We can make everyone happy, if we just ask around and find someone that is willing to add XEdDSA to OLM.
1. Then we have it in a lib with a license that makes us happy 2. We can write the XEP so that libsignal and OLM can be used. 3. Even the Matrix people would probably use it for their protocol So lets do this. thanks, Philipp 2017-05-26 19:15 GMT+02:00 Remko Tronçon <re...@el-tramo.be>: > > crypto is subtle, and it can be very easy to make mistakes that have >> catastrophic consequences. >> > ... >> I haven't finished or tested it yet >> > > This doesn't really give me much more confidence to be honest. > > I understand that copy pasting code and to get a working version of the > pseudocode is easy. The devil, however, is in the details, as you say. And > this isn't just > about code, but also about distributing the (crypto) code, which also comes > with subtleties. > > If you already have an ed25519 imlementation >> > > Doesn't the spec say that you shouldn't rely on ed25519 implementations > for verifying signatures? > > >> being able to use a single key for both ECDH and signatures is really >> nice. >> > > I don't understand yet why this is 'nice', so maybe someone should explain > it to me. > AFAICT, there's no difference from the user's POV (both cases have a > single key > that is used to authenticate), and I always found a simple 3DH combined > with a standard > Ed25519 signature verification easier to grasp than X3DH. > But maybe there's a security implication that makes the latter better? > > thanks, > Remko > > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > _______________________________________________ > >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
