Difference between revisions of "XEP-Remarks/XEP-0373: OpenPGP for XMPP"

Jump to navigation Jump to search
no edit summary
(Add new secret key node ideas)
Line 25: Line 25:
**:- Clients should make sure to encrypt all secret keys with the same backup code for ease of use (they will have to ask the user for it)
**:- Clients should make sure to encrypt all secret keys with the same backup code for ease of use (they will have to ask the user for it)


* Mention that generating the PGP key with a password would lead to multiple password entrys for the user (once to restore the backup from the secret node, then a second time to use the key). To get broad adoption it should be as easy as possible, meaning no password on the key itself. Also it should be discouraged to use an already existing key which is used in other context than IM (like email), rather create a new key just for the IM context. This and the no password suggestion would lead to a much easier implementation because GPG Agent (no password on the key) is out of the picture and you dont have to deal with messages that can not be decrypted instantly but at a later point.




Although there appears to be no direct way to query the PubSub/PEP service if it supports pubsub#deliver_payloads, it may be possible for entities to probe the availability of this feature by attempting to create a "dummy" node where pubsub#deliver_payloads is set to true. IIRC recent changes to XEP-0060 require services to return an error on unknown configuration values. But this is fragile until this requirement is deployed widely. So ultimately, the entity possibly also wants to verify if setting has been respected and became effective.
Although there appears to be no direct way to query the PubSub/PEP service if it supports pubsub#deliver_payloads, it may be possible for entities to probe the availability of this feature by attempting to create a "dummy" node where pubsub#deliver_payloads is set to true. IIRC recent changes to XEP-0060 require services to return an error on unknown configuration values. But this is fragile until this requirement is deployed widely. So ultimately, the entity possibly also wants to verify if setting has been respected and became effective.
16

edits

Navigation menu