Skip to main content

Drafting a method for verifying new devices for #XMPP end to end encrypted chats.

This is a very early draft/brain dump, once a few people validates, it can be submitted to official review process.

#Matrix already implements cross signing and this makes encryption experience very smooth, but in XMPP using multiple devices in encrypted rooms is really a mess.

XMPP already have a concept of master key per identity defined in OpenPGP for XMPP. We can combine these two.…

in reply to Pirate Praveen

Very IMHO, but I think this is a bad idea. Both for practical and security reasons.

For the practical reasons: The issue people have with device based keys in OMEMO are largely a result of power users with many changing devices/clients, and regular users with primary one or maximum two devices don't have much problems with it. In Matrix the reverse is somewhat true... if you are a power user in Matrix and know how to add new devices and such, you don't see the extreme pain this convoluted key-sharing system causes casual webclient users that only sometimes use Element to check some public channels.

As for security: That the other side of a conversation can tell when you add additional devices and that you have to explicitly trust them is a huge security plus for OMEMO. Sure, that can get a bit inconvenient sometimes, but convenience should never trump security (although all too often it does, case in point: Matrix).

in reply to Kris

@kris Practical consideration: Only if you use public devices like a library you will have a problem. If it is only your personal device, you keep the device logged in, so you have to verify only once. I agree it is a different way from non end to end encrypted systems where you freely login and logout. But getting end to end encryption working by default justifies that inconvenience.

Security: You have a choice to verify the master key of a user or not. (1/2)

in reply to Pirate Praveen

@kris If you want to verify each device (I'm fine with leaving that responsibility to each user) you still have that option by not verifying the master key. If there is no trust for master key, it won't trust any devices. You can even set the policy per contact. It is about trusting people to verify their own devices. (2/2)
in reply to Pirate Praveen

Encrypted groups are generally a mess. That's why MLS was created. Hopefully we won't have to wait another 10 years until we can use it:

Eine erneute Hinwendung zur bildenden Kunst erscheint indiziert, um die Potentialität visueller Ausdrucksformen mittels pigmentbasierter Medien im Kontext kunsttheoretischer Diskurse zu explorieren und somit zur Erweiterung ästhetischer Paradigmen beizutragen. Oder was?

A Map of the New Normal: How Inflation, War, and Sanctions Will Change Your World Forever by Jeff Rubin, 2024

Bestselling economist Jeff Rubin warns that the shock inflation of 2021 is the front of a perfect storm of war, supply-chain disruption, geopolitical realignment, domestic upheaval, and energy scarcity that will change everything.


bookstodon group reshared this.

HEY #DUTCH people‼️ Do something about this!

> He has always felt he was being treated unfairly, but this was something else. “We had a Dutch chief engineer, he suffered a heart attack as I suffered a stroke, he was immediately airlifted. A helicopter took him to the shore in Florida to get immediate medical attention. Because he’s Dutch.”…

We treat foreigners as human beings and equals (even in job) here in the Philippines, and this is how our own people are treated abroad⁉️ Let me guess, you treat animals far better, right?


#Netherlands #Philippines #Filipino #Pilipino #Pilipinas #Inhumane #Slavery #Maltreatment @pilipinas @philippines

I signed up for a google alert on my name a couple weeks ago to keep tabs on my User Mag launch and every day the alert brings me new gifts

Glyn Moody reshared this.

Connect the world.
Reflect the world.
Vivisect the world.

Fly Delta ✈️

reshared this

Before industrial byte farming it was hard to get enough bits to go around...

🎵 🎃 Where have we come, and where shall we end?
If dreams can’t come true, then why not pretend? 🎶 🍂

#halloween #otgw #cosplay

Johanna Taylor 👻 🏠 reshared this.

in reply to frater chaos

The WaWaPo belongs at the bottom of your birdcage. Except for the cost, that is.

#Helloween was Besonderes?
Wenn ich die nationalen Ereignisse, Themen oder gar die internationale Politik und Spinner ansehe, leben wir doch inzwischen in einem konstanten Gruselfilm #Trump #Musk #Merz #Klima ….

📢 New GStreamer 1.24.9 bug-fix release for our stable 1.24 series!

Includes bug fixes, a security fix, stability improvements, memory leak fixes, and performance improvements.

Details at…

📦 Binary packages for Windows, macOS, iOS and Android are now available at…

#GStreamer #Release #opensource #FreeSoftware #Multimedia

This entry was edited (2 months ago)

Ogenomtänkta nya vänsterpartier. Personer som uteslutits ur Vänsterpartiet helt i onödan och helt utan att det funnits anledning till det bildar nya vänstergrupper på löpande band. Fast de kallar dem partier och de ska alltid samverka med andra vänstergrupper folkrörelser och aktivister på en massa olika sätt.…

Ab sofort ist #Thunderbird offiziell für Android verfügbar. Die Telemetrieübermittlung an »«, die in der Beta-Phase noch enthalten war, ist nicht mehr aktiv. 👇……

#thunderbird #android

in reply to Mike Kuketz 🛡

Mozilla ist mir in den letzten Jahren zu oft falsch abgebogen, als dass ich ein etabliertes Programm wie FairEmail so schnell ersetzen würde. 🤷‍♂️
in reply to Mike Kuketz 🛡

erstmal möglichst vielean Bord holen, anschließend irgendwann mit einem Update Telemetrie einschalten...
bei Mozilla muss man ständig auf der Hut sein - keine Lust.

Today in Mojo History—27 years ago today: The Curse of Monkey Island released in Europe. Also, happy Halloween!