[Standards] Council Meeting 2016-09-21

Daniel Gultsch daniel at gultsch.de
Wed Sep 21 16:47:20 UTC 2016


Hi,

2016-09-21 17:55 GMT+02:00 Sam Whited <sam at samwhited.com>:
> ### OMEMO Axolotl / Olm
>
> - Dave Cridland wonders if we can unblock OMEMO which has remained a proto-XEP
>   due to a dependency on a proprietary protocol by switching from Axolotl to
>   Olm. Tobias, Lance, and MattJ agree.
> - SamWhited wonders if Olm has an audit like OMEMO and TextSecure and what the
>   license of the Olm spec is (known implementation is Apache).


The spec is public domain
"The Olm specification (this document) is hereby placed in the public
domain." from https://matrix.org/git/olm/tree/docs/olm.rst

The implementation is Apache as Sam correctly pointed out.
https://matrix.org/git/olm/tree/LICENSE

My personal concern is that it is written in an unsafe language.
Olm to my knowledge (from a conversation with Matthew a few weeks
back) hasn't been audited yet however they are interested in getting
it audited.

The problem with OMEMO right now is that everyone who is serious about
implementing it for now doesn't care about the GPL restriction. And
going forward with libsignalprotocol instead of libolm is the path of
least resistance for everyone involved.
I fully agree that a potential XEP should not be based upon the unfree
libsignalprotocol but without a proper (Java) library available moving
to olm has very bad cost-benefit ratio for me personally.

So my suggestion would be to standardize it around Olm and ignore the
fact that at least for a while most implementations will remain in the
'converstions' namespace that uses libsignal instead of the proper
libolm.

cheers
Daniel


More information about the Standards mailing list