[Standards] OMEMO Key Agreement

Remko Tronçon remko at el-tramo.be
Wed May 31 08:43:35 UTC 2017

Hi Ignat,

So just for the record (because you didn't answer that question from my
> previous mail):
> This is only an implementation detail and has no relevant influence (aka,
> at most constant factor) on the cryptographic properties?

I'm not a cryptographer, but as far as my knowledge goes, this is correct.

> When changing the identity keys to Ed, will that mean that existing
> fingerprints will become invalid?

The keys (and so existing authentications) stay valid, but if there would
have been fingerprints printed, these would indeed become invalid. I'm not
sure if printing fingerprints is something that is done in practice today
with OMEMO anyway (as opposed to PGP).

That said, I think we still want to have a discussion at some point on how
to do fingerprinting anyway: verify each others public keys byte-by-byte
(what OMEMO clients do today), or create a shared fingerprint (like what
user-friendly clients like Signal do). Not that I have a strong opinion on

Also, as you seem to be very concered about implementation details,

I'm not 'just' concerned about technical ability of creating independent
implementations with reasonable effort, I'm also concerned about licensing
and legal issues. (see other thread(s); I'd like to avoid this discussion
in this thread and focus on the technical details of this compromise).

>  libsodium is native code only

All the primitives used are available in many languages, including Java.
Libsodium was just an example.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170531/56810858/attachment-0001.html>

More information about the Standards mailing list