mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 18:22:24 -05:00
small fix, added threat model by winfried
This commit is contained in:
parent
5aed70c453
commit
309e76804f
@ -200,8 +200,8 @@
|
|||||||
Trust management is a difficult topic, which is out of scope of this document.
|
Trust management is a difficult topic, which is out of scope of this document.
|
||||||
</p>
|
</p>
|
||||||
<section2 topic='Threat Model' anchor='reqs-threat-model'>
|
<section2 topic='Threat Model' anchor='reqs-threat-model'>
|
||||||
<p>The OMEMO protocol protects against passive and active attackers which are able to read, modify, replay, delay and delete messages.</p>
|
<p>The use case for OMEMO is a situation where the content of a conversation needs to be protected, but where the servers the message passes by can’t be trusted to keep the content of the message secret. For example when information that is under strict embargo needs to passed within an organization and the server administrator is not one of the persons cleared to see the information or when a couple is exchanging intimate messages and they want to avoid leaking of those messages to the server administrator.</p>
|
||||||
<p>tbc</p>
|
<p>The OMEMO protocol protects against passive and active attackers which are able to read, modify, replay, delay and delete messages. The OMEMO protocol does not protect against attackers who rely on metadata and traffic analysis. The quality of the verification of the conversation participants OMEMO identity keys determines the level of protection OMEMO offers.</p>
|
||||||
</section2>
|
</section2>
|
||||||
</section1>
|
</section1>
|
||||||
<section1 topic='Glossary' anchor='glossary'>
|
<section1 topic='Glossary' anchor='glossary'>
|
||||||
@ -241,7 +241,7 @@
|
|||||||
</ol>
|
</ol>
|
||||||
There are essentially two ways in which libraries can fulfill these requirements:
|
There are essentially two ways in which libraries can fulfill these requirements:
|
||||||
<ol>
|
<ol>
|
||||||
<li>Libraries can use a Curve25519 key pair as their internal IdentityKey. In this case, the IdentityKey can be used for X25519 directly, and XEdDSA has to be used to produce EdDSA-compatible signatures. Note that libsignal by default does <strong>NOT</strong> use XEdDSA. libsignal <emph>includes</emph> XEdDSA though and has to be modified to use that to be compatible with OMEMO.</li>
|
<li>Libraries can use a Curve25519 key pair as their internal IdentityKey. In this case, the IdentityKey can be used for X25519 directly, and XEdDSA has to be used to produce EdDSA-compatible signatures. Note that libsignal by default does <strong>NOT</strong> use XEdDSA. libsignal <em>includes</em> XEdDSA though and has to be modified to use that to be compatible with OMEMO.</li>
|
||||||
<li>Libraries can use an Ed25519 key pair as their internal IdentityKey. In this case, the IdentityKey can create EdDSA-compatible signatures directly, and has to be converted first to perform X25519.</li>
|
<li>Libraries can use an Ed25519 key pair as their internal IdentityKey. In this case, the IdentityKey can create EdDSA-compatible signatures directly, and has to be converted first to perform X25519.</li>
|
||||||
</ol>
|
</ol>
|
||||||
Note that this decision is purely local to each client and OMEMO library. The public key is ALWAYS transferred in its Ed25519 form and only valid EdDSA signatures are transferred. The choice between Curve25519 and Ed25519 affects the definition of the <tt>Sig(PK, M)</tt> and <tt>DH(PK1, PK2)</tt> functions as defined below.</dd></di>
|
Note that this decision is purely local to each client and OMEMO library. The public key is ALWAYS transferred in its Ed25519 form and only valid EdDSA signatures are transferred. The choice between Curve25519 and Ed25519 affects the definition of the <tt>Sig(PK, M)</tt> and <tt>DH(PK1, PK2)</tt> functions as defined below.</dd></di>
|
||||||
|
Loading…
Reference in New Issue
Block a user