[Standards] XEP-0384 (OMEMO Encryption) Multiple "key" elements with the same "rid" attribute

Germán Máquez Mejía marquez.mejia at fu-berlin.de
Wed Dec 14 12:45:21 UTC 2016


Since the Device ID is only unique within a devicelist, there may be
more than one recipient device with the same ID. In this case a message
will contain more than one "key" element with the same "rid" attribute,
which would cause only one recipient to be able to decrypt the payload
decryption key and tag. Which one, depends on whose encryption key comes
first in the header. All others, not being able to decrypt, will discard
the message.

Therefore the specification should include instructions on how to
proceed when the "key" element's contents cannot be successfully
decrypted, namely to iterate over the rest of the key elements to see if
there are more occurrences of the wanted rid which lead to successful
decryption. Only after the entire list is inspected the recipient can
discard the message.

Of course, in 1:1 chats only a maximum of two occurences of the same
Device ID are expected to be found. In 1:n however, this could be up to
n+1. Though very unlikely ;)

What are your thought on this?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20161214/88bc015e/attachment.sig>

More information about the Standards mailing list