Hello Andrew, thanks for your questions!
The authentication of public long-term keys is needed to ensure that those keys are the keys of the pretended owners. Trust Messages (TM) is intended to provide a basis for XEPs such as Automatic Trust Management (ATM) ( https://xmpp.org/extensions/inbox/automatic-trust-management.html). ATM minimizes the effort of authenticating all keys manually. You need to manually authenticate a key (e.g. by verifying its fingerprint) only once. The remaining authentications are done automatically. Additionally, ATM can improve the security because verifying many fingerprints involves the time and concentration of the verifier. Mechanisms such as QR code scanning might improve the latter problem but it is still time consuming. Thus, QR code scanning should be preferred for the initial authentication of a key which ATM needs to automate all remaining authentications. I hope that helped to understand the purpose of both XEPs better. Kind regards, Melvin > Can someone explain this to me like I'm 5 years old? Why is this > needed and how it improves security over regular 0384? Isn't > fingerprint matching enough a caution? > > вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <[email protected]>: > > > > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been released. > > > > Abstract: > > This document specifies a way to communicate the trust in public > long- > > term keys used by end-to-end encryption protocols from one endpoint > to > > another. > > > > Changelog: > > Improve explanations, descriptions and examples, introduce new > > attribute and complete all sections: > > * Remove link to encryption protocol namespaces. > > * Add short name > > * Shorten and improve introduction. > > * Use emphasizing text formatting instead of quotation marks. > > * Add new section for explaining the core properties of trust > > messages. > > * Add examples comparing trust messages to public key certificates. > > * Improve description of trust message structure. > > * Introduce 'usage' attribute for 'trust-message' element. > > * Focus on and adjust examples accordingly. > > * Complete sections 'IANA Considerations', 'XMPP Registrar > > Considerations' and 'XML Schema'. (melvo) > > > > URL: https://xmpp.org/extensions/xep-0434.html > > > > Note: The information in the XEP list at > https://xmpp.org/extensions/ > > is updated by a separate automated process and may be stale at the > > time this email is sent. The XEP documents linked herein are up-to- > > date. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
