[Standards] OMEMO and Olm

Remko Tronçon remko at el-tramo.be
Fri May 26 17:15:06 UTC 2017

> crypto is subtle, and it can be very easy to make mistakes that have
> catastrophic consequences.
> I haven't finished or tested it yet

This doesn't really give me much more confidence to be honest.

I understand that copy pasting code and to get a working version of the
pseudocode is easy. The devil, however, is in the details, as you say. And
this isn't just
about code, but also about distributing the (crypto) code, which also comes
with subtleties.

If you already have an ed25519 imlementation

Doesn't the spec say that you shouldn't rely on ed25519 implementations
for verifying signatures?

> being able to use a single key for both ECDH and signatures is really nice.

I don't understand yet why this is 'nice', so maybe someone should explain
it to me.
AFAICT, there's no difference from the user's POV (both cases have a single
that is used to authenticate), and I always found a simple 3DH combined
with a standard
Ed25519 signature verification easier to grasp than X3DH.
But maybe there's a  security implication that makes the latter better?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170526/dd142c91/attachment-0001.html>

More information about the Standards mailing list