mirror of
https://github.com/He4eT/oddsquat.git
synced 2026-05-04 20:37:22 +00:00
posts: encrypted_XMPP: update draft
This commit is contained in:
parent
690bd431e7
commit
77415af136
1 changed files with 35 additions and 20 deletions
|
|
@ -57,7 +57,7 @@ XMPP Extension Protocol (XEP)
|
||||||
for secure multi-client end-to-end encryption.
|
for secure multi-client end-to-end encryption.
|
||||||
You can read more about
|
You can read more about
|
||||||
it on a <a
|
it on a <a
|
||||||
href='https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html'
|
href='https://conversations.im/omemo/'
|
||||||
target='_blank'>dedicated page by Daniel Gultsch</a>.
|
target='_blank'>dedicated page by Daniel Gultsch</a>.
|
||||||
|
|
||||||
**Client**, in this post,
|
**Client**, in this post,
|
||||||
|
|
@ -143,13 +143,10 @@ clients publish their own fingerprints to the XMPP server
|
||||||
and automatically receive the fingerprints of others.
|
and automatically receive the fingerprints of others.
|
||||||
Only fingerprints you explicitly mark as trusted are relevant.
|
Only fingerprints you explicitly mark as trusted are relevant.
|
||||||
|
|
||||||
In an ideal scenario, the contact should confirm in person
|
In an typical scenario, the contact should confirm in person
|
||||||
or through an already trusted and secure communication channel
|
or through an already trusted and secure communication channel
|
||||||
that the fingerprint belongs to their device,
|
that the fingerprint belongs to their device,
|
||||||
and only then you mark it as trusted.
|
and only then you mark it as trusted.
|
||||||
In most XMPP clients this is simply done
|
|
||||||
by ticking a checkbox
|
|
||||||
or by scanning a QR code.
|
|
||||||
|
|
||||||
The list of trusted fingerprints
|
The list of trusted fingerprints
|
||||||
is used at the moment a message is sent.
|
is used at the moment a message is sent.
|
||||||
|
|
@ -226,8 +223,8 @@ but you shouldn’t rely on them to hide anything.
|
||||||
|
|
||||||
### Maintenance
|
### Maintenance
|
||||||
|
|
||||||
OMEMO was designed as a set-it-and-forget-it solution,
|
OMEMO was designed as a set-it-and-forget-it solution
|
||||||
and it mostly succeeds in that goal.
|
and mostly succeeds in that goal.
|
||||||
If you have a basic understanding of how the protocol works
|
If you have a basic understanding of how the protocol works
|
||||||
and check in online from time to time,
|
and check in online from time to time,
|
||||||
there shouldn’t be any surprises.
|
there shouldn’t be any surprises.
|
||||||
|
|
@ -306,12 +303,7 @@ Let’s say Bob and I start discussing something
|
||||||
on a forum or in the Fediverse,
|
on a forum or in the Fediverse,
|
||||||
and then decide to continue the discussion on XMPP.
|
and then decide to continue the discussion on XMPP.
|
||||||
|
|
||||||
Bob starts the chat.
|
Before starting the chat,
|
||||||
I trust the first device he messages me from,
|
|
||||||
and then we exchange fingerprints for our other devices,
|
|
||||||
if we have any.
|
|
||||||
This approach is called TOFU (Trust On First Use).
|
|
||||||
|
|
||||||
Bob can confirm it’s really me using my page with fingerprints.
|
Bob can confirm it’s really me using my page with fingerprints.
|
||||||
I can confirm it’s really him
|
I can confirm it’s really him
|
||||||
by asking him to send his fingerprints
|
by asking him to send his fingerprints
|
||||||
|
|
@ -321,6 +313,16 @@ Ideally, Bob also has a public page with his fingerprints.
|
||||||
That way, we can both independently verify
|
That way, we can both independently verify
|
||||||
that we are who we say we are.
|
that we are who we say we are.
|
||||||
|
|
||||||
|
In an alternative scenario,
|
||||||
|
where there has been no prior communication or public pages
|
||||||
|
and only a single JID is known,
|
||||||
|
things play out a bit differently:
|
||||||
|
Bob starts the chat,
|
||||||
|
I trust the first device he messages me from,
|
||||||
|
and then we exchange fingerprints for our other devices,
|
||||||
|
if we have any.
|
||||||
|
This approach is called TOFU (Trust On First Use).
|
||||||
|
|
||||||
### New or Lost Devices
|
### New or Lost Devices
|
||||||
|
|
||||||
If I start using a new device
|
If I start using a new device
|
||||||
|
|
@ -351,7 +353,10 @@ that I personally use.
|
||||||
|
|
||||||
### Conversations and Forks
|
### Conversations and Forks
|
||||||
|
|
||||||
Conversations is a modern,
|
<a
|
||||||
|
href='https://conversations.im/'
|
||||||
|
target='_blank'>
|
||||||
|
Conversations</a> is a modern,
|
||||||
fully featured chat application for Android.
|
fully featured chat application for Android.
|
||||||
It supports everything a messaging app should support:
|
It supports everything a messaging app should support:
|
||||||
chats, voice calls, video calls, and sharing files of any kind.
|
chats, voice calls, video calls, and sharing files of any kind.
|
||||||
|
|
@ -359,7 +364,10 @@ chats, voice calls, video calls, and sharing files of any kind.
|
||||||
There are several forks of it where
|
There are several forks of it where
|
||||||
the UI or UX may differ,
|
the UI or UX may differ,
|
||||||
but the core features work exactly the same.
|
but the core features work exactly the same.
|
||||||
I personally use Monocles Chat.
|
I personally use <a
|
||||||
|
href='https://codeberg.org/monocles/monocles_chat'
|
||||||
|
target='_blank'>
|
||||||
|
Monocles Chat</a>.
|
||||||
|
|
||||||
On the Contact Details screen (including your own account),
|
On the Contact Details screen (including your own account),
|
||||||
you can see a list of published fingerprints
|
you can see a list of published fingerprints
|
||||||
|
|
@ -374,7 +382,10 @@ simple and effortless.
|
||||||
|
|
||||||
### Dino
|
### Dino
|
||||||
|
|
||||||
Dino is a lightweight GTK-based GUI client.
|
<a
|
||||||
|
href='https://dino.im/'
|
||||||
|
target='_blank'>
|
||||||
|
Dino</a> is a lightweight GTK-based GUI client.
|
||||||
|
|
||||||
It can be considered a fully functional one,
|
It can be considered a fully functional one,
|
||||||
although some non-essential features are still not implemented.
|
although some non-essential features are still not implemented.
|
||||||
|
|
@ -392,11 +403,14 @@ I recommend disabling this feature.
|
||||||
|
|
||||||
### Profanity
|
### Profanity
|
||||||
|
|
||||||
Profanity is a powerful TUI client
|
<a
|
||||||
|
href='https://profanity-im.github.io/'
|
||||||
|
target='_blank'>
|
||||||
|
Profanity</a> is a powerful TUI client
|
||||||
where everything is controlled through a built-in command system.
|
where everything is controlled through a built-in command system.
|
||||||
|
|
||||||
If you somehow intend to use it,
|
If you somehow intend to use it,
|
||||||
you can find a small cheat sheet for the `/omemo` command below.
|
you can find a small cheat sheet for the `omemo` command below.
|
||||||
However, I strongly recommend reading the full documentation.
|
However, I strongly recommend reading the full documentation.
|
||||||
|
|
||||||
- Generate a key and add your other clients:
|
- Generate a key and add your other clients:
|
||||||
|
|
@ -444,5 +458,6 @@ when you keep running into
|
||||||
“The message was not encrypted for this device”
|
“The message was not encrypted for this device”
|
||||||
over and over again.
|
over and over again.
|
||||||
|
|
||||||
From now on, I hope you won’t encounter errors like this
|
From now on, I hope you won’t encounter such errors
|
||||||
or any other issues with end-to-end encryption in XMPP.
|
or any other issues
|
||||||
|
connected to end-to-end encryption in XMPP.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue