* Tedd Sterr <teddst...@outlook.com> [2020-02-19 18:15]: > 3a) Last Call: XEP-0429 (Special Interests Group End to End Encryption) - > https://xmpp.org/extensions/xep-0429.html
+1 > 3b) Proposed XMPP Extension: Simple JSON Messaging - > https://xmpp.org/extensions/inbox/udt.html +1 - It still has udt in the inbox name, the short name and some mentions in the document and schma, but this can be fixed. > 3c) Proposed XMPP Extension: Trust Messages - > https://xmpp.org/extensions/inbox/trust-messages.html +0 - this document lacks the Security Considerations section, which is not only mandatory, but also very important for this kind of specification. While it probably won't be a huge burden to add it, I'm slightly cautious yet. This is a good addition to the XSF portfolio, even if the underlying protocols (I'm looking at you, OMEMO) aren't there yet. However, this specification should be split into two (or three) distinct use cases, based on the security implications: a) informing your own devices of a trust decision: from/to must have the same bare JID, key-owner may be own JID for when you add a new device or a different JID for when you verified somebody's keys. b) informing your contacts of a new device: key-owner must be your own bare JID. optional c) informing your contacts of a trust relationship you entered - this is akin to the PGP web of trust, and it's full of trouble, so I would suggest to explicitly forbid this use case. Georg -- || http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++ || gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ || || Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? || ++ IRCnet OFTC OPN ||_________________________________________________||
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________