OX Meeting
OpenPGP for XMPP Meeting
OX Meeting - 26.03.2021 15:00 EST
Minutes:
- PubSub Access Model (Open?)
- Currently the access model is underspecified/not set to "open".
- Open would be a better candidate for the default access model as access to the public key is necessary for encryption
- Important to check signatures
- Should we only upload minimal key to open pubsub node, and more verbose key to contacts-only node?
- Key Reuse?
- Should we allow import of external key?
- We can (and should) probably have guidelines for client behavior in case the node is restricted (vs non existend)
- "External Key" -> Inclusion of all userids would leak identity
- Profanity allows to upload filtered key (user choses what to upload)
- Define "Profile" for OX (declare algorithms, key formats...)?
- What parts of the key to upload? Signatures, UserIDs, minimal key?
- One key per recipient? -> YES please. For other use cases -> subkeys
- How to identify own key on your local device? -> If there are multiple, ask the user once and store the key id.
- How to identify which subkey to encrypt to -> It is not specified anywhere (not in rfc4880) which encryption subkeys to encrypt to if there are multiple options.
- Notification Traffic Optimization
- Did we get it right? -> possibly maybe
- Notifications when a key from a remote party is updated
- Public Key Metadata Node needs to use Item-IDs (right now it does not?)
- Consider Payload-less notifications for metadata updates
- EMail-Gateway: (Sorry, I missed the point :D) Multiple keys would make email gateways hard? -> use one key per account please
- Come up with an easy device-onboarding guide on modernxmpp or somewhere. -> also link to it from the XEP
- Adoption of SCE -> Not much to gain here, but if we make a breaking change we should switch to SCE.
Related Links: