[Standards] Proposed XMPP Extension: Stanza Content Encryption

Dave Cridland dave at cridland.net
Mon Jun 24 21:28:50 UTC 2019


On Mon, 24 Jun 2019 at 20:46, Florian Schmaus <flo at geekplace.eu> wrote:

> On 24.06.19 19:04, Ненахов Андрей wrote:
> > пн, 24 июн. 2019 г. в 21:59, Georg Lukas <georg at op-co.de>:
> >> 1. I'd like to see certain fields of the <content/> being REQUIRED,
> >> especially:
> >>
> >> - the from address
> >
> > So much for deniability.
>
> You usually only need 'from' if you also sign the data, and then
> deniability is already gone. And if you do not sign the data, then the
> 'from' attribute carries no meaning and is actually harmful because an
> erroneous implementations could assume its value is genuine.
>

I think if you encrypt the data without a way to identify the sender, it's
not very interesting. But a system that encrypts, and then signs, as
distinct steps would mean that an attacker could resign a message, so a
"from" might be useful there.

But in no case does this mean deniability is affected. It might mean
anonymity is, though, in MUC for example.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20190624/79346eab/attachment.html>


More information about the Standards mailing list