2.5.0 Public Key Exchange

This document is an implementation guide for public key exchange in Cryptodog 2.5.0. Please read it carefully; it introduces changes that are incompatible with previous versions. These changes are very likely to be amended (slightly) in future versions, but they are necessary right now, in this form, to mitigate a denial of service vulnerability. If you have any questions, open an issue or reach out via email.

For reference, these changes were implemented here: https://github.com/Cryptodog/cryptodog/commit/b39903f4af6912a6ccc95dea6a7df9de467bdb12

Sending your public key:

{
    "type": "public_key",
    "text": "<public key content>"
}

Notes:

1. The message type is public_key rather than publicKey.
2. On receiving this type of message, clients should process the key content if and only if:
   • It's different from the key they already have for the sender (or they have no key at all for the sender). Clients should still warn the user if a buddy's key suddenly changes.
3. Clients should send this type of message:
   • Once, immediately after joining a room AND
   • Whenever a buddy requests their public key.
4. Clients should no longer send their key just because they got an XMPP presence from someone. This means the onus is on the person who just joined the room to request everyone's keys, as described below.

Requesting public key(s):

{
    "type": "public_key_request",
    "text": "<nickname of requestee>"
}

Notes:

1. The message type is public_key_request rather than publicKeyRequest.
2. On receiving this type of message, clients should send their public key in response if and only if:
   • The text field is omitted OR
   • The value of text corresponds to their nickname OR
   • The value of text is the empty string or null.
3. Clients should send this type of message:
   • Once, with the value of text set to the empty string, immediately after joining a room AND
   • Whenever they realize they are missing a buddy's public key (with the value of text set to that buddy's nickname).