Hello everybody, referring to commit: https://github.com/winfried/XMPP-OTR/commit/76a5cf06a3728e042740c0e30ba535e55b2613a8
I know it's still work in progress, but I want to start from there to say my two cents. I think encrypting the whole stanza can be avoided in some cases. Also, the only stanza type that has sense to be encrypted with OTR is <message/>. Therefore, I'd distinguish between two specific cases: * encryption of message body: just include the encrypted message body in the <otr/> element as a child of <message/> * encryption of whole stanza (for other purposes or for complex messages): encrypt the whole stanza and encapsulate the OTR content in an <otr/> element as a child of <message/> The only problem here is how to recognise the encrypted data? Is it a text body or a stanza? Maybe we can use a "type" attribute to <otr/>, revealing more metadata? Or maybe we could add a header to the encrypted data: -------------8<--------------- Content-type: text/plain message body -------------8<--------------- -------------8<--------------- Content-type: application/xmpp+xml <message ...> .... </message> What do you think? On Tue, Feb 3, 2015 at 11:07 AM, Winfried Tilanus <winfr...@tilanus.com> wrote: > On 03-02-15 11:03, Ralph Meijer wrote: >> Sure it will be short. However, some notes on limitations and security >> considerations would also need to be added. If only to make it easier to >> compare against other e2e proposals. If you want to make a start with a >> XEP, that's appreciated. > > https://github.com/winfried/XMPP-OTR > > If you give me your github name, I will give you write access ;-) > > Winfried -- Daniele
