Mercurial > libervia-backend

changeset 4282:8da377040ba6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc (encryption): update pubsub encryption specifications.
author Goffi <goffi@goffi.org>
date Sat, 13 Jul 2024 17:45:47 +0200
parents 9e63e02318ec
children 23842a63ea00
files doc/encryption.rst
diffstat 1 files changed, 7 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/doc/encryption.rst	Fri Jul 12 18:53:00 2024 +0200
+++ b/doc/encryption.rst	Sat Jul 13 17:45:47 2024 +0200
@@ -43,7 +43,7 @@
 items of a pubsub node, even if you get access to the node once items have already been
 published.
 
-E2ee is currently done using `OpenPGP`_ (or OX for PubSub: OXPS). Each item is encrypted
+E2ee is currently done using `OpenPGP`_ (`XEP-0473: OpenPGP for XMPP Pubsub`_). Each item is encrypted
 using a **symmetric** encryption, which mean that the same key (called "shared secret") is
 used both to encrypt and decrypt an item, and is shared between all people who must access
 or publish to the pubsub node (i.e. blog, event calendar, etc). This is done this way to
@@ -52,15 +52,6 @@
 obtained a copy), all items made with this secret are accessible to the persons in
 possession of the secret.
 
-.. note::
-
-   OXPS specification is not currently an official XEP (XMPP Extension Protocol), it is
-   about to be examinated by "XMPP council". This documentation will be updated with the
-   evolution of the situation. You can read current specification proposal at
-   https://xmpp.org/extensions/inbox/pubsub-encryption.html (which is inaccessible due to
-   a 404 error at the time of writting, this should be fixed hopefully when you read this
-   documentation).
-
 To make an encrypted pubsub node accessible to somebody, you need to share the secret with
 them.
 
@@ -92,6 +83,9 @@
 
 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP
 
+.. _XEP-0473: OpenPGP for XMPP Pubsub: https://xmpp.org/extensions/xep-0473.html
+
+
 Pubsub Targeted Encryption
 ==========================
 
@@ -120,13 +114,7 @@
 attribute is not set by all pubsub services, and it can be spoofed by the service or the
 XMPP server.
 
-To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `Pubsub Signing protoXEP`_
-
-.. note::
-
-   Pubsub Signing specification is not currently an official XEP (XMPP Extension
-   Protocol), it is about to be examinated by "XMPP council". This documentation will be
-   updated with the evolution of the situation.
+To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `XEP-0476: Pubsub Signing: OpenPGP Profile`_.
 
 .. attention::
 
@@ -143,4 +131,5 @@
 
 .. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher
 
-.. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228
+.. _XEP-0476: Pubsub Signing: OpenPGP Profile: https://xmpp.org/extensions/xep-0476.html
+