Stanza encryption

From XMPP WIKI
Revision as of 10:35, 31 March 2019 by Vanitasvitae (talk | contribs)
Jump to navigation Jump to search

Motivation

So, lets finally do it and solve Stanza Encryption!

We probably agree that FULL stanza encryption is not really a good idea, since there is always information that needs to be accessible to the server (processing hints, delay tags, recipient and sender addresses (duh). So a better approach would be partial stanza encryption, which only encrypts parts of the stanza. You can imagine this as kind of an envelope element in which sensible extension elements are added and which is afterwards encrypted and appended to the message.

If we want to create a specification that follows this idea, we may want to take inspiration from XEP-0373: OpenPGP for XMPP, which uses exactly that mechanism. So a first step to get started would be to find a way to move OX's OpenPGP Content Elements out of OX into a new XEP which generalizes this idea for arbitrary E2EE encryption methods.

Also we need to specify a white-/blacklist which dictates which elements (don't) belong into the content element / message to prevent implementation mistakes.

Most importantly though we need experience in this field in order to get a better understanding of what pitfalls exist, so lets JUST DO IT!

Related Work

Similar Proposals

There are some protocols that do slightly different approaches to the same problem.

XEP-0200: Stanza Encryption

XEP-0246: End-to-End XML Streams

Encryption Protocols

XEP-0373: OpenPGP for XMPP OpenPGP for XMPP (OX) comes with an enveloping mechanism.

XEP-0384: OMEMO Encryption

XEP-0364: Current Off-The-Record Messaging Use

XEP-0116: Encrypted Session Negotiation