From d78a3a3a0fb71540f5dca92711a3503153e24727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= <j.wielicki@sotecware.net>
Date: Tue, 20 Dec 2022 18:43:04 +0100
Subject: [PATCH] Accept inbox/pubsub-signing-openpgp.xml as XEP-0476

---
 xep-0476.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++
 xep.ent      |   1 +
 2 files changed, 112 insertions(+)
 create mode 100644 xep-0476.xml

diff --git a/xep-0476.xml b/xep-0476.xml
new file mode 100644
index 00000000..7bb6fdd4
--- /dev/null
+++ b/xep-0476.xml
@@ -0,0 +1,111 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE xep SYSTEM 'xep.dtd' [
+  <!ENTITY % ents SYSTEM 'xep.ent'>
+%ents;
+]>
+<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
+<xep>
+<header>
+  <title>Pubsub Signing: OpenPGP Profile</title>
+  <abstract>Specifies a pubsub signing profile for OpenPGP</abstract>
+  &LEGALNOTICE;
+  <number>0476</number>
+  <status>Experimental</status>
+  <type>Standards Track</type>
+  <sig>Standards</sig>
+  <approver>Council</approver>
+  <dependencies>
+    <spec>XMPP Core</spec>
+    <spec>XEP-0001</spec>
+    <spec>XEP-0004</spec>
+    <spec>XEP-0060</spec>
+    <spec>XEP-0373</spec>
+  </dependencies>
+  <supersedes/>
+  <supersededby/>
+  <shortname>pss-ox</shortname>
+  <author>
+    <firstname>Jérôme</firstname>
+    <surname>Poisson</surname>
+    <email>goffi@goffi.org</email>
+    <jid>goffi@jabber.fr</jid>
+  </author>
+  <revision>
+    <version>0.1.0</version>
+    <date>2022-12-20</date>
+    <initials>XEP Editor (jsc)</initials>
+    <remark>Accepted by vote of Council on 2022-11-30.</remark>
+  </revision>
+  <revision>
+    <version>0.0.1</version>
+    <date>2022-10-29</date>
+    <initials>jp</initials>
+    <remark><p>First draft.</p></remark>
+  </revision>
+</header>
+<section1 topic='Introduction' anchor='intro'>
+  <p>This XMPP extension protocol specifies a profile of Pubsub Signing to use OpenPGP for signature.</p>
+</section1>
+<section1 topic='Signing a Pubsub Item With OpenPGP' anchor='signing'>
+  <p>Signing an item with OpenPGP requires to have &xep0373; implemented to handle keys, however this specification uses its own &lt;sign/&gt; element because it uses wrapper element from Pubsub Signing XEP, and signed data MUST NOT be included with the signature.</p>
+  <p>To sign an element, a client process as explained in XEP-0XXX <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html#signing'>§ Signing a Pubsub Item</link> where the "signing profile" element used is a &lt;sign/&gt; element qualified by the 'urn:xmpp:pubsub-signing:openpgp:0' namespace. This element MUST contain a Base64 encoded (&rfc4648; <link url='https://tools.ietf.org/html/rfc4648#section-4'>§ 4</link>) OpenPGP message as specified in &rfc4880; which MUST contain a <strong>detached signature</strong> as defined in &rfc4880; <link url='https://www.rfc-editor.org/rfc/rfc4880#section-11.4'>§ 11.4</link> of the signed data as specified in XEP-0XXX <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html#signing'>§ Signing a Pubsub Item</link>.</p>
+
+  <example caption="Juliet Publishes Her Signature as an Attachment With OpenPGP Signing Profile"><![CDATA[
+<iq xmlns="jabber:client" from="juliet@capulet.lit/chamber" to="juliet@capulet.lit" id="signature_1" type="set">
+  <pubsub xmlns="http://jabber.org/protocol/pubsub">
+    <items node="urn:xmpp:pubsub-attachments:1/xmpp:juliet@capulet.lit?;node=urn%3Axmpp%3Amicroblog%3A0;item=random-thoughts-12bd">
+      <item id="juliet@capulet.lit">
+        <attachments xmlns="urn:xmpp:pubsub-attachments:1">
+          <signature xmlns="urn:xmpp:pubsub-signing:0">
+            <time stamp="2022-10-16T18:39:03Z"/>
+            <signer>juliet@capulet.lit</signer>
+            <sign xmlns="urn:xmpp:pubsub-signing:openpgp:0">iQGzBAABCAAdFiEEyTOMos/ZmE//ikYkAzNxB0kY9CIFAmNaomUACgkQAzNxB0kY9CJQcAv9HjIIrzIhtmWvf2IoHBUgY7hUFPZ3TKZ0Ltc6uz+CR4K1GHQB842/vjPSHwo5qfVgaVEUK3Liw8eXawOZ4SJeSZdmd1KUjjuZ+SLlB1SKKEoap3KFhidT9XYA2OU4tkWOwVI2cyBIWE3JRxD0YFh5YMJObZrOoyMiobwaMaGCHt60T71rl1wPb399l9aU6sYu2HHIRnM5pDgVljIMZe0n1LnY5pH5jzN67JgxlFAfl0Q4BO81pBycNnbk0VPb78Ki4001S7uoFftkN3j6euYf8KhtTH+Yaw1BdYzjO8o2Nw/9ledMrwO652Ud4hLGpmSpIJI1NTOjmy5crfhEHMA5ERYDbGbaB/IoaHxje+8occlI78xChoz7xCQlwVVyHARvuotEbYRimY78s2Ozae+uG/8wQZmeLnrvwCrzDiJbEkW4MbiOWUC1QcApNoW8lriLcb+ZfNGMeENSSMqMRfi3wL6WOovM2IR8O97/1DkGFiYAZ414CVZV2ZT+xxE64pMM</sign>
+          </signature>
+        </attachments>
+      </item>
+    </items>
+  </pubsub>
+</iq>
+  ]]></example>
+</section1>
+
+<section1 topic='Discovering Support' anchor='disco'>
+  <p>If a client supports the protocol specified in this XEP, it MUST advertise it by including the "urn:xmpp:pubsub-signing:openpgp:0" discovery feature in response to a &xep0030; information request:</p>
+
+  <example caption="Service Discovery information request"><![CDATA[
+<iq type='get'
+    from='juliet@example.org/chamber'
+    to='romeo@example.org/orchard'
+    id='disco1'>
+  <query xmlns='http://jabber.org/protocol/disco#info'/>
+</iq>]]></example>
+  <example caption="Service Discovery information response"><![CDATA[
+<iq type='result'
+    from='romeo@example.org/orchard'
+    to='juliet@example.org/chamber'
+    id='disco1'>
+  <query xmlns='http://jabber.org/protocol/disco#info'>
+    ...
+    <feature var='urn:xmpp:pubsub-signing:openpgp:0'/>
+    ...
+  </query>
+</iq>]]></example>
+</section1>
+
+<section1 topic='Security Considerations' anchor='security'>
+  <p>Security considerations of &xep0373; and <link url='https://xmpp.org/extensions/inbox/pubsub-signing.html'>XEP-0XXX</link> apply.</p>
+</section1>
+
+<section1 topic='IANA Considerations' anchor='iana'>
+  <p>TODO</p>
+</section1>
+<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
+  <p>TODO</p>
+</section1>
+<section1 topic='XML Schema' anchor='schema'>
+  <p>TODO</p>
+</section1>
+<section1 topic='Acknowledgements' anchor='acks'>
+  <p>Thanks to NLnet foundation/NGI0 Discovery for funding.</p>
+</section1>
+</xep>
diff --git a/xep.ent b/xep.ent
index b620c7ab..d7f49577 100644
--- a/xep.ent
+++ b/xep.ent
@@ -1671,3 +1671,4 @@ IANA Service Location Protocol, Version 2 (SLPv2) Templates</link></span> <note>
 <!ENTITY xep0473 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0473.html'>OpenPGP for XMPP Pubsub (XEP-0473)</link></span> <note>XEP-0473: OpenPGP for XMPP Pubsub &lt;<link url='https://xmpp.org/extensions/xep-0473.html'>https://xmpp.org/extensions/xep-0473.html</link>&gt;.</note>" >
 <!ENTITY xep0474 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0474.html'>SASL SCRAM Downgrade Protection (XEP-0474)</link></span> <note>XEP-0474: SASL SCRAM Downgrade Protection &lt;<link url='https://xmpp.org/extensions/xep-0474.html'>https://xmpp.org/extensions/xep-0474.html</link>&gt;.</note>" >
 <!ENTITY xep0475 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0475.html'>Pubsub Signing (XEP-0475)</link></span> <note>XEP-0475: Pubsub Signing &lt;<link url='https://xmpp.org/extensions/xep-0475.html'>https://xmpp.org/extensions/xep-0475.html</link>&gt;.</note>" >
+<!ENTITY xep0476 "<span class='ref'><link url='https://xmpp.org/extensions/xep-0476.html'>Pubsub Signing: OpenPGP Profile (XEP-0476)</link></span> <note>XEP-0476: Pubsub Signing: OpenPGP Profile &lt;<link url='https://xmpp.org/extensions/xep-0476.html'>https://xmpp.org/extensions/xep-0476.html</link>&gt;.</note>" >