[Standards] OMEMO Key Agreement

Chris Ballinger chrisballinger at gmail.com
Wed May 31 20:16:37 UTC 2017


I think it's obvious at this point that making an independent
implementation of XEdDSA is possible without relying on any GPL OWS code.
There are only so many ways of writing extremely concise code (see the
rangeCheck function in Oracle v Google), so some similarities are
inevitable. Obviously translating code line-by-line is a derivative work,
but if you're implementing a crypto specification, there are only so many
ways to do a low level crypto operation without jumping through hoops to
look like you aren't copying some existing code.

This is all so ridiculous. If I arrange funding for a permissive XEdDSA
implementation and audit can we stop making personal attacks and move on
from this nonsense?

On Wed, May 31, 2017 at 12:59 PM, Dave Cridland <dave at cridland.net> wrote:

> On 31 May 2017 at 20:50, Sam Whited <sam at samwhited.com> wrote:
> > On Wed, May 31, 2017 at 2:35 PM, Dave Cridland <dave at cridland.net>
> wrote:
> >> I call bullshit.
> >>
> >> He copy and pasted some code (and the comments!).
> >>
> >> The fact he did this then submitted it to another project without
> >> attribution and flouting the licensing is actually besides the point -
> >> I have no idea in what parallel universe you can say that because
> >> someone can copy and paste the code from one file to another this
> >> means the spec is fine and anyone could knock out an implementation.
> >
> > Anyone with an Ed25519 library can already create an implementation,
> > as I've explained, none of that code is owed by OWS, it's all either
> > from the public domain reference implementation, or it's simple math
> > that many other libraries implement. If you're worried about copying a
> > handful of
> > lines from signal, go copy them from any other ed25519
> > implementation.
>
> I really appreciate you trying to explain which parallel universe I
> might have found myself in.
>
> But you did copy, amongst possibly other things, a constant-time
> conditional-swap routine, along with the comments, from the
> "additional" directory of a GPL library, so I can only assume that
> copyright law works an entirely different way in this parallel
> universe. Is it like patents in my universe, where a defence is that
> the invention is obvious to one skilled in the art? We don't have that
> defence for copyright in my universe.
>
> But your argument that XEdDSA is simple enough for anyone to implement
> by copying other people's code is noted.
>
> Dave.
> _______________________________________________
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: Standards-unsubscribe at xmpp.org
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170531/a7b684f6/attachment.html>


More information about the Standards mailing list