Mercurial > libervia-backend
annotate doc/encryption.rst @ 3983:31c3d6652115
component AP gateway: ignore actor delection notifications:
When a `Delete` activity was received and the object was the emitting actor itself, the
signature checking was failing if the actor was unknown (due to the impossibility to
retrieve the actor public key, as it is no more accessible).
To avoid that, those notifications are ignored for now. In the future they should clean
the cache linked to this actor.
author | Goffi <goffi@goffi.org> |
---|---|
date | Tue, 15 Nov 2022 18:15:16 +0100 |
parents | c4418949aa37 |
children | 8da377040ba6 |
rev | line source |
---|---|
3950
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 .. _encryption: |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 =========================== |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 Encryption in Libervia/XMPP |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 =========================== |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 Libervia being an XMPP client, it handles encryption between client and server, then the |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 message is encrypted between servers, and finally to deliver to target client(s). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 This avoid the communication to be accessible from people having access to the network, |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 but the communications are available to server administrators, or administrators of |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 services that you may use (e.g. pubsub service). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 To make your communications inaccessible to anybody but your recipient(s), end-to-end |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 encryption (or e2ee) may be used. This page aims to explain roughly how it is done in |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 Libervia and XMPP so end-user can understand and exploit it correctly. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 .. note:: |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 this page is work in progress, it will be completed over time to explain the whole |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 machanism. Is something is not clear, please contact the development team at the XMPP |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 room `libervia@chat.jabberfr.org <xmpp:libervia@chat.jabberfr.org?join>`__ to get |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 details and help to improve this documentation. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 .. _pubsub-encryption: |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 Pubsub Encryption |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 ================= |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 By default, pubsub items are in plain text (i.e. not encrypted, beside the normal |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 encryption between client and server, and between servers). This is often the desired |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 behaviour as pubsub is often used for public matters (public blogs, events, or other kind |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 of data). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 However, pubsub may also be used for private matters, to keep safe some of your own data, |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 or to uses all other kind of features privately (private blog, event organization, etc). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 To make private pubsub node, in addition to the access model which restrict entities which |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 can retrieve its item, it is possible to use end-to-end encryption. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 Pubsub is not encrypted the same way as messages, because you generally need to access all |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 items of a pubsub node, even if you get access to the node once items have already been |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 published. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 E2ee is currently done using `OpenPGP`_ (or OX for PubSub: OXPS). Each item is encrypted |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 using a **symmetric** encryption, which mean that the same key (called "shared secret") is |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 used both to encrypt and decrypt an item, and is shared between all people who must access |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 make it easy to add a new members, who can then access all archives of the node, but this |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 also means that if the shared secret is compromised (i.e. somebody who should not has |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 obtained a copy), all items made with this secret are accessible to the persons in |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 possession of the secret. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 .. note:: |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 OXPS specification is not currently an official XEP (XMPP Extension Protocol), it is |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 about to be examinated by "XMPP council". This documentation will be updated with the |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 evolution of the situation. You can read current specification proposal at |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 https://xmpp.org/extensions/inbox/pubsub-encryption.html (which is inaccessible due to |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 a 404 error at the time of writting, this should be fixed hopefully when you read this |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 documentation). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 To make an encrypted pubsub node accessible to somebody, you need to share the secret with |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 them. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 You can see that as the key of a house: everybody who has a copy of the key can go inside |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 the house, and bring something or take pictures. Sharing the secret is like making |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 a copy of the key and giving it to the person. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 If you think that your shared secret is compromised (obtained by somebody who shouldn't), |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 or if you want to remove access to somebody, you can "rotate" the secret, which means that |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 every existing key is revoked (flagged as "you should not use it anymore to write |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 something", but you can still use it to read archives), and a new one is created (to write |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 new items). |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 With the house analogy, it's like changing the locks, and giving new keys to trusted |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 people: people with the older keys can't go inside the house anymore, but if they have |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 taken pictures before the key has been changed, theirs pictures is still in their |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 possession. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 .. attention:: |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 If you rotate the shared secret, new items are using the new secret, but all items |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 which were existing before the secret rotation stay accessible to people who had access |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 to former secrets (the pubsub node can refuse access to them though). If malicious |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 people had access to items before, they could have made copy anytime, thus there is |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 little point in reencrypting everything. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 To handle encrypted pubsub node shared secrets from command line, you may use |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 :ref:`libervia-cli_pubsub_secret`. |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP |
8f87ff449a34
doc: new doc giving an overview on how e2ee is working in Libervia/XMPP:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 |
3975
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
95 Pubsub Targeted Encryption |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
96 ========================== |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
97 |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
98 It is also possible to encrypt a single pubsub item for a restricted set of users. This is |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
99 different from the pubsub encryption explained above, as if you want to encrypt for a |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
100 different set of users, you need to re-encrypt all concerned items, so this is more |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
101 adapted for use cases when you only want to encrypt a few items in a pubsub node. |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
102 |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
103 On the other hand, you have all the properties of the algorithm used (for now, only OMEMO |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
104 2 is supported), which means that you can have `Perfect Forward Secrecy`_ for algorithms |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
105 supporting it (it's the case for OMEMO.) |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
106 |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
107 .. note:: |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
108 |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
109 Pubsub Targeted Encryption(PTE) specification is not currently an official XEP (XMPP |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
110 Extension Protocol), it is about to be examinated by "XMPP council". This documentation |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
111 will be updated with the evolution of the situation. |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
112 |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
113 .. _Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy |
c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
Goffi <goffi@goffi.org>
parents:
3966
diff
changeset
|
114 |
3966
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
115 Pubsub Signature |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
116 ================ |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
117 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
118 By default, identity of the publisher of a pubsub item is difficult to authenticate: it |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
119 may be specified by the pubsub service (using the `"publisher" attribute`_), but this |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
120 attribute is not set by all pubsub services, and it can be spoofed by the service or the |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
121 XMPP server. |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
122 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
123 To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `Pubsub Signing protoXEP`_ |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
124 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
125 .. note:: |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
126 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
127 Pubsub Signing specification is not currently an official XEP (XMPP Extension |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
128 Protocol), it is about to be examinated by "XMPP council". This documentation will be |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
129 updated with the evolution of the situation. |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
130 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
131 .. attention:: |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
132 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
133 Signature only certifies that the signers strongly link themselves with this version of |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
134 the item, not that the signers are the original authors of the item. In other words, it |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
135 prevents somebody to say that somebody else has published something (the signature |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
136 would be missing or invalid), but the published data may come from anywhere. Also keep |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
137 in mind that a security breach (stolen encryption keys, major bug somewhere) is always |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
138 possible. |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
139 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
140 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
141 To handle pubsub signatures from command line, you may use |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
142 :ref:`libervia-cli_pubsub_signature`. |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
143 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
144 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
145 |
9f85369294f3
doc (encryption, cli): pubsub signing documentation:
Goffi <goffi@goffi.org>
parents:
3950
diff
changeset
|
146 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 |