Mercurial > libervia-backend
comparison doc/encryption.rst @ 3975:c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
a small section has been added to `encryption` to explain the difference with OXPS, and
the `--encrypt-for` arguments are explained.
fix 382
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Mon, 31 Oct 2022 13:50:12 +0100 |
| parents | 9f85369294f3 |
| children |
comparison
equal
deleted
inserted
replaced
| 3974:5e3b983ab2c6 | 3975:c4418949aa37 |
|---|---|
| 90 To handle encrypted pubsub node shared secrets from command line, you may use | 90 To handle encrypted pubsub node shared secrets from command line, you may use |
| 91 :ref:`libervia-cli_pubsub_secret`. | 91 :ref:`libervia-cli_pubsub_secret`. |
| 92 | 92 |
| 93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP | 93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP |
| 94 | 94 |
| 95 Pubsub Targeted Encryption | |
| 96 ========================== | |
| 97 | |
| 98 It is also possible to encrypt a single pubsub item for a restricted set of users. This is | |
| 99 different from the pubsub encryption explained above, as if you want to encrypt for a | |
| 100 different set of users, you need to re-encrypt all concerned items, so this is more | |
| 101 adapted for use cases when you only want to encrypt a few items in a pubsub node. | |
| 102 | |
| 103 On the other hand, you have all the properties of the algorithm used (for now, only OMEMO | |
| 104 2 is supported), which means that you can have `Perfect Forward Secrecy`_ for algorithms | |
| 105 supporting it (it's the case for OMEMO.) | |
| 106 | |
| 107 .. note:: | |
| 108 | |
| 109 Pubsub Targeted Encryption(PTE) specification is not currently an official XEP (XMPP | |
| 110 Extension Protocol), it is about to be examinated by "XMPP council". This documentation | |
| 111 will be updated with the evolution of the situation. | |
| 112 | |
| 113 .. _Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy | |
| 114 | |
| 95 Pubsub Signature | 115 Pubsub Signature |
| 96 ================ | 116 ================ |
| 97 | 117 |
| 98 By default, identity of the publisher of a pubsub item is difficult to authenticate: it | 118 By default, identity of the publisher of a pubsub item is difficult to authenticate: it |
| 99 may be specified by the pubsub service (using the `"publisher" attribute`_), but this | 119 may be specified by the pubsub service (using the `"publisher" attribute`_), but this |
| 122 :ref:`libervia-cli_pubsub_signature`. | 142 :ref:`libervia-cli_pubsub_signature`. |
| 123 | 143 |
| 124 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher | 144 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher |
| 125 | 145 |
| 126 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 | 146 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 |
| 127 |