[Standards] XEP-0373: Retracting public keys

Philipp Hörist philipp at hoerist.com
Thu Jul 6 21:45:34 UTC 2017


>
>
> That is fine for the "one keypair for all devices of a user" approach.
> While this is my favourite approach, the one I think OpenPGP/XMPP for
> the masses could likely look like, we should leave the door open for
> approaches involving multiple keypairs and/or subkeys.
>
>
No this is also fine in the multiple key use case.

Every device checks if its key is published, if not it adds its key to the
already published ones. It republishes its own key in addition to the ones
already published.

When we get an event where a key is missing that we used before, we just
make sure to not encrypt to that key anymore. How this is done can be left
to the Clients, if they show users these inactive keys or mark it somehow,
or just delete them.

if i think about it more now, this XEP has the exact same situation like
OMEMO.

With OMEMO we use Devicelists, because it seems wasteful to receive all the
public keys every time we go online, even though we need them only once.

This becomes increasingly wasteful the more devices and keys are published.
Now think about broad adoption of this XEP, suddenly you have 20+ Contacts,
with multiple devices, and on coming online you get all the keys from them
every time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170706/bdb3cb34/attachment.html>


More information about the Standards mailing list