[Standards] OMEMO Discussion Summary 2017

Florian Schmaus flo at geekplace.eu
Thu Jun 22 07:18:25 UTC 2017


On 22.06.2017 08:45, Chris Ballinger wrote:
> Unlike most of those things you've mentioned, SignalProtocol (the
> protocol and reference libraries) has been extensively studied, audited,
> and widely deployed to billions of mobile devices. Other than Signal
> itself (a few million users), it's in WhatsApp (1.2 billion users),
> Facebook Messenger (1.2 billion users), Allo (a few hundred users), and
> more. I'd guess that SignalProtocol probably has a pretty safe future
> with the backing of a few multibillion dollar corporations.

Right. I can't think of a reason why someone would put OMEMO in a the
corner of exotic, unstudied, and unaudited cyrpto primitives using
protocols.

> 2. OMEMO-NEXT would be great for supporting out of <body> experiences.

Assuming that with OMEMO-NEXT you mean non-XEdDSA double ratched e2e
mechanism for XMPP, then I'd like to point out that support for
encryption of arbitrary extension elements (non <body/> elements) could
also be incorporated in Andy's PR since it's a namespace bump anyway.

- Florian



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 642 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170622/e870d6e6/attachment.sig>


More information about the Standards mailing list