[Standards] OMEMO and Olm

Dave Cridland dave at cridland.net
Thu May 25 08:56:16 UTC 2017

On 25 May 2017 at 08:26, Florian Schmaus <flo at geekplace.eu> wrote:
> On 25.05.2017 08:04, Remko Tronçon wrote:
>> On 24 May 2017 at 22:55, Andreas Straub <andy at strb.org
>> <mailto:andy at strb.org>> wrote:
>>     Yes, it's true that there's currently no such thing for XEdDSA, but
>>     is this actually a concrete problem for anyone?
>> Yes. I obviously can't speak for all the other clients that currently
>> don't support OMEMO, but for Swift, XEdDSA is blocking OMEMO support for
>> both technical and legal reasons.
> Care to elaborate on these technical and legal reasons?
>>> I just don't see the major implementations switching over any time soon
>> I have serious doubts that at least one of them won't have to do *some*
>> significant work to get rid of the libsignal dependency to be legally in
>> order, which will mean implementing the ratchet and XEdDSA itself
>> (unless a library emerges that implements this all from scratch).
> Why do you think the existing implementations using libsignal are not
> legally in order?

I think Smack, while legally in order, is in trouble here.

I know Florian knows this, but for the benefits of others:

Smack is Apache-licensed and clearly advertised as such. Its OMEMO
implementation (not yet, I think, merged) relies on libsignal, like
everyone else's. It's been encapsulated as an optional plugin behind
an API, so that in principle one could eventually replace the
libsignal portions, and one need not use it at all - but if a program
is built using Smack with its OMEMO implementation, that program has
to obtain Smack under a GPL license, and therefore itself be licensed
exclusively under the GPL.

Legally, this is all fine, of course, but I'm willing to bet that the
subtleties of OMEMO licensing within Smack cause at least one program
to inadvertently break the license.

> - Florian
