Difference between revisions of "Stanza encryption"

From XMPP WIKI
Jump to navigation Jump to search
m
Line 1: Line 1:
== Idea ==
So, lets finally do it and solve Stanza Encryption!
So, lets finally do it and solve Stanza Encryption!


Line 11: Line 12:


Most importantly though we need experience in this field in order to get a better understanding of what pitfalls exist, so lets JUST DO IT!
Most importantly though we need experience in this field in order to get a better understanding of what pitfalls exist, so lets JUST DO IT!
== Related Work ==
=== Similar Proposals ===
There are some protocols that do slightly different approaches to the same problem.
[https://xmpp.org/extensions/xep-0200.html XEP-0200: Stanza Encryption]
[https://xmpp.org/extensions/xep-0246.html XEP-0246: End-to-End XML Streams]
=== Encryption Protocols ===
[https://xmpp.org/extensions/xep-0373.html XEP-0373: OpenPGP for XMPP]
OpenPGP for XMPP (OX) comes with an enveloping mechanism.
[https://xmpp.org/extensions/xep-0384.html XEP-0384: OMEMO Encryption]
[https://xmpp.org/extensions/xep-0364.html XEP-0364: Current Off-The-Record Messaging Use]
[https://xmpp.org/extensions/xep-0116.html XEP-0116: Encrypted Session Negotiation]

Revision as of 10:26, 31 March 2019

Idea

So, lets finally do it and solve Stanza Encryption!

We probably agree that FULL stanza encryption is not really a good idea, since there is always information that needs to be accessible to the server (processing hints, delay tags, recipient and sender addresses (duh). So a better approach would be partial stanza encryption, which only encrypts parts of the stanza. You can imagine this as kind of an envelope element in which sensible extension elements are added and which is afterwards encrypted and appended to the message.

If we want to create a specification that follows this idea, we may want to take inspiration from XEP-0373: OpenPGP for XMPP, which uses exactly that mechanism. So a first step to get started would be to find a way to move OX's OpenPGP Content Elements out of OX into a new XEP which generalizes this idea for arbitrary E2EE encryption methods.

Also we need to specify a white-/blacklist which dictates which elements (don't) belong into the content element / message to prevent implementation mistakes.

Most importantly though we need experience in this field in order to get a better understanding of what pitfalls exist, so lets JUST DO IT!

Related Work

Similar Proposals

There are some protocols that do slightly different approaches to the same problem.

XEP-0200: Stanza Encryption

XEP-0246: End-to-End XML Streams

Encryption Protocols

XEP-0373: OpenPGP for XMPP OpenPGP for XMPP (OX) comes with an enveloping mechanism.

XEP-0384: OMEMO Encryption

XEP-0364: Current Off-The-Record Messaging Use

XEP-0116: Encrypted Session Negotiation