Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Kim Alvefur
On 2015-04-18 11:59, Thijs Alkemade wrote: What do you mean with “SASL state”? All of the data the server has after a SCRAM-SHA-1 exchange is either a) stored on the server, b) session specific. You can’t derive a key from that which the server could not derive on its own. During SCRAM, the

Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Dave Cridland
On 18 Apr 2015 11:34, Thijs Alkemade th...@xnyhps.nl wrote: On 18 apr. 2015, at 11:59, Thijs Alkemade th...@xnyhps.nl wrote: On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote: 1. When a user logs in for the first time, an asymmetric keypair is created (I was thinking of

Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Kim Alvefur
Further, I don't see why you couldn't have a bot that signs in to your account, enables Carbons and then stores all messages in a local archive, which could then be exposed via MAM to your other clients. -- Kim Zash Alvefur signature.asc Description: OpenPGP digital signature

Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Thijs Alkemade
On 18 apr. 2015, at 11:59, Thijs Alkemade th...@xnyhps.nl wrote: On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote: 1. When a user logs in for the first time, an asymmetric keypair is created (I was thinking of Curve25519, where key creation is almost free). The private key

Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Georg Lukas
* Kim Alvefur z...@zash.se [2015-04-18 12:49]: I don't see why you couldn't have a bot that signs in to your account, enables Carbons and then stores all messages in a local archive, which could then be exposed via MAM to your other clients. How would that bot (or the off-server archive

Re: [Standards] off-server archives with MAM

2015-04-18 Thread Goffi
On 18/04/2015 11:03, Dave Cridland wrote: Between XEP-0355 and carbons, I think you're covered already, at first thought. Indeed the XEP-0355 has a mechanism to delegate MAM (or something else) to any entity under the control of the user. The issue here is that the data still go through the

Re: [Standards] off-server archives with MAM

2015-04-18 Thread Stefan Strigler
Sounds like a really nice hack. A recombination of presence, disco and MAM to gain a totally different user experience. +1 for the idea :) Not sure where to put this though. How about XEP-1337 Hacks :D 2015-04-18 5:24 GMT+02:00 Kurt Zeilenga kurt.zeile...@isode.com: On Apr 17, 2015, at

Re: [Standards] off-server archives with MAM

2015-04-18 Thread Stefan Strigler
Oh, my list is missing the carbons of course. 2015-04-18 10:58 GMT+02:00 Stefan Strigler stefan.strig...@gmail.com: Sounds like a really nice hack. A recombination of presence, disco and MAM to gain a totally different user experience. +1 for the idea :) Not sure where to put this though.

Re: [Standards] off-server archives with MAM

2015-04-18 Thread Dave Cridland
On 18 Apr 2015 03:58, Peter Saint-Andre - yet pe...@andyet.net wrote: Ideally, to me, my message archive would be stored on a trusted device that is under my control (say, a limited-access storage medium that I keep in my house). This device could authenticate to my account and advertise its

[Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Georg Lukas
* Peter Saint-Andre - yet pe...@andyet.net [2015-04-18 04:59]: [MAM privacy concerns] I wholeheartedly agree with you here, but I would like to see another solution to this - use of asymmetric crypto storage on the server, a la Lavabit: 1. When a user logs in for the first time, an asymmetric

Re: [Standards] Encrypted Storage (Was: off-server archives with MAM)

2015-04-18 Thread Thijs Alkemade
On 18 apr. 2015, at 11:42, Georg Lukas ge...@op-co.de wrote: 1. When a user logs in for the first time, an asymmetric keypair is created (I was thinking of Curve25519, where key creation is almost free). The private key is encrypted with a key derived from the user password / SASL state