1
0
mirror of https://github.com/moparisthebest/xeps synced 2025-01-12 06:18:08 -05:00

Merge branch 'premerge' into 'main'

Premerge

See merge request xsf/xeps!41
This commit is contained in:
Jonas Schäfer 2021-01-05 16:50:34 +00:00
commit 5d7d3f23b2
5 changed files with 671 additions and 3 deletions

View File

@ -0,0 +1,153 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>MUC Mention Notifications</title>
<abstract>This specification documents how a user may be informed when they're mentioned in a MUC which they're not currently joined to.</abstract>
&LEGALNOTICE;
<number>xxxx</number>
<status>ProtoXEP</status>
<type>Standards Track</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
<spec>XEP-0001</spec>
<spec>Etc.</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>NOT_YET_ASSIGNED</shortname>
&jcbrand;
<author>
<firstname>Severino</firstname>
<surname>Ferrer de la Peñita</surname>
<email>soul@blastersklan.com</email>
<jid>soul@blastersklan.com</jid>
</author>
&mwild;
<revision>
<version>0.0.1</version>
<date>2020-12-17</date>
<initials>jcb</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='intro'>
<p>The &xep0045; specification does not provide for a mechanism whereby an user might be informed of being mentioned in a Multi-User Chat (MUC) without being present as an occupant of that MUC.</p>
<p>This XEP aims to provide a standardized way in which this might be achieved.</p>
<p>Concerning "being mentioned" in a MUC, we will rely on &xep0372; as the means whereby someone is explicitly mentioned in a MUC message.</p>
</section1>
<section1 topic='Requirements' anchor='reqs'>
<p>A user's client must be able to receive forwarded groupchat messages from a MUC in which the user is mentioned, while not having an active session in that MUC (i.e. without joining it).</p>
<p>The user will have to be affiliated with the MUC, in order to receive the forwarded groupchat messages and whether or not mesages are forwarded will be determined by a configuration setting on the MUC.</p>
<p>The MUC owner(s) will therefore determine whether notifications are sent out, and may opt in or out by being affiliated or not with the MUC. Affiliations are long lived associations between users and MUCs, and therefore transcend individual sessions in MUCs.</p>
</section1>
<section1 topic='Use Cases' anchor='usecases'>
<section2 topic='A MUC is configured to send out mention notifications'>
<p>When an owner creates or configures a MUC, the service offers the option to send out mention notifications to non-present, but still affiliated users:</p>
<example caption='Service Sends Configuration Form'><![CDATA[
<iq from='coven@chat.shakespeare.lit'
id='create1'
to='crone1@shakespeare.lit/desktop'
type='result'>
<query xmlns='http://jabber.org/protocol/muc#owner'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>http://jabber.org/protocol/muc#roomconfig</value>
</field>
...
<field
label='Forward messages with mentions to non-present, affiiated users'
type='boolean'
var='muc#roomconfig_forwardmentions'>
<value>0</value>
</field>
...
</x>
</query>
</iq>
]]></example>
<p>The owner specifies a value of "1" or "true" &BOOLEANNOTE; if the feature is desired:</p>
<example caption='MUC Owner Submits Configuration Form'><![CDATA[
<iq from='coven@chat.shakespeare.lit'
id='configure1'
to='crone1@shakespeare.lit/desktop'
type='set'>
<query xmlns='http://jabber.org/protocol/muc#owner'>
<x xmlns='jabber:x:data' type='submit'>
<field type='hidden' var='FORM_TYPE'>
<value>http://jabber.org/protocol/muc#roomconfig</value>
</field>
...
<field var='muc#roomconfig_forwardmentions'>
<value>true</value>
</field>
...
</x>
</query>
</iq>
]]></example>
<p></p>
</section2>
<section2 topic='Notifying a non-present user of being mentioned in a MUC'>
<p>When an affiliated user in a given MUC is referenced in a 'groupchat' message via &xep0372;, and the MUC is configured to forward mentions, then the MUC will forward the message stanza to the user.</p>
<example caption='MUC forwards the message to the users client'><![CDATA[
<message to='hag66@shakespeare.lit' from='coven@chat.shakespeare.lit'>
<mentions xmlns='urn:xmpp:mmn:0'>
<forwarded xmlns='urn:xmpp:forward:0'>
<delay xmlns='urn:xmpp:delay' stamp='2020-12-03T14:45:56Z'/>
<message type='groupchat' id='ad22c55c-5a20-4185-8735-af2eb8d459a9'
to='coven@chat.shakespeare.lit'
from='coven@chat.shakespeare.lit/firstwitch'
xml:lang='en'>
<body>secondwitch: Thrice the brinded cat hath mew'd.</body>
<reference xmlns='urn:xmpp:reference:0'
type='mention'
begin='0'
uri='xmpp:hag66@shakespeare.lit'
end='11'/>
<stanza-id xmlns='urn:xmpp:sid:0'
id='5f3dbc5e-e1d3-4077-a492-693f3769c7ad'
by='coven@chat.shakespeare.lit'/>
</message>
</forwarded>
</mentions>
</message>
]]></example>
<p>Notice that in the example above, the entire original 'groupchat' message (including elements added server-side, like the &xep0359; stanza-id) is encapsulated inside a &xep0279; element.</p>
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<p>Similarly to &xep0280;, the security model assumed by this document is that all of the resources for a single user are in the same trust boundary.</p>
<p>Forwarded groupchat messages leak information of who is currently present in a MUC without requiring the user to join the MUC first to find out.</p>
<ul>
<li>Any forwarded copies received by a client MUST be from a valid MUC JID which matches the MUC JID of the encapsulated, forwarded mesages;</li>
<li>any copies that do not meet this requirement MUST be ignored.</li>
</ul>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>None.</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
<section2 topic='Protocol Namespaces' anchor='ns'>
<p>The &REGISTRAR; includes 'urn:xmpp:mmn:0' in its registry of protocol namespaces (see &NAMESPACES;).</p>
<ul>
<li>urn:xmpp:mmn:0</li>
</ul>
</section2>
<section2 topic='Protocol Versioning' anchor='registrar-versioning'>
&NSVER;
</section2>
</section1>
</xep>

View File

@ -31,6 +31,12 @@
&scottlu;
&hildjj;
&seanegan;
<revision>
<version>1.1.1</version>
<date>2020-12-10</date>
<initials>egp</initials>
<remark><p>Made type optional in the schema (its a MAY in section 4.2), unlike in XEP-0176.</p></remark>
</revision>
<revision>
<version>1.1</version>
<date>2009-12-23</date>
@ -427,7 +433,7 @@ INITIATOR RESPONDER
<xs:attribute name='id' type='xs:NCName' use='required'/>
<xs:attribute name='ip' type='xs:string' use='required'/>
<xs:attribute name='port' type='xs:unsignedShort' use='required'/>
<xs:attribute name='type' use='required'>
<xs:attribute name='type' use='optional'>
<xs:simpleType>
<xs:restriction base='xs:NCName'>
<xs:enumeration value='host'/>

View File

@ -25,11 +25,17 @@
<supersededby/>
<shortname>Refs</shortname>
&ksmithisode;
<revision>
<version>0.5.0</version>
<date>2020-12-09</date>
<initials>kis</initials>
<remark>Specify counting should be of code points.</remark>
</revision>
<revision>
<version>0.4.0</version>
<date>2020-12-08</date>
<initials>gh/jcbrand</initials>
<remark>Specify that begin is inclusive, starts counting at zero, and that end is exclusive (Dijkstra-based convention)</remark>
<remark>Specify that begin is inclusive, starts counting at zero, and that end is exclusive (Dijkstra-based convention).</remark>
</revision>
<revision>
<version>0.3</version>
@ -99,7 +105,7 @@
<section1 topic='Use Cases' anchor='usecases'>
<section2 topic='Generics' anchor='usecase_generics'>
<p>References are provided in a 'reference' element of a message, with a namespace of 'urn:xmpp:reference:0'. The element MUST contain a 'type' attribute denoting the type of the reference and a 'uri' attribute of the thing that is referenced. It MAY contain 'begin', 'end' and 'anchor' elements.</p>
<p>The 'begin' and 'end' attributes are indexes denoting the beginning and end of the referenced substring in the message body. The Dijkstra convention of ranges<note>Dijkstra convention of ranges &lt;<link url='https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html'>https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html</link>&gt;</note> is used, which means that 'begin' is inclusive and 'end' is exclusive. In other words, the 'begin' attribute is the index of the first character (TODO: define character appropriately) in the referenced substring, with 0 being the index of the first character in the body, and the 'end' attribute is one higher than the index of the last character in the substring.
<p>The 'begin' and 'end' attributes are indexes denoting the beginning and end of the referenced substring in the message body. The Dijkstra convention of ranges<note>Dijkstra convention of ranges &lt;<link url='https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html'>https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html</link>&gt;</note> is used, which means that 'begin' is inclusive and 'end' is exclusive. In other words, the 'begin' attribute is the index of the first unicode code point in the referenced substring, with 0 being the index of the first code point in the body, and the 'end' attribute is one higher than the index of the last code point in the substring.
This convention has three main advantages. It matches subsequence indexing in various programming languages, 'end' minus 'begin' equals the length of the substring, and when two substrings are adjacent, the 'end' attribute of the first one matches the 'begin' attribute of the second one.
Where the reference is not a substring of the message body in the referring stanza, 'begin' and 'end' are not used.</p>
<p>An 'anchor' attribute is used when the referring message is not the one containing the reference element, and points to the previous message containing the reference (the referring message).</p>

502
xep-0450.xml Normal file
View File

@ -0,0 +1,502 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE xep SYSTEM 'xep.dtd' [
<!ENTITY % ents SYSTEM 'xep.ent'>
<!ENTITY ns "urn:xmpp:atm:0">
<!ENTITY ns-trust-messages "urn:xmpp:trust-messages:0">
<!ENTITY ns-omemo "urn:xmpp:omemo:1">
<!ENTITY ns-sce "urn:xmpp:sce:0">
%ents;
]>
<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
<xep>
<header>
<title>Automatic Trust Management (ATM)</title>
<abstract>
This document specifies a way to automatically manage the trust in public long-term keys used by end-to-end encryption protocols.
</abstract>
&LEGALNOTICE;
<number>0450</number>
<status>Experimental</status>
<type>Standards Track</type>
<sig>Standards</sig>
<approver>Council</approver>
<dependencies>
<spec>XMPP Core</spec>
<spec>XEP-0001</spec>
<spec>XEP-0280</spec>
<spec>XEP-0334</spec>
<spec>XEP-0420</spec>
<spec>XEP-0434</spec>
</dependencies>
<supersedes/>
<supersededby/>
<shortname>ATM</shortname>
<author>
<firstname>Melvin</firstname>
<surname>Keskin</surname>
<email>melvo@olomono.de</email>
<jid>melvo@olomono.de</jid>
</author>
<revision>
<version>0.1.0</version>
<date>2020-12-15</date>
<initials>XEP Editor (jsc)</initials>
<remark>Accepted by vote of Council on 2020-12-02.</remark>
</revision>
<revision>
<version>0.0.1</version>
<date>2020-11-05</date>
<initials>melvo</initials>
<remark><p>First draft.</p></remark>
</revision>
</header>
<section1 topic='Introduction' anchor='introduction'>
<p>
End-to-end encryption can easily be used to protect most of the communication nowadays.
However, the management of trust in long-term keys used for encryption is still a manual task.
With ATM, many steps that can be automated for the trust management are no longer a manual task the users have to take care of.
</p>
<p>
ATM reduces the steps needed for authenticating or distrusting keys of endpoints between two identities (XMPP accounts / bare JIDs).
It uses &xep0434; for automatically establishing secure channels protected against active attacks between a new endpoint and existing ones after an initial mutual authentication between the new endpoint and one of the existing ones.
</p>
<p>
Trust messages are sent encrypted only to endpoints with authenticated keys.
ATM preserves the security level as if all endpoints of the two identities authenticated or distrusted their keys manually.
It can be used especially for end-to-end encryption protocols such as &xep0384; which use one key per endpoint of the same identity.
</p>
</section1>
<section1 topic='Glossary' anchor='glossary'>
<dl>
<di>
<dt>External glossary</dt>
<dd>
The terms of &xep0434;'s glossary are also relevant for this XEP.
</dd>
</di>
<di>
<dt>Manual key authentication</dt>
<dd>Key authentication with user interaction (e.g., QR code scanning, fingerprint verification)</dd>
</di>
<di>
<dt>Automatic key authentication</dt>
<dd>Key authentication without user interaction (e.g., via ATM)</dd>
</di>
<di>
<dt>Initial key authentication</dt>
<dd>Key authentication needed for all further automatic key authentications made by ATM</dd>
</di>
<di>
<dt>Mutual key authentication</dt>
<dd>Key authentication in which two endpoints authenticate each other's key</dd>
</di>
<di>
<dt>Key distrusting</dt>
<dd>Revoking the trust in a key</dd>
</di>
<di>
<dt>Manual key distrusting</dt>
<dd>Key distrusting with user interaction (e.g., clicking a "Distrust" button)</dd>
</di>
<di>
<dt>Automatic key distrusting</dt>
<dd>Key distrusting without user interaction (e.g., via ATM)</dd>
</di>
<di>
<dt>Authentication message</dt>
<dd>
Trust message which only contains key identifiers for authentication.
If a trust message contains authentication and distrusting parts, the term authentication message is used for referring to the trust message without the distrusting parts.
</dd>
</di>
<di>
<dt>Distrust message</dt>
<dd>
Trust message which only contains key identifiers for distrusting.
If a trust message contains authentication and distrusting parts, the term distrust message is used for referring to the trust message without the authentication parts.
</dd>
</di>
</dl>
</section1>
<section1 topic='Details' anchor='details'>
<p>
The goal of key authentication is to create an end-to-end encrypted communication network exclusively of endpoints with authenticated keys.
As a result, every communication channel between those endpoints is resistant against active attacks.
</p>
<p>
The network of endpoints which authenticated each other's keys can be seen as a complete graph where each endpoint is a node and each mutual authentication is an edge.
The number of edges grows for each new endpoint by the number of existing nodes.
This is due to the fact that in order to sustain secure channels between all endpoints, a new key has to be authenticated by all n existing endpoints and vice versa.
</p>
<p>
One of those n mutual authentications requires a third party or user interaction like scanning each other's QR code or comparing each other's key identifier by hand.
That is the initial mutual authentication.
A trusted third party MAY be used for the initial authentication but a manual authentication SHOULD be preferred since it does not depend on the trust in the third party.
The remaining authentications can be automated relying on the secure channel established by the initial mutual authentication and the secure channels already created by the same procedure between the rest of the endpoints.
</p>
<p>
For creating the described complete graph with n nodes, a total of T(n) = (n*(n-1))/2 ∊ O(n²) mutual authentications are needed.
When using ATM, only T(n) = n-1 ∊ O(n) of them have to be made as initial mutual authentications.
All remaining authentications can be performed automatically by ATM.
Thus, less user interaction is needed for authenticating all keys involved in the secure communication while preserving the same security level as the manual authentication.
</p>
</section1>
<section1 topic='Use Cases' anchor='use-cases'>
<p>
Everything which is RECOMMENDED by &xep0434; MUST be applied.
</p>
<p>
The examples contain &xep0384; as the encryption protocol because it uses one key per endpoint of the same identity.
Nevertheless, other encryption protocols MAY be used as stated in &xep0434;.
</p>
<p>
If the encryption protocol used with ATM involves only one key for all endpoints of the same identity, only the use cases for authenticating and distrusting keys of a contact's endpoint are relevant.
Those use cases are marked with OOK for <em>only one key</em>.
Additionally, the trust messages are always sent to own endpoints because they use the same key as the sending endpoint.
Therefore, the parts <em>..., to each (other) own endpoint with an already authenticated key.</em> and <em>... as soon as X authenticated Y's key</em> are not of interest.
</p>
<p>
Note that the examples in the following use cases are consecutive and therefore must be read chronologically to properly understand them.
Since ATM uses &xep0420;, only the SCE <![CDATA[<content/>]]> elements are shown.
</p>
<p>
Alice would like to use OMEMO when communicating with Bob.
Alice has the endpoints A1, A2 and A3.
Bob has the endpoint B1.
A1 has already authenticated A2's key.
The other endpoints have not authenticated each other's key.
</p>
<section2 topic='Authenticating the Key of a Contact&apos;s Endpoint' anchor='use-case-authentication-contact-endpoint'>
<section3 topic='Sending' anchor='use-case-authentication-contact-endpoint-sending'>
<p>
Example:
Remember that A1 has already authenticated A2's key.
A1 authenticates B1's key.
</p>
<p>
An endpoint which initially authenticates the key of a contact's endpoint MUST send an authentication message for ...
</p>
<section4 topic='To Own Endpoints (OOK)' anchor='use-case-authentication-contact-endpoint-sending-to-own-endpoints'>
<p>
... the key that has been authenticated, to each own endpoint with an already authenticated key.
</p>
<example caption='A1 sends an authentication message for B1&apos;s key to A2'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>QHqW2arWFewoERL1a43wonBKpTmsrBWnc1d66HSDq85NgMLmjrDJV9lV</rpad>
<time stamp='2020-01-01T12:00:00'/>
<from jid='alice@example.org/A1'/>
<to jid='alice@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='bob@example.com'>
<trust>623548d3835c6d33ef5cb680f7944ef381cf712bf23a0119dabe5c4f252cd02f</trust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section4>
<section4 topic='To Contact&apos;s Endpoint' anchor='use-case-authentication-contact-endpoint-sending-to-contact-endpoint'>
<p>
... each already authenticated key of all own endpoints, to the endpoint whose key has been authenticated.
</p>
<example caption='A1 sends an authentication message for A2&apos;s key to B1'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>Wvj25aDkNbAnSxMIDQo1pjIKRowIMGrF72hSJeXS</rpad>
<time stamp='2020-01-01T12:00:01'/>
<from jid='alice@example.org/A1'/>
<to jid='bob@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<trust>6850019d7ed0feb6d3823072498ceb4f616c6025586f8f666dc6b9c81ef7e0a4</trust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section4>
</section3>
<section3 topic='Receiving' anchor='use-case-authentication-contact-endpoint-receiving'>
<p>
An endpoint which receives an authentication message for a key of a contact's endpoint from ...
</p>
<section4 topic='From Own Endpoint (OOK)' anchor='use-case-authentication-contact-endpoint-receiving-from-own-endpoint'>
<p>
... an own endpoint ...
</p>
<p>
Example:
A2 authenticates B1's key by the authentication message from A1 (see <link url='#example-1'>Example 1</link> for the corresponding authentication message) as soon as A2 authenticated A1's key.
</p>
</section4>
<section4 topic='From Contact&apos;s Endpoint' anchor='use-case-authentication-contact-endpoint-receiving-from-contact-endpoint'>
<p>
... or another endpoint of that contact ...
</p>
<p>
Example:
B1 authenticates A2's key by the authentication message from A1 (see <link url='#example-2'>Example 2</link> for the corresponding authentication message) as soon as B1 authenticated A1's key.
</p>
</section4>
<p>
... MUST authenticate the key as soon as the receiving endpoint authenticated the key of the endpoint which sent the authentication message.
</p>
</section3>
</section2>
<section2 topic='Authenticating the Key of an Own Endpoint' anchor='use-case-authentication-own-endpoint'>
<section3 topic='Sending' anchor='use-case-authentication-own-endpoint-sending'>
<p>
Example:
Remember that A2 has already authenticated A1's and B1's key.
A2 authenticates A3's key.
</p>
<p>
An endpoint which initially authenticates the key of an own endpoint MUST send an authentication message for ...
</p>
<section4 topic='To All Other Endpoints' anchor='use-case-authentication-own-endpoint-sending-to-other-endpoints'>
<p>
... the key that has been authenticated to each other endpoint with an already authenticated key.
</p>
<example caption='A2 sends an authentication message for A3&apos;s key to B1 and by using Message Carbons also to A1'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>O2vRKkmtsXsKSk2hPDkrpQQ4Og272qFGB1Srp64vaDrMTNhrV6</rpad>
<time stamp='2020-01-01T14:00:01'/>
<from jid='alice@example.org/A2'/>
<to jid='bob@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<trust>221a4f8e228b72182b006e5ca527d3bddccf8d9e6feaf4ce96e1c451e8648020</trust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
<example caption='A2 would send an authentication message for A3&apos;s key only to A1 if there were no contacts with authenticated keys'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>s5jP95kvpRNg92XLLo8OkLCvUDT53S</rpad>
<time stamp='2020-01-01T14:00:00'/>
<from jid='alice@example.org/A2'/>
<to jid='alice@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<trust>221a4f8e228b72182b006e5ca527d3bddccf8d9e6feaf4ce96e1c451e8648020</trust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section4>
<section4 topic='To Endpoint Whose Key Has Been Authenticated' anchor='use-case-authentication-own-endpoint-sending-to-endpoint-key-authenticated'>
<p>
... each already authenticated key of all endpoints to the endpoint whose key has been authenticated.
</p>
<example caption='A2 sends an authentication message for A1&apos;s and B1&apos;s key to A3'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>98WA6U92twcVkAXM44UU</rpad>
<time stamp='2020-01-01T14:00:02'/>
<from jid='alice@example.org/A2'/>
<to jid='bob@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<trust>f3cddd91f25502652483be2fd5faaaa00f80868ac0d51d7eebb1b08a3892e33d</trust>
</key-owner>
<key-owner jid='bob@example.com'>
<trust>623548d3835c6d33ef5cb680f7944ef381cf712bf23a0119dabe5c4f252cd02f</trust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section4>
</section3>
<section3 topic='Receiving' anchor='use-case-authentication-own-endpoint-receiving'>
<p>
An endpoint which receives an authentication message for a key of an own endpoint from another own endpoint MUST authenticate the key as soon as the receiving endpoint authenticated the key of the endpoint which sent the authentication message.
</p>
<p>
Example:
A1 authenticates A3's key by the authentication message from A2 (see <link url='#example-3'>Example 3</link> or <link url='#example-4'>Example 4</link> for the corresponding authentication message) as soon as A1 authenticated A2's key.
</p>
</section3>
</section2>
<section2 topic='Distrusting the Key of an Own Endpoint' anchor='use-case-distrusting-own-endpoint'>
<section3 topic='Sending' anchor='use-case-distrusting-own-endpoint-sending'>
<p>
Example:
Remember that A1 has already authenticated A2's, A3's and B1's key.
A1 distrusts A3's key.
</p>
<p>
An endpoint which initially distrusts the key of an own endpoint MUST send a distrust message for that key to each other endpoint with an already authenticated key.
</p>
<example caption='A1 sends a distrust message for A3&apos;s key to B1 and by using Message Carbons also to A2'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>NF5MOJdt8TBbItt4AHXOUKWncRmw5B</rpad>
<time stamp='2020-01-01T16:00:01'/>
<from jid='alice@example.org/A1'/>
<to jid='bob@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<distrust>221a4f8e228b72182b006e5ca527d3bddccf8d9e6feaf4ce96e1c451e8648020</distrust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
<example caption='A1 would send a distrust message for A3&apos;s key only to A2 if there were no contacts with authenticated keys'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>798BFSTQqPjVtiLok3EGtQ7VgB3GGP7eT9P4FhO5</rpad>
<time stamp='2020-01-01T16:00:00'/>
<from jid='alice@example.org/A1'/>
<to jid='alice@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='alice@example.org'>
<distrust>221a4f8e228b72182b006e5ca527d3bddccf8d9e6feaf4ce96e1c451e8648020</distrust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section3>
<section3 topic='Receiving' anchor='use-case-distrusting-own-endpoint-receiving'>
<p>
An endpoint which receives a distrust message for a key of an own endpoint from another own endpoint MUST distrust the key as soon as the receiving endpoint authenticated the key of the endpoint which sent the distrust message.
</p>
<p>
Example:
A2 distrusts A3's key by the distrust message from A1 (see <link url='#example-6'>Example 6</link> or <link url='#example-7'>Example 7</link> for the corresponding distrust message) as soon as A2 authenticated A1's key.
</p>
</section3>
</section2>
<section2 topic='Distrusting the Key of a Contact&apos;s Endpoint' anchor='use-case-distrusting-contact-endpoint'>
<section3 topic='Sending (OOK)' anchor='use-case-distrusting-contact-endpoint-sending'>
<p>
Example:
Remember that A1 has already authenticated A2's and B1's key but distrusted A3's key.
A1 distrusts B1's key.
</p>
<p>
An endpoint which distrusts the key of a contact's endpoint MUST send a distrust message for that key to each other own endpoint with an authenticated key.
</p>
<example caption='A1 sends a distrust message for B1&apos;s key to A2'><![CDATA[
<content xmlns=']]>&ns-sce;<![CDATA['>
<rpad>x4LJDawLHgnTJRC7T1mndKEQLPR658NQmXAPQRVnhM1QQ861ve</rpad>
<time stamp='2020-01-01T18:00:00'/>
<from jid='alice@example.org/A1'/>
<to jid='alice@example.org'/>
<payload>
<trust-message xmlns=']]>&ns-trust-messages;<![CDATA[' usage=']]>&ns;<![CDATA[' encryption=']]>&ns-omemo;<![CDATA['>
<key-owner jid='bob@example.com'>
<distrust>623548d3835c6d33ef5cb680f7944ef381cf712bf23a0119dabe5c4f252cd02f</distrust>
</key-owner>
</trust-message>
</payload>
</content>
]]></example>
</section3>
<section3 topic='Receiving' anchor='use-case-distrusting-contact-endpoint-receiving'>
<p>
An endpoint which receives a distrust message for a key of a contact's endpoint from ...
</p>
<section4 topic='From Contact&apos;s Endpoint' anchor='use-case-distrusting-contact-endpoint-receiving-from-contact-endpoint'>
<p>
... another endpoint of that contact ...
</p>
<p>
Example:
B1 distrusts A3's key by the distrust message from A1 (see <link url='#example-6'>Example 6</link> for the corresponding distrust message) as soon as B1 authenticated A1's key.
</p>
</section4>
<section4 topic='From Own Endpoint (OOK)' anchor='use-case-distrusting-contact-endpoint-receiving-from-own-endpoint'>
<p>
... or an own endpoint ...
</p>
<p>
Example:
A2 distrusts B1's key by the distrust message from A1 (see <link url='#example-8'>Example 8</link>) as soon as A2 authenticated A1's key.
</p>
</section4>
<p>
... MUST distrust the key as soon as the receiving endpoint authenticated the key of the endpoint which sent the distrust message.
</p>
</section3>
</section2>
</section1>
<section1 topic='Implementation Notes' anchor='implementation-notes'>
<section2 topic='Storing Trust Message Information from Endpoints with Unauthenticated Keys' anchor='implementation-notes-storing-trust-message-information-unauthenticated-keys'>
<p>
A client MUST save the information of a trust message until the key of the endpoint which sent the trust message is authenticated, so that the key can then be authenticated or revoked.
Storing data of a trust message from an endpoint with an unauthenticated key is necessary because the receiving endpoint can only use that data after authenticating the sending endpoint's key and that data might not be received again.
Afterwards the information of the trust message MAY be deleted.
</p>
<p>
Example:
When Alice's endpoint A1 authenticates the key of Bob's endpoint B1, A1 sends a trust message containing the keys of Alice's other endpoint A2 to B1.
If B1 has not already authenticated A1's key, B1 stores the information provided by the trust message.
B1 authenticates A1's key and is then able to automatically authenticate A2's key.
</p>
</section2>
<section2 topic='Storing Trust Message Information for Unknown Keys' anchor='implementation-notes-storing-trust-message-information-unknown-keys'>
<p>
A client MUST save the information of a trust message until it has fetched the corresponding key so that the key can then be authenticated or revoked.
Afterwards the information of the trust message can be deleted.
</p>
<p>
Example:
Alice's endpoint A1 receives an authentication message from Bob's endpoint B1.
That authentication message contains the key for Bob's other endpoint B2.
If A1 has not already fetched B2's key, A1 stores the information provided by the trust message.
A1 fetches B2's key and is then able to automatically authenticate A2's key.
</p>
</section2>
<section2 topic='GUI Considerations' anchor='implementation-notes-gui-considerations'>
<p>
A client that receives a trust message SHOULD NOT display its bare content to the user.
Instead, the trust message SHOULD be hidden and the automatic authentication or distrusting SHOULD take place in the background.
</p>
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security-considerations'>
<section2 topic='Notification and Confirmation' anchor='security-considerations-notification-and-confirmation'>
<p>
After a successful authentication or distrusting, the user MAY be informed of that event.
The client MAY offer an option for requesting the user's confirmation before any automatic authentication or automatic distrusting is performed.
</p>
</section2>
<section2 topic='Recommended Security Policy - Trust Only Authenticated Keys After First Authentication (TOAKAFA)' anchor='security-considerations-recommended-security-policy-trust-only-authenticated-keys-after-first-authentication-toakafa'>
<p>
It is more secure to be protected against passive attacks instead of not using any encryption.
If it is not possible to authenticate a key before encrypting with it but it is desired to communicate with the key's endpoint, it is RECOMMENDED to automatically trust new keys until the first authentication has been made.
</p>
<p>
Even ATM cannot protect the user against an attacker with an automatically trusted and undetected malicious key.
For this reason it is important to take special care of the following security aspects.
</p>
<p>
If keys are automatically trusted until the first authentication, keys which are not authenticated by then SHOULD NOT be used any longer for encryption until they have been authenticated too.
New keys SHOULD also only be used for encryption after they have been authenticated.
Without these two additional precautions it is not possible to protect the user against attackers who introduced malicious keys before or after the first authentication.
</p>
</section2>
</section1>
<section1 topic='IANA Considerations' anchor='iana-considerations'>
<p>This document requires no interaction with the Internet Assigned Numbers Authority (IANA).</p>
</section1>
<section1 topic='XMPP Registrar Considerations' anchor='xmpp-registrar-considerations'>
<section2 topic='Protocol Namespaces' anchor='xmpp-registrar-considerations-protocol-namespaces'>
<p>This specification defines the following XMPP namespaces:</p>
<ul>
<li>&ns;</li>
</ul>
</section2>
<section2 topic='Protocol Versioning' anchor='xmpp-registrar-considerations-protocol-versioning'>
&NSVER;
</section2>
</section1>
</xep>

View File

@ -1614,3 +1614,4 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates</link></span> <note>
<!ENTITY xep0447 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0447.html'>Stateless file sharing (XEP-0447)</link></span> <note>XEP-0447: Stateless file sharing &lt;<link url='https://xmpp.org/extensions/xep-0447.html'>https://xmpp.org/extensions/xep-0447.html</link>&gt;.</note>" >
<!ENTITY xep0448 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0448.html'>Encryption for stateless file sharing (XEP-0448)</link></span> <note>XEP-0448: Encryption for stateless file sharing &lt;<link url='https://xmpp.org/extensions/xep-0448.html'>https://xmpp.org/extensions/xep-0448.html</link>&gt;.</note>" >
<!ENTITY xep0449 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0449.html'>Stickers (XEP-0449)</link></span> <note>XEP-0449: Stickers &lt;<link url='https://xmpp.org/extensions/xep-0449.html'>https://xmpp.org/extensions/xep-0449.html</link>&gt;.</note>" >
<!ENTITY xep0450 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0450.html'>Automatic Trust Management (ATM) (XEP-0450)</link></span> <note>XEP-0450: Automatic Trust Management (ATM) &lt;<link url='https://xmpp.org/extensions/xep-0450.html'>https://xmpp.org/extensions/xep-0450.html</link>&gt;.</note>" >