[Standards] Signal protocol for end-to-end encryption

Dave Cridland dave at cridland.net
Mon Sep 5 09:13:22 UTC 2016


On 5 September 2016 at 09:46, Goffi <goffi at goffi.org> wrote:
> Le lundi 5 septembre 2016, 10:12:24 CEST Peter Waher a écrit :
>> Hello
>>
>> Does anybody on this list have experience using the Signal protocol
>> (previously axolotl protocol), from Open Whisper Systems, together with
>> XMPP for end-to-end encryption? As there’s work being done on this list
>> concerning end-to-end encryption (OpenPGP & OTR), it might be of interest
>> to have an alternative for those that want to use Signal as well. It’s
>> currently being tested by both Facebook and WhatsApp, and is recommended by
>> several notable people.
>>
>> Best regards,
>> Peter Waher
>
> Hi Peter,
>
> There is work done on OMEMO by Conversations team, which is XMPP version of
> axolotl. There has been a protoXEP, but it has not yet official number because
> it's currently depending on copyleft library (if I'm not mistaken). Daniel
> Gultsh from Conversations has recently announced that OMEMO has been audited.
>
> Gajim has also an implementation, for now it's the 2 only ones (to my
> knowledge), but other clients are planing to do implementation.
>

We discussed at length in the xsf@ chatroom. The summary is:

* The OMEMO ProtoXEP was largely blocked because there's no
specification for Axolotl/Signal/whatever, just a single
implementation which is GPL licensed - thus it is not an open
standard.
* There was a suggestion to use the specified v2 protocol, but that
has problems itself, and concerned many of us that we might miss
crucial security improvements.
* The Matrix people have done "Olm", which has a public specification,
and would be wire compatible if it weren't for the fact it uses a
different Initialization Vector just so it's not, because Moxie asked
nicely.

There were then some rightly sarcastic comments on the nature of Moxie
Marlinspike's interpretation of the word "open".

>From a technical standpoint, OMEMO seems OK. From a standardization
one, I think we need to switch (and switch existing implementations)
to an Olm-based OMEMO variant.

Dave.

>
> Goffi
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________


More information about the Standards mailing list