[Standards] Proposed XMPP Extension: OMEMO Encryption

Thijs Alkemade me at thijsalkema.de
Fri Nov 13 14:54:32 UTC 2015


Hi all,

To get the ball rolling, I’ll play devil’s advocate for a bit here: it is
impossible to implement OMEMO from scratch by the current documentation alone.
“Axolotl” has no standard, and it appears Open Whisper Systems has no
intention of writing one. The few bits of documentation and blog posts that we
have are not enough to implement it and are outdated or wrong in some places.

We had a new XEP a few weeks ago which people said was unacceptable because it
referred a NATO document that wasn’t publicly available, but now we have a XEP
that depends on a GPLv3 licensed library. To me, both things a similarly
problematic. Sure, the authors may be highly praised cryptographers, but I
don’t think we should trust them blindly enough to build a specification on
their work without being able to verify it, especially as it is very security
sensitive.

What can we do about this?

Regards,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/standards/attachments/20151113/532ccc57/attachment.sig>


More information about the Standards mailing list