Tech pages/OX

From XMPP WIKI
Revision as of 18:11, 2 June 2020 by DebXWoody (talk | contribs) (Created page with "This page should be used to discuses the XEP's and implementation of [https://xmpp.org/extensions/xep-0373.html XEP-0373: OpenPGP for XMPP] = Discussion = == History of vers...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This page should be used to discuses the XEP's and implementation of XEP-0373: OpenPGP for XMPP

Discussion

History of version of public key

Requesting Public Keys

Note that the result may contain multiple pubkey elements. Only the public keys found in the most recent item MUST be used. Requesters may want to limit the results to the most recent item using the 'max_items' attribute set to '1'.

Is it required to have a versions for the public key?

A public key can be changed for

  • Adding or removing UIDs
  • Adding or removing (revoke) Subkeys
  • Change the expiration date
  • Adding Key signatures

I think there is no need.

Key-lookup / GnuPG's Keyring / Homedir

How should the Sender fetch the public key and where should it be stored?

  • The key-lookup can be done via a lookup of all known keys with the XMPP-URI as UID.
  • We shouldn't care how the user receives the public key. This should be via Keyserver, WKD, E-Mail or XMPP PEP.
  • The user should be able to use his own key. For instance, if the user would like to use his OpenPGP Smartcard / Token for E-Mail and XMPP.
  • The user should be able to manage his public keys like all other keys GnuPG's `--update-trustdb`and `refresh-keys`
  • The user should be able to use WoT pgp or tofu

I think it will be better to use the same keyring and homedir like GnuPG us it.

Links