[Standards] Proposed XMPP Extension: Trust Messages

Paul Schaub vanitasvitae at fsfe.org
Fri Feb 21 16:50:08 UTC 2020


Hi list!

Let me give some feedback to the Trust Messages ProtoXEP.

I'm not sure how well this specification performs against replay
attacks. If some encryption mechanism which prevents re-decryption of
old messages like OMEMO is used to encrypt the messages, than replay
attacks are probably not an issue, but I can imagine an attacker
replaying an OX encrypted message, reactivating some old devices. I know
this is a rather exotic attack vector, but I feel like the specification
should at least acknowledge it in some way. As a counter measure I could
imagine forcing the use of a SCE <timestamp/> element for example.

Personally I'm not a huge fan of web-of-trust-like structures, so I
dislike that example 5 shows Alice telling Carol to trust Bob.
However, there may be a use case for this, so maybe it is a good thing
to at least have the option to construct WOT structures, even though I
wouldn't do that personally.

While I'd still prefer using a master key that signs device keys for
simplified trust management, I can see some valid edge scenarios where
using Trust Messages would be preferable.

What I don't really like is the need to send individual messages to all
contacts. I'd prefer some PEP like solution to this, but I know that
this is not really possible, as the messages have to be encrypted
per-contact.

Style:
There are some very long, confusing sentences in the specification, eg.
"In combination with the usage of Message Archive Management (XEP-0313)
<https://xmpp.org/extensions/xep-0313.html> [5
<https://xmpp.org/extensions/inbox/trust-messages.html#nt-idm45137930897408>],
the delivery of trust messages to temporarily offline endpoints is
ensured even if they are available under a different resource after
going online than the last known one before going offline."

Shortening those would increase readability.

In summary, there are some things left open which I'd like to see
specified and readability can be improved.
Other than that I'm fine with this :)

Happy Hacking!

On 18.02.20 16:55, Jonas Schäfer (XSF Editor) wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
>
> Title: Trust Messages
> Abstract:
> This document specifies a way to communicate the trust in public long-
> term keys used by end-to-end encryption protocols from one endpoint to
> another.
>
> URL: https://xmpp.org/extensions/inbox/trust-messages.html
>
> The Council will decide in the next two weeks whether to accept this
> proposal as an official XEP.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200221/ad281e02/attachment.html>


More information about the Standards mailing list