[Standards] UPDATED: XEP-0434 (Trust Messages (TM))
flo at geekplace.eu
Tue Jan 12 09:15:15 UTC 2021
I am surprised to find that this XEP does not specify the format of the
key identifier anywhere (at least I couldn't find it).
I had expected to find that the key identifier is qualified by the
encryption scheme of the key. That is, instead of
And then a section explaining how to derive the key identifier for the
Not having the key-identifier format clearly specified appears to be a
security risk: Imagine someone sending a distrust message and the
recipient does not understand the key identifier because it uses a
slightly different way to derive it.
One further minor remark: I do not like that the semantic of
trust/distrust and the key identifier is convoluted. I personally would
have designed an extra element for key identifiers.
which then gets wrapped into <trust/> or <distrust/> elements.
The separate <key-identifier/> element allows to be re-used at various
places, which, I believe, makes the verification of the element more robust.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: OpenPGP digital signature
More information about the Standards