[Gajim-devel] XEP-0065 encryption
asterix at lagaule.org
Thu Apr 14 22:48:40 CEST 2016
On 04/13/2016 12:24 PM, Илья Валеев wrote:
>> Gajim automatically tries jingle FT first, and encryption if both
>> parties support it. But except by reading XML, you currently can't
>> know nor enforce encryption. Suggestions welcome.
> For example: new string option "file_transfer" (maybe conflict with
> "use_ft_proxies") with this variants:
> *I.* auto
> Default value, act as Gajim act today.
> *II.* inband
> Send files with IBB.
> *III.* proxy
> Send it with proxy defined in XEP-0065
> *IV.* jingle
> - Display icon for every position in list of transferring files, which
> display encrypted transfer or not (for example, green closed lock and
> red open lock)
> - Warn user when file transfer is not encrypted before transfer starts
> and give choise, continue without encryption or not
> Think that such transparency will help not only me, but all people
> that cares about there security.
> I use gpg and in my case IBB would be encrypted, right? What kind of
> encryption can offer jingle (I hear that XTLS
> <https://xmpp.org/extensions/inbox/jingle-xtls.html> is deprecated)?
> Is there any possibilities of end-to-end encrypting proxy filetransfer?
You mixed several things: The way to negociate the transfer, the
transport used to do it. Jingle and proxy are not orthogonal.
Moreover, IBB should only be used as a fallback way. It uses a lot of BW
and CPU for the server, and it's slow. Servers are not done to transfer
so much data.
I agree that displaying an encryption icon is a must have, and I already
thought about that.
Warn the user could be an option, but with a "do not warn me anymore"
checkbox. Because that could annoy a lot on every transfer.
IBB is NOT encrypted. you send your file plain. The link to your server
may be encrypted if you're connect securely. But:
- the server owner has the file plain
- you have no idea if the S2S connection is secure
- you have no idea if the connection between your contact and his
server is secure
Once again, GPG is not used to encrypt / sign a file before it's sent.
We indeed use XTLS even if this XEP has never been released
More information about the Gajim-devel