mirror of
https://github.com/He4eT/oddsquat.git
synced 2026-05-04 12:27:23 +00:00
posts: encrypted_XMPP: update draft
This commit is contained in:
parent
690bd431e7
commit
77415af136
1 changed files with 35 additions and 20 deletions
|
|
@ -57,7 +57,7 @@ XMPP Extension Protocol (XEP)
|
|||
for secure multi-client end-to-end encryption.
|
||||
You can read more about
|
||||
it on a <a
|
||||
href='https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html'
|
||||
href='https://conversations.im/omemo/'
|
||||
target='_blank'>dedicated page by Daniel Gultsch</a>.
|
||||
|
||||
**Client**, in this post,
|
||||
|
|
@ -143,13 +143,10 @@ clients publish their own fingerprints to the XMPP server
|
|||
and automatically receive the fingerprints of others.
|
||||
Only fingerprints you explicitly mark as trusted are relevant.
|
||||
|
||||
In an ideal scenario, the contact should confirm in person
|
||||
In an typical scenario, the contact should confirm in person
|
||||
or through an already trusted and secure communication channel
|
||||
that the fingerprint belongs to their device,
|
||||
and only then you mark it as trusted.
|
||||
In most XMPP clients this is simply done
|
||||
by ticking a checkbox
|
||||
or by scanning a QR code.
|
||||
|
||||
The list of trusted fingerprints
|
||||
is used at the moment a message is sent.
|
||||
|
|
@ -226,8 +223,8 @@ but you shouldn’t rely on them to hide anything.
|
|||
|
||||
### Maintenance
|
||||
|
||||
OMEMO was designed as a set-it-and-forget-it solution,
|
||||
and it mostly succeeds in that goal.
|
||||
OMEMO was designed as a set-it-and-forget-it solution
|
||||
and mostly succeeds in that goal.
|
||||
If you have a basic understanding of how the protocol works
|
||||
and check in online from time to time,
|
||||
there shouldn’t be any surprises.
|
||||
|
|
@ -306,12 +303,7 @@ Let’s say Bob and I start discussing something
|
|||
on a forum or in the Fediverse,
|
||||
and then decide to continue the discussion on XMPP.
|
||||
|
||||
Bob starts the chat.
|
||||
I trust the first device he messages me from,
|
||||
and then we exchange fingerprints for our other devices,
|
||||
if we have any.
|
||||
This approach is called TOFU (Trust On First Use).
|
||||
|
||||
Before starting the chat,
|
||||
Bob can confirm it’s really me using my page with fingerprints.
|
||||
I can confirm it’s really him
|
||||
by asking him to send his fingerprints
|
||||
|
|
@ -321,6 +313,16 @@ Ideally, Bob also has a public page with his fingerprints.
|
|||
That way, we can both independently verify
|
||||
that we are who we say we are.
|
||||
|
||||
In an alternative scenario,
|
||||
where there has been no prior communication or public pages
|
||||
and only a single JID is known,
|
||||
things play out a bit differently:
|
||||
Bob starts the chat,
|
||||
I trust the first device he messages me from,
|
||||
and then we exchange fingerprints for our other devices,
|
||||
if we have any.
|
||||
This approach is called TOFU (Trust On First Use).
|
||||
|
||||
### New or Lost Devices
|
||||
|
||||
If I start using a new device
|
||||
|
|
@ -351,7 +353,10 @@ that I personally use.
|
|||
|
||||
### Conversations and Forks
|
||||
|
||||
Conversations is a modern,
|
||||
<a
|
||||
href='https://conversations.im/'
|
||||
target='_blank'>
|
||||
Conversations</a> is a modern,
|
||||
fully featured chat application for Android.
|
||||
It supports everything a messaging app should support:
|
||||
chats, voice calls, video calls, and sharing files of any kind.
|
||||
|
|
@ -359,7 +364,10 @@ chats, voice calls, video calls, and sharing files of any kind.
|
|||
There are several forks of it where
|
||||
the UI or UX may differ,
|
||||
but the core features work exactly the same.
|
||||
I personally use Monocles Chat.
|
||||
I personally use <a
|
||||
href='https://codeberg.org/monocles/monocles_chat'
|
||||
target='_blank'>
|
||||
Monocles Chat</a>.
|
||||
|
||||
On the Contact Details screen (including your own account),
|
||||
you can see a list of published fingerprints
|
||||
|
|
@ -374,7 +382,10 @@ simple and effortless.
|
|||
|
||||
### Dino
|
||||
|
||||
Dino is a lightweight GTK-based GUI client.
|
||||
<a
|
||||
href='https://dino.im/'
|
||||
target='_blank'>
|
||||
Dino</a> is a lightweight GTK-based GUI client.
|
||||
|
||||
It can be considered a fully functional one,
|
||||
although some non-essential features are still not implemented.
|
||||
|
|
@ -392,11 +403,14 @@ I recommend disabling this feature.
|
|||
|
||||
### Profanity
|
||||
|
||||
Profanity is a powerful TUI client
|
||||
<a
|
||||
href='https://profanity-im.github.io/'
|
||||
target='_blank'>
|
||||
Profanity</a> is a powerful TUI client
|
||||
where everything is controlled through a built-in command system.
|
||||
|
||||
If you somehow intend to use it,
|
||||
you can find a small cheat sheet for the `/omemo` command below.
|
||||
you can find a small cheat sheet for the `omemo` command below.
|
||||
However, I strongly recommend reading the full documentation.
|
||||
|
||||
- Generate a key and add your other clients:
|
||||
|
|
@ -444,5 +458,6 @@ when you keep running into
|
|||
“The message was not encrypted for this device”
|
||||
over and over again.
|
||||
|
||||
From now on, I hope you won’t encounter errors like this
|
||||
or any other issues with end-to-end encryption in XMPP.
|
||||
From now on, I hope you won’t encounter such errors
|
||||
or any other issues
|
||||
connected to end-to-end encryption in XMPP.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue