[Standards] OMEMO Key Agreement (v2)

Dave Cridland dave at cridland.net
Wed May 31 21:15:26 UTC 2017


On 31 May 2017 at 21:46, Sam Whited <sam at samwhited.com> wrote:
> Unfortunately none of us are so we do the best we can and hope that
> audits will find any mistakes we've made.

I have to admit I'm somewhat sceptical on the value of audits. I
appreciate that "audited code" looks good, and is very valuable when
advertising in some markets, in the same way as stamping "military
grade XYZ" always brings in the bucks. I also appreciate that, less
cynically, it is, presumably, a code review from someone who knows the
subject material.

However, drop support into OpenSSL, for example, or libsodium, or
BouncyCastle, and you'll get that level of review, many times over.

I don't think we'll get that from XEd25519. Ed25519 on its own is well
used, and slated to become even more so. As I said in the other
thread, sticking with XEdDSA seems to only help us in the very short
term.

Dave.


More information about the Standards mailing list