Dear editors, I have a question regarding Section 6, which states: "it may be desirable to have the library consider all keys trusted, effectively disabling its trust management" The paragraph right below (in Section 7) then describes an attack that can occur if a device simply trusts all devices. These paragraphs appear to contradict each other.
Furthermore, the attack described in the first paragraph of Section 7 is precisely the attack that was described in the security audit of the OMEMO protocol (See Section 2.2.3 of https://conversations.im/omemo/audit.pdf). I believe that a reference to that audit (or another form of acknowledgement) is in order here. Best regards, Sebastian ps. Full disclaimer: I am the author of the mentioned security audit. On 31 October 2016 at 11:24, XMPP Extensions Editor <[email protected]> wrote: > The XMPP Extensions Editor has received a proposal for a new XEP. > > Title: OMEMO Encryption > > Abstract: This specification defines a protocol for end-to-end encryption > in one-on-one chats that may have multiple clients per account. > > URL: http://xmpp.org/extensions/inbox/omemo.html > > The council will decide in the next two weeks whether to accept this > proposal as an official XEP. > > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
