mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 16:55:07 -05:00
Merge branch 'feature/xep-0373' into premerge
This commit is contained in:
commit
6f9770bff3
56
xep-0373.xml
56
xep-0373.xml
@ -18,7 +18,7 @@
|
|||||||
devices.</abstract>
|
devices.</abstract>
|
||||||
&LEGALNOTICE;
|
&LEGALNOTICE;
|
||||||
<number>0373</number>
|
<number>0373</number>
|
||||||
<status>Deferred</status>
|
<status>Experimental</status>
|
||||||
<type>Standards Track</type>
|
<type>Standards Track</type>
|
||||||
<sig>Standards</sig>
|
<sig>Standards</sig>
|
||||||
<approver>Council</approver>
|
<approver>Council</approver>
|
||||||
@ -46,6 +46,18 @@
|
|||||||
<email>look@my.amazin.horse</email>
|
<email>look@my.amazin.horse</email>
|
||||||
<jid>valodim@stratum0.org</jid>
|
<jid>valodim@stratum0.org</jid>
|
||||||
</author>
|
</author>
|
||||||
|
<revision>
|
||||||
|
<version>0.5.0</version>
|
||||||
|
<date>2020-06-19</date>
|
||||||
|
<initials>fs</initials>
|
||||||
|
<remark>
|
||||||
|
<ul>
|
||||||
|
<li>Use RFC 4880 terminology: it is "primary key", not "master key".</li>
|
||||||
|
<li>Clarify encryption of secret key material.</li>
|
||||||
|
<li>Move the information from the 'date' attribute into the item ID.</li>
|
||||||
|
</ul>
|
||||||
|
</remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.4.0</version>
|
<version>0.4.0</version>
|
||||||
<date>2018-07-30</date>
|
<date>2018-07-30</date>
|
||||||
@ -161,8 +173,9 @@
|
|||||||
<di><dt>Public-Key metadata node ("metadata node")</dt><dd>A PEP node containing metadata of the entity's public OpenPGP key.</dd></di>
|
<di><dt>Public-Key metadata node ("metadata node")</dt><dd>A PEP node containing metadata of the entity's public OpenPGP key.</dd></di>
|
||||||
<di><dt>Public-Key data node ("data node")</dt><dd>A PEP node containing an entity's public OpenPGP key.</dd></di>
|
<di><dt>Public-Key data node ("data node")</dt><dd>A PEP node containing an entity's public OpenPGP key.</dd></di>
|
||||||
<di><dt>Secret-Key node</dt><dd>A PEP node containing an entity's encrypted secret OpenPGP key.</dd></di>
|
<di><dt>Secret-Key node</dt><dd>A PEP node containing an entity's encrypted secret OpenPGP key.</dd></di>
|
||||||
<di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint of a key. If the key consists of a master key and subkeys, this is the fingerprint of the
|
<di><dt>OpenPGP v4 Fingerprint String</dt><dd>A String representing the OpenPGP v4 fingerprint
|
||||||
master key.</dd></di>
|
of a key. If the key consists of a primary key and subkeys, this is the fingerprint of the
|
||||||
|
primary key.</dd></di>
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
</section1>
|
</section1>
|
||||||
@ -318,17 +331,19 @@ master key.</dd></di>
|
|||||||
encoded as a hexadecimal string using upper case characters<note>This matches the representation
|
encoded as a hexadecimal string using upper case characters<note>This matches the representation
|
||||||
used by GnuPG minus the SPACE separation.</note>.</p>
|
used by GnuPG minus the SPACE separation.</note>.</p>
|
||||||
|
|
||||||
|
<p> The publishing entity SHOULD set the PubSub item ID to the time the item is published encoded
|
||||||
|
as DateTime format specified in <cite>XEP-0082</cite>.</p>
|
||||||
|
|
||||||
<p>The data node MUST contain an <pubkey/> element qualified by the 'urn:xmpp:openpgp:0'
|
<p>The data node MUST contain an <pubkey/> element qualified by the 'urn:xmpp:openpgp:0'
|
||||||
namespace. An optional 'date' attribute holds the information about the last modification of the
|
namespace. The element MUST include a <data/> element which contains the data of the key
|
||||||
key as DateTime format of <cite>XEP-0082</cite>. The element MUST include a <data/>
|
Base64 encoded.</p>
|
||||||
element which contains the data of the key Base64 encoded.</p>
|
|
||||||
|
|
||||||
<example caption='Saving the public key in the data node.'><![CDATA[
|
<example caption='Saving the public key in the data node.'><![CDATA[
|
||||||
<iq type='set' from='juliet@example.org/balcony' id='publish1'>
|
<iq type='set' from='juliet@example.org/balcony' id='publish1'>
|
||||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||||
<publish node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
|
<publish node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
|
||||||
<item>
|
<item id='2020-01-21T10:46:21Z'>
|
||||||
<pubkey xmlns='urn:xmpp:openpgp:0' date='2018-01-21T10:46:21Z'>
|
<pubkey xmlns='urn:xmpp:openpgp:0'>
|
||||||
<data>
|
<data>
|
||||||
BASE64_OPENPGP_PUBLIC_KEY
|
BASE64_OPENPGP_PUBLIC_KEY
|
||||||
</data>
|
</data>
|
||||||
@ -377,8 +392,9 @@ master key.</dd></di>
|
|||||||
|
|
||||||
<section2 topic='Discovering Public Keys of a User' anchor='discover-pubkey-list'>
|
<section2 topic='Discovering Public Keys of a User' anchor='discover-pubkey-list'>
|
||||||
|
|
||||||
<p>In order to discover the OpenPGP public keys, the interested entity first queries a remote
|
<p>In order to discover the OpenPGP public keys of a remote entity, the interested entity first
|
||||||
entities metadata note to learn about its currently annouced OpenPGP keys.</p>
|
queries the remote entity's metadata note to learn about the currently annouced OpenPGP
|
||||||
|
keys.</p>
|
||||||
|
|
||||||
<example caption='Requesting the metadata node of a user.'><![CDATA[
|
<example caption='Requesting the metadata node of a user.'><![CDATA[
|
||||||
<iq from='romeo@example.org/orchard'
|
<iq from='romeo@example.org/orchard'
|
||||||
@ -438,7 +454,7 @@ master key.</dd></di>
|
|||||||
id='getpub'>
|
id='getpub'>
|
||||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||||
<items node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
|
<items node='urn:xmpp:openpgp:0:public-keys:1357B01865B2503C18453D208CAC2A9678548E35'>
|
||||||
<item>
|
<item id='2020-01-21T10:46:21Z'>
|
||||||
<pubkey xmlns='urn:xmpp:openpgp:0'>
|
<pubkey xmlns='urn:xmpp:openpgp:0'>
|
||||||
<data>
|
<data>
|
||||||
BASE64_OPENPGP_PUBLIC_KEY
|
BASE64_OPENPGP_PUBLIC_KEY
|
||||||
@ -466,9 +482,14 @@ master key.</dd></di>
|
|||||||
|
|
||||||
<section2 topic='Receiving notifications about key changes' anchor='pubsub-notifications'>
|
<section2 topic='Receiving notifications about key changes' anchor='pubsub-notifications'>
|
||||||
|
|
||||||
|
<p>Entities creating PEP nodes defined herein SHOULD configure the nodes as notification-only
|
||||||
|
nodes by setting 'pubsub#deliver_payloads" configuration field to 'false'.</p>
|
||||||
|
|
||||||
<p>Entities which are subscribed to the metadata node or advertise the
|
<p>Entities which are subscribed to the metadata node or advertise the
|
||||||
"urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0115; (see <cite>XEP-0060 § 9.2</cite>)
|
"urn:xmpp:openpgp:0:public-keys+notify" feature via &xep0030; (see <cite>XEP-0060</cite> <link
|
||||||
receive a notification upon a node update.</p>
|
url='https://xmpp.org/extensions/xep-0060.html#filtered-notifications'>§ 9.2</link>) receive a
|
||||||
|
notification upon a node update. Entities subscribed to PEP nodes defined herein MUST be prepared
|
||||||
|
that PubSub notifications may be without the payload and only contain the published item's ID.</p>
|
||||||
|
|
||||||
</section2>
|
</section2>
|
||||||
|
|
||||||
@ -659,7 +680,11 @@ master key.</dd></di>
|
|||||||
be concatenated in their transferable key format (<cite>RFC
|
be concatenated in their transferable key format (<cite>RFC
|
||||||
4880</cite> <link
|
4880</cite> <link
|
||||||
url='http://tools.ietf.org/html/rfc4880#section-11.2'>§
|
url='http://tools.ietf.org/html/rfc4880#section-11.2'>§
|
||||||
11.2</link>).
|
11.1</link>). The octet indicating string-to-key usage conventions
|
||||||
|
MUST be set to zero in the corresponding Secret-Key Packet(s)
|
||||||
|
(<cite>RFC 4880</cite> <link url='https://tools.ietf.org/html/rfc4880#section-5.5.3'>§ 5.5.3</link>).
|
||||||
|
The secret key material will be encrypted in step 4 using a
|
||||||
|
Symmetric-Key Encrypted Session Key Packet.
|
||||||
</li>
|
</li>
|
||||||
<li>A backup code is generated from secure random: The backup
|
<li>A backup code is generated from secure random: The backup
|
||||||
code consists of 24 upper case characters from the Latin
|
code consists of 24 upper case characters from the Latin
|
||||||
@ -936,7 +961,8 @@ master key.</dd></di>
|
|||||||
<section1 topic='Acknowledgements' anchor='acknowledgements'>
|
<section1 topic='Acknowledgements' anchor='acknowledgements'>
|
||||||
|
|
||||||
<p>Thanks to Emmanuel Gil Peyrot, Sergei Golovan, Marc Laporte, Georg
|
<p>Thanks to Emmanuel Gil Peyrot, Sergei Golovan, Marc Laporte, Georg
|
||||||
Lukas, Adithya Abraham Philip, Brian Cully, fiaxh and Paul Schaub for their feedback.</p>
|
Lukas, Adithya Abraham Philip, Brian Cully, fiaxh, Paul Schaub,
|
||||||
|
Philipp Hörist and Stefan Kropp for their feedback.</p>
|
||||||
|
|
||||||
<p>The first draft of this specification was worked out and written
|
<p>The first draft of this specification was worked out and written
|
||||||
on the wall of the 'Kymera' room in one of Google's buildings by the
|
on the wall of the 'Kymera' room in one of Google's buildings by the
|
||||||
|
Loading…
Reference in New Issue
Block a user