Mercurial > prosody-modules
annotate mod_omemo_all_access/README.markdown @ 5616:59d5fc50f602
mod_http_oauth2: Implement refresh token rotation
Makes refresh tokens one-time-use, handing out a new refresh token with
each access token. Thus if a refresh token is stolen and used by an
attacker, the next time the legitimate client tries to use the previous
refresh token, it will not work and the attack will be noticed. If the
attacker does not use the refresh token, it becomes invalid after the
legitimate client uses it.
This behavior is recommended by draft-ietf-oauth-security-topics
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Jul 2023 02:56:08 +0200 |
parents | b5f5d6bf703c |
children |
rev | line source |
---|---|
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
1 --- |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
2 labels: |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
3 - 'Stage-Alpha' |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
4 summary: 'Disable access control for all OMEMO related PEP nodes' |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
5 --- |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
6 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
7 Introduction |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
8 ============ |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
9 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
10 Traditionally OMEMO encrypted messages could only be exchanged after gaining mutual presence subscription due to the OMEMO key material being stored in PEP. |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
11 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
12 XEP-0060 defines a method of changing the access model of a PEP node from `presence` to `open`. However Prosody does not yet support access models on PEP nodes. |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
13 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
14 This module disables access control for all OMEMO PEP nodes (=all nodes in the namespace of `eu.siacs.conversations.axolotl.*`), giving everyone access to the OMEMO key material and allowing them to start OMEMO sessions with users on this server. |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
15 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
16 Disco feature |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
17 ============= |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
18 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
19 This modules annouces a disco feature on the account to allow external tools such as the [Compliance Tester](https://conversations.im/compliance/) to check if this module has been installed. |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
20 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
21 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
22 Compatibility |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
23 ============= |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
24 |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
25 ----- ----------------------------------------------------------------------------- |
3302
617c65ef1a70
mod_omemo_all_access: Add a note about mod_pep replacing this module on trunk.
Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
parents:
2856
diff
changeset
|
26 trunk Not needed, mod\_pep provides this feature already |
3563
b5f5d6bf703c
mod_omemo_all_access: Also not needed with Prosody 0.11
Kim Alvefur <zash@zash.se>
parents:
3303
diff
changeset
|
27 0.11 Not needed, mod\_pep provides this feature already |
2856
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
28 0.10 Works |
08f6b9d37a49
mod_omemo_all_access: initial commit. disable access control for all omemo related PEP nodes
Daniel Gultsch <daniel@gultsch.de>
parents:
diff
changeset
|
29 ----- ----------------------------------------------------------------------------- |