[Standards] Proposed XMPP Extension: Trust Messages

Jonas Schäfer jonas at wielicki.name
Sat Feb 22 10:30:08 UTC 2020

On Dienstag, 18. Februar 2020 16:55:58 CET Jonas Schäfer wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
> Title: Trust Messages
> Abstract:
> This document specifies a way to communicate the trust in public long-
> term keys used by end-to-end encryption protocols from one endpoint to
> another.
> URL: https://xmpp.org/extensions/inbox/trust-messages.html

A few comments from my side.

1. This may be more of an editorial comment, but I would like our examples be 
valid XML as far as possible. The examples in in section 3 are not, and I 
think the section would be more readable if the examples were merged into a 
single one with a complete and valid <trust-message/> element.

2. This document lacks a complete description of the attacker model. I think 
this should go in the (missing) Requirements section. For example, the 
document advocates the use of MAM and Carbons, both of which may be ways for a 
malicious server to employ active attacks against specific clients.

3. The XEP assumes that the peer can use Message Carbons, but it does not do 
any service discovery. It simply relies on that (see Section 5). This is 
probably not ideal.

4. Section 4.2: I don’t think this document should explain how SCE works. 
Mentioning that the use of SCE or OX is recommended (or even required) plus 
showing an example is good enough.

My main problem with the ProtoXEP would be the following: It does not at all 
deal with a server interfering with stanza delivery (either dropping stanzas, 
re-routing them, replays, traffic analysis etc.). The implications of this 
need to be discussed in the Security Considerations, along with an attacker 

I am still going +1 on this one, because it seems something worth looking into 
and I think we should get it into development under XSF IPR.

kind regards,

P.S.: Remember that Experimental is neither endorsement nor implementation 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/standards/attachments/20200222/9f660db2/attachment.sig>

More information about the Standards mailing list