Mercurial > libervia-backend
comparison doc/encryption.rst @ 3975:c4418949aa37
doc (encryption, cli): document Pubsub Targeted Encryption:
a small section has been added to `encryption` to explain the difference with OXPS, and
the `--encrypt-for` arguments are explained.
fix 382
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 31 Oct 2022 13:50:12 +0100 |
parents | 9f85369294f3 |
children | 8da377040ba6 |
comparison
equal
deleted
inserted
replaced
3974:5e3b983ab2c6 | 3975:c4418949aa37 |
---|---|
90 To handle encrypted pubsub node shared secrets from command line, you may use | 90 To handle encrypted pubsub node shared secrets from command line, you may use |
91 :ref:`libervia-cli_pubsub_secret`. | 91 :ref:`libervia-cli_pubsub_secret`. |
92 | 92 |
93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP | 93 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP |
94 | 94 |
95 Pubsub Targeted Encryption | |
96 ========================== | |
97 | |
98 It is also possible to encrypt a single pubsub item for a restricted set of users. This is | |
99 different from the pubsub encryption explained above, as if you want to encrypt for a | |
100 different set of users, you need to re-encrypt all concerned items, so this is more | |
101 adapted for use cases when you only want to encrypt a few items in a pubsub node. | |
102 | |
103 On the other hand, you have all the properties of the algorithm used (for now, only OMEMO | |
104 2 is supported), which means that you can have `Perfect Forward Secrecy`_ for algorithms | |
105 supporting it (it's the case for OMEMO.) | |
106 | |
107 .. note:: | |
108 | |
109 Pubsub Targeted Encryption(PTE) specification is not currently an official XEP (XMPP | |
110 Extension Protocol), it is about to be examinated by "XMPP council". This documentation | |
111 will be updated with the evolution of the situation. | |
112 | |
113 .. _Perfect Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy | |
114 | |
95 Pubsub Signature | 115 Pubsub Signature |
96 ================ | 116 ================ |
97 | 117 |
98 By default, identity of the publisher of a pubsub item is difficult to authenticate: it | 118 By default, identity of the publisher of a pubsub item is difficult to authenticate: it |
99 may be specified by the pubsub service (using the `"publisher" attribute`_), but this | 119 may be specified by the pubsub service (using the `"publisher" attribute`_), but this |
122 :ref:`libervia-cli_pubsub_signature`. | 142 :ref:`libervia-cli_pubsub_signature`. |
123 | 143 |
124 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher | 144 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher |
125 | 145 |
126 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 | 146 .. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 |
127 |