Heyho! Some more feedback:
In "Signing a Pubsub Item With OpenPGP", you state that "Signing an item with OpenPGP requires to have XEP-0373: OpenPGP for XMPP implemented to handle keys, [...]". I would argue, that - although useful - XEP-0373 is not strictly required as certificate distribution can also be done in other ways, so I would personally remove this statement. Of course, this may change once you describe the process of validating a signed item in more detail (especially the process of discovering the certificate via XEP-0373).
It probably also makes sense to pin some of the signature parameters of RFC4880 to fixed values, such as the Signature Type (https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.1). I would suggest 0x00; Binary Document. Perhaps though, this should go into XEP-0373 instead?
Otherwise, for sake of completeness I would like to see a section on signature verification, not sure if that is required to be able to create an implementation :)
Paul Am 08.11.22 um 21:36 schrieb Jonas Schäfer (XSF Editor):
The XMPP Extensions Editor has received a proposal for a new XEP. Title: Pubsub Signing: OpenPGP Profile Abstract: Specifies a pubsub signing profile for OpenPGP URL: https://xmpp.org/extensions/inbox/pubsub-signing-openpgp.html The Council will decide in the next two weeks whether to accept this proposal as an official XEP. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
