#social 2020-05-16

2020-05-16 UTC
sl007, KjetilK, h_ll_k_n, jussi, jussi_ and rigelk joined the channel
# 16:10 
sl007 please note, #apconf planning session : we also do an etherpad https://redaktor.me/pad/p/apconf2020
KjetilK, jussi_ and sl007 joined the channel
# 19:19 
Gargron Heya, does anyone know of any JSON-LD vocabulary that would allow me to represent a list of devices identity keys and pre-keys?
# 19:19 
Gargron *with
# 19:20 
Gargron cwebber2
# 19:34 
cwebber2 Gargron: what do you mean by device identity keys and pre-keys?
# 19:35 
Gargron E2EE stuff, see for example: https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide#keys-used-in-end-to-end-encryption
# 19:39 
cwebber2 Gargron: https://w3c-ccg.github.io/security-vocab/ may provide some of, but not all, of what you want
# 19:40 
cwebber2 actually it probably provides most of it though
# 19:40 
cwebber2 even has an EncryptedMessage type
# 19:40 
cwebber2 I haven't looked at it in a while
# 19:40 
Gargron I already checked that one (we use it, after all), but it's not sufficient.
# 19:40 
Gargron For one there is no way to say "these are this actor's devices" even if you could represent the keys itself through it.
# 19:42 
Gargron Having to come up with own JSON-LD attributes is my least favourite part of this whole thing.
# 19:46 
Gargron Just for context this isn't about putting Matrix in JSON-LD. I've just been chatting with their devs and got helpful guidance on E2EE implementation. Copying their APIs for it would make a lot of sense.
# 19:47 
Gargron As far as federation goes, we need an equivalent of the keys/query API, which returns devices with their identity keys: https://matrix.org/docs/spec/client_server/r0.4.0#post-matrix-client-r0-keys-query
# 19:48 
Gargron And keys/claim API, which returns a random one-time key of a device while also removing it from the pool: https://matrix.org/docs/spec/client_server/r0.4.0#post-matrix-client-r0-keys-claim
# 19:50 
Gargron I imagine that the JSON-LD way of doing it would be to have like a claimEndpoint property on the Device object, which you could hit to perform the claim
# 19:51 
Gargron On the Actor object we'd have a devices property listing the Device objects
# 19:57 
Gargron Naming-wise, Matrix uses "Ed25519" and "Curve25519" but I find that not very readable, based on how they are used I'm working with "fingerprint" and "identity" respectively
# 19:58 
Gargron Worth noting that Matrix's OLM is almost bit-compatible with libsignal, where these things are called "identity" and "signed pre key" as far as I can tell (but not sure)
# 19:59 
Gargron So let's say the Device object will have a fingerprint and an identity attribute, which will both be Key objects
# 20:00 
Gargron Are you with me? Does this make sense?
# 20:03 
Gargron cwebber2:
# 20:08 
cwebber2 hi
# 20:08 
cwebber2 Gargron: I was afk
# 20:09 
cwebber2 let me see
# 20:11 
Gargron Something like https://hastebin.com/ojezuvocal.pl
# 20:12 
cwebber2 Gargron: I don't know of something existing offhand but I'll ask in #ccg
# 20:13 
cwebber2 Gargron: btw, the amount of pain we went through with the "sensitive" field is partly what lead me to write / think about https://dustycloud.org/blog/content-addressed-vocabulary/
# 20:14 
Gargron What do you think of my JSON example?
# 20:14 
Gargron Is that something I can implement today?
# 20:15 
Gargron The content-addressed-vocabulary thing
# 20:16 
cwebber2 Gargron: let's see if I can interpret your paste back at you
# 20:18 
cwebber2 re: content-addressed-vocabulary, nobody else yet is doing it in production even though I think it's a good idea and would like to myself; the main challenge may be selecting the hash method for the URN
# 20:18 
cwebber2 Gargron: so re: your paste
# 20:18 
cwebber2 So here's a Person (alice), with the following devices (this one's a mobile phone)
# 20:18 
cwebber2 I think the id, it may be better to do #S45FF
# 20:19 
cwebber2 what are identity key, fingerprint key, and claimEndpoint used for?
# 20:19 
cwebber2 since I'm not as familiar with how matrix does E2E
# 20:20 
Gargron You POST to the claimEndpoint to receive a unique one-time-key to initiate a E2EE session with forward-secrecy
# 20:20 
cwebber2 Gargron: kind of related to this, cjslep[m], emacsen and I had a call where we laid out how to do store-and-forward that's kind of E2E related (and can be used for it)
# 20:20 
cwebber2 I think cjslep[m] is still interested in working on it
# 20:20 
Gargron https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide#keys-used-in-end-to-end-encryption
# 20:21 
cwebber2 it may be worth going over if you're interested, though it sounds like you'd like to implement this specific E2E thing faster
# 20:22 
cwebber2 Gargron: hm, so the claim stuff is related to the Curve25519 one-time keys?
# 20:22 
cwebber2 Gargron: what's the goal of the claim mechanism?  is it to keep a fresh and regularly rotating set of encryption keys?
# 20:23 
cwebber2 what I would have thought is that you only need one key to encrypt directly to this user but it seems that's not the case here
# 20:23 
Gargron No a one-time-key is only used one time for a specific session. A device generates like a 100 at a time
# 20:23 
cwebber2 Gargron: why do that instead of having one key per device
# 20:23 
cwebber2 and encrypting directly to that key
# 20:27 
Gargron https://signal.org/docs/specifications/doubleratchet/
# 20:29 
cwebber2 so the goal seems to be explained here:
# 20:29 
cwebber2 > The Double Ratchet algorithm is designed to provide security against an attacker who records encrypted messages and then compromises the sender or receiver at a later time. This security could be defeated if deleted plaintext or keys could be recovered by an attacker with low-level access to the compromised device. Recovering deleted data from storage media is a complicated topic which is outside the scope of this document.
# 20:32 
Gargron forward secrecy
# 20:33 
cwebber2 right
# 20:33 
cwebber2 Gargron: I'll read those docs, thank you
# 20:35 
cwebber2 Gargron: btw recently I proposed the idea on the fediverse of running occasional video calls that are specifically for implementors wanting to work through future-facing issues, which may even start out with a presentation by someone first and then a discussion afterwards
# 20:36 
cwebber2 Gargron: would you be interested in doing one, maybe even presenting at the first one, based on the ideas here re: implementing E2E ?
h_ll_k_n joined the channel
# 21:27 
Gargron I'm not sure. I'm far from an expert on this topic. Just trying to get to a working prototype
# 22:01 
Gargron Oh wow, I can no longer find where I got RsaSignature2017 from. And the LD-Signatures document now redirects to LD-Proofs.
h_ll_k_n joined the channel
# 22:18 
heluecht[m] BTW: I would love seeing a replacement for the LD-Signatures that would be widely used.