1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 16:55:07 -05:00

Merge branch 'feature/xep-0373' into premerge

This commit is contained in:
Jonas Schäfer 2020-06-23 18:44:08 +02:00
commit 6f9770bff3

View File

@ -18,7 +18,7 @@
devices.</abstract> devices.</abstract>
&LEGALNOTICE; &LEGALNOTICE;
<number>0373</number> <number>0373</number>
<status>Deferred</status> <status>Experimental</status>
<type>Standards Track</type> <type>Standards Track</type>
<sig>Standards</sig> <sig>Standards</sig>
<approver>Council</approver> <approver>Council</approver>
@ -46,6 +46,18 @@
<email>look@my.amazin.horse</email> <email>look@my.amazin.horse</email>
<jid>valodim@stratum0.org</jid> <jid>valodim@stratum0.org</jid>
</author> </author>
<revision>
<version>0.5.0</version>
<date>2020-06-19</date>
<initials>fs</initials>
<remark>
<ul>
<li>Use RFC 4880 terminology: it is "primary key", not "master key".</li>
<li>Clarify encryption of secret key material.</li>
<li>Move the information from the 'date' attribute into the item ID.</li>
</ul>
</remark>
</revision>
<revision> <revision>
<version>0.4.0</version> <version>0.4.0</version>
<date>2018-07-30</date> <date>2018-07-30</date>
@ -161,8 +173,9 @@
<di><dt>Public-Key metadata node ("metadata node")</dt><dd>A PEP node containing metadata of the entity's public OpenPGP key.</dd></di> <di><dt>Public-Key metadata node ("metadata node")</dt><dd>A PEP node containing metadata of the entity's public OpenPGP key.</dd></di>
<di><dt>Public-Key data node ("data node")</dt><dd>A PEP node containing an entity's public OpenPGP key.</dd></di> <di><dt>Public-Key data node ("data node")</dt><dd>A PEP node containing an entity's public OpenPGP key.</dd></di>
<di><dt>Secret-Key node</dt><dd>A PEP node containing an entity's encrypted secret OpenPGP key.</dd></di> <di><dt>Secret-Key node</dt><dd>A PEP node containing an entity's encrypted secret OpenPGP key.</dd></di>
<di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint of a key. If the key consists of a master key and subkeys, this is the fingerprint of the <di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint
master key.</dd></di> of a key. If the key consists of a primary key and subkeys, this is the fingerprint of the
primary key.</dd></di>
</dl> </dl>
</section1> </section1>
@ -318,17 +331,19 @@ master key.</dd></di>
encoded as a hexadecimal string using upper case characters<note>This matches the representation encoded as a hexadecimal string using upper case characters<note>This matches the representation
used by GnuPG minus the SPACE separation.</note>.</p> used by GnuPG minus the SPACE separation.</note>.</p>
<p> The publishing entity SHOULD set the PubSub item ID to the time the item is published encoded
as DateTime format specified in <cite>XEP-0082</cite>.</p>
<p>The data node MUST contain an &lt;pubkey/&gt; element qualified by the 'urn:xmpp:openpgp:0' <p>The data node MUST contain an &lt;pubkey/&gt; element qualified by the 'urn:xmpp:openpgp:0'
namespace. An optional 'date' attribute holds the information about the last modification of the namespace. The element MUST include a &lt;data/&gt; element which contains the data of the key
key as DateTime format of <cite>XEP-0082</cite>. The element MUST include a &lt;data/&gt; Base64 encoded.</p>
element which contains the data of the key Base64 encoded.</p>
<example caption='Saving the public key in the data node.'><![CDATA[ <example caption='Saving the public key in the data node.'><![CDATA[
<iq type='set' from='juliet@example.org/balcony' id='publish1'> <iq type='set' from='juliet@example.org/balcony' id='publish1'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'> <pubsub xmlns='http://jabber.org/protocol/pubsub'>
<publish node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'> <publish node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
<item> <item id='2020-01-21T10:46:21Z'>
<pubkey xmlns='urn:xmpp:openpgp:0' date='2018-01-21T10:46:21Z'> <pubkey xmlns='urn:xmpp:openpgp:0'>
<data> <data>
BASE64_OPENPGP_PUBLIC_KEY BASE64_OPENPGP_PUBLIC_KEY
</data> </data>
@ -377,8 +392,9 @@ master key.</dd></di>
<section2 topic='Discovering Public Keys of a User' anchor='discover-pubkey-list'> <section2 topic='Discovering Public Keys of a User' anchor='discover-pubkey-list'>
<p>In order to discover the OpenPGP public keys, the interested entity first queries a remote <p>In order to discover the OpenPGP public keys of a remote entity, the interested entity first
entities metadata note to learn about its currently annouced OpenPGP keys.</p> queries the remote entity's metadata note to learn about the currently annouced OpenPGP
keys.</p>
<example caption='Requesting the metadata node of a user.'><![CDATA[ <example caption='Requesting the metadata node of a user.'><![CDATA[
<iq from='romeo@example.org/orchard' <iq from='romeo@example.org/orchard'
@ -438,7 +454,7 @@ master key.</dd></di>
id='getpub'> id='getpub'>
<pubsub xmlns='http://jabber.org/protocol/pubsub'> <pubsub xmlns='http://jabber.org/protocol/pubsub'>
<items node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'> <items node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
<item> <item id='2020-01-21T10:46:21Z'>
<pubkey xmlns='urn:xmpp:openpgp:0'> <pubkey xmlns='urn:xmpp:openpgp:0'>
<data> <data>
BASE64_OPENPGP_PUBLIC_KEY BASE64_OPENPGP_PUBLIC_KEY
@ -466,9 +482,14 @@ master key.</dd></di>
<section2 topic='Receiving notifications about key changes' anchor='pubsub-notifications'> <section2 topic='Receiving notifications about key changes' anchor='pubsub-notifications'>
<p>Entities creating PEP nodes defined herein SHOULD configure the nodes as notification-only
nodes by setting 'pubsub#deliver_payloads" configuration field to 'false'.</p>
<p>Entities which are subscribed to the metadata node or advertise the <p>Entities which are subscribed to the metadata node or advertise the
"urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0115; (see <cite>XEP-0060 § 9.2</cite>) "urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0030; (see <cite>XEP-0060</cite> <link
receive a notification upon a node update.</p> url='https://xmpp.org/extensions/xep-0060.html#filtered-notifications'>§ 9.2</link>) receive a
notification upon a node update. Entities subscribed to PEP nodes defined herein MUST be prepared
that PubSub notifications may be without the payload and only contain the published item's ID.</p>
</section2> </section2>
@ -659,7 +680,11 @@ master key.</dd></di>
be concatenated in their transferable key format (<cite>RFC be concatenated in their transferable key format (<cite>RFC
4880</cite> <link 4880</cite> <link
url='http://tools.ietf.org/html/rfc4880#section-11.2'>§ url='http://tools.ietf.org/html/rfc4880#section-11.2'>§
11.2</link>). 11.1</link>). The octet indicating string-to-key usage conventions
MUST be set to zero in the corresponding Secret-Key Packet(s)
(<cite>RFC 4880</cite> <link url='https://tools.ietf.org/html/rfc4880#section-5.5.3'>§ 5.5.3</link>).
The secret key material will be encrypted in step 4 using a
Symmetric-Key Encrypted Session Key Packet.
</li> </li>
<li>A backup code is generated from secure random: The backup <li>A backup code is generated from secure random: The backup
code consists of 24 upper case characters from the Latin code consists of 24 upper case characters from the Latin
@ -936,7 +961,8 @@ master key.</dd></di>
<section1 topic='Acknowledgements' anchor='acknowledgements'> <section1 topic='Acknowledgements' anchor='acknowledgements'>
<p>Thanks to Emmanuel Gil Peyrot, Sergei Golovan, Marc Laporte, Georg <p>Thanks to Emmanuel Gil Peyrot, Sergei Golovan, Marc Laporte, Georg
Lukas, Adithya Abraham Philip, Brian Cully, fiaxh and Paul Schaub for their feedback.</p> Lukas, Adithya Abraham Philip, Brian Cully, fiaxh, Paul Schaub,
Philipp Hörist and Stefan Kropp for their feedback.</p>
<p>The first draft of this specification was worked out and written <p>The first draft of this specification was worked out and written
on the wall of the 'Kymera' room in one of Google's buildings by the on the wall of the 'Kymera' room in one of Google's buildings by the