Conversation
link2xt
force-pushed
the
link2xt/regen-user-id
branch
3 times, most recently
from
722e3e6 to
5be3918
Compare
link2xt
force-pushed
the
link2xt/keypair
branch
from
032442a to
0e45663
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
3 times, most recently
from
d810ee5 to
e0744da
Compare
link2xt
force-pushed
the
link2xt/keypair
branch
from
0e45663 to
d5fd33c
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
2 times, most recently
from
79a7943 to
895db47
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
from
895db47 to
48a715b
Compare
link2xt
force-pushed
the
link2xt/qkzzkkylmtmk
branch
from
a3deffe to
37e02ee
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
3 times, most recently
from
527561e to
fa350fb
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
8 times, most recently
from
1b13ddd to
5554654
Compare
link2xt
changed the title
link2xt
force-pushed
the
link2xt/regen-user-id
branch
from
5554654 to
9260fd5
Compare
This way we can place whatever we want into the signatures. We put all relay addresses as a notation subpacket in the direct key signature to distribute the relay addresses.
link2xt
force-pushed
the
link2xt/regen-user-id
branch
from
ed3868a to
8f60ea5
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
2 times, most recently
from
af884f1 to
cbb16fa
Compare
link2xt
force-pushed
the
link2xt/regen-user-id
branch
from
cbb16fa to
458ba69
Compare
src/pgp.rs
Outdated
| } = new_certificate; | ||
|
|
||
| // Public keys may be serialized differently, e.g. using old and new packet type, | ||
| // so we compare imprints instead, which are calculated over normalized packets. |
There was a problem hiding this comment.
If we understand correctly imprints are used here instead of fingerprints, if that's the case,
can you clarify that imprints are compared instead of fingerprints?
| // so we compare imprints instead, which are calculated over normalized packets. | |
| // so we compare imprints, which are calculated over normalized packets (instead of fingerprints). |
There was a problem hiding this comment.
I changed the comment. Imprints are compared instead of the keys, not instead of the fingerprints. Imprint vs fingerprint does not matter much, the only difference is that fingerprints are SHA1 for v4 keys.
| /// | ||
| /// See <https://openpgp.dev/book/adv/certificates.html#merging> | ||
| /// and <https://openpgp.dev/book/adv/certificates.html#certificate-minimization>. | ||
| pub fn merge_openpgp_certificates( |
There was a problem hiding this comment.
Not sure why we can't just take the newer key? Can you clarify this a bit?
There was a problem hiding this comment.
I wrote more in the documentation comment now.
| )?; | ||
| vec![user_id_packet.into_signed(signature)] | ||
| } else { | ||
| vec![] |
There was a problem hiding this comment.
Can you clarify, why we are not including users for V6?
There was a problem hiding this comment.
I added a comment describing why V4 keys include User ID.
src/key.rs
Outdated
| }; | ||
|
|
||
| let users = if signed_secret_key.version() == KeyVersion::V4 { | ||
| let addr = context.get_primary_self_addr().await?; |
There was a problem hiding this comment.
Should we call context.self_public_key.lock().await.take(); when changing the primary self addr?
There was a problem hiding this comment.
We already do when ConfiguredAddr is set, send_sync_transports is called and it drops the public key.
I added code in receive_imf to do it when primary transport is synchronized.
Hocuri
left a comment
Hocuri
left a comment
There was a problem hiding this comment.
FTR this PR does not add an "unpublished" flag to a transport. But this can also come in a later PR.
| // probably shutdown | ||
| bail!("IMAP operation attempted while it is torn down"); | ||
| } | ||
| let _imap_lock_guard = context.imap_lock.lock().await; |
There was a problem hiding this comment.
Didn't we want to take the lock after calling prefetch()?
There was a problem hiding this comment.
+1. Maybe also rename it to fetch_msgs_lock
| // probably shutdown | ||
| bail!("IMAP operation attempted while it is torn down"); | ||
| } | ||
| let _imap_lock_guard = context.imap_lock.lock().await; |
There was a problem hiding this comment.
+1. Maybe also rename it to fetch_msgs_lock
| addr = alice_transport["addr"] | ||
| assert (addr == new_alice_addr) == (addr in msg.get_info()) | ||
| msg_info = msg.get_info() | ||
| assert new_alice_addr in msg.get_info() |
There was a problem hiding this comment.
| assert new_alice_addr in msg.get_info() | |
| assert new_alice_addr in msg_info |
And maybe check for new_alice_addr + "/INBOX"?
| && let Some(relay_addrs) = addresses_from_public_key(&public_key) | ||
| { | ||
| ret += "\n\nRelays:"; | ||
| for relay in &relay_addrs { |
| FROM transports | ||
| UNION ALL | ||
| SELECT remove_timestamp AS timestamp | ||
| FROM removed_transports)", |
There was a problem hiding this comment.
Don't we need one more timestamp for primary address change? The returned pubkey depends on which address is primary
| old_certificate: SignedPublicKey, | ||
| new_certificate: SignedPublicKey, | ||
| ) -> Result<SignedPublicKey> { | ||
| old_certificate |
There was a problem hiding this comment.
The old certificate can expire so this will fail and we should just return the new one if key imprints are the same i guess
There was a problem hiding this comment.
Certificate or the primary key cannot expire by itself, at least in OpenPGP, since V4. Direct key signature (or primary User ID signature if there is no direct key signature) of the primary key or subkey my have "key expiration time" subpacket that tells when the key/subkey expires, we currently ignore it. For encryption subkeys we want to use expiration eventually for forward secrecy, but for this PR i have not looked at encryption subkeys at all. For primary key expiration we will likely have to ignore it, saying that the contact has expired or telling the user that their profile has expired does not make much sense and if we do it now this will break profiles of the users who have in the past imported the keys with 1 year or 5 year expiration time and forgot about it.
Even if we have old certificate with expired primary key and new certificate with renewed primary key, this is just a number from the primary key signature. It does not tell you anything about encryption subkeys. E.g. you may have a contact with an encryption subkey and expired primary key. Someone may gossip you a certificate for this contact with a renewed primary key (newer DKS with extended expiration time) but no encryption subkeys - this does not mean you should now drop all encryption subkeys and accept new certificate without subkeys as a whole without merging.
4 participants
This change adds information about all relay addresses to the public key and sends messages to all addresses listed in the public key contains the list of relays.
Public key is re-generated on the fly to include Direct Key Signature with Notation Data subpacket. Notation name is
relays@chatmail.atand the value is a comma-separated list of addresses. We send all relays, but only use the first 3 now. Last seen "From" address is remembered for contacts and is used in theToheader, as a fallback when relay list is not in the public key etc., but is not used as the recipient if it is not included in the notation subpacket as well. This will allow us to send from addresses that we don't want to receive messages to in the future if we decide to do so, e.g. send from a classic email server but receive chat messages only on chatmail relays.There is a known problem that removing a transport does not restart I/O, so you receive messages on the removed transport and it creates ad hoc group as you don't recognize your own address in the
Tofield. Fixing the problem is not for this PR, we probably want to restart i/o and also recognize that the message is a 1:1 message for us just by the intended recipient fingerprint even if there is an unrecognized address in theTofield.Closes #7865
TODO: