On 5 September 2016 at 09:46, Goffi <[email protected]> wrote: > Le lundi 5 septembre 2016, 10:12:24 CEST Peter Waher a écrit : >> Hello >> >> Does anybody on this list have experience using the Signal protocol >> (previously axolotl protocol), from Open Whisper Systems, together with >> XMPP for end-to-end encryption? As there’s work being done on this list >> concerning end-to-end encryption (OpenPGP & OTR), it might be of interest >> to have an alternative for those that want to use Signal as well. It’s >> currently being tested by both Facebook and WhatsApp, and is recommended by >> several notable people. >> >> Best regards, >> Peter Waher > > Hi Peter, > > There is work done on OMEMO by Conversations team, which is XMPP version of > axolotl. There has been a protoXEP, but it has not yet official number because > it's currently depending on copyleft library (if I'm not mistaken). Daniel > Gultsh from Conversations has recently announced that OMEMO has been audited. > > Gajim has also an implementation, for now it's the 2 only ones (to my > knowledge), but other clients are planing to do implementation. >
We discussed at length in the xsf@ chatroom. The summary is: * The OMEMO ProtoXEP was largely blocked because there's no specification for Axolotl/Signal/whatever, just a single implementation which is GPL licensed - thus it is not an open standard. * There was a suggestion to use the specified v2 protocol, but that has problems itself, and concerned many of us that we might miss crucial security improvements. * The Matrix people have done "Olm", which has a public specification, and would be wire compatible if it weren't for the fact it uses a different Initialization Vector just so it's not, because Moxie asked nicely. There were then some rightly sarcastic comments on the nature of Moxie Marlinspike's interpretation of the word "open". From a technical standpoint, OMEMO seems OK. From a standardization one, I think we need to switch (and switch existing implementations) to an Olm-based OMEMO variant. Dave. > > Goffi > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
