[Standards] Proposed XMPP Extension: Trust Messages
jonas at wielicki.name
Sat Feb 22 10:30:08 UTC 2020
On Dienstag, 18. Februar 2020 16:55:58 CET Jonas Schäfer wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP.
> Title: Trust Messages
> This document specifies a way to communicate the trust in public long-
> term keys used by end-to-end encryption protocols from one endpoint to
> URL: https://xmpp.org/extensions/inbox/trust-messages.html
A few comments from my side.
1. This may be more of an editorial comment, but I would like our examples be
valid XML as far as possible. The examples in in section 3 are not, and I
think the section would be more readable if the examples were merged into a
single one with a complete and valid <trust-message/> element.
2. This document lacks a complete description of the attacker model. I think
this should go in the (missing) Requirements section. For example, the
document advocates the use of MAM and Carbons, both of which may be ways for a
malicious server to employ active attacks against specific clients.
3. The XEP assumes that the peer can use Message Carbons, but it does not do
any service discovery. It simply relies on that (see Section 5). This is
probably not ideal.
4. Section 4.2: I don’t think this document should explain how SCE works.
Mentioning that the use of SCE or OX is recommended (or even required) plus
showing an example is good enough.
My main problem with the ProtoXEP would be the following: It does not at all
deal with a server interfering with stanza delivery (either dropping stanzas,
re-routing them, replays, traffic analysis etc.). The implications of this
need to be discussed in the Security Considerations, along with an attacker
I am still going +1 on this one, because it seems something worth looking into
and I think we should get it into development under XSF IPR.
P.S.: Remember that Experimental is neither endorsement nor implementation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Standards