii has left
  470. vanitasvitae > sharing keys by encrypting them with password (123456, stored in plaintext on user's server) and uploading to a random server... who proposes that? The OpenPGP XEP also allows for server-side storage of encryption keys and it uses a secure, random passphrase which is not picked by the user.
  471. xecks has left
  472. nyco has left
  473. vanitasvitae I agree, that this problem is not trivial to solve and in the talk I might have made it look simpler than it ultimately is 😛
  474. vanitasvitae I appreciate your input on the matter 🙂
  475. lorddavidiii has joined
  476. vanitasvitae I guess this is sort of a bootstrapping problem, isn't it? You need the cross-signing keys to sign device keys. On the other hand you want to use device keys to distribute cross signing keys.
  477. lovetox_ has left
  478. robertooo That's the password all my non-technical friends use. And they use random XMPP providers (so anything can happen really). Thus far the only reason, why I can say my communication with them is private is that I verify their OMEMO fingerprints. Matrix-style cross-signing with SSSS would make it no longer so, I would have to disable cross-signing on my friends' devices or move elsewhere. I'm not well versed on how would cross-singing with this OpenPGP XEP work. No password = definitely better. But still, it seems like storing keys server-side is needless, and I talked this through extensively with matrix folks.
  479. xecks has joined
  480. LNJ has joined
  481. vanitasvitae Well, one argument one could bring is, that with XMPP everything goes through the server eventually. So you might as well use the server for longer-term storage
  482. vanitasvitae As in, even if you send the keys encrypted from one device to another, it passes the server.
  483. vanitasvitae Just that, depending on the encryption scheme, the message might be encrypted with a random key instead of a passphrase.
  484. Maranda has left
  485. Maranda has joined
  486. robertooo Say you have 2 devices. 1 trusts 2. You get 3rd. No you'd have to verify both 1 and 2 on the 3rd. But you can also verify only 1 and then device 1 can send to device 3 what fingerprints it trusts (ie. device 2). This, but automatic. You get a new device, you scan one QR, you're done, no matter how many devices you have. You meet a friend, they scan your QR (only one) and they're done.
  487. vanitasvitae sounds like XEP-0450 to me
  488. DebXWoody I like the idea of QR scan.
  489. DebXWoody ok, I like the idea the user should be able to choose what he / she would like to use.
  490. vanitasvitae yeah
  491. DebXWoody May wife will not care about it at all, it should just work. I have keys on my nitrokey, which I may should like to use.
  492. peetah has left
  493. robertooo > So you might as well use the server for longer-term storage But you also have to trust the algorithms and protocols involved in this long-term storage. This stuff would be new and custom. Note that matrix folks basically rolled whole lot of their own crypto. Normally infosec despises rolling your own crypto and there's already been many bugs in matrix implementations. Also, a bit more state-level attacky, you also have to trust the encryption schemes long-term. I mean forever, until you're dead. This is because it's trivial to sniff the well packaged "your cross signing and decryption key backup" from the server. Hypothetically, if quantum computers are going to land in 10 years. If I sniff that little backup now, I can read everything you said. In 10 years. And, touch wood, the encryption schemes do have holes, and Signal protocol even if bleeding edge is quite new and untested.
  494. şişio has left
  495. hamish has left
  496. robertooo When I say trust algos and protos. I mean that now you really only need to trust one - OMEMO, but then you'll have to trust all this new stuff. Stuff introduced to the world only last year in matrix.
  497. şişio has joined
  498. vanitasvitae I understand your points, but I disagree with some.
  499. vanitasvitae The signal protocol is nearly 10 years old soon.
  500. vanitasvitae It has been subject to intensive studies by researchers for some time now.
  501. Andrzej has joined
  502. hamish has joined
  503. vanitasvitae I agree, that you should be very careful with uploading encryption keys to the server. However, the cross signing stuff only uploads attestation keys which would be used to automatically mark trustworthy fingerprints as such.
  504. LNJ has left
  505. vanitasvitae Btw. I'd be happy to take this discussion to the mailing list, as I'm kind of distracted right now 🙂
  506. Adi has joined
  507. LNJ has joined
  508. robertooo Yes, that's subjective. 10 years is new for me. On the other hand, what can you expect if curve25519 (the earlier alternative is proven shady) was released in 2005 and people started caring about this stuff only recently? These are best in class protocols. Still better to not put your life behind that solely.
  509. lovetox_ has joined
  510. vanitasvitae I'd say, if your life depends on it, don't use it. Still, if it enables the masses to communicate more securely by default, do it.
  511. BASSGOD has left
  512. robertooo Does that mean the master key isn't in that server-side encrypted blob? Where is it then? Matrix store everything in that blob, including master and all message decryption keys.
  513. robertooo Agree, hence that's less important and choice may be good to have.
  514. mathijs has joined
  515. robertooo I'm not on the mailing lists, but I'm non-stop here.
  516. vanitasvitae This is how I would do it with OMEMO: Each device has its own encryption keys. Those are never uploaded anywhere. Then you have your "Account Identity Key". This key can be uploaded to the server, but not necessarily. Lastly you have your set of attestation/cross signing keys. Those are signed by the Account Identity Key, and are uploaded to the server. These are only being used to sign device encryption keys.
  517. LNJ has left
  518. vanitasvitae Now, if an attacker manages to get hold of the private cross signing keys, they could introduce fake devices for the user (given that they also have access to the users account, so at that point the user should already chose another service to begin with).
  519. vanitasvitae They could however not access past encrypted communication, only fool contacts to encrypt new messages for the new evil device.
  520. vanitasvitae This would probably be detectable though.
  521. BASSGOD has joined
  522. croax has left
  523. vanitasvitae If the user detects this, they can use their Account identity key to rotate their cross signing keys.
  524. vanitasvitae So with this model, the user could keep their Account Identity Key (and also their cross signing keys) "offline" by choosing to not upload them.
  525. vanitasvitae BUT they have the option to do so.
  526. BASSGOD has left
  527. vanitasvitae And even if at some point crypto breaks, this mechanism would not be the cause of catastrophe.
  528. larma how do you handle lost or stolen account identity keys?
  529. vanitasvitae Dunno, pre-generating a revocation cert? 😛
  530. vanitasvitae There are still some rough edges with this idea, no doubt.
  531. vanitasvitae But I believe it would be better than what we have today.
  532. vanitasvitae Ideally the user would keep their Account Identity Key offline in a safe
  533. vanitasvitae nobody is going to do that, but it is possible.
  534. marc has left
  535. Sam has left
  536. marc has joined
  537. BASSGOD has joined
  538. larma attestation key could just be the same as encryption key. the account key is just a layer on top to hide the fact that revocations are a hard problem. So we're actually not far off your idea with XEP-0450
  539. vanitasvitae The flaw of XEP-0450 is that as soon as one device is compromised there is no clear way to recover.
  540. vanitasvitae (as far as I understand it)
  541. vanitasvitae Because a quick attacker could mark their device as trusted and then untrust all other devices of the user.
  542. Sam has joined
  543. larma Distrusting should not happen silently with the recipient, it's basically a "something is terribly wrong" message, which needs manual resolution.
  544. larma if you want to be more correct, you can store the trust chain, and if your anchor to this chain (the device you verified) is distrusted, all trusts derived from that will be distrusted as well (typicall resulting in no device being trusted any longer)
  545. larma if you want to be more correct, you can store the trust chain, and if your anchor to this chain (the device you verified) is distrusted, all trusts derived from that will be distrusted as well (typically resulting in no device being trusted any longer)
  546. vanitasvitae Thats chaos
  547. vanitasvitae Thats a really bad idea imho
  548. vanitasvitae What if you have cycles?
  549. nyco has joined
  550. vanitasvitae Do you expect the user to untether the chain, understanding the consequences of distrusting certain devices?
  551. larma Distrusting a device is a very rare thing to happen. It basically means you are under attack. The best way forward is to consider the channel compromised and resolve by creating a completely new trust relationship.
  552. vanitasvitae Is it?
  553. vanitasvitae What if I retire a device?
  554. vanitasvitae okay, fair point, maybe I shouldn't distrust it in that case
  555. LNJ has joined
  556. vanitasvitae Still, would you require the user to again manually re-scan all devices fingerprints?
  557. vanitasvitae Hm, what if I use OMEMO on a browser in an internet cafe for a day?
  558. vanitasvitae Surely I would want to distrust that set of keys at the end of the day?
  559. larma If you retire a device, you remove it from the active device list without distrusting it. If a retired device ever shows up again, you must consider the key compromised and distrust it, which may break trust chains
  560. hamish has left
  561. vanitasvitae I dislike the "devices are part of a trust chain" idea. I'd much rather have a clearly defined top-down tree-like chain that goes from the users identity down to their devices.
  562. vanitasvitae Thats easy to understand, and implement. Having chains of undefined length and possibly with cycles is a source for disaster imho.
  563. vanitasvitae What if an attacker gets hold of that one device you first used to establish the trust graph with and that is now the "root" element of your chain?
  564. bean has joined
  565. larma yeah, it sounds like the cleaner approach, but it doesn't match reality. People have n devices, none of them is the master device, so there is no way to have an identity key without putting things on users 99% won't understand
  566. hamish has joined
  567. vanitasvitae I disagree that the identity key approach doesn't reflect reality. If you sync the signing keys, there is no single master device.
  568. larma also cycles are hardly relevant here. the only relevant question is: is there a trust chain path from the device(s) you trust to an active device. If yes, consider that device trusted. Yes you have to do some minimal path finding and you can't just do a trivial recursive search if there are cycles, but it's really not that complicated either.
  569. vanitasvitae There are only devices with access to the signing keys (aka devices that can introduce new devices), and those who dont (lets say you are in an internet cafe, you wouldn't want to give that browser app access to your signing keys)
  570. larma the master device is the one holding the identity key. If you sync the identity key on every device you win nothing because having one device stolen means definitely losing all trust
  571. vanitasvitae You don't have to sync it on *every* device.
  572. adiaholic has left
  573. vanitasvitae Its enough to have one device which has access to it, but you can sync it to as much devices as you like.
  574. vanitasvitae s/much/many
  575. vanitasvitae If you sync it to any of your devices, this method basically becomes XEP-0450 in a way.
  576. ti_gj06 has joined
  577. croax has joined
  578. adiaholic has joined
  579. adiaholic has left
  580. govanify has left
  581. lorddavidiii has left
  582. Yagiza has left
  583. jl4 has joined
  584. floretta has left
  585. floretta has joined
  586. adiaholic has joined
  587. marc has left
  588. andrey.g has joined
  589. debacle has left
  590. debacle has joined
  591. adiaholic has left
  592. Andrzej has left
  593. DebXWoody has left
  594. sebastian has left
  595. sebastian has joined
  596. sebastian has left
  597. sebastian has joined
  598. alexbay218 has joined
  599. marc0s has left
  600. marc0s has joined
  601. andrey.g has left
  602. adiaholic has joined
  603. marc has joined
  604. govanify has joined
  605. alameyo has left
  606. adiaholic has left
  607. alameyo has joined
  608. adiaholic has joined
  609. BASSGOD has left
  610. adiaholic has left
  611. BASSGOD has joined
  612. Paganini has joined
  613. adiaholic has joined
  614. adiaholic has left
  615. adiaholic has joined
  616. Calvin has left
  617. adiaholic has left
  618. adiaholic has joined
  619. Geno has left
  620. Geno has joined
  621. yann-kaelig has joined
  622. adiaholic has left
  623. yann-kaelig has left
  624. yann-kaelig has joined
  625. goffi has left
  626. emus Hi @board, one is asking if we "would have used the old logo from the email provider mailbox.org" https://fosstodon.org/web/statuses/106360305747157101 Is that something we have to investigate? Is that actually of any real thing - as we show the XMPP logo and an envelope?
  627. emus Current logo:
  628. emus https://jabbers.one:5281/upload/q8nwhHdThGVXU1WL/0d195db2-d9bf-42f6-8191-3c6119893a65.png
  629. emus Old one:
  630. emus https://jabbers.one:5281/upload/XGeQrcUGgeWDHjDp/16c1e871-7ba4-4427-9be0-9a32e2312b45.png
  631. emus I dont even see the similarity to the old one?
  632. Adi has left
  633. BASSGOD has left
  634. Adi has joined
  635. BASSGOD has joined
  636. vanitasvitae I dont think this is an issue.
  637. vanitasvitae Its a generic letter symbol
  638. emus I think we dont meet any, of at least the German criteria of: - visual identical - identical in the meaning - you take this logo for mailbox.org - differences are obvious
  639. emus Me, too Shall we reply anything to this. I prefer not to
  640. vanitasvitae I asked them to post an example. I suspect this to resolve on its own.
  641. marc has left
  642. werdan has left
  643. jl4 has left
  644. jl4 has joined
  645. marc0s has left
  646. marc0s has joined
  647. emus I hope so
  648. marc has joined
  649. marc0s has left
  650. marc0s has joined
  651. eevvoor has left
  652. BASSGOD has left
  653. BASSGOD has joined
  654. chronosx88 has left
  655. chronosx88 has joined
  656. papatutuwawa has left
  657. marc has left
  658. debacle has left
  659. debacle has joined
  660. chronosx88 has left
  661. chronosx88 has joined
  662. BASSGOD has left
  663. arc has joined
  664. BASSGOD has joined
  665. BASSGOD has left
  666. stp has joined
  667. yann-kaelig has left
  668. yann-kaelig has joined
  669. yann-kaelig has left
  670. yann-kaelig has joined
  671. arc has left
  672. arc has joined
  673. BASSGOD has joined
  674. marc0s has left
  675. marc0s has joined
  676. arc has left
  677. peetah has joined
  678. yann-kaelig has left
  679. arc has joined
  680. Calvin has joined
  681. LNJ has left
  682. Tobias has left
  683. lovetox has left
  684. lovetox has joined
  685. LNJ has joined
  686. arc has left
  687. arc has joined
  688. arc has left
  689. arc has joined
  690. alameyo has left
  691. roro has left
  692. Kev has joined
  693. adiaholic has joined
  694. Calvin has left
  695. Menel has left
  696. ti_gj06 has left
  697. adiaholic has left
  698. Geno has left
  699. robertooo has left
  700. robertooo has joined
  701. Geno has joined
  702. Geno has left
  703. Geno has joined
  704. adiaholic has joined
  705. andrey.g has joined
  706. Geno has left
  707. Geno has joined
  708. bean has left
  709. burn has left
  710. marc0s has left
  711. marc0s has joined
  712. Geno has left
  713. adiaholic has left
  714. Geno has joined
  715. adiaholic has joined
  716. burn has joined
  717. wurstsalat has left
  718. Matthew (away) has left
  719. Matthew has joined
  720. andy has left
  721. adiaholic has left
  722. Geno has left
  723. Geno has joined
  724. arc has left
  725. arc has joined
  726. arc has left
  727. arc has joined
  728. arc has left
  729. arc has joined
  730. arc has left
  731. arc has joined
  732. debacle has left
  733. emus has left
  734. croax has left
  735. alameyo has joined
  736. Calvin has joined
  737. peetah has left
  738. adiaholic has joined
  739. Geno has left
  740. Geno has joined
  741. adiaholic has left