# HG changeset patch # User Goffi # Date 1720885547 -7200 # Node ID 8da377040ba61f1801764fd4d9c8c177486472fb # Parent 9e63e02318ec09d52968b1f083748cf7a9242e2d doc (encryption): update pubsub encryption specifications. diff -r 9e63e02318ec -r 8da377040ba6 doc/encryption.rst --- a/doc/encryption.rst Fri Jul 12 18:53:00 2024 +0200 +++ b/doc/encryption.rst Sat Jul 13 17:45:47 2024 +0200 @@ -43,7 +43,7 @@ items of a pubsub node, even if you get access to the node once items have already been published. -E2ee is currently done using `OpenPGP`_ (or OX for PubSub: OXPS). Each item is encrypted +E2ee is currently done using `OpenPGP`_ (`XEP-0473: OpenPGP for XMPP Pubsub`_). Each item is encrypted using a **symmetric** encryption, which mean that the same key (called "shared secret") is used both to encrypt and decrypt an item, and is shared between all people who must access or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to @@ -52,15 +52,6 @@ obtained a copy), all items made with this secret are accessible to the persons in possession of the secret. -.. note:: - - OXPS specification is not currently an official XEP (XMPP Extension Protocol), it is - about to be examinated by "XMPP council". This documentation will be updated with the - evolution of the situation. You can read current specification proposal at - https://xmpp.org/extensions/inbox/pubsub-encryption.html (which is inaccessible due to - a 404 error at the time of writting, this should be fixed hopefully when you read this - documentation). - To make an encrypted pubsub node accessible to somebody, you need to share the secret with them. @@ -92,6 +83,9 @@ .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP +.. _XEP-0473: OpenPGP for XMPP Pubsub: https://xmpp.org/extensions/xep-0473.html + + Pubsub Targeted Encryption ========================== @@ -120,13 +114,7 @@ attribute is not set by all pubsub services, and it can be spoofed by the service or the XMPP server. -To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `Pubsub Signing protoXEP`_ - -.. note:: - - Pubsub Signing specification is not currently an official XEP (XMPP Extension - Protocol), it is about to be examinated by "XMPP council". This documentation will be - updated with the evolution of the situation. +To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `XEP-0476: Pubsub Signing: OpenPGP Profile`_. .. attention:: @@ -143,4 +131,5 @@ .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher -.. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228 +.. _XEP-0476: Pubsub Signing: OpenPGP Profile: https://xmpp.org/extensions/xep-0476.html +