Hi Standards, When trying to implement OMEMO support in poezio, I came across a few points that make me shiver like chalk on blackboard each time I read them.
All 3 points are in https://xmpp.org/extensions/xep-0384.html#usecases-messagesend. > When an OMEMO element is received, the client MUST check whether there > is a <key> element with an rid attribute matching its own device ID. > If this is not the case, the element MUST be silently discarded. > If the element's contents are a SignalMessage, and the client has a > session with the sender's device, it tries to decrypt the > SignalMessage using this session. If the decryption fails or if the > element's contents are not a SignalMessage either, the OMEMO element > MUST be silently discarded. > If the OMEMO element contains a <payload>, it is an OMEMO message > element. The client tries to decrypt the base64 encoded contents using > the key and the authentication tag extracted from the <key> element. > If the decryption fails, the client MUST silently discard the OMEMO > message. Can anybody explain why as a library dev I would want to silently discard messages and not let the end-users know they just lost messages? So that they can then take appropriate actions, (e.g., ask the other party to resend, file a bug in the library). I understand that in these cases the library is not able to decrypt these messages. My point is to let users know. Is there a reason I should respect these MUST? What happens if I don't? Is there any security/privacy implications? I would love to see a rationale added alongside if it is the case. Cheers, -- Maxime “pep” Buquet
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
