On 25 May 2017 at 14:15, Daniel Gultsch <dan...@gultsch.de> wrote: > 2017-05-25 14:56 GMT+02:00 Dave Cridland <d...@cridland.net>: >> Proponents of XEdDSA (and libsignal) have repeatedly made the claim >> that building an XEdDSA implementation is both safe and >> straightforward. >> >> My concern is that nobody has done so. >> >> There might be perfectly sound reasons for this, such as everyone >> working on this has a particular desire for GPL'd output. I'm not sure >> that thrills me, but still. > > I wouldn't say particular desire for GPL but rather 'not being bothered' by > GPL. > All current OMEMO implementations are 'traditional' open source > clients that are either GPL already or can live with a GPL > re-licensing when OMEMO is enabled. >
Including one Apache-licensed library, though. > It's perfectly understandable that those clients are picking the path > of least resistance and are going with a libsignal-protocol variant. > This does not however speak in any form towards the (im)possibility to > create an ODR library based on Olm. > I get that this is the path of least resistance for clients that are already GPL. Seems really odd for it to be the path of least resistance when it involves relicensing. > On top of that the ODR version of the XEP hasn't even been published > yet, thus the fact that there is no XEdDSA library only speaks for the > lack of interest. Perhaps. Ed25519 and EdDSA are used (or proposed to be) in many places (DNSSEC, TLS, etc), so it *is* natural that it's implemented much more widely. But of course, that also raises the question of why XEdDSA is not proposed in DNSSEC, TLS, and so on. I suspect it's just fashion, but it'd make me a lot happier to be using crypto primitives that everyone else was, too, nonetheless. Dave. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________