Gajim - 2017-03-05

  1. hermann Hi all, from a privacy standpoint, does it make sense (or is it dangerous) to publish my OMEMO fingerprint on my website (as a XMPP-server admin)? So that others can contact me via XMPP.
  2. fphome hermann: it's basically the same thing like a gpg key ... you should make sure people can trust what they see on your website (trustworthy hoster, very secure tls config, ...)
  3. hermann fphome, but in theory someone could take this fingerprint, start a man in the middle attack and fake my identity, right?
  4. hermann but I guess that very difficult to do anyways, if at all
  5. fphome hermann: nope. let me clarify: it's like a gpg public key ... so if your key is strong enough (which it is with omemo by default) you can't get the private key from the public key
  6. hermann ok, many thanks :-)
  7. lovetox hermann i think you have misconception about how this works
  8. lovetox the public key or fingerprint is calculated from the private key
  9. lovetox if someone takes your public key, and shares it
  10. lovetox and a contact uses this public key to encrypt a message
  11. lovetox only the one with the private key can drecrypt this message
  12. lovetox because they are a pair linked to each other, they work only together
  13. lovetox so yes someone could give your public key to other people and pretend that he is you
  14. lovetox but he cant encrypt the message that afterwards are send and encrypted with this public key
  15. lovetox not a good attack ^^
  16. hermann lovetox: got it. Thanks again.
  17. testik I found a bug or a UX problem. I sent a bunch of OMEMO messages from Conversations to gajim, Conversations reported them as delivered, but they were not received by gajim (or they were but something happened and they weren't shown nor there was a notification).
  18. testik gajim was opened for a long time on that machine, at least some plugini wasn't recently updated.
  19. testik This may be something trivial like a plugin being disabled for some reason (update maybe) or something more complicated.
  20. testik update plugins, reset pc, enable omemo plugin, reset gajim solved this
  21. testik but messages still weren't received
  22. lovetox testik did you look into the history window
  23. lovetox hard to say what the problem was, if the plugin was not enabled the messages are dropped and you are not notified about it