[Standards] OMEMO Key Agreement

Remko Tronçon remko at el-tramo.be
Tue Jun 6 06:32:20 UTC 2017


Hi Sebastian,

> I was going to suggest using seperate key-pairs: one for signing and one
for DH.  However, upon closer inspection it seems that the
X3DH-specification requires XEdDSA signatures (https://whispersystems.org/
docs/specifications/x3dh/#cryptographic-notation), so if you did that you
would no longer follow the open specs, which I believe (from previous
discussions) is not desirable.

Personally, I'm fine with changing the key agreement protocol, as long as
it is validated by (an) expert(s).
I'm less fine with limiting implementation options, which is why separate
key-pairs is my preferred direction as well.

So there is no long-term key involved in the key agreement?
>

This is probably a misunderstanding of my part. Initially, I assumed that
IK was indeed a long-term key, but then in I read that it should
theoretically be rotated [1] (but isn't), so then I was thinking it was
more like a signed pre-key key (but that authentication was ensured by
verifying signatures).

Remko

[1] https://matrix.org/docs/guides/e2e_implementation.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170606/0b8c7237/attachment.html>


More information about the Standards mailing list