From 77415af136ca1050a019a98b2901928dc7473fae Mon Sep 17 00:00:00 2001 From: He4eT Date: Thu, 16 Apr 2026 03:11:28 +0200 Subject: [PATCH] posts: encrypted_XMPP: update draft --- src/pages/posts/2026/encrypted_XMPP.md | 55 ++++++++++++++++---------- 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/src/pages/posts/2026/encrypted_XMPP.md b/src/pages/posts/2026/encrypted_XMPP.md index d3ddbc9..723a216 100644 --- a/src/pages/posts/2026/encrypted_XMPP.md +++ b/src/pages/posts/2026/encrypted_XMPP.md @@ -57,7 +57,7 @@ XMPP Extension Protocol (XEP) for secure multi-client end-to-end encryption. You can read more about it on a dedicated page by Daniel Gultsch. **Client**, in this post, @@ -143,13 +143,10 @@ clients publish their own fingerprints to the XMPP server and automatically receive the fingerprints of others. Only fingerprints you explicitly mark as trusted are relevant. -In an ideal scenario, the contact should confirm in person +In an typical scenario, the contact should confirm in person or through an already trusted and secure communication channel that the fingerprint belongs to their device, and only then you mark it as trusted. -In most XMPP clients this is simply done -by ticking a checkbox -or by scanning a QR code. The list of trusted fingerprints is used at the moment a message is sent. @@ -226,8 +223,8 @@ but you shouldn’t rely on them to hide anything. ### Maintenance -OMEMO was designed as a set-it-and-forget-it solution, -and it mostly succeeds in that goal. +OMEMO was designed as a set-it-and-forget-it solution +and mostly succeeds in that goal. If you have a basic understanding of how the protocol works and check in online from time to time, there shouldn’t be any surprises. @@ -306,12 +303,7 @@ Let’s say Bob and I start discussing something on a forum or in the Fediverse, and then decide to continue the discussion on XMPP. -Bob starts the chat. -I trust the first device he messages me from, -and then we exchange fingerprints for our other devices, -if we have any. -This approach is called TOFU (Trust On First Use). - +Before starting the chat, Bob can confirm it’s really me using my page with fingerprints. I can confirm it’s really him by asking him to send his fingerprints @@ -321,6 +313,16 @@ Ideally, Bob also has a public page with his fingerprints. That way, we can both independently verify that we are who we say we are. +In an alternative scenario, +where there has been no prior communication or public pages +and only a single JID is known, +things play out a bit differently: +Bob starts the chat, +I trust the first device he messages me from, +and then we exchange fingerprints for our other devices, +if we have any. +This approach is called TOFU (Trust On First Use). + ### New or Lost Devices If I start using a new device @@ -351,7 +353,10 @@ that I personally use. ### Conversations and Forks -Conversations is a modern, + + Conversations is a modern, fully featured chat application for Android. It supports everything a messaging app should support: chats, voice calls, video calls, and sharing files of any kind. @@ -359,7 +364,10 @@ chats, voice calls, video calls, and sharing files of any kind. There are several forks of it where the UI or UX may differ, but the core features work exactly the same. -I personally use Monocles Chat. +I personally use + Monocles Chat. On the Contact Details screen (including your own account), you can see a list of published fingerprints @@ -374,7 +382,10 @@ simple and effortless. ### Dino -Dino is a lightweight GTK-based GUI client. + + Dino is a lightweight GTK-based GUI client. It can be considered a fully functional one, although some non-essential features are still not implemented. @@ -392,11 +403,14 @@ I recommend disabling this feature. ### Profanity -Profanity is a powerful TUI client + + Profanity is a powerful TUI client where everything is controlled through a built-in command system. If you somehow intend to use it, -you can find a small cheat sheet for the `/omemo` command below. +you can find a small cheat sheet for the `omemo` command below. However, I strongly recommend reading the full documentation. - Generate a key and add your other clients: @@ -444,5 +458,6 @@ when you keep running into “The message was not encrypted for this device” over and over again. -From now on, I hope you won’t encounter errors like this -or any other issues with end-to-end encryption in XMPP. +From now on, I hope you won’t encounter such errors +or any other issues +connected to end-to-end encryption in XMPP.