14 Jan
2025
14 Jan
'25
4:49 a.m.
On 13/01/2025 22.53, Marvin W wrote:
You are referencing OX to base your PGP part on it,
however OX requires
the recipient to verify that the PGP key has a user id in the form
"xmpp:<bare-jid>" (this is a MUST in XEP-0373 § 3.2).
We could certainly modify OX to soften this restriction. When OX was
written, we did not really consider PGP messages originating from
outside XMPP. But this sounds like a reasonable use-case.
Hence OX could simply state that recipients must verify the signature.
And that only if the PGP message is supposed to originate from within
XMPP it the user ID should contain the sender's XMPP address.
- Flow