[Standards] OMEMO Key Agreement

Sebastian Verschoor sebastian.verschoor at gmail.com
Mon Jun 5 19:33:41 UTC 2017

On 3 June 2017 at 04:10, VanitasVitae <vanitasvitae at riseup.net> wrote:

> Hi Sebastian!
> As a cryptographic expert, what would be your advise for future
> development of the protocol?
> As you may have read, the reason of this discussion is the fact that there
> are concerns that it is not trivial to implement OMEMO in non-GPL apps due
> to the lack of a permissive XEdDSA implementation. Thats also the reason
> why OMEMO was (prematurely) specified based on Olm instead of libsignal.
> Would you rather suggest to put the efforts into a permissive XEdDSA
> implementation or what would be your advice?

I was going to suggest using seperate key-pairs: one for signing and one
for DH.  However, upon closer inspection it seems that the
X3DH-specification requires XEdDSA signatures (
so if you did that you would no longer follow the open specs, which I
believe (from previous discussions) is not desirable.

So the other option is to implement XEdDSA.  The specs aren't super
complicated, so I think I could do that, based on the public domain
Curve25519 code in supercop.  It would be a public domain implementation in
C (I believe most languages can call C through an FFI?)

> Greetings Vanitasvitae
> --
> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
> gesendet.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170605/d89ad757/attachment.html>

More information about the Standards mailing list