Difference between revisions of "OX Meeting"

From XMPP WIKI
Jump to navigation Jump to search
(Created page with "= OpenPGP for XMPP Meeting = Venue: https://meet.jit.si/AdventurousOxenTrotStandardized Minutes: https://pad.riseup.net/p/4low3EzWFot77PEExefx")
 
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
= OpenPGP for XMPP Meeting =
= OpenPGP for XMPP Meeting =


Venue: https://meet.jit.si/AdventurousOxenTrotStandardized
'''Next Time and Date: 28.05.2021 15:00 EST'''
Minutes: https://pad.riseup.net/p/4low3EzWFot77PEExefx
 
== OX Meeting - 26.03.2021 15:00 EST ==
 
Minutes:
# PubSub Access Model (Open?)
## Currently the access model is underspecified/not set to "open".
## Open would be a better candidate for the default access model as access to the public key is necessary for encryption
## Important to check signatures
## Should we only upload minimal key to open pubsub node, and more verbose key to contacts-only node?
# Key Reuse?
## Should we allow import of external key?
## We can (and should) probably have guidelines for client behavior in case the node is restricted (vs non existend)
## "External Key" -> Inclusion of all userids would leak identity
## Profanity allows to upload filtered key (user choses what to upload)
# Define "Profile" for OX (declare algorithms, key formats...)?
## What parts of the key to upload? Signatures, UserIDs, minimal key?
## One key per recipient? -> YES please. For other use cases -> subkeys
# How to identify own key on your local device? -> If there are multiple, ask the user once and store the key id.
# How to identify which subkey to encrypt to -> It is not specified anywhere (not in rfc4880) which encryption subkeys to encrypt to if there are multiple options.
# Notification Traffic Optimization
## Did we get it right? -> possibly maybe
## Notifications when a key from a remote party is updated
## Public Key Metadata Node needs to use Item-IDs (right now it does not?)
## Consider Payload-less notifications for metadata updates
# EMail-Gateway: (Sorry, I missed the point :D) Multiple keys would make email gateways hard? -> use one key per account please
# Come up with an easy device-onboarding guide on modernxmpp or somewhere. -> also link to it from the XEP
# Adoption of SCE -> Not much to gain here, but if we make a breaking change we should switch to SCE.
 
Related Links:
# https://wiki.xmpp.org/web/XEP-Remarks/XEP-0373:_OpenPGP_for_XMPP

Latest revision as of 08:43, 8 April 2021

OpenPGP for XMPP Meeting

Next Time and Date: 28.05.2021 15:00 EST

OX Meeting - 26.03.2021 15:00 EST

Minutes:

  1. PubSub Access Model (Open?)
    1. Currently the access model is underspecified/not set to "open".
    2. Open would be a better candidate for the default access model as access to the public key is necessary for encryption
    3. Important to check signatures
    4. Should we only upload minimal key to open pubsub node, and more verbose key to contacts-only node?
  2. Key Reuse?
    1. Should we allow import of external key?
    2. We can (and should) probably have guidelines for client behavior in case the node is restricted (vs non existend)
    3. "External Key" -> Inclusion of all userids would leak identity
    4. Profanity allows to upload filtered key (user choses what to upload)
  3. Define "Profile" for OX (declare algorithms, key formats...)?
    1. What parts of the key to upload? Signatures, UserIDs, minimal key?
    2. One key per recipient? -> YES please. For other use cases -> subkeys
  4. How to identify own key on your local device? -> If there are multiple, ask the user once and store the key id.
  5. How to identify which subkey to encrypt to -> It is not specified anywhere (not in rfc4880) which encryption subkeys to encrypt to if there are multiple options.
  6. Notification Traffic Optimization
    1. Did we get it right? -> possibly maybe
    2. Notifications when a key from a remote party is updated
    3. Public Key Metadata Node needs to use Item-IDs (right now it does not?)
    4. Consider Payload-less notifications for metadata updates
  7. EMail-Gateway: (Sorry, I missed the point :D) Multiple keys would make email gateways hard? -> use one key per account please
  8. Come up with an easy device-onboarding guide on modernxmpp or somewhere. -> also link to it from the XEP
  9. Adoption of SCE -> Not much to gain here, but if we make a breaking change we should switch to SCE.

Related Links:

  1. https://wiki.xmpp.org/web/XEP-Remarks/XEP-0373:_OpenPGP_for_XMPP