revamp key regotiation

you can't do it with discord
This commit is contained in:
Luna 2019-03-13 01:59:07 -03:00
parent c941bee2c6
commit 017024efff

View file

@ -16,14 +16,16 @@ Disclaimer
.PP
An OMEMO session can not be fully carried out over Discord due to limitations
of the Discord API.
of the Discord API. This paper goes in more detail on overcoming such
limitations using a third-party.
.NH
Key negotiation / distribution
.PP
Negotiating keys and prekeys in OMEMO use the User's originating XMPP server and
XEP-0163: Personal Eventing Protocol to signal device key changes.
Negotiating keys and prekeys in OMEMO use the User's originating XMPP server for
key storage and XEP-0163: Personal Eventing Protocol to signal device
key fetches and changes.
.PP
Discord does not provide any semantics to what XEP-0163 provides, so
@ -34,20 +36,18 @@ talking with who, and so, extra care must be given to implementations going down
such paths.
.PP
The second approach is leveraging the existing Discord protocol to provide, at
least, key fingerprint material. Such an approach
.I "could"
involve the existing user profiles, and the fact that you can make a League of
Legends entry without verification. USER_UPDATE events would be dispatched
when such device keys change.
.nr step 1 1
Another approach would be leveraging existing Discord mechanics to provide key
fingerprint material to the users via client profiles, however such an approach
would not work because:
.PP
If implementations go down the second approach, they could embed the key
material inside the entries as well, but that might prove itself difficult,
as there is a limit to how much you can insert on an entry. Same thing applies
to the key fingerprints. Implementations should consider compressing. They
should also consider a separate key server to give keys based on the key
fingerprints so conversation can carry on.
.IP \n[step] 2
The maximum size for profile entries is too low to fit key material.
.IP \n+[step]
Discord does not send USER_UPDATE events when those change. The client would
need to send a DM to every user about the key change, so that the other users
fetch the new user profile with the new keys.
.NH
Key verification