[Standards] Don't let today be the day we bury OMEMO

Florian Schmaus flo at geekplace.eu
Wed Jun 7 13:48:48 UTC 2017

The council will likely soon [1] decide if the currently used OMEMO
protocol will be published as the next version of XEP-0384. While that
is great, the plan is to shift following versions of that XEP away from
the Double Ratchet Algorithm using XEdDSA. This means that newer
versions will be incompatible with all currently deployed OMEMO
implementations. As consequence, end-users will continue to use an old
version of XEP-0384 for the foreseeable future.

I do not see any compelling reason why we would want that. It means that
there will be no canonical and official place within the XSF where the
currently used protocol can further evolve, where we can address
security issues and specify new features. We would bury one of the most
successfully deployed XMPP end-to-end encryption system for the masses.

Instead I suggest we go with Andreas Straub's OMEMO update [2], which
attempts to specify a wire format, depends exclusively on open
standards, and keeps the audited and battle-tested crypto every OMEMO
implementation currently uses.

There were some arguments that XEdDSA is not common crypto and therefore
should be avoided. I am supportive and welcome the work on a successor
of OMEMO which does use different crypto primitives. But we have a
responsibility not to leave the users standing in the rain. Therefore
the work on the OMEMO successor should happen under a *new* XEP number.

- Florian

1: maybe not this week
2: https://github.com/xsf/xeps/pull/460

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 642 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170607/99e0814b/attachment.sig>

More information about the Standards mailing list