[Standards] OMEMO Key Agreement

Sebastian Verschoor sebastian.verschoor at gmail.com
Mon Jun 5 20:14:02 UTC 2017


On 3 June 2017 at 06:49, Dave Cridland <dave at cridland.net> wrote:

> On 2 June 2017 at 21:18, Sebastian Verschoor
> <sebastian.verschoor at gmail.com> wrote:
> > Dave Cridland on June 2nd:
> >>
> >> So:
> >>
> >> Encryption Interop: Don't care (negotiable at runtime)
> >
> > Be careful, this stuff is non-trivial [8]
> > [8]: https://www.imperialviolet.org/2016/05/16/agility.html
>
> Yes, indeed, and moreover I don't think we can solve any form of
> downgrade attack conclusively.
>
> Nevertheless, this happens to be the area I'm most comfortable we can
> address properly.
>
>
Cool, sounds like you would be able to address this way better than I could.


> Incidentally, the agility issues need to be addressed anyway - DJB is
> not a god, and the Edwards curve based around the prime number 25519
> may prove to be weak somehow, or perhaps EdDSA as a whole might be.
>
> In addition, OMEMO as a whole addresses a specific threat model which,
> while well-suited to the "consumer in the cloud", isn't well suited at
> all to enterprise, and that suggests an overall model where we'll have
> to negotiate between OMEMO and some other model (such as MIKEY-SAKKE
> or something).
>
> Dave.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170605/1dac77a4/attachment-0001.html>


More information about the Standards mailing list