mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-21 16:55:07 -05:00
XEP-0384: update requirements
This commit is contained in:
parent
94c8f01e53
commit
b0efdf0648
27
xep-0384.xml
27
xep-0384.xml
@ -132,12 +132,27 @@
|
||||
</section2>
|
||||
</section1>
|
||||
<section1 topic='Requirements' anchor='reqs'>
|
||||
<ul>
|
||||
<li>Provide forward secrecy</li>
|
||||
<li>Ensure chat messages can be deciphered by all (capable) clients of both parties</li>
|
||||
<li>Be usable regardless of the participants' online statuses</li>
|
||||
<li>Provide a method to exchange auxilliary keying material. This could for example be used to secure encrypted file transfers.</li>
|
||||
</ul>
|
||||
<p>It is a result of XMPPs federated nature that a message may pass more than just one server. Therefore it is in the users interest to secure their communication from any intermediate host. End-to-end encryption is an efficient way to protect any data exchanged between sender and receiver against passive and active attackers such as servers and network nodes.</p>
|
||||
<p>OMEMO is an end-to-end encryption protocol based on the Double Ratchet specified in section <link url="#protocol-double_ratchet">Double Ratchet</link>. It provides the following guarantees under the threat model described in the next section:</p>
|
||||
<ul>
|
||||
<li>Confidentiality: Nobody else except sender and receiver is able to read the content of a message.</li>
|
||||
<li>Perfect forward secrecy: A compromised long-term key does not compromise any previous message exchange.</li>
|
||||
<li>Authentication: Every peer is able to authenticate the sender or receiver of a message, even if the details of the authentication process is out-of-scope for this specification.</li>
|
||||
<li>Immutability: Every peer can ensure that a message was not changed by any intermediate node.</li>
|
||||
<li>Plausible deniability: No participant can proof who created a specific message.</li>
|
||||
<li>Asynchronicity: The usability of the protocol does not depend on the online status of any participant.</li>
|
||||
</ul>
|
||||
<p>Omemo is not intended to protect against the following use cases:</p>
|
||||
<ul>
|
||||
<li>An attacker has access to your device.</li>
|
||||
<li>You lost your device and an attacker can read messages on your notification screen.</li>
|
||||
<li>Any kind of denial-of-service attack.</li>
|
||||
<li>tbc</li>
|
||||
</ul>
|
||||
<section2 topic='Threat Model' anchor='reqs-threat-model'>
|
||||
<p>The OMEMO protocol protects against passive and active attackers which are able to read, modify, replay, delay and delete messages.</p>
|
||||
<p>tbc</p>
|
||||
</section2>
|
||||
</section1>
|
||||
<section1 topic='Glossary' anchor='glossary'>
|
||||
<section2 topic='General Terms' anchor='glossary-general'>
|
||||
|
Loading…
Reference in New Issue
Block a user