14 Jan
2025
14 Jan
'25
7:37 a.m.
Hence OX could simply state that recipients must verify
the signature. And
that only if the PGP message is supposed to originate from within XMPP it
the user ID should contain the sender's XMPP address.
Honestly, why does OX care at all about user ID? It already knows what exact
key is allowed, so what user id it does or doesn't have doesn't really
affect security by much. OMEMO doesn't have user ids at all for example.