[Standards] OpenPGP for XMPP: HTTP-Upload and MUC

Martin Dosch martin at mdosch.de
Fri Apr 29 12:40:33 UTC 2022


Dear all,

while looking at XEP-0373 and XEP-0374 I realized that this specs do not 
cover HTTP-Upload and MUC. Is anyone working on extending the specs 
already or did no-one tackle those gaps yet?

For MUC I (naively?) think it'll be very easy. Just get the public keys 
for all participants in an non-anonymous MUC and use all public keys to 
encrypt the message.

For HTTP-Upload I see different questions:

- Do we want to encrypt file-uploads with a secret or the public keys of 
   all recipients?
- Do we want to keep the filename, attach `.pgp` or change it to 
   `randomstring.pgp`?
- Do we want to stuff the URL in the body like in OMEMO or in some 
   element in the encrypted payload?

I'm pretty sure that some people already thought about all this (and 
probably more) but I wasn't able to find any discussions on the mailing 
list.

What do you think?

Best regards,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20220429/4fb1b669/attachment.sig>


More information about the Standards mailing list