Re: [Standards] Don't let today be the day we bury OMEMO

[Germán Márquez Mejía]

Am Mittwoch, den 07.06.2017, 17:03 +0100 schrieb Kevin Smith:
> Hi Flo,
> 
> This feels somewhat like trying to torpedo the current compromise
> that’s on the table, so I’d like to make some comments.

This is a legitimate appeal to the council. Not less, not more. Please
don't try to put such an intrigue note to Flo's words.

signature.asc
Description: This is a digitally signed message part
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] OMEMO Key Agreement

[Germán Márquez Mejía]

Am Mittwoch, den 31.05.2017, 20:35 +0200 schrieb Remko Tronçon:
> To be honest, I still think it'd be suboptimal. 
It may be suboptimal for you in your unpublished implementation, but
the alternative would be more than suboptimal for all the already
deployed implementations.

> It would make the XEP still dependent on a single (liberal) reference
> implementation, in a single language.
In successful cases like X3DH/DR it is usually not a "single"
implementation but the first one of more to come. It also isn't a
"reference" implementation. XEdDSA has a spec in the public domain.

> I'd much rather depend on standards that are widely accepted and
> available,
That's the thing with innovation. You just can't stay forever on DES ;)

> to give OMEMO the broadest chance of implementation and deployment.
It's not like we have to give OMEMO a chance. It is looking pretty good
already.


signature.asc
Description: This is a digitally signed message part
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] OMEMO Key Agreement

[Germán Márquez Mejía]

Am Mittwoch, den 31.05.2017, 11:26 -0700 schrieb Chris Ballinger:
> What if instead of all this, we just funded a liberally licensed
> XEdDSA reference implementation and got it audited? The spec is
> public now so there's nothing stopping us. Given the narrow scope,
> the line count should be small enough for the audit to be
> "inexpensive". I helped arrange some public funding for the Olm
> audit, and could reach out to some of those people because it fits
> within the same mission.

That would be perfect!

signature.asc
Description: This is a digitally signed message part
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] OMEMO and Olm

[Germán Márquez Mejía]

Hi,

Am Donnerstag, den 25.05.2017, 15:53 +0200 schrieb Vanitas Vitae:
> So if that last part is resolved (which shouldn't be a big deal),
> then
> Andys PR would be an accpetable compromise for everyone, am I right?

It is acceptable for me.

+1


Mancho

signature.asc
Description: This is a digitally signed message part
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] OMEMO and Olm

[Germán Márquez Mejía]

Hi,

Thank you for making these clarifications.

Am 24.05.2017 um 22:55 schrieb Andreas Straub:
> First, for a bit of additional background, I suppose I should clear up
> the misconception that (under my proposed changes) OMEMO would be
> "moving away from OLM". As far as I'm concerned, OMEMO wasn't ever
> actually on OLM.

I would like to stress this point. I think it has been missed by some
people, which has led to believe that the proposed changes are a step
backwards.

Mancho




signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] OMEMO and Olm

[Germán Márquez Mejía]

Hi all,

Am 18.05.2017 um 22:35 schrieb Remko Tronçon:
> Hi Andrey,
> 
> My 2 cents:
> 
> -  For [5] (brought up by Germán Máquez Mejía): Things like 'trial and
> error' sound like a bad idea if they can be avoided, especially in a
> spec around encryption. I addressed this by adding the recipient JID in
> the key elements in PR #463, which guarantees the keys are
> collision-free (as device IDs are guaranteed to be unique per JID).

The idea behind the "trial and error" approach (already taken into
account in PR #460) was not to be so verbose with the JIDs. Remko's
approach simplifies the logic quite a bit and seems a reasonable
solution. My only question is: Are there any potential privacy issues
here? I don't see any, but maybe someone would.

BTW I just submitted my bachelor thesis on this topic:

https://userpage.fu-berlin.de/mancho/OMEMO.pdf (in German)

> 
> thanks,
> Remko
> 
> 
> On 18 May 2017 at 12:57, Andrey Gursky  > wrote:
> 
> Hi,
> 
> On Wed, 17 May 2017 16:59:53 +0100 Dave Cridland wrote:
> 
> [ cut ]
> 
> > A lengthy discussion ensued on this list, involving both Matthew
> > Hodgson and others who clearly know a lot more about Crypto than I do.
> > None of their arguments were answered. Remko supplied a PR to match
> > these. It seems to be being ignored, then rejected out of hand.
> 
> My emails [1..4] and an email from another one [5] regarding OMEMO
> remained also without a response.
> 
> Trying to discuss a quick fix of OMEMO jingle file-transfer was also
> not welcome [6] :(
> 
> [ cut ]
> 
> Regards,
> Andrey
> 
> 
> [1]
> https://mail.jabber.org/pipermail/standards/2016-December/031723.html 
> 
> [2]
> https://mail.jabber.org/pipermail/standards/2016-December/031724.html 
> 
> [3]
> https://mail.jabber.org/pipermail/standards/2016-December/031725.html 
> 
> [4]
> https://mail.jabber.org/pipermail/standards/2016-December/031736.html 
> 
> [5]
> https://mail.jabber.org/pipermail/standards/2016-December/031739.html 
> 
> [6]
> https://mail.jabber.org/pipermail/standards/2016-December/031737.html 
> 
> ___
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> 
> Unsubscribe: standards-unsubscr...@xmpp.org
> 
> ___
> 
> 
> 
> 
> ___
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: standards-unsubscr...@xmpp.org
> ___
> 



signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___