[Standards] Encrypted Jingle File Transfer

Vanitas Vitae vanitasvitae at riseup.net
Tue Jun 6 15:11:37 UTC 2017


Hi Goffi!

I actually already thought about the securiy element as well. It seems
like there are two different possibilities here:

  * Implement the security element
      o - leaves metadata in the clear
      o + more flexible and easier to implement
      o + integrates better into existing XEPs
      o implementations that do not support this can still transfer the
        (encrypted) file/stream (not sure, if this is positive/negative)
  * Transport metadata and key serialized/xmlenc encrypted
      o + hides metadata
      o - not trivial to do
      o - more likely to require addon-XEPs

While the second solution is more preferable from a privacy standpoint,
I'm thinking of going the first route first and maybe later tackle the
second way.


Am 06.06.2017 um 16:36 schrieb Goffi:
> I would like that we avoid something tied to File Transfert, so we can
> use
> encryption with any application (or transport), and for this we need
> to have encryption layer between application and transport.

I thought about it and in theory the "partial-stanza-encryption" method
should also be applicable on other applications like voice/video. This
requires some more thought though...

Vanitasvitae
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170606/07009151/attachment.html>


More information about the Standards mailing list