[Standards] UPDATED: XEP-0434 (Trust Messages (TM))

Andrew Nenakhov andrew.nenakhov at redsolution.com
Sun Dec 6 23:17:52 UTC 2020


I mean, what 'remaining authentications' are you referring to?

Can you describe a scenario, like, Romeo with a smartphone and Juliet with
desktop computer want to initiate an encrypted chat, what do they do?

On Mon, Dec 7, 2020, 00:00 Melvin Keskin <melvo at olomono.de> wrote:

> Hello Andrew,
>
> thanks for your questions!
>
> The authentication of public long-term keys is needed to ensure that
> those keys are the keys of the pretended owners.
>
> Trust Messages (TM) is intended to provide a basis for XEPs such as
> Automatic Trust Management (ATM) (
> https://xmpp.org/extensions/inbox/automatic-trust-management.html).
>
> ATM minimizes the effort of authenticating all keys manually. You need
> to manually authenticate a key (e.g. by verifying its fingerprint) only
> once. The remaining authentications are done automatically.
>
> Additionally, ATM can improve the security because verifying many
> fingerprints involves the time and concentration of the verifier.
> Mechanisms such as QR code scanning might improve the latter problem
> but it is still time consuming.
>
> Thus, QR code scanning should be preferred for the initial
> authentication of a key which ATM needs to automate all remaining
> authentications.
>
> I hope that helped to understand the purpose of both XEPs better.
>
>
> Kind regards,
>
> Melvin
>
> > Can someone explain this to me like I'm 5 years old? Why is this
> > needed and how it improves security over regular 0384? Isn't
> > fingerprint matching enough a caution?
> >
> > вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <jonas at wielicki.name>:
> > >
> > > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been released.
> > >
> > > Abstract:
> > > This document specifies a way to communicate the trust in public
> > long-
> > > term keys used by end-to-end encryption protocols from one endpoint
> > to
> > > another.
> > >
> > > Changelog:
> > > Improve explanations, descriptions and examples, introduce new
> > > attribute and complete all sections:
> > > * Remove link to encryption protocol namespaces.
> > > * Add short name
> > > * Shorten and improve introduction.
> > > * Use emphasizing text formatting instead of quotation marks.
> > > * Add new section for explaining the core properties of trust
> > > messages.
> > > * Add examples comparing trust messages to public key certificates.
> > > * Improve description of trust message structure.
> > > * Introduce 'usage' attribute for 'trust-message' element.
> > > * Focus on  and adjust examples accordingly.
> > > * Complete sections 'IANA Considerations', 'XMPP Registrar
> > > Considerations' and 'XML Schema'. (melvo)
> > >
> > > URL: https://xmpp.org/extensions/xep-0434.html
> > >
> > > Note: The information in the XEP list at
> > https://xmpp.org/extensions/
> > > is updated by a separate automated process and may be stale at the
> > > time this email is sent. The XEP documents linked herein are up-to-
> > > date.
>
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20201207/e5fc0c74/attachment.html>


More information about the Standards mailing list