Browse Source

revamp key regotiation

you can't do it with discord
master
Luna 3 months ago
parent
commit
017024efff
1 changed files with 17 additions and 17 deletions
  1. 17
    17
      omemo-discord.ms

+ 17
- 17
omemo-discord.ms View File

@@ -16,14 +16,16 @@ Disclaimer
16 16
 
17 17
 .PP
18 18
 An OMEMO session can not be fully carried out over Discord due to limitations
19
-of the Discord API.
19
+of the Discord API. This paper goes in more detail on overcoming such
20
+limitations using a third-party.
20 21
 
21 22
 .NH
22 23
 Key negotiation / distribution
23 24
 
24 25
 .PP
25
-Negotiating keys and prekeys in OMEMO use the User's originating XMPP server and
26
-XEP-0163: Personal Eventing Protocol to signal device key changes.
26
+Negotiating keys and prekeys in OMEMO use the User's originating XMPP server for
27
+key storage and XEP-0163: Personal Eventing Protocol to signal device
28
+key fetches and changes.
27 29
 
28 30
 .PP
29 31
 Discord does not provide any semantics to what XEP-0163 provides, so
@@ -34,20 +36,18 @@ talking with who, and so, extra care must be given to implementations going down
34 36
 such paths.
35 37
 
36 38
 .PP
37
-The second approach is leveraging the existing Discord protocol to provide, at
38
-least, key fingerprint material. Such an approach
39
-.I "could"
40
-involve the existing user profiles, and the fact that you can make a League of
41
-Legends entry without verification. USER_UPDATE events would be dispatched
42
-when such device keys change.
43
-
44
-.PP
45
-If implementations go down the second approach, they could embed the key
46
-material inside the entries as well, but that might prove itself difficult,
47
-as there is a limit to how much you can insert on an entry. Same thing applies
48
-to the key fingerprints. Implementations should consider compressing. They
49
-should also consider a separate key server to give keys based on the key
50
-fingerprints so conversation can carry on.
39
+.nr step 1 1
40
+Another approach would be leveraging existing Discord mechanics to provide key
41
+fingerprint material to the users via client profiles, however such an approach
42
+would not work because:
43
+
44
+.IP \n[step] 2
45
+The maximum size for profile entries is too low to fit key material.
46
+
47
+.IP \n+[step]
48
+Discord does not send USER_UPDATE events when those change. The client would
49
+need to send a DM to every user about the key change, so that the other users
50
+fetch the new user profile with the new keys.
51 51
 
52 52
 .NH
53 53
 Key verification

Loading…
Cancel
Save