[Standards] OMEMO Key Agreement

riba at firemail.cc riba at firemail.cc
Thu Jun 1 15:52:04 UTC 2017

Hello all,

I must admit I am not sure why the discussion started to revolve around 
XEdDSA again.
It felt to me like we found a compromise, which is using separate DH and 
signing keypairs (Curve25519/Ed25519), as reflected through Remko's PR.
There were still some disagreements - I really do think we should mimic 
X3DH with it, complete with an additional unsigned pre key for the 
security considerations laid out in the X3DH spec - but I thought that 
it is a good, future-proof direction.

But that opened up a different discussion which I have not seen on the 
mailing list yet: Remko wants to use unmodified libolm so he can simply 
plug it into his software, but for the sake of future-proofing I think 
ODR is the way to go, which unfortunately means changing libraries to 
expose internal values for the XMPP wire format, but as I said, for C 
libs copying a struct definition into the own code might already be 
enough. However, there is still the issue of the changed info string.

Before the XEdDSA discussion is continued, I'd like to request a comment 
on this course of action which would make it unnecessary anyway, since I 
think the GitHub comments did not have the same reach as this mailing 
You can find the pull request and the comments here: 


More information about the Standards mailing list