XSF Discussion - 2022-05-16

Its May the 15th - a good time to consider adding your news to the online pad for the next XMPP Newsletter - I apologize, the draft PR is not yet open. 🙈 https://yopad.eu/p/xmpp-newsletter-365days

Hi, what is the policy/good practice for gateway regarding default e2e encryption? I'm translating direct message from ActivityPub to XMPP, however AP doesn't manage e2e encryption. I can encrypt in the gateway, but this would give a false sense of security to the user. Are we missing some XEP to indicate that a message can't be encrypted or an entity can't handle encryption?

not publishing keys is probably the equivalent of "doesn't support encryption"

Probably, I hope that modern clients play well in this case.

The only supported e2ee mechanism on gateways currently is probably OTR

Unfortunately popular clients removed support for it :P

pep.: in my specific case, I doubt that any AP implementation does implement OTR

It doesn't seem that crazy, and you don't have control over it as the gateway anyway so you can't really prevent it

I mean unless you explicitely temper with message contents

pep.: it doesn't sound crazy. But generally speaking, in current usage I see, AP is for more or less public content. If you want privacy, you'll better use something else in parallel, like XMPP.

Aren't there e2ee implementations already in AP-world?

Inline PGP would be simple and would work.

And would be ugly for non compatible clients .. And the length limit of mastodon characters...😀

Better don't use 4096 rsa

Only weak mastodon servers have sad character limits, good pleroma servers have good limits :)

How can they be weak when they hold up under the DDoS invoked when publishing a post?