On 13 Nov 2015, at 14:54, Thijs Alkemade <m...@thijsalkema.de> wrote: > Hi all, > > To get the ball rolling, I’ll play devil’s advocate for a bit here: it is > impossible to implement OMEMO from scratch by the current documentation alone. > “Axolotl” has no standard, and it appears Open Whisper Systems has no > intention of writing one. The few bits of documentation and blog posts that we > have are not enough to implement it and are outdated or wrong in some places. > > We had a new XEP a few weeks ago which people said was unacceptable because it > referred a NATO document that wasn’t publicly available, but now we have a XEP > that depends on a GPLv3 licensed library. To me, both things a similarly > problematic. Sure, the authors may be highly praised cryptographers, but I > don’t think we should trust them blindly enough to build a specification on > their work without being able to verify it, especially as it is very security > sensitive. > > What can we do about this?
Presumably we need to lobby them to publish a spec in some (stable/free) manner so that we’re able to use it in a XEP. /K