On 21.04.19 18:00, Paul Schaub wrote: > Hello List! > > Some of you may remember, that I tried to spark a discussion about > "Partial Stanza Encryption" at the summit earlier this year. > Unfortunately I couldn't remember all your feedback from back then, so I > started another discussion at the most recent Sprint in Berlin and > gathered some more valuable feedback. > … > A rendered version of the draft is available at > http://geekplace.eu/xeps/xep-sce/xep-sce.html and the xml version can be > found here: https://github.com/vanitasvitae/flowdalic-xeps/tree/sce > > What I want to know is: > … > * Blacklist or whitelist?
I don't think any list is sensible. Sender and recipient have to negotiate what they expect to be in the secured (encrypted/signed) payload to a certain degree. There may even be situations where the sender opportunistically puts extension elements into the secured payload. Furthermore, any list eventually becomes outdated. Instead, we should try to work out recommendations and requirements how, especially receiving entities, process incoming stanzas with a secure payload. Additionally not only considering what is within the secured payload but also outside of it. There is a kind of extension element that should or cannot be part of the secured payload because it gets processed or added by intermediate hops. Potential candidates are for example message hints (xep334) and delay (xep203). Also what if a type of extension element appears both inside and outside of the secured payload? Are there extension elements where this could be considered a valid use case? Ideally, we are able to specify how the recipient handles those situations. - Florian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
