Re: [Standards] Proposed XMPP Extension: OMEMO Encryption
And it'd have helped if I'd put the URI: https://matrix.org/docs/spec/olm.html On 12 April 2016 at 19:18, Dave Cridland wrote: > > > On 12 April 2016 at 17:08, Fabian Beutel wrote: > >> Hey everyone, >> >> as I'm currently trying to implement OMEMO out of curiosity, I wanted to >> bring up a few points that might be of interest to the discussion: >> >> 1. There still seems to be no real protocol specification, but there has >> been a "whitepaper" by Whatsapp [1] that describes the protocol used, >> which is not suitable as a standards specification but is a nice >> introduction for understanding the protocol - if anyone is interested. >> >> > There is, however, "olm", from the Matrix folk. This is a direct copy of > Axolotl, except done as a decent spec and with (I think) a > liberally-licensed reference implementation. Should be fully compatible > with Signal's. > > If we can (nominally) switch to Olm, I'm actually quite happy with this > spec (given the current absence of any proxy re-encryption stuff). > > >> 2. A minor issue, but as you probably know, the people from >> OpenWhisperSystems have renamed their protocol from Axolotl to Signal >> and seem to be eager to push these changes throughaut their repositories. >> An updated OMEMO proposal should probably reflect that change, as >> references to Axolotl may become less clear when the Signal-people >> remove all appearences of the old name. >> >> 3. There have been discussions on this list to use v2 of the Axolotl >> protocol. However, it seems that the OWS people have removed support for >> v2 from most of their libraries ([2] for the Java lib, [3] for the C >> lib). That could indeed be a problem if v2 would be the default version, >> as probably most people will want to rely on the reference >> implementations... >> >> Best regards, >> Fabian >> >> >> [1] https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf >> [2] >> >> https://github.com/WhisperSystems/libsignal-protocol-java/commit/87b5b940fbf9624ad0302721f6e54d7e5250df70 >> [3] >> >> https://github.com/WhisperSystems/libsignal-protocol-c/commit/57d85a0dc81a4e6d59ac20633a08040f57a29ddb >> ___ >> Standards mailing list >> Info: http://mail.jabber.org/mailman/listinfo/standards >> Unsubscribe: standards-unsubscr...@xmpp.org >> ___ >> > > ___ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] Proposed XMPP Extension: OMEMO Encryption
On 12 April 2016 at 17:08, Fabian Beutel wrote: > Hey everyone, > > as I'm currently trying to implement OMEMO out of curiosity, I wanted to > bring up a few points that might be of interest to the discussion: > > 1. There still seems to be no real protocol specification, but there has > been a "whitepaper" by Whatsapp [1] that describes the protocol used, > which is not suitable as a standards specification but is a nice > introduction for understanding the protocol - if anyone is interested. > > There is, however, "olm", from the Matrix folk. This is a direct copy of Axolotl, except done as a decent spec and with (I think) a liberally-licensed reference implementation. Should be fully compatible with Signal's. If we can (nominally) switch to Olm, I'm actually quite happy with this spec (given the current absence of any proxy re-encryption stuff). > 2. A minor issue, but as you probably know, the people from > OpenWhisperSystems have renamed their protocol from Axolotl to Signal > and seem to be eager to push these changes throughaut their repositories. > An updated OMEMO proposal should probably reflect that change, as > references to Axolotl may become less clear when the Signal-people > remove all appearences of the old name. > > 3. There have been discussions on this list to use v2 of the Axolotl > protocol. However, it seems that the OWS people have removed support for > v2 from most of their libraries ([2] for the Java lib, [3] for the C > lib). That could indeed be a problem if v2 would be the default version, > as probably most people will want to rely on the reference > implementations... > > Best regards, > Fabian > > > [1] https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf > [2] > > https://github.com/WhisperSystems/libsignal-protocol-java/commit/87b5b940fbf9624ad0302721f6e54d7e5250df70 > [3] > > https://github.com/WhisperSystems/libsignal-protocol-c/commit/57d85a0dc81a4e6d59ac20633a08040f57a29ddb > ___ > Standards mailing list > Info: http://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > ___ > ___ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] Proposed XMPP Extension: OMEMO Encryption
Hey everyone, as I'm currently trying to implement OMEMO out of curiosity, I wanted to bring up a few points that might be of interest to the discussion: 1. There still seems to be no real protocol specification, but there has been a "whitepaper" by Whatsapp [1] that describes the protocol used, which is not suitable as a standards specification but is a nice introduction for understanding the protocol - if anyone is interested. 2. A minor issue, but as you probably know, the people from OpenWhisperSystems have renamed their protocol from Axolotl to Signal and seem to be eager to push these changes throughaut their repositories. An updated OMEMO proposal should probably reflect that change, as references to Axolotl may become less clear when the Signal-people remove all appearences of the old name. 3. There have been discussions on this list to use v2 of the Axolotl protocol. However, it seems that the OWS people have removed support for v2 from most of their libraries ([2] for the Java lib, [3] for the C lib). That could indeed be a problem if v2 would be the default version, as probably most people will want to rely on the reference implementations... Best regards, Fabian [1] https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf [2] https://github.com/WhisperSystems/libsignal-protocol-java/commit/87b5b940fbf9624ad0302721f6e54d7e5250df70 [3] https://github.com/WhisperSystems/libsignal-protocol-c/commit/57d85a0dc81a4e6d59ac20633a08040f57a29ddb ___ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
[Standards] Proposed XMPP Extension: OpenPGP for XMPP Instant Messaging
The XMPP Extensions Editor has received a proposal for a new XEP. Title: OpenPGP for XMPP Instant Messaging Abstract: Specifies a OpenPGP for XMPP (XEP-OX) profile for the Instant Messaging (IM) use case. URL: http://xmpp.org/extensions/inbox/openpgp-im.html The XMPP Council will decide in the next two weeks whether to accept this proposal as an official XEP. ___ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
[Standards] Proposed XMPP Extension: OpenPGP for XMPP
The XMPP Extensions Editor has received a proposal for a new XEP. Title: OpenPGP for XMPP Abstract: Specifies end-to-end encryption and authentication of data with the help of OpenPGP, announcement, discovery and retrieval of public keys and a mechanism to synchronize secret keys over multiple devices. URL: http://xmpp.org/extensions/inbox/openpgp.html The XMPP Council will decide in the next two weeks whether to accept this proposal as an official XEP. ___ Standards mailing list Info: http://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___