[Standards] UPDATED: XEP-0434 (Trust Messages (TM))

Melvin Keskin melvo at olomono.de
Sun Dec 6 18:56:38 UTC 2020


Hello Andrew,

thanks for your questions!

The authentication of public long-term keys is needed to ensure that
those keys are the keys of the pretended owners.

Trust Messages (TM) is intended to provide a basis for XEPs such as
Automatic Trust Management (ATM) (
https://xmpp.org/extensions/inbox/automatic-trust-management.html).

ATM minimizes the effort of authenticating all keys manually. You need
to manually authenticate a key (e.g. by verifying its fingerprint) only
once. The remaining authentications are done automatically.

Additionally, ATM can improve the security because verifying many
fingerprints involves the time and concentration of the verifier.
Mechanisms such as QR code scanning might improve the latter problem
but it is still time consuming.

Thus, QR code scanning should be preferred for the initial
authentication of a key which ATM needs to automate all remaining
authentications.

I hope that helped to understand the purpose of both XEPs better.


Kind regards,

Melvin

> Can someone explain this to me like I'm 5 years old? Why is this
> needed and how it improves security over regular 0384? Isn't
> fingerprint matching enough a caution?
> 
> вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <jonas at wielicki.name>:
> >
> > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been released.
> >
> > Abstract:
> > This document specifies a way to communicate the trust in public
> long-
> > term keys used by end-to-end encryption protocols from one endpoint
> to
> > another.
> >
> > Changelog:
> > Improve explanations, descriptions and examples, introduce new
> > attribute and complete all sections:
> > * Remove link to encryption protocol namespaces.
> > * Add short name
> > * Shorten and improve introduction.
> > * Use emphasizing text formatting instead of quotation marks.
> > * Add new section for explaining the core properties of trust
> > messages.
> > * Add examples comparing trust messages to public key certificates.
> > * Improve description of trust message structure.
> > * Introduce 'usage' attribute for 'trust-message' element.
> > * Focus on  and adjust examples accordingly.
> > * Complete sections 'IANA Considerations', 'XMPP Registrar
> > Considerations' and 'XML Schema'. (melvo)
> >
> > URL: https://xmpp.org/extensions/xep-0434.html
> >
> > Note: The information in the XEP list at 
> https://xmpp.org/extensions/
> > is updated by a separate automated process and may be stale at the
> > time this email is sent. The XEP documents linked herein are up-to-
> > date.



More information about the Standards mailing list