XSF Discussion - 2022-05-16

  1. emus

    Its May the 15th - a good time to consider adding your news to the online pad for the next XMPP Newsletter - I apologize, the draft PR is not yet open. 🙈 https://yopad.eu/p/xmpp-newsletter-365days

  2. goffi

    Hi, what is the policy/good practice for gateway regarding default e2e encryption? I'm translating direct message from ActivityPub to XMPP, however AP doesn't manage e2e encryption. I can encrypt in the gateway, but this would give a false sense of security to the user. Are we missing some XEP to indicate that a message can't be encrypted or an entity can't handle encryption?

  3. Ge0rG

    not publishing keys is probably the equivalent of "doesn't support encryption"

  4. goffi

    Probably, I hope that modern clients play well in this case.

  5. pep.

    The only supported e2ee mechanism on gateways currently is probably OTR

  6. pep.

    Unfortunately popular clients removed support for it :P

  7. goffi

    pep.: in my specific case, I doubt that any AP implementation does implement OTR

  8. pep.

    It doesn't seem that crazy, and you don't have control over it as the gateway anyway so you can't really prevent it

  9. pep.

    I mean unless you explicitely temper with message contents

  10. goffi

    pep.: it doesn't sound crazy. But generally speaking, in current usage I see, AP is for more or less public content. If you want privacy, you'll better use something else in parallel, like XMPP.

  11. pep.

    Aren't there e2ee implementations already in AP-world?

  12. menel

    Inline PGP would be simple and would work.

  13. menel

    And would be ugly for non compatible clients .. And the length limit of mastodon characters...😀

  14. menel

    Better don't use 4096 rsa

  15. moparisthebest

    Only weak mastodon servers have sad character limits, good pleroma servers have good limits :)

  16. Zash

    How can they be weak when they hold up under the DDoS invoked when publishing a post?