[Standards] OMEMO Key Agreement

Ignat Gavrilov ignat.gavrilov at mailfence.com
Wed May 31 08:10:18 UTC 2017


Hi Remko,

So just for the record (because you didn't answer that question from my previous mail):
This is only an implementation detail and has no relevant influence (aka, at most constant factor) on the cryptographic properties?

When changing the identity keys to Ed, will that mean that existing fingerprints will become invalid? These keys have been printed and/or put on websites that are not easily editable, so this should be considered. Just the fact that you can convert the keys doesn't mean that the fingerprints can stay valid.
If I understand you right, you want to implement OMEMO in a not downwards-compatible manner and thus won't be able to show/compare the old fingerprints?

Also, as you seem to be very concered about implementation details, you are aware of the fact that libsignal is available in multiple languages/platforms whereas libsodium is native code only, so there are some cases where you can not easily drop in the code from libsodium.

Ignat

"Remko Tronçon" <remko at el-tramo.be> wrote:
Hi Ignat,

can you please describe the concrete benefits of your approach?

It gets rid of the non-standard XEdDSA dependency, which is blocking me (and likely others) in creating independent implementations that don't depend on libsignal. (see the other threads for my reasons).
 
The only difference I can spot is that it's more implementation work for those that use libsignal (which at this point in time seems to be all implementations) and less for libsodium (which happens to not implement many other parts of the protocol as well and thus require a lot of work nonetheless).

Libolm implements the rest of the protocol. I used libsodium to prove that anyone can create an independent implementation. If you want to use libolm, you'd need to change the 3DH to X3DH (same as in the prototype), and pass in an extra key (Olm doesn't have signed one-time prekeys).

So it's a little bit of work for libsignal, and a bit more work for libolm. It's a compromise.

Remko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170531/5967c644/attachment.html>


More information about the Standards mailing list