diff --git a/omemo-discord.ms b/omemo-discord.ms index 5de88c3..c9d25c5 100644 --- a/omemo-discord.ms +++ b/omemo-discord.ms @@ -16,14 +16,16 @@ Disclaimer .PP An OMEMO session can not be fully carried out over Discord due to limitations -of the Discord API. +of the Discord API. This paper goes in more detail on overcoming such +limitations using a third-party. .NH Key negotiation / distribution .PP -Negotiating keys and prekeys in OMEMO use the User's originating XMPP server and -XEP-0163: Personal Eventing Protocol to signal device key changes. +Negotiating keys and prekeys in OMEMO use the User's originating XMPP server for +key storage and XEP-0163: Personal Eventing Protocol to signal device +key fetches and changes. .PP Discord does not provide any semantics to what XEP-0163 provides, so @@ -34,20 +36,18 @@ talking with who, and so, extra care must be given to implementations going down such paths. .PP -The second approach is leveraging the existing Discord protocol to provide, at -least, key fingerprint material. Such an approach -.I "could" -involve the existing user profiles, and the fact that you can make a League of -Legends entry without verification. USER_UPDATE events would be dispatched -when such device keys change. +.nr step 1 1 +Another approach would be leveraging existing Discord mechanics to provide key +fingerprint material to the users via client profiles, however such an approach +would not work because: -.PP -If implementations go down the second approach, they could embed the key -material inside the entries as well, but that might prove itself difficult, -as there is a limit to how much you can insert on an entry. Same thing applies -to the key fingerprints. Implementations should consider compressing. They -should also consider a separate key server to give keys based on the key -fingerprints so conversation can carry on. +.IP \n[step] 2 +The maximum size for profile entries is too low to fit key material. + +.IP \n+[step] +Discord does not send USER_UPDATE events when those change. The client would +need to send a DM to every user about the key change, so that the other users +fetch the new user profile with the new keys. .NH Key verification