moparisthebest
/
xeps
mirror of https://github.com/moparisthebest/xeps
1
0
Fork 0
Code Issues Releases Wiki Activity

XEP-0373 (OpenPGP): Bump to 0.5.0

This commit is contained in:
Florian Schmaus 2020-06-19 16:25:52 +02:00
parent 4b5d9c3f54
commit 4ac81f1e5a
1 changed files with 41 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
xep-0373.xml
View File

@ -18,7 +18,7 @@
devices.</abstract>
&LEGALNOTICE;
<number>0373</number>
<status>Deferred</status>
<status>Experimental</status>
<type>Standards Track</type>
<sig>Standards</sig>
<approver>Council</approver>
@ -46,6 +46,18 @@
<email>look@my.amazin.horse</email>
<jid>valodim@stratum0.org</jid>
</author>
<revision>
<version>0.5.0</version>
<date>2020-06-19</date>
<initials>fs</initials>
<remark>
<ul>
<li>Use RFC 4880 terminology: it is "primary key", not "master key".</li>
<li>Clarify encryption of secret key material.</li>
<li>Move the information from the 'date' attribute into the item ID.</li>
</ul>
</remark>
</revision>
<revision>
<version>0.4.0</version>
<date>2018-07-30</date>
@ -161,8 +173,9 @@
<di><dt>Public-Key metadata node ("metadata node")</dt><dd>A PEP node containing metadata of the entity's public OpenPGP key.</dd></di>
<di><dt>Public-Key data node ("data node")</dt><dd>A PEP node containing an entity's public OpenPGP key.</dd></di>
<di><dt>Secret-Key node</dt><dd>A PEP node containing an entity's encrypted secret OpenPGP key.</dd></di>
<di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint of a key. If the key consists of a master key and subkeys, this is the fingerprint of the
master key.</dd></di>
<di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint
of a key. If the key consists of a primary key and subkeys, this is the fingerprint of the
primary key.</dd></di>
</dl>
</section1>
@ -318,17 +331,19 @@ master key.</dd></di>
encoded as a hexadecimal string using upper case characters<note>This matches the representation
used by GnuPG minus the SPACE separation.</note>.</p>
<p> The publishing entity SHOULD set the PubSub item ID to the time the item is published encoded
as DateTime format specified in <cite>XEP-0082</cite>.</p>
<p>The data node MUST contain an &lt;pubkey/&gt; element qualified by the 'urn:xmpp:openpgp:0'
namespace. An optional 'date' attribute holds the information about the last modification of the
key as DateTime format of <cite>XEP-0082</cite>. The element MUST include a &lt;data/&gt;
element which contains the data of the key Base64 encoded.</p>
namespace. The element MUST include a &lt;data/&gt; element which contains the data of the key
Base64 encoded.</p>
<example caption='Saving the public key in the data node.'><![CDATA[
<iq type='set' from='juliet@example.org/balcony' id='publish1'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<publish node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
<item>
<pubkey xmlns='urn:xmpp:openpgp:0' date='2018-01-21T10:46:21Z'>
<item id='2020-01-21T10:46:21Z'>
<pubkey xmlns='urn:xmpp:openpgp:0'>
<data>
BASE64_OPENPGP_PUBLIC_KEY
</data>
@ -377,8 +392,9 @@ master key.</dd></di>
<section2 topic='Discovering Public Keys of a User' anchor='discover-pubkey-list'>
<p>In order to discover the OpenPGP public keys, the interested entity first queries a remote
entities metadata note to learn about its currently annouced OpenPGP keys.</p>
<p>In order to discover the OpenPGP public keys of a remote entity, the interested entity first
queries the remote entity's metadata note to learn about the currently annouced OpenPGP
keys.</p>
<example caption='Requesting the metadata node of a user.'><![CDATA[
<iq from='romeo@example.org/orchard'
@ -438,7 +454,7 @@ master key.</dd></di>
id='getpub'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
<items node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
<item>
<item id='2020-01-21T10:46:21Z'>
<pubkey xmlns='urn:xmpp:openpgp:0'>
<data>
BASE64_OPENPGP_PUBLIC_KEY
@ -466,9 +482,14 @@ master key.</dd></di>
<section2 topic='Receiving notifications about key changes' anchor='pubsub-notifications'>
<p>Entities creating PEP nodes defined herein SHOULD configure the nodes as notification-only
nodes by setting 'pubsub#deliver_payloads" configuration field to 'false'.</p>
<p>Entities which are subscribed to the metadata node or advertise the
"urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0115; (see <cite>XEP-0060 § 9.2</cite>)
receive a notification upon a node update.</p>
"urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0030; (see <cite>XEP-0060</cite> <link
url='https://xmpp.org/extensions/xep-0060.html#filtered-notifications'>§ 9.2</link>) receive a
notification upon a node update. Entities subscribed to PEP nodes defined herein MUST be prepared
that PubSub notifications may be without the payload and only contain the published item's ID.</p>
</section2>
@ -659,7 +680,11 @@ master key.</dd></di>
be concatenated in their transferable key format (<cite>RFC
4880</cite> <link
url='http://tools.ietf.org/html/rfc4880#section-11.2'>§
11.2</link>).
11.1</link>). The octet indicating string-to-key usage conventions
MUST be set to zero in the corresponding Secret-Key Packet(s)
(<cite>RFC 4880</cite> <link url='https://tools.ietf.org/html/rfc4880#section-5.5.3'>§ 5.5.3</link>).
The secret key material will be encrypted in step 4 using a
Symmetric-Key Encrypted Session Key Packet.
</li>
<li>A backup code is generated from secure random: The backup
code consists of 24 upper case characters from the Latin
@ -936,7 +961,8 @@ master key.</dd></di>
<section1 topic='Acknowledgements' anchor='acknowledgements'>
<p>Thanks to Emmanuel Gil Peyrot, Sergei Golovan, Marc Laporte, Georg
Lukas, Adithya Abraham Philip, Brian Cully, fiaxh and Paul Schaub for their feedback.</p>
Lukas, Adithya Abraham Philip, Brian Cully, fiaxh, Paul Schaub,
Philipp Hörist and Stefan Kropp for their feedback.</p>
<p>The first draft of this specification was worked out and written
on the wall of the 'Kymera' room in one of Google's buildings by the