Thanks, I that clears some things up for me, not so worrisome after all, I
now believe that the users are properly authenticated. I have thought
about the Matrix protocol with seperated DH/signing keys some more and
discussed it with a colleague and we believe it is fine. A very minor
points
On 6 Jun 2017 14:14, "Richard van der Hoff" wrote:
At the risk of turning the standards list into a forum discussing the finer
points of cryptographic key exchange, I thought it might be useful weigh in
on some of the issues raised, in the hope of clearing up some confusion.
Hi Goffi!
I actually already thought about the securiy element as well. It seems
like there are two different possibilities here:
* Implement the security element
o - leaves metadata in the clear
o + more flexible and easier to implement
o + integrates better into existing
On 6/2/17 9:18 PM, Sebastian Verschoor wrote:
I also noted that although Olm has been audited [9], the scope of the
audit only concerns the double ratchet. Given that Olm differs from
Signal only in the handshake, I find this strange. Has the handshake
not been audited? Am I missing
Le dimanche 4 juin 2017, 15:01:45 CEST Vanitas Vitae a écrit :
> Hi!
>
> As part of my GSoC project I'd like to think of a way to enable
> end-to-end encrypted Jingle file transfer. [...]
Hi,
really nice to see somebody working on that. I haven't read your stuff in
details yet (running out of
At the risk of turning the standards list into a forum discussing the
finer points of cryptographic key exchange, I thought it might be useful
weigh in on some of the issues raised, in the hope of clearing up some
confusion.
As Matthew has previously said: it's certainly not our intention to
While based on the old eSessions specification, it might well be worth
looking at XEP-0200 for full-stanza encryption. ISTR it was implemented by
Gajim back in the day, but I may be wrong - this specification was last
updated just over a decade ago.#, and my memory really isn't *that* good...
On
Hi Sebastian,
> I was going to suggest using seperate key-pairs: one for signing and one
for DH. However, upon closer inspection it seems that the
X3DH-specification requires XEdDSA signatures (https://whispersystems.org/
docs/specifications/x3dh/#cryptographic-notation), so if you did that you