[Standards] XEP-0384 and inbox/omemo-filetransfer: Variable length of MAC

Andrey Gursky andrey.gursky at e-mail.ua
Sun Dec 11 20:40:19 UTC 2016


On Sun, 11 Dec 2016 19:45:47 +0100 Daniel Gultsch wrote:

> On Dec 11, 2016 7:07 PM, "Andrey Gursky" <andrey.gursky at e-mail.ua> wrote:
> > Hi,
> >
> > > The 16 bytes key and the GCM authentication tag (The tag SHOULD have at
> > > least 128 bit) are concatenated and for each intended recipient
> > > device...
> >
> > Once received due to the predefined length of the first field (key),
> > the length of the tag can be calculated. Considering OMEMO
> > file-transfer: the tag is appended at the end of the encrypted file and
> > the total length is reported to the receiver. It seems to me not
> > possible to derive the used authentication tag length in this case.
> Omemo filetransfer has been rejected by Council due to a retraction by the
> author. (me)
> The file transfer xep hasn't been updated after that particular change was
> made in the omemo xep.

aha, that's why Conversations' session-initiate packet looks a little
bit different than a one from XEP. For a couple of reasons I really
need Jingle Transfer support in OMEMO due to limitations of HTTP File Upload:
1) it is supported not by every server, but it is still possible while
   OMEMO and Jingle can be used
2) arbitrary service limitations that can change every moment, like
   - maximal file size
   - maximal available traffic
   - maximal available space
   - maximal number of uploads per time slot
3) no guarantee for Content-Range support by the server to
   - continue uploading
   - continue downloading
   in case of a connection interruption
4) request might be rejected by the server for whatever reason
5) the file might disappear for whatever reason

Considering all this, despite of the nice convenience you have when
HTTP File Upload is working, Jingle gives you the freedom back again to
transfer something right now without to depend on too much.

Are there any major technical issues with omemo filetransfer that you
couldn't solve? Can't they be solved in general or it can be discussed?
Are you working on a successor XEP or if I'd need it I'd had to go on my


More information about the Standards mailing list