revamp key regotiation
you can't do it with discord
This commit is contained in:
parent
c941bee2c6
commit
017024efff
1 changed files with 16 additions and 16 deletions
|
|
@ -16,14 +16,16 @@ Disclaimer
|
|||
|
||||
.PP
|
||||
An OMEMO session can not be fully carried out over Discord due to limitations
|
||||
of the Discord API.
|
||||
of the Discord API. This paper goes in more detail on overcoming such
|
||||
limitations using a third-party.
|
||||
|
||||
.NH
|
||||
Key negotiation / distribution
|
||||
|
||||
.PP
|
||||
Negotiating keys and prekeys in OMEMO use the User's originating XMPP server and
|
||||
XEP-0163: Personal Eventing Protocol to signal device key changes.
|
||||
Negotiating keys and prekeys in OMEMO use the User's originating XMPP server for
|
||||
key storage and XEP-0163: Personal Eventing Protocol to signal device
|
||||
key fetches and changes.
|
||||
|
||||
.PP
|
||||
Discord does not provide any semantics to what XEP-0163 provides, so
|
||||
|
|
@ -34,20 +36,18 @@ talking with who, and so, extra care must be given to implementations going down
|
|||
such paths.
|
||||
|
||||
.PP
|
||||
The second approach is leveraging the existing Discord protocol to provide, at
|
||||
least, key fingerprint material. Such an approach
|
||||
.I "could"
|
||||
involve the existing user profiles, and the fact that you can make a League of
|
||||
Legends entry without verification. USER_UPDATE events would be dispatched
|
||||
when such device keys change.
|
||||
.nr step 1 1
|
||||
Another approach would be leveraging existing Discord mechanics to provide key
|
||||
fingerprint material to the users via client profiles, however such an approach
|
||||
would not work because:
|
||||
|
||||
.PP
|
||||
If implementations go down the second approach, they could embed the key
|
||||
material inside the entries as well, but that might prove itself difficult,
|
||||
as there is a limit to how much you can insert on an entry. Same thing applies
|
||||
to the key fingerprints. Implementations should consider compressing. They
|
||||
should also consider a separate key server to give keys based on the key
|
||||
fingerprints so conversation can carry on.
|
||||
.IP \n[step] 2
|
||||
The maximum size for profile entries is too low to fit key material.
|
||||
|
||||
.IP \n+[step]
|
||||
Discord does not send USER_UPDATE events when those change. The client would
|
||||
need to send a DM to every user about the key change, so that the other users
|
||||
fetch the new user profile with the new keys.
|
||||
|
||||
.NH
|
||||
Key verification
|
||||
|
|
|
|||
Loading…
Reference in a new issue