[Standards] UPDATED: XEP-0434 (Trust Messages (TM))

Melvin Keskin melvo at olomono.de
Mon Dec 7 18:26:18 UTC 2020


Here is an extensive and detailed example to show the usefulness of TM
/ ATM and hopefully answer your question. To keep it simple,
implementation details are omitted.

# Baseline

Alice would like to chat end-to-end encrypted with Bob. She uses a
notebook, a tablet and a smartphone for chatting via XMPP. Bob uses a
notebook and a smartphone.

In the case of OMEMO, each device has an own key. Therefore, Alice has
three keys and Bob has two keys. Alice has to authenticate Bob's keys
and Bob has to authenticate Alice's keys. Furthermore, they have to
authenticate their own keys.

# Without ATM

Currently, that involves the following actions:

Alice's notebook has to authenticate the key of her tablet (1), the key
of her smartphone (2), the key of Bob's notebook (3) and the key of his
smartphone (4).
Alice's tablet has to authenticate the key of her notebook (5), the key
of her smartphone (6), the key of Bob's notebook (7) and the key of his
smartphone (8).
Alice's smartphone has to authenticate the key of her notebook (9), the
key of her tablet (10), the key of Bob's notebook (11) and the key of
his smartphone (12).

Bob's notebook has to authenticate the key of his smartphone (13), the
key of Alice's notebook (14), the key of her tablet (15) and the key of
her smartphone (16).
Bob's smartphone has to authenticate the key of his notebook (17), the
key of Alice's notebook (18), the key of her tablet (19) and the key of
her smartphone (20).

The whole process involves 20 authentications. In my experience, doing
those authentications manually (e.g. by scanning QR codes containing
the fingerprint of each device) is too much for average users and even
too much for interested and motivated people.

# With ATM

When you use ATM, the number of manual authentications can be reduced
to a minimum while the other authentications are done automatically and
in a secure manner. The authentications which ATM needs to automate the
remaining authentications are the *initial authentications*. In the
following, only the initial authentications are marked with numbers.

An example procedure which makes use of QR code scanning could be the
following:

Alice scans with her notebook the QR code of her smartphone to
authenticate her smartphone's key (1).

Alice scans with her tablet the QR code of her smartphone to
authenticate her smartphone key (2).

Alice scans with her smartphone the QR code of her notebook to
authenticate her notebook's key (3).

Alice scans with her smartphone the QR code of her tablet to
authenticate her tablet's key (4).
Her smartphone automatically sends a TM for the key of her notebook to
her tablet. Her tablet uses the TM to automatically authenticate the
key of her notebook.
Her smartphone automatically sends a TM for the key of her tablet to
her notebook. Her notebook uses the TM to automatically authenticate
the key of her tablet.

Bob scans with his notebook the QR code of his smartphone to
authenticate his smartphone's key (5).

Bob scans with his smartphone the QR code of his notebook to
authenticate his notebook's key (6).

Alice meets Bob.

Bob scans with his smartphone the QR code of Alice's smartphone to
authenticate her smartphone's key (7).
His smartphone automatically sends a TM for the key of Alice's
smartphone to his notebook. His notebook uses the TM to automatically
authenticate the key of Alice's smartphone.
His smartphone automatically sends a TM for the key of his notebook to
Alice's smartphone. Her smartphone uses the TM to automatically
authenticate the key of Bob's notebook.

Alice scans with her smartphone the QR code of Bob's smartphone to
authenticate his smartphone's key (8).
Her smartphone automatically sends a TM for the key of Bob's smartphone
to her notebook and tablet. Her notebook and tablet use the TM to
automatically authenticate the key of Bob's smartphone.
Her smartphone automatically sends a TM for the key of her notebook and
the key of her tablet to Bob's notebook and smartphone. Bob's notebook
and smartphone use the TM to automatically authenticate the key of
Alice's notebook and the key of her tablet.

# Result

8 authentications cannot be automated in a secure manner. They are the
*initial authentications*. The remaining authentications can be done
automatically without reducing the security. The security could be even
improved as said in my previous message in comparison to manual
procedures like looking at two fingerprints and comparing them.

# Not only for OMEMO

The case of end-to-end encryption protocols where each chat partner has
only one key used by all devices (e.g. with OpenPGP for XMPP) is a
subset of the whole problem which is not covered by the mentioned
example. But ATM can improve the situation even for that case. It
reduces the number of manual authentications for multiple contacts:

Alice has three contacts. She has already authenticated their keys with
her smartphone and would like to use a new notebook. She can simply
scan with her smartphone the QR code of her notebook. Her smartphone
automatically sends a TM for the key of each contact to her new device.
As soon as Alice scanned with her notebook the QR code of her
smartphone, her notebook uses the TM to automatically authenticate the
keys of all three contacts.


Let me know if that was helpful ;)


> I mean, what 'remaining authentications' are you referring to?
> 
> Can you describe a scenario, like, Romeo with a smartphone and Juliet
> with
> desktop computer want to initiate an encrypted chat, what do they do?
> 
> On Mon, Dec 7, 2020, 00:00 Melvin Keskin <melvo at olomono.de> wrote:
> 
> > Hello Andrew,
> >
> > thanks for your questions!
> >
> > The authentication of public long-term keys is needed to ensure
> that
> > those keys are the keys of the pretended owners.
> >
> > Trust Messages (TM) is intended to provide a basis for XEPs such as
> > Automatic Trust Management (ATM) (
> > https://xmpp.org/extensions/inbox/automatic-trust-management.html).
> >
> > ATM minimizes the effort of authenticating all keys manually. You
> need
> > to manually authenticate a key (e.g. by verifying its fingerprint)
> only
> > once. The remaining authentications are done automatically.
> >
> > Additionally, ATM can improve the security because verifying many
> > fingerprints involves the time and concentration of the verifier.
> > Mechanisms such as QR code scanning might improve the latter
> problem
> > but it is still time consuming.
> >
> > Thus, QR code scanning should be preferred for the initial
> > authentication of a key which ATM needs to automate all remaining
> > authentications.
> >
> > I hope that helped to understand the purpose of both XEPs better.
> >
> >
> > Kind regards,
> >
> > Melvin
> >
> > > Can someone explain this to me like I'm 5 years old? Why is this
> > > needed and how it improves security over regular 0384? Isn't
> > > fingerprint matching enough a caution?
> > >
> > > вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <jonas at wielicki.name>:
> > > >
> > > > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been
> released.
> > > >
> > > > Abstract:
> > > > This document specifies a way to communicate the trust in
> public
> > > long-
> > > > term keys used by end-to-end encryption protocols from one
> endpoint
> > > to
> > > > another.
> > > >
> > > > Changelog:
> > > > Improve explanations, descriptions and examples, introduce new
> > > > attribute and complete all sections:
> > > > * Remove link to encryption protocol namespaces.
> > > > * Add short name
> > > > * Shorten and improve introduction.
> > > > * Use emphasizing text formatting instead of quotation marks.
> > > > * Add new section for explaining the core properties of trust
> > > > messages.
> > > > * Add examples comparing trust messages to public key
> certificates.
> > > > * Improve description of trust message structure.
> > > > * Introduce 'usage' attribute for 'trust-message' element.
> > > > * Focus on  and adjust examples accordingly.
> > > > * Complete sections 'IANA Considerations', 'XMPP Registrar
> > > > Considerations' and 'XML Schema'. (melvo)
> > > >
> > > > URL: https://xmpp.org/extensions/xep-0434.html
> > > >
> > > > Note: The information in the XEP list at
> > > https://xmpp.org/extensions/
> > > > is updated by a separate automated process and may be stale at
> the
> > > > time this email is sent. The XEP documents linked herein are
> up-to-
> > > > date.




More information about the Standards mailing list