[Standards] OTR

Florian Schmaus flo at geekplace.eu
Tue Dec 23 10:14:46 UTC 2014


On 22.12.2014 19:16, Sam Whited wrote:
> On 12/22/2014 11:28 AM, Bartosz Małkowski wrote:
>> I'm not sure we should start new XMPP stream covered by OTR. It 
>> depends on what we want to do. We can't hide that communication 
>> between A and B happens. Does encrypting whole stanzas is worth of 
>> complications?

> eg. after the initial setup / stream initialization:
> 
>     <!-- All messages looks like this to the server. Nothing else gets
> sent unless it's in the OTR stream. -->
>     <message to="B" from="A" type="otr">
>     ---OTR-ENCRYPTED---
>       <something>could be any type of XMPP message</something>
>     ---END-OTR---
>     </message>

I see two design issues. You already mentioned the custom type value.
Never invent new values for defined (top level) elements or new
attributes (XEP-0134 § 2.1).

Also your custom (OTR) payload should (must?) be encapsulated into a
extension element. So your example becomes:

<message to='user at example.org'>
  <otr xmlns='urn:xmpp:otr:1'>
    <!-- OTR payload here -->
  </otr>
</message>

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 668 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20141223/87938fc5/attachment.sig>


More information about the Standards mailing list