From 18dad134fccd563498b3d4ee2ad134a6f2e173ea Mon Sep 17 00:00:00 2001
From: JC Brand <jc@opkode.com>
Date: Thu, 18 Oct 2018 08:08:44 +0200
Subject: [PATCH] Document that OMEMO is disabled when the device is untrusted

---
 docs/source/features.rst | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/docs/source/features.rst b/docs/source/features.rst
index bcab1d7fe..e301be216 100644
--- a/docs/source/features.rst
+++ b/docs/source/features.rst
@@ -16,34 +16,29 @@ A room (aka groupchat) can be opened with a URL fragment such as `#converse/room
 and a private chat with a URL fragment such as
 `#converse/chat?jid=user@domain`.
 
-Off-the-record encryption
+XEP-0384 OMEMO Encryption
 =========================
 
-Converse supports `Off-the-record (OTR) <https://otr.cypherpunks.ca/>`_
-encrypted messaging.
+Converse supports OMEMO encryption based on the
+`Signal Protocol <https://github.com/signalapp/libsignal-protocol-javascript>`_.
 
-The OTR protocol not only **encrypts your messages**, it provides ways to
-**verify the identity** of the person you are talking to,
-**plausible deniability** and **perfect forward secrecy** by generating
-new encryption keys for each conversation.
+The Signal Protocol is session-oriented. Clients establish a session, which is
+then used for all subsequent encrypt/decrypt operations. There is no need to
+ever tear down a session once one has been established.
 
-In its current state, JavaScript cryptography is fraught with dangers and
-challenges that make it impossible to reach the same standard of security that
-is available with native "desktop" software.
+This means that a session needs to be stored permanently after logging out.
 
-This is due to its runtime malleability, the way it is "installed" (e.g.
-served) and the browser's lack of cryptographic primitives needed to implement
-secure crypto.
+Converse stores this session information in the browser's `localStorage <https://developer.mozilla.org/en-US/docs/Web/API/Storage/LocalStorage>`_.
 
-For harsh but fairly valid criticism of JavaScript cryptography, read:
-`JavaScript Cryptography Considered Harmful <http://www.matasano.com/articles/javascript-cryptography/>`_.
+If you've checked the "This is not a trusted device" checkbox when logging in,
+then `sessionStorage <https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage>`_
+is used instead of localStorage and all data is cleared when you log out.
 
-To get an idea on how this applies to OTR support in Converse, please read
-`my thoughts on it <https://opkode.com/media/blog/2013/11/11/conversejs-otr-support>`_.
+For this reason, OMEMO cannot be used when you've indicated that you're using
+an untrusted device. You would in any case not be able to decrypt previously
+received OMEMO messages, due to the Signal Protocol's forward secrecy and the
+fact that you don't have a pre-existing session.
 
-For now, suffice to say that although its useful to have OTR support in
-Converse in order to avoid most eavesdroppers, if you need serious
-communications privacy, then you're much better off using native software.
 
 Notifications
 =============