-
emus
Its May the 15th - a good time to consider adding your news to the online pad for the next XMPP Newsletter - I apologize, the draft PR is not yet open. 🙈 https://yopad.eu/p/xmpp-newsletter-365days
-
goffi
Hi, what is the policy/good practice for gateway regarding default e2e encryption? I'm translating direct message from ActivityPub to XMPP, however AP doesn't manage e2e encryption. I can encrypt in the gateway, but this would give a false sense of security to the user. Are we missing some XEP to indicate that a message can't be encrypted or an entity can't handle encryption?
-
Ge0rG
not publishing keys is probably the equivalent of "doesn't support encryption"
-
goffi
Probably, I hope that modern clients play well in this case.
-
pep.
The only supported e2ee mechanism on gateways currently is probably OTR
-
pep.
Unfortunately popular clients removed support for it :P
-
goffi
pep.: in my specific case, I doubt that any AP implementation does implement OTR
-
pep.
It doesn't seem that crazy, and you don't have control over it as the gateway anyway so you can't really prevent it
-
pep.
I mean unless you explicitely temper with message contents
-
goffi
pep.: it doesn't sound crazy. But generally speaking, in current usage I see, AP is for more or less public content. If you want privacy, you'll better use something else in parallel, like XMPP.
-
pep.
Aren't there e2ee implementations already in AP-world?
-
menel
Inline PGP would be simple and would work.
-
menel
And would be ugly for non compatible clients .. And the length limit of mastodon characters...😀
-
menel
Better don't use 4096 rsa
-
moparisthebest
Only weak mastodon servers have sad character limits, good pleroma servers have good limits :)
-
Zash
How can they be weak when they hold up under the DDoS invoked when publishing a post?