Here is an extensive and detailed example to show the usefulness of TM / ATM and hopefully answer your question. To keep it simple, implementation details are omitted.
# Baseline Alice would like to chat end-to-end encrypted with Bob. She uses a notebook, a tablet and a smartphone for chatting via XMPP. Bob uses a notebook and a smartphone. In the case of OMEMO, each device has an own key. Therefore, Alice has three keys and Bob has two keys. Alice has to authenticate Bob's keys and Bob has to authenticate Alice's keys. Furthermore, they have to authenticate their own keys. # Without ATM Currently, that involves the following actions: Alice's notebook has to authenticate the key of her tablet (1), the key of her smartphone (2), the key of Bob's notebook (3) and the key of his smartphone (4). Alice's tablet has to authenticate the key of her notebook (5), the key of her smartphone (6), the key of Bob's notebook (7) and the key of his smartphone (8). Alice's smartphone has to authenticate the key of her notebook (9), the key of her tablet (10), the key of Bob's notebook (11) and the key of his smartphone (12). Bob's notebook has to authenticate the key of his smartphone (13), the key of Alice's notebook (14), the key of her tablet (15) and the key of her smartphone (16). Bob's smartphone has to authenticate the key of his notebook (17), the key of Alice's notebook (18), the key of her tablet (19) and the key of her smartphone (20). The whole process involves 20 authentications. In my experience, doing those authentications manually (e.g. by scanning QR codes containing the fingerprint of each device) is too much for average users and even too much for interested and motivated people. # With ATM When you use ATM, the number of manual authentications can be reduced to a minimum while the other authentications are done automatically and in a secure manner. The authentications which ATM needs to automate the remaining authentications are the *initial authentications*. In the following, only the initial authentications are marked with numbers. An example procedure which makes use of QR code scanning could be the following: Alice scans with her notebook the QR code of her smartphone to authenticate her smartphone's key (1). Alice scans with her tablet the QR code of her smartphone to authenticate her smartphone key (2). Alice scans with her smartphone the QR code of her notebook to authenticate her notebook's key (3). Alice scans with her smartphone the QR code of her tablet to authenticate her tablet's key (4). Her smartphone automatically sends a TM for the key of her notebook to her tablet. Her tablet uses the TM to automatically authenticate the key of her notebook. Her smartphone automatically sends a TM for the key of her tablet to her notebook. Her notebook uses the TM to automatically authenticate the key of her tablet. Bob scans with his notebook the QR code of his smartphone to authenticate his smartphone's key (5). Bob scans with his smartphone the QR code of his notebook to authenticate his notebook's key (6). Alice meets Bob. Bob scans with his smartphone the QR code of Alice's smartphone to authenticate her smartphone's key (7). His smartphone automatically sends a TM for the key of Alice's smartphone to his notebook. His notebook uses the TM to automatically authenticate the key of Alice's smartphone. His smartphone automatically sends a TM for the key of his notebook to Alice's smartphone. Her smartphone uses the TM to automatically authenticate the key of Bob's notebook. Alice scans with her smartphone the QR code of Bob's smartphone to authenticate his smartphone's key (8). Her smartphone automatically sends a TM for the key of Bob's smartphone to her notebook and tablet. Her notebook and tablet use the TM to automatically authenticate the key of Bob's smartphone. Her smartphone automatically sends a TM for the key of her notebook and the key of her tablet to Bob's notebook and smartphone. Bob's notebook and smartphone use the TM to automatically authenticate the key of Alice's notebook and the key of her tablet. # Result 8 authentications cannot be automated in a secure manner. They are the *initial authentications*. The remaining authentications can be done automatically without reducing the security. The security could be even improved as said in my previous message in comparison to manual procedures like looking at two fingerprints and comparing them. # Not only for OMEMO The case of end-to-end encryption protocols where each chat partner has only one key used by all devices (e.g. with OpenPGP for XMPP) is a subset of the whole problem which is not covered by the mentioned example. But ATM can improve the situation even for that case. It reduces the number of manual authentications for multiple contacts: Alice has three contacts. She has already authenticated their keys with her smartphone and would like to use a new notebook. She can simply scan with her smartphone the QR code of her notebook. Her smartphone automatically sends a TM for the key of each contact to her new device. As soon as Alice scanned with her notebook the QR code of her smartphone, her notebook uses the TM to automatically authenticate the keys of all three contacts. Let me know if that was helpful ;) > I mean, what 'remaining authentications' are you referring to? > > Can you describe a scenario, like, Romeo with a smartphone and Juliet > with > desktop computer want to initiate an encrypted chat, what do they do? > > On Mon, Dec 7, 2020, 00:00 Melvin Keskin <[email protected]> wrote: > > > Hello Andrew, > > > > thanks for your questions! > > > > The authentication of public long-term keys is needed to ensure > that > > those keys are the keys of the pretended owners. > > > > Trust Messages (TM) is intended to provide a basis for XEPs such as > > Automatic Trust Management (ATM) ( > > https://xmpp.org/extensions/inbox/automatic-trust-management.html). > > > > ATM minimizes the effort of authenticating all keys manually. You > need > > to manually authenticate a key (e.g. by verifying its fingerprint) > only > > once. The remaining authentications are done automatically. > > > > Additionally, ATM can improve the security because verifying many > > fingerprints involves the time and concentration of the verifier. > > Mechanisms such as QR code scanning might improve the latter > problem > > but it is still time consuming. > > > > Thus, QR code scanning should be preferred for the initial > > authentication of a key which ATM needs to automate all remaining > > authentications. > > > > I hope that helped to understand the purpose of both XEPs better. > > > > > > Kind regards, > > > > Melvin > > > > > Can someone explain this to me like I'm 5 years old? Why is this > > > needed and how it improves security over regular 0384? Isn't > > > fingerprint matching enough a caution? > > > > > > вт, 1 дек. 2020 г. в 22:37, Jonas Schäfer <[email protected]>: > > > > > > > > Version 0.2.0 of XEP-0434 (Trust Messages (TM)) has been > released. > > > > > > > > Abstract: > > > > This document specifies a way to communicate the trust in > public > > > long- > > > > term keys used by end-to-end encryption protocols from one > endpoint > > > to > > > > another. > > > > > > > > Changelog: > > > > Improve explanations, descriptions and examples, introduce new > > > > attribute and complete all sections: > > > > * Remove link to encryption protocol namespaces. > > > > * Add short name > > > > * Shorten and improve introduction. > > > > * Use emphasizing text formatting instead of quotation marks. > > > > * Add new section for explaining the core properties of trust > > > > messages. > > > > * Add examples comparing trust messages to public key > certificates. > > > > * Improve description of trust message structure. > > > > * Introduce 'usage' attribute for 'trust-message' element. > > > > * Focus on and adjust examples accordingly. > > > > * Complete sections 'IANA Considerations', 'XMPP Registrar > > > > Considerations' and 'XML Schema'. (melvo) > > > > > > > > URL: https://xmpp.org/extensions/xep-0434.html > > > > > > > > Note: The information in the XEP list at > > > https://xmpp.org/extensions/ > > > > is updated by a separate automated process and may be stale at > the > > > > time this email is sent. The XEP documents linked herein are > up-to- > > > > date. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
