diff --git a/xep-0434.xml b/xep-0434.xml
index fe6063f2..0c19265c 100644
--- a/xep-0434.xml
+++ b/xep-0434.xml
@@ -35,7 +35,20 @@
Add new section, use more precise sentences, apply consistent formatting: Clarify usage, use real namespace for examples and add missing section: Improve explanations, descriptions and examples, introduce new attribute and complete all sections: First draft. First draft
+
+
@@ -56,16 +69,16 @@
-
- When using end-to-end encryption where public long-term keys are transmitted over a channel which is not protected against active attacks, the authenticity of those keys is not guaranteed. - Such a key has to be authenticated by the receiving endpoint over another channel which is already protected against active attacks to maintain the confidentiality of sent messages and ensure the authenticity and integrity of received messages. + When using end-to-end encryption where public long-term keys are transmitted over a channel that is not protected against active attacks, the authenticity of those keys is not guaranteed. + Such a key has to be authenticated by the receiving endpoint over another channel that is already protected against active attacks to maintain the confidentiality of sent messages and ensure the authenticity and integrity of received messages. Trust messages can be used to transfer the needed data via XMPP for performing such an authentication. Furthermore, they can transmit the data used for distrusting a key.
@@ -128,7 +141,7 @@- Data which is used by the recipient to distrust the attacker's key would make it impossible for the attacker to continue to encroach on the communication. + Data that is used by the recipient to distrust the attacker's key would make it impossible for the attacker to continue to encroach on the communication. Thus, it is important to prevent an attacker from blocking data used for making trust decisions. E.g., an approach using certificates permanently stored on a server cannot prevent an attacker from specifically blocking such data because certificates have to be discoverable and identifiable as such.
@@ -214,7 +227,7 @@Describing how the ]]> element has to be used by each existing encryption protocol is out of scope. &xep0420; specifies a common method for encrypting arbitrary elements which can be used by different encryption protocols. - When using an encryption protocol such as &xep0384; which uses &xep0420; (SCE), the SCE ]]> element MUST contain the ]]> element as a direct child. + When using an encryption protocol such as &xep0384; that uses &xep0420; (SCE), the SCE ]]> element MUST contain the ]]> element as a direct child.
@@ -374,11 +387,40 @@
This document requires no interaction with the Internet Assigned Numbers Authority (IANA).
++ This document requires no interaction with the Internet Assigned Numbers Authority (IANA). +
+ As authorized by &xep0147;, the XMPP Registrar maintains a registry of queries and key-value pairs for use in XMPP URIs (see &QUERYTYPES;). +
++ An XMPP URI with the trust-message query type (defined as Trust Message URI) MAY be used to provide a trust message for various purposes and a single key owner out-of-band. + Such a URI MAY be encoded as a QR code and used if only a QR code scan is available as a trusted channel. + E.g., the initial authentication needed by &xep0450; can be performed by scanning a QR code that encodes a Trust Message URI. +
++ Only a Trust Message URI from a trusted source SHOULD be processed because of its impact on the communication's security. + Therefore, users SHOULD be asked for confirmation if a Trust Message URI is used to make a trust decision. +
++ The JID attribute of the ]]> element MUST be used as the Trust Message URI's path. + The first key-value pair of the URI's query MUST represent the encryption attribute of the ]]> element. + All remaining key-value pairs of the URI's query MUST represent the ]]> respectively ]]> elements of the ]]> element. + The key of a key-value pair MUST be the element's respectively attribute's name and the value their content. +
+This specification defines the following XMPP namespaces:
++ This specification defines the following XMPP namespaces: +