Stanza encryption

From XMPP WIKI
Revision as of 07:52, 1 April 2019 by Vanitasvitae (talk | contribs) (→‎Proposal / Work in Progress)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This Page is NOT about XEP-0200: Stanza Encryption, but instead a place to discuss a new solution.

Motivation

So, lets finally do it and solve Stanza Encryption!

We probably agree that FULL stanza encryption is not really a good idea, since there is always information that needs to be accessible to the server (processing hints, delay tags, recipient and sender addresses (duh). So a better approach would be partial stanza encryption, which only encrypts parts of the stanza. You can imagine this as kind of an envelope element in which sensible extension elements are added and which is afterwards encrypted and appended to the message.

If we want to create a specification that follows this idea, we may want to take inspiration from XEP-0373: OpenPGP for XMPP, which uses exactly that mechanism. So a first step to get started would be to find a way to move OX's OpenPGP Content Elements out of OX into a new XEP which generalizes this idea for arbitrary E2EE encryption methods.

Also we need to specify a white-/blacklist which dictates which elements (don't) belong into the content element / message to prevent implementation mistakes.

Most importantly though we need experience in this field in order to get a better understanding of what pitfalls exist, so lets JUST DO IT!

Use Cases

  • Clients exchange messages that contain sensitive information with (multiple) other clients.
  • Clients might want to encrypt IQs between two (online) devices. Since there may be more than one consecutive IQ being exchanged within the same context, it might be worth to think about possibilities to establish some sort of longer standing session to reduce encryption overhead. This may be out of the scope of this document though.

Related Work

Similar Proposals

There are some protocols that do slightly different approaches to the same problem.

Encryption Protocols

OpenPGP for XMPP (OX) comes with an enveloping mechanism.

Proposal / Work in Progress

The proposal is actively worked on here. See /xep-sce/ for the document (rendered html).

Please feel free to comment, give feedback and request changes!