From 5f201a973fe2629efba24ecfd2aacc0bfd38a069 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Poisson?= <goffi@goffi.org>
Date: Sat, 29 Oct 2022 23:00:31 +0200
Subject: [PATCH] Add ProtoXEP: Pubsub Signing: OpenPGP Profile

Specifies a pubsub signing profile for OpenPGP
---
 inbox/pubsub-signing-openpgp.xml | 105 +++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 inbox/pubsub-signing-openpgp.xml

diff --git a/inbox/pubsub-signing-openpgp.xml b/inbox/pubsub-signing-openpgp.xml
new file mode 100644
index 00000000..1b737579
--- /dev/null
+++ b/inbox/pubsub-signing-openpgp.xml
@@ -0,0 +1,105 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE xep SYSTEM 'xep.dtd' [
+  <!ENTITY % ents SYSTEM 'xep.ent'>
+%ents;
+]>
+<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
+<xep>
+<header>
+  <title>Pubsub Signing: OpenPGP Profile</title>
+  <abstract>Specifies a pubsub signing profile for OpenPGP</abstract>
+  &LEGALNOTICE;
+  <number>xxxx</number>
+  <status>ProtoXEP</status>
+  <type>Standards Track</type>
+  <sig>Standards</sig>
+  <approver>Council</approver>
+  <dependencies>
+    <spec>XMPP Core</spec>
+    <spec>XEP-0001</spec>
+    <spec>XEP-0004</spec>
+    <spec>XEP-0060</spec>
+    <spec>XEP-0373</spec>
+  </dependencies>
+  <supersedes/>
+  <supersededby/>
+  <shortname>pss-ox</shortname>
+  <author>
+    <firstname>Jérôme</firstname>
+    <surname>Poisson</surname>
+    <email>goffi@goffi.org</email>
+    <jid>goffi@jabber.fr</jid>
+  </author>
+  <revision>
+    <version>0.0.1</version>
+    <date>2022-10-29</date>
+    <initials>jp</initials>
+    <remark><p>First draft.</p></remark>
+  </revision>
+</header>
+<section1 topic='Introduction' anchor='intro'>
+  <p>This XMPP extension protocol specifies a profile of Pubsub Signing to use OpenPGP for signature.</p>
+</section1>
+<section1 topic='Signing a Pubsub Item With OpenPGP' anchor='signing'>
+  <p>Signing an item with OpenPGP requires to have &xep0373; implemented to handle keys, however this specification uses its own &lt;sign/&gt; element because it uses wrapper element from Pubsub Signing XEP, and signed data MUST NOT be included with the signature.</p>
+  <p>To sign an element, a client process as explained in XEP-0XXX <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html#signing'>§ Signing a Pubsub Item</link> where the "signing profile" element used is a &lt;sign/&gt; element qualified by the 'urn:xmpp:pubsub-signing:openpgp:0' namespace. This element MUST contain a Base64 encoded (&rfc4648; <link url='https://tools.ietf.org/html/rfc4648#section-4'>§ 4</link>) OpenPGP message as specified in &rfc4880; which MUST contain a <strong>detached signature</strong> as defined in &rfc4880; <link url='https://www.rfc-editor.org/rfc/rfc4880#section-11.4'>§ 11.4</link> of the signed data as specified in XEP-0XXX <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html#signing'>§ Signing a Pubsub Item</link>.</p>
+
+  <example caption="Juliet Publishes Her Signature as an Attachment With OpenPGP Signing Profile"><![CDATA[
+<iq xmlns="jabber:client" from="juliet@capulet.lit/chamber" to="juliet@capulet.lit" id="signature_1" type="set">
+  <pubsub xmlns="http://jabber.org/protocol/pubsub">
+    <items node="urn:xmpp:pubsub-attachments:1/xmpp:juliet@capulet.lit?;node=urn%3Axmpp%3Amicroblog%3A0;item=random-thoughts-12bd">
+      <item id="juliet@capulet.lit">
+        <attachments xmlns="urn:xmpp:pubsub-attachments:1">
+          <signature xmlns="urn:xmpp:pubsub-signing:0">
+            <time stamp="2022-10-16T18:39:03Z"/>
+            <signer>juliet@capulet.lit</signer>
+            <sign xmlns="urn:xmpp:pubsub-signing:openpgp:0">iQGzBAABCAAdFiEEyTOMos/ZmE//ikYkAzNxB0kY9CIFAmNaomUACgkQAzNxB0kY9CJQcAv9HjIIrzIhtmWvf2IoHBUgY7hUFPZ3TKZ0Ltc6uz+CR4K1GHQB842/vjPSHwo5qfVgaVEUK3Liw8eXawOZ4SJeSZdmd1KUjjuZ+SLlB1SKKEoap3KFhidT9XYA2OU4tkWOwVI2cyBIWE3JRxD0YFh5YMJObZrOoyMiobwaMaGCHt60T71rl1wPb399l9aU6sYu2HHIRnM5pDgVljIMZe0n1LnY5pH5jzN67JgxlFAfl0Q4BO81pBycNnbk0VPb78Ki4001S7uoFftkN3j6euYf8KhtTH+Yaw1BdYzjO8o2Nw/9ledMrwO652Ud4hLGpmSpIJI1NTOjmy5crfhEHMA5ERYDbGbaB/IoaHxje+8occlI78xChoz7xCQlwVVyHARvuotEbYRimY78s2Ozae+uG/8wQZmeLnrvwCrzDiJbEkW4MbiOWUC1QcApNoW8lriLcb+ZfNGMeENSSMqMRfi3wL6WOovM2IR8O97/1DkGFiYAZ414CVZV2ZT+xxE64pMM</sign>
+          </signature>
+        </attachments>
+      </item>
+    </items>
+  </pubsub>
+</iq>
+  ]]></example>
+</section1>
+
+<section1 topic='Discovering Support' anchor='disco'>
+  <p>If a client supports the protocol specified in this XEP, it MUST advertise it by including the "urn:xmpp:pubsub-signing:openpgp:0" discovery feature in response to a &xep0030; information request:</p>
+
+  <example caption="Service Discovery information request"><![CDATA[
+<iq type='get'
+    from='juliet@example.org/chamber'
+    to='romeo@example.org/orchard'
+    id='disco1'>
+  <query xmlns='http://jabber.org/protocol/disco#info'/>
+</iq>]]></example>
+  <example caption="Service Discovery information response"><![CDATA[
+<iq type='result'
+    from='romeo@example.org/orchard'
+    to='juliet@example.org/chamber'
+    id='disco1'>
+  <query xmlns='http://jabber.org/protocol/disco#info'>
+    ...
+    <feature var='urn:xmpp:pubsub-signing:openpgp:0'/>
+    ...
+  </query>
+</iq>]]></example>
+</section1>
+
+<section1 topic='Security Considerations' anchor='security'>
+  <p>Security considerations of &xep0373; and <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html'>XEP-0XXX</link> apply.</p>
+</section1>
+
+<section1 topic='IANA Considerations' anchor='iana'>
+  <p>TODO</p>
+</section1>
+<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
+  <p>TODO</p>
+</section1>
+<section1 topic='XML Schema' anchor='schema'>
+  <p>TODO</p>
+</section1>
+<section1 topic='Acknowledgements' anchor='acks'>
+  <p>Thanks to NLnet foundation/NGI0 Discovery for funding.</p>
+</section1>
+</xep>