I mean, what 'remaining authentications' are you referring to? Can you describe a scenario, like, Romeo with a smartphone and Juliet with desktop computer want to initiate an encrypted chat, what do they do?
On Mon, Dec 7, 2020, 00:00 Melvin Keskin <[email protected]> wrote: > Hello Andrew, > > thanks for your questions! > > The authentication of public long-term keys is needed to ensure that > those keys are the keys of the pretended owners. > > Trust Messages (TM) is intended to provide a basis for XEPs such as > Automatic Trust Management (ATM) ( > https://xmpp.org/extensions/inbox/automatic-trust-management.html). > > ATM minimizes the effort of authenticating all keys manually. You need > to manually authenticate a key (e.g. by verifying its fingerprint) only > once. The remaining authentications are done automatically. > > Additionally, ATM can improve the security because verifying many > fingerprints involves the time and concentration of the verifier. > Mechanisms such as QR code scanning might improve the latter problem > but it is still time consuming. > > Thus, QR code scanning should be preferred for the initial > authentication of a key which ATM needs to automate all remaining > authentications. > > I hope that helped to understand the purpose of both XEPs better. > > > Kind regards, > > Melvin > > > Can someone explain this to me like I'm 5 years old? Why is this > > needed and how it improves security over regular 0384? Isn't > > fingerprint matching enough a caution? > > > > вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <[email protected]>: > > > > > > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been released. > > > > > > Abstract: > > > This document specifies a way to communicate the trust in public > > long- > > > term keys used by end-to-end encryption protocols from one endpoint > > to > > > another. > > > > > > Changelog: > > > Improve explanations, descriptions and examples, introduce new > > > attribute and complete all sections: > > > * Remove link to encryption protocol namespaces. > > > * Add short name > > > * Shorten and improve introduction. > > > * Use emphasizing text formatting instead of quotation marks. > > > * Add new section for explaining the core properties of trust > > > messages. > > > * Add examples comparing trust messages to public key certificates. > > > * Improve description of trust message structure. > > > * Introduce 'usage' attribute for 'trust-message' element. > > > * Focus on and adjust examples accordingly. > > > * Complete sections 'IANA Considerations', 'XMPP Registrar > > > Considerations' and 'XML Schema'. (melvo) > > > > > > URL: https://xmpp.org/extensions/xep-0434.html > > > > > > Note: The information in the XEP list at > > https://xmpp.org/extensions/ > > > is updated by a separate automated process and may be stale at the > > > time this email is sent. The XEP documents linked herein are up-to- > > > date. > > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
