Hi all, So, first off, I was wrong. The summary is that the Signal Protocol (and the IV values, in particular) is most likely not to be encumbered. While it's not 100% clear, the balance of evidence is that a non-GPL implementation that is fully compatible could be written.
A number of people had conversations with Matthew of Matrix over the past weekend, and while I'll paraphrase what I think he said to me, I'd note that others have slightly different interpretations, so please accept that some details may differ - the essentials are the same, though. 1) Wire: It's not clear why the legal spat started between Wire and OWS, but it seems that the position of OWS was that it was a line-by-line port, and therefore a derivative work in the meaning of copyright. 2) Olm: Matthew has, via email, an assertion that OWS would not attempt any legal action if the license were followed. While Matrix's implementation does indeed change the IVs (Initialization Vectors; constants used to "prime" the encryption), this was done partly out of an abundance of caution, and partly because OWS indicated that Signal would never willingly federate, lessening the need for interoperability. Olm has a proven specification - people have implemented Olm from the specifications alone. I now believe, therefore, that using the same IVs is probably safe legally. Therefore, I propose: a) OMEMO is fine as it is from a legal perspective. b) OMEMO (and OMEMO 2) should reference Olm as the specification, and simply provide the new IVs. While I would be more comfortable using Olm's IVs, this is - like Matrix - out of an abundance of caution. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
