Hi all, To get the ball rolling, I’ll play devil’s advocate for a bit here: it is impossible to implement OMEMO from scratch by the current documentation alone. “Axolotl” has no standard, and it appears Open Whisper Systems has no intention of writing one. The few bits of documentation and blog posts that we have are not enough to implement it and are outdated or wrong in some places.
We had a new XEP a few weeks ago which people said was unacceptable because it referred a NATO document that wasn’t publicly available, but now we have a XEP that depends on a GPLv3 licensed library. To me, both things a similarly problematic. Sure, the authors may be highly praised cryptographers, but I don’t think we should trust them blindly enough to build a specification on their work without being able to verify it, especially as it is very security sensitive. What can we do about this? Regards, Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
