[Standards] OMEMO Key Agreement

Daniel Gultsch daniel at gultsch.de
Wed May 31 15:42:32 UTC 2017


2017-05-31 16:38 GMT+02:00 Remko Tronçon <remko at el-tramo.be>:
> On 31 May 2017 at 16:24, Sam Whited <sam at samwhited.com> wrote:
>>
>> FWIW, this all sounds reasonable to me, but it still sounds like
>> trying to solve a problem that doesn't exist.
>
>
> The problem still very much exists, but I'd rather not derail this thread
> again.
> At least for my part, the concerns haven't been addressed in the other
> thread.

So the 'problem' here is that there is no audited, liberally licensed
implementation of XEdDSA.
The proposed solution would pretty much invalid the OMEMO protocol
audit (since important crypto parts are being changed)
In one case one would have to audit ~10 lines of C code. In the other
one would have to re-audit the entire protocol.

Also you can't implement ODR from crypto primitives without having it
audited anyway. Just because you are using libsodium or something like
that doesn't mean you can't make mistakes. And when having your ODR
implementation audited it doesn't seem to make too much of a
difference to have them audit the 10 extra lines it takes to implement
XEdDSA.


More information about the Standards mailing list