mirror of
https://github.com/moparisthebest/xeps
synced 2024-12-22 07:38:52 -05:00
XEP-0384: explain that access model should be open
This commit is contained in:
parent
d203e84edd
commit
8cc7ce6e46
36
xep-0384.xml
36
xep-0384.xml
@ -189,7 +189,10 @@
|
||||
</message>]]></example>
|
||||
</section2>
|
||||
<section2 topic='Announcing support' anchor='usecases-announcing'>
|
||||
<section3 topic='Device list' anchor='devices'>
|
||||
<p>In order for other devices to be able to initiate a session with a given device, it first has to announce itself by adding its device ID to the devicelist PEP node. </p>
|
||||
<p>It is RECOMMENDED to set the access model of the ‘urn:xmpp:omemo:1:devices’ node to ‘open’ to give entities without presence subscription read access to the devices and allow them to establish an OMEMO session. Not having presence subscription is a common occurrence on the first few messages between two contacts and can also happen fairly frequently in group chats as not every participant had prior communication with every other participant.</p>
|
||||
<p>The access model can be changed efficiently by using publish-options.</p>
|
||||
<example caption='Adding the own device ID to the list'><![CDATA[
|
||||
<iq from='juliet@capulet.lit' type='set' id='announce1'>
|
||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||
@ -202,13 +205,26 @@
|
||||
</devices>
|
||||
</item>
|
||||
</publish>
|
||||
<publish-options>
|
||||
<x xmlns='jabber:x:data' type='submit'>
|
||||
<field var='FORM_TYPE' type='hidden'>
|
||||
<value>http://jabber.org/protocol/pubsub#publish-options</value>
|
||||
</field>
|
||||
<field var='pubsub#access_model'>
|
||||
<value>open</value>
|
||||
</field>
|
||||
</x>
|
||||
</publish-options>
|
||||
</pubsub>
|
||||
</iq>]]></example>
|
||||
<p>NOTE: as per <link url='https://xmpp.org/extensions/xep-0060.html#impl-singleton'><cite>XEP-0060</cite> §12.20</link>, it is RECOMMENDED for the publisher to specify an ItemID of "current" to ensure that the publication of a new item will overwrite the existing item.</p>
|
||||
<p>This step presents the risk of introducing a race condition: Two devices might simultaneously try to announce themselves, unaware of the other's existence. The second device would overwrite the first one. To mitigate this, devices MUST check that their own device ID is contained in the list whenever they receive a PEP update from their own account. If they have been removed, they MUST reannounce themselves.</p>
|
||||
</section3>
|
||||
<section3 topic='Bundles' anchor='bundles'>
|
||||
<p>Furthermore, a device MUST publish its IdentityKey, a signed PreKey, and a list of PreKeys. This tuple is called a bundle. Bundles are maintained as multiple items in a PEP node called ‘urn:xmpp:omemo:1:bundles’. Each bundle MUST be stored in a seperate item. The item id MUST be set to the device id.</p>
|
||||
<p>A bundle is an element called ‘bundle’ in the ‘urn:xmpp:omomo:1’ namespace. It has a child element called ‘spk’ that contains the signed PreKey as base64 encoded data, a child element called ‘spks’ that contains the signed PreKey signature as base64 encoded data and a child element called ‘ik’ that contains the identity key as base64 encoded data. PreKeys are multiple elements called ‘pk’ that each contain one PreKey as base64 encoded data. PreKeys are wrapped in an element called ‘prekeys’ which is a child of the bundle element.</p>
|
||||
<p>A bundle is an element called 'bundle' in the 'urn:xmpp:omomo:1' namespace. It has a child element called ‘spk’ that contains the signed PreKey as base64 encoded data, a child element called ‘spks’ that contains the signed PreKey signature as base64 encoded data and a child element called ‘ik’ that contains the identity key as base64 encoded data. PreKeys are multiple elements called ‘pk’ that each contain one PreKey as base64 encoded data. PreKeys are wrapped in an element called ‘prekeys’ which is a child of the bundle element.</p>
|
||||
<p>The bundle element MAY contain an attribute called label, which is a user defined string describing the device that published that bundle.</p>
|
||||
<p>When publishing bundles a client MUST make sure that the 'urn:xmpp:omemo:1' node is configured to store multiple items. This is not the default with &xep0163;. If the node doesn’t exist yet it can be configured on the fly by using publish-options as described in <link url="https://xmpp.org/extensions/xep-0060.html#publisher-publish-options"><cite>XEP-0060</cite> §7.1.5</link>. The value for 'pubsub#max_items' in publish_options MUST be set to 'max'. If the node did exist and was configured differently the bundle publication will fail. Clients MUST then reconfigure the node as described in <link url="https://xmpp.org/extensions/xep-0060.html#owner-configure"><cite>XEP-0060</cite> §8.2</link>.</p>
|
||||
<example caption='Publishing bundle information'><![CDATA[
|
||||
<iq from='juliet@capulet.lit' type='set' id='annouce2'>
|
||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||
@ -228,10 +244,20 @@
|
||||
</bundle>
|
||||
</item>
|
||||
</publish>
|
||||
<publish-options>
|
||||
<x xmlns='jabber:x:data' type='submit'>
|
||||
<field var='FORM_TYPE' type='hidden'>
|
||||
<value>http://jabber.org/protocol/pubsub#publish-options</value>
|
||||
</field>
|
||||
<field var='pubsub#max_items'>
|
||||
<value>max</value>
|
||||
</field>
|
||||
</x>
|
||||
</publish-options>
|
||||
</pubsub>
|
||||
</iq>]]></example>
|
||||
<p>It is RECOMMENDED to set the access model of the ‘urn:xmpp:omemo:1:bundles’ node to ‘open’ to give entities without presence subscription read access to the bundles and allow them to establish an OMEMO session. Not having presence subscription is a common occurrence on the first few messages between two contacts and can also happen fairly frequently in group chats as not every participant had prior communication with every other participant.</p>
|
||||
<p>The access model can be changed efficiently by using publish-options as described in <link url="https://xmpp.org/extensions/xep-0060.html#publisher-publish-options"><cite>XEP-0060</cite> §7.1.5</link>.</p>
|
||||
<p>As with the 'urn:xmpp:omemo:1:devices' node it is RECOMMENDED to set the access model of the 'urn:xmpp:omemo:1:bundles' to open. Clients that do not adhere to the recommended access model (and for example want to stick to the default 'presence') are highly encouraged to configure the same access model for 'urn:xmpp:omemo:1:devices' and 'urn:xmpp:omemo:1:bundles', otherwise remote entities might end up in a situation where they are able to retrieve the device list but not the bundle or vice versa.</p>
|
||||
<p>The access model can be changed efficiently by using publish-options.</p>
|
||||
<example caption='Publishing bundle information with an open access model'><![CDATA[
|
||||
<iq from='juliet@capulet.lit' type='set' id='annouce2'>
|
||||
<pubsub xmlns='http://jabber.org/protocol/pubsub'>
|
||||
@ -247,6 +273,9 @@
|
||||
<field var='FORM_TYPE' type='hidden'>
|
||||
<value>http://jabber.org/protocol/pubsub#publish-options</value>
|
||||
</field>
|
||||
<field var='pubsub#max_items'>
|
||||
<value>max</value>
|
||||
</field>
|
||||
<field var='pubsub#access_model'>
|
||||
<value>open</value>
|
||||
</field>
|
||||
@ -254,6 +283,7 @@
|
||||
</publish-options>
|
||||
</pubsub>
|
||||
</iq>]]></example>
|
||||
</section3>
|
||||
</section2>
|
||||
<section2 topic='Building a session' anchor='usecases-building'>
|
||||
<p>In order to build a session with a device, their bundle information is fetched.</p>
|
||||
|
Loading…
Reference in New Issue
Block a user