New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Omemo / Axolotl #376

Closed
ghost opened this Issue Sep 15, 2015 · 74 comments

Comments

Projects
None yet
@ghost

ghost commented Sep 15, 2015

It would be so great if ChatSecure supported Conversation's Omemo protocol for multi-party, multi-device OTR.

@chrisballinger chrisballinger changed the title from Implement Omemo to Implement Omemo / Axolotl Sep 15, 2015

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Sep 15, 2015

Member

It's on the roadmap! 🎉

Member

chrisballinger commented Sep 15, 2015

It's on the roadmap! 🎉

@tristan-k

This comment has been minimized.

Show comment
Hide comment
@tristan-k

tristan-k Jan 22, 2016

Soon we will be implementing OMEMO Encryption in ChatSecure iOS, and immediately contributing our OMEMO XEP code upstream to XMPPFramework so that other apps can benefit. We plan to utilize the pre-existing Objective-C library AxolotlKit, written by Frederic Jacobs, that has been used in production since the release of Open Whisper System’s Signal v2.0 for iOS. Unfortunately AxolotlKit is still currently GPL (and therefore not redistributable to the App Store) so this work is on hold until we can negotiate a change to an App Store-comptible copyleft license like LGPLv2 or MPL 2.0 from Fred and Moxie.

Written by Chris Ballinger — OCTOBER 02, 2015

Any update on this matter? Even though AxolotlKit is not redistributable in the App Store, why not make it possible to sideload the app for the more tech-savvy people?

Soon we will be implementing OMEMO Encryption in ChatSecure iOS, and immediately contributing our OMEMO XEP code upstream to XMPPFramework so that other apps can benefit. We plan to utilize the pre-existing Objective-C library AxolotlKit, written by Frederic Jacobs, that has been used in production since the release of Open Whisper System’s Signal v2.0 for iOS. Unfortunately AxolotlKit is still currently GPL (and therefore not redistributable to the App Store) so this work is on hold until we can negotiate a change to an App Store-comptible copyleft license like LGPLv2 or MPL 2.0 from Fred and Moxie.

Written by Chris Ballinger — OCTOBER 02, 2015

Any update on this matter? Even though AxolotlKit is not redistributable in the App Store, why not make it possible to sideload the app for the more tech-savvy people?

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Feb 8, 2016

I am also waiting very eagerly that Conversations will get another app which supports OMEMO/Axolotl over XMPP.

Any news about this for chatsecure/ZOM (esp. for iOS) as the last official announcement is from october 2015

therob84 commented Feb 8, 2016

I am also waiting very eagerly that Conversations will get another app which supports OMEMO/Axolotl over XMPP.

Any news about this for chatsecure/ZOM (esp. for iOS) as the last official announcement is from october 2015

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Feb 8, 2016

Member

This work is semi-permanently on hold because of the license conflict. Moxie said that the public specification for Axolotl is incomplete, so it will be impossible for us to produce an alternative implementation that isn't a derivative work of one of the GPL libraries.

Member

chrisballinger commented Feb 8, 2016

This work is semi-permanently on hold because of the license conflict. Moxie said that the public specification for Axolotl is incomplete, so it will be impossible for us to produce an alternative implementation that isn't a derivative work of one of the GPL libraries.

@amenk

This comment has been minimized.

Show comment
Hide comment
@amenk

amenk Feb 8, 2016

Can you explain? Isn't this thing here GPL? And why can't you use their axolotl implementation?

amenk commented Feb 8, 2016

Can you explain? Isn't this thing here GPL? And why can't you use their axolotl implementation?

@amenk

This comment has been minimized.

Show comment
Hide comment
@amenk

amenk Feb 8, 2016

Okay. I read above that AppStore does not allow GPL.. Sorry for the noise

amenk commented Feb 8, 2016

Okay. I read above that AppStore does not allow GPL.. Sorry for the noise

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Feb 9, 2016

Thanks for clarification, Chris!
Although I like the idea that AppleIstore is/do not allowed to use GPL software, in this special case it is a pain, that the great OMEMO (Axolotl) protocol cannot be ported to any of the iOS Apps.....and thus is been hindered to become a more widespread alternative for XMPP...at least for iPhone users...which I unfortunately have in my circle of friends...

@chrisballinger Do you think there will be a breakthrough in porting OMEMO to any iOS App in the next....months? Or should we lay it to the graves?

btw: What I don't understand: e.g. Whattsapp also uses Axolotl encryption of TextSecure/Signal/OpenWhisperSystem, which also should be licensed under GPL, but is allowed in the AppleStore?
Where is the difference? Here are some more infos about, but not that I do understand it in detail :-/

therob84 commented Feb 9, 2016

Thanks for clarification, Chris!
Although I like the idea that AppleIstore is/do not allowed to use GPL software, in this special case it is a pain, that the great OMEMO (Axolotl) protocol cannot be ported to any of the iOS Apps.....and thus is been hindered to become a more widespread alternative for XMPP...at least for iPhone users...which I unfortunately have in my circle of friends...

@chrisballinger Do you think there will be a breakthrough in porting OMEMO to any iOS App in the next....months? Or should we lay it to the graves?

btw: What I don't understand: e.g. Whattsapp also uses Axolotl encryption of TextSecure/Signal/OpenWhisperSystem, which also should be licensed under GPL, but is allowed in the AppleStore?
Where is the difference? Here are some more infos about, but not that I do understand it in detail :-/

@amenk

This comment has been minimized.

Show comment
Hide comment
@amenk

amenk Feb 9, 2016

@therob84 It thinks WhatsApp does not encrypt end-to-end when chatting with iOS users
https://www.quora.com/Is-WhatsApp-encrypted-for-iPhone

amenk commented Feb 9, 2016

@therob84 It thinks WhatsApp does not encrypt end-to-end when chatting with iOS users
https://www.quora.com/Is-WhatsApp-encrypted-for-iPhone

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Feb 9, 2016

therob84 commented Feb 9, 2016

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Feb 9, 2016

Member

Open Whisper Systems owns the full copyright on AxolotlKit so they can relicense it for distribution on the App Store for their own apps. They are currently licensing libaxolotl-java to WhatsApp for the Android version, but for whatever reason haven't yet done the same for WhatsApp iOS and AxolotlKit. I've been told there are no near-term plans to license AxolotlKit to other apps.

However, there may be a light at the end of the tunnel: https://github.com/SilentCircle/libsalamander

It appears that the Silent Circle team has implemented their own version of Axolotl using only the public specification and (presumably) avoided any reverse engineering of the GPL code. It is licensed Apache 2.0 so it could be used without issue on the App Store. I'm not sure if the key exchange is compatible with libaxolotl-java, among other things, so there is a chance it may not be compatible with Conversations current implementation of OMEMO.

Member

chrisballinger commented Feb 9, 2016

Open Whisper Systems owns the full copyright on AxolotlKit so they can relicense it for distribution on the App Store for their own apps. They are currently licensing libaxolotl-java to WhatsApp for the Android version, but for whatever reason haven't yet done the same for WhatsApp iOS and AxolotlKit. I've been told there are no near-term plans to license AxolotlKit to other apps.

However, there may be a light at the end of the tunnel: https://github.com/SilentCircle/libsalamander

It appears that the Silent Circle team has implemented their own version of Axolotl using only the public specification and (presumably) avoided any reverse engineering of the GPL code. It is licensed Apache 2.0 so it could be used without issue on the App Store. I'm not sure if the key exchange is compatible with libaxolotl-java, among other things, so there is a chance it may not be compatible with Conversations current implementation of OMEMO.

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Feb 9, 2016

Thanks Chris for your kind and detailed reply.
So for non-programming users do you see anything which could be done to accelerate this process?

therob84 commented Feb 9, 2016

Thanks Chris for your kind and detailed reply.
So for non-programming users do you see anything which could be done to accelerate this process?

@tristan-k tristan-k referenced this issue in anurodhp/Monal Feb 11, 2016

Open

XEP-xxxx: OMEMO Encryption #9

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Mar 24, 2016

@chrisballinger: Can you provide us with any progress or promising news as an easter surprise about the OMEMO-topic in ChatSecure for iOS or about libsalamander?

As I can't convince quite some people to use ChatSecure without supporting OMEMO under iOS, I find it a more and more urgent issue...Would be glad to read arguments for holding up hope....
Have nice eastern, cheers!

@chrisballinger: Can you provide us with any progress or promising news as an easter surprise about the OMEMO-topic in ChatSecure for iOS or about libsalamander?

As I can't convince quite some people to use ChatSecure without supporting OMEMO under iOS, I find it a more and more urgent issue...Would be glad to read arguments for holding up hope....
Have nice eastern, cheers!

@dxerw

This comment has been minimized.

Show comment
Hide comment
@dxerw

dxerw Mar 30, 2016

Damn the licensing..

dxerw commented Mar 30, 2016

Damn the licensing..

@dxerw

This comment has been minimized.

Show comment
Hide comment
@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Apr 3, 2016

@dxerw .... can you comment on this in any way? Is it connnected with libsalamander?
Does it bring us nearer to OMEMO@iOS while beeing compatibel witht OMEMO@Conversations@Android?

Would be great, but I have not enough information on this to be near-term-optimist.......

therob84 commented Apr 3, 2016

@dxerw .... can you comment on this in any way? Is it connnected with libsalamander?
Does it bring us nearer to OMEMO@iOS while beeing compatibel witht OMEMO@Conversations@Android?

Would be great, but I have not enough information on this to be near-term-optimist.......

@therob84 therob84 referenced this issue in anurodhp/Monal Apr 10, 2016

Closed

Otr #28

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Apr 10, 2016

Member

@therob84 It is literally impossible to make something compatible with the current OMEMO spec due to Open Whisper System's decision about licensing SignalProtocolKit. Even if we use another library implementing the Axolotl ratchet, the details of each implementation's protocol and handshake are different and incompatible.

Member

chrisballinger commented Apr 10, 2016

@therob84 It is literally impossible to make something compatible with the current OMEMO spec due to Open Whisper System's decision about licensing SignalProtocolKit. Even if we use another library implementing the Axolotl ratchet, the details of each implementation's protocol and handshake are different and incompatible.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Apr 10, 2016

Member

I just had an absolutely crazy idea that could potentially get around this issue. Legally it will probably not hold up in court, so this is more of a thought experiment.

The main issue with distributing other people's GPL code on the App Store is GPL section 6 which says "You may not impose any further restrictions on the recipients' exercise of the rights granted herein". The App Store imposes further restrictions regardless of a developer wants them in their release.

The only way to distribute this code without violating the GPL via Apple's restrictions would be to download an external JavaScript AxolotlV3 library on first launch and execute it via JavaScriptCore. The source code distribution would be a free download from an external server containing no restrictions on use. Regardless how the "linking" step is interpreted when running GPL code in a JavaScript interpreter that bridges to Obj-C, it will be the end user doing the linking after the original App Store binary distribution has occurred. The resulting combination cannot be redistributed, but that will fall on the end user and not the app distributor.

This would be similar to how proprietary programs can be used with GPL plugins as long as they are distributed separately and linked by the end user.

Member

chrisballinger commented Apr 10, 2016

I just had an absolutely crazy idea that could potentially get around this issue. Legally it will probably not hold up in court, so this is more of a thought experiment.

The main issue with distributing other people's GPL code on the App Store is GPL section 6 which says "You may not impose any further restrictions on the recipients' exercise of the rights granted herein". The App Store imposes further restrictions regardless of a developer wants them in their release.

The only way to distribute this code without violating the GPL via Apple's restrictions would be to download an external JavaScript AxolotlV3 library on first launch and execute it via JavaScriptCore. The source code distribution would be a free download from an external server containing no restrictions on use. Regardless how the "linking" step is interpreted when running GPL code in a JavaScript interpreter that bridges to Obj-C, it will be the end user doing the linking after the original App Store binary distribution has occurred. The resulting combination cannot be redistributed, but that will fall on the end user and not the app distributor.

This would be similar to how proprietary programs can be used with GPL plugins as long as they are distributed separately and linked by the end user.

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Apr 11, 2016

thanks @chrisballinger for your statement.

I still hope the best and very welcome the (just) started inter-app-discussion about OMEMO (anurodhp/Monal#9) ... triggering long enaugh from all sides finally lead to the long needed (public visibly) teamwork between you all,
@chrisballinger (ChatSecure),
@iNPUTmice (Conversations),
@anurodhp (Monal) .....
Keep on this track!

thanks @chrisballinger for your statement.

I still hope the best and very welcome the (just) started inter-app-discussion about OMEMO (anurodhp/Monal#9) ... triggering long enaugh from all sides finally lead to the long needed (public visibly) teamwork between you all,
@chrisballinger (ChatSecure),
@iNPUTmice (Conversations),
@anurodhp (Monal) .....
Keep on this track!

@tristan-k tristan-k referenced this issue in farion/eloquence Apr 14, 2016

Open

XEP-xxxx: OMEMO Encryption #1

@the-solipsist

This comment has been minimized.

Show comment
Hide comment
@the-solipsist

the-solipsist May 12, 2016

@chrisballinger I don't see why your "crazy idea" is all that crazy. I think it circumvents the legal incompatibility rather cleverly.

Also, Moxie has noted that the Signal Protocol itself is okay to implement (no patent claims, etc.):
https://twitter.com/moxie/status/730289041493483520

Older versions of the protocol (as Axolotl Ratchet) were under the public domain:
https://github.com/trevp/double_ratchet/wiki#ipr

There is one other double-ratchet described here:
https://crypto.cat/security.html

the-solipsist commented May 12, 2016

@chrisballinger I don't see why your "crazy idea" is all that crazy. I think it circumvents the legal incompatibility rather cleverly.

Also, Moxie has noted that the Signal Protocol itself is okay to implement (no patent claims, etc.):
https://twitter.com/moxie/status/730289041493483520

Older versions of the protocol (as Axolotl Ratchet) were under the public domain:
https://github.com/trevp/double_ratchet/wiki#ipr

There is one other double-ratchet described here:
https://crypto.cat/security.html

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger May 12, 2016

Member

It seems like our funder will not allow us to implement any of these.

On Thu, May 12, 2016 at 12:33 PM, the-solipsist notifications@github.com
wrote:

@chrisballinger https://github.com/chrisballinger I don't see why your
"crazy idea" is all that crazy. I think it circumvents the legal
incompatibility rather cleverly.


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#376 (comment)

Member

chrisballinger commented May 12, 2016

It seems like our funder will not allow us to implement any of these.

On Thu, May 12, 2016 at 12:33 PM, the-solipsist notifications@github.com
wrote:

@chrisballinger https://github.com/chrisballinger I don't see why your
"crazy idea" is all that crazy. I think it circumvents the legal
incompatibility rather cleverly.


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#376 (comment)

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 May 12, 2016

@chrisballinger: what? I can't beleive that your funder want to miss the (in my eyes) most promising development of the last time in pushing XMPP forward for wide-spread using in terms of security...?
You are just joking, right?!

So there is no light at the end of the tunnel to give me a chance to use XMPP with my iOS friends?
...Very sad....
But thanks for beeing clear about that...

@chrisballinger: what? I can't beleive that your funder want to miss the (in my eyes) most promising development of the last time in pushing XMPP forward for wide-spread using in terms of security...?
You are just joking, right?!

So there is no light at the end of the tunnel to give me a chance to use XMPP with my iOS friends?
...Very sad....
But thanks for beeing clear about that...

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger May 12, 2016

Member

Moxie very recently told me that he doesn't care if we distribute on the
App Store as long as we otherwise comply with the GPL, but I need something
more concrete for the funder before we can move forward.

On Thu, May 12, 2016 at 1:47 PM, therob84 notifications@github.com wrote:

@chrisballinger https://github.com/chrisballinger: what? I can't
beleive that your funder want to miss the (in my eyes) most promising
development of the last time in pushing XMPP forward for wide-spread using
in terms of security...?
You are just joking, right?!

So there is no light at the end of the tunnel to give me a chance to use
XMPP with my iOS friends?
...Very sad....
But thanks for beeing clear about that...


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#376 (comment)

Member

chrisballinger commented May 12, 2016

Moxie very recently told me that he doesn't care if we distribute on the
App Store as long as we otherwise comply with the GPL, but I need something
more concrete for the funder before we can move forward.

On Thu, May 12, 2016 at 1:47 PM, therob84 notifications@github.com wrote:

@chrisballinger https://github.com/chrisballinger: what? I can't
beleive that your funder want to miss the (in my eyes) most promising
development of the last time in pushing XMPP forward for wide-spread using
in terms of security...?
You are just joking, right?!

So there is no light at the end of the tunnel to give me a chance to use
XMPP with my iOS friends?
...Very sad....
But thanks for beeing clear about that...


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#376 (comment)

@n8fr8 n8fr8 referenced this issue in guardianproject/ChatSecureAndroid May 13, 2016

Closed

Unable to send file between Chatsecure and pidgin xmpp #740

@masvil

This comment has been minimized.

Show comment
Hide comment
@masvil

masvil May 15, 2016

@chrisballinger please make the funder change his/her mind!

masvil commented May 15, 2016

@chrisballinger please make the funder change his/her mind!

@austin987

This comment has been minimized.

Show comment
Hide comment
@austin987

austin987 May 16, 2016

I'm an android user (from #740), and would greatly like to see progress on this. Especially given that Android does not suffer from the GPL incompatibility that IOS does, I find it very sad that IOS blocks Android from a more secure and functional chat system.

I'm an android user (from #740), and would greatly like to see progress on this. Especially given that Android does not suffer from the GPL incompatibility that IOS does, I find it very sad that IOS blocks Android from a more secure and functional chat system.

@amenk

This comment has been minimized.

Show comment
Hide comment
@amenk

amenk May 24, 2016

Moxie very recently told me that he doesn't care if we distribute on the
App Store as long as we otherwise comply with the GPL, but I need something
more concrete for the funder before we can move forward.

So Moxie has to relicense the code, right? Did anybody formally approach him?

amenk commented May 24, 2016

Moxie very recently told me that he doesn't care if we distribute on the
App Store as long as we otherwise comply with the GPL, but I need something
more concrete for the funder before we can move forward.

So Moxie has to relicense the code, right? Did anybody formally approach him?

@herbsmn

This comment has been minimized.

Show comment
Hide comment

herbsmn commented Jun 9, 2016

@amenk things are looking good! read this thread. https://twitter.com/ChatSecure/status/735930676961148928

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Jun 9, 2016

Member

Although it sounded promising at first, there is ~0% chance I can get the legal stuff sorted out w/ Moxie. We plan to move forward to Matrix's Olm and support them for their audit.

Member

chrisballinger commented Jun 9, 2016

Although it sounded promising at first, there is ~0% chance I can get the legal stuff sorted out w/ Moxie. We plan to move forward to Matrix's Olm and support them for their audit.

@herbsmn

This comment has been minimized.

Show comment
Hide comment
@herbsmn

herbsmn Jun 9, 2016

Sorry to hear that @chrisballinger. Is the reasoning outlined somewhere? It did sound promising.

herbsmn commented Jun 9, 2016

Sorry to hear that @chrisballinger. Is the reasoning outlined somewhere? It did sound promising.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Jun 9, 2016

Member

I've reached out to lawyers who could draft a GPL "additional permission", but I can't move forward since I've had no response from him after multiple attempts of contact. There's no guarantee whatever I pay to get drafted would be accepted by him, and it would involve additional legal fees for him to double-check it. They have absolutely no incentive to work with me on this.

On the other hand, the Matrix team is awesome, and is excited about us using their library. Other non-GPL apps could benefit from their library as well like Monal.

Member

chrisballinger commented Jun 9, 2016

I've reached out to lawyers who could draft a GPL "additional permission", but I can't move forward since I've had no response from him after multiple attempts of contact. There's no guarantee whatever I pay to get drafted would be accepted by him, and it would involve additional legal fees for him to double-check it. They have absolutely no incentive to work with me on this.

On the other hand, the Matrix team is awesome, and is excited about us using their library. Other non-GPL apps could benefit from their library as well like Monal.

@herbsmn

This comment has been minimized.

Show comment
Hide comment
@herbsmn

herbsmn Jun 9, 2016

serveimage
Let's do this!

herbsmn commented Jun 9, 2016

serveimage
Let's do this!

@aaronraimist

This comment has been minimized.

Show comment
Hide comment

@chrisballinger Looks like they have used MPLv2 signalapp/libsignal-protocol-c@defc71d

@intelfx

This comment has been minimized.

Show comment
Hide comment
@intelfx

intelfx Jun 13, 2016

@fowlslegs @chrisballinger So now there is that additional permission...

intelfx commented Jun 13, 2016

@fowlslegs @chrisballinger So now there is that additional permission...

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Jun 13, 2016

Member

We may be moving to libsignal-protocol-c due to this announcement, but I should a better idea by the end of the week. This doesn't rule out supporting Olm as well in the future to interoperate with other non-GPL apps that may adopt Olm like Monal.

Member

chrisballinger commented Jun 13, 2016

We may be moving to libsignal-protocol-c due to this announcement, but I should a better idea by the end of the week. This doesn't rule out supporting Olm as well in the future to interoperate with other non-GPL apps that may adopt Olm like Monal.

@herbsmn herbsmn referenced this issue in LibreSignal/LibreSignal Jun 14, 2016

Closed

Says my version is going to expire #42

@louy2

This comment has been minimized.

Show comment
Hide comment
@louy2

louy2 Jul 11, 2016

I should a better idea by the end of the week.

Any updates?

louy2 commented Jul 11, 2016

I should a better idea by the end of the week.

Any updates?

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Jul 11, 2016

Member

Objective-C wrapper is complete.

Member

chrisballinger commented Jul 11, 2016

Objective-C wrapper is complete.

@DreamFlasher DreamFlasher referenced this issue in zom/Zom-Android Jul 15, 2016

Closed

Implement Omemo / Axolotl #119

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Jul 25, 2016

What are the steps that need to be completed so that this ticket can be closed? :) And which of these steps did you achieve?

What are the steps that need to be completed so that this ticket can be closed? :) And which of these steps did you achieve?

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Jul 25, 2016

Member

We have completed the libsignal-protocol-c Objective-C wrapper and the
XMPPFramework OMEMO stanza parser/generator. We are working on the
application integration right now.

On Mon, Jul 25, 2016 at 3:07 AM, Marcel Ackermann notifications@github.com
wrote:

What are the steps that need to be completed so that this ticket can be
closed? :) And which of these steps did you achieve?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqH8WvQY6PKu1pNz9jjL4rOYhI_9v8ks5qZGCigaJpZM4F9dxj
.

Member

chrisballinger commented Jul 25, 2016

We have completed the libsignal-protocol-c Objective-C wrapper and the
XMPPFramework OMEMO stanza parser/generator. We are working on the
application integration right now.

On Mon, Jul 25, 2016 at 3:07 AM, Marcel Ackermann notifications@github.com
wrote:

What are the steps that need to be completed so that this ticket can be
closed? :) And which of these steps did you achieve?


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqH8WvQY6PKu1pNz9jjL4rOYhI_9v8ks5qZGCigaJpZM4F9dxj
.

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Jul 25, 2016

Thank you for the update!

Thank you for the update!

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Aug 1, 2016

@chrisballinger great news!
After you will have realeased a ChatSecure-Verison in the near future with OMEMO, should it be completely compatible with current Conversations of @iNPUTmice (incl. OMEMO, avaters, image-upload, etc.)?
(I hope 100% yes and would doubt you would drop the chance to have interoparability out-of-the-box between both, but I want to be sure...)

therob84 commented Aug 1, 2016

@chrisballinger great news!
After you will have realeased a ChatSecure-Verison in the near future with OMEMO, should it be completely compatible with current Conversations of @iNPUTmice (incl. OMEMO, avaters, image-upload, etc.)?
(I hope 100% yes and would doubt you would drop the chance to have interoparability out-of-the-box between both, but I want to be sure...)

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Aug 1, 2016

Member

Our goal is compatibility

On Mon, Aug 1, 2016 at 1:37 PM, therob84 notifications@github.com wrote:

@chrisballinger https://github.com/chrisballinger great news!
After you will have realeased a ChatSecure-Verison in the near future with
OMEMO, should it be completely compatible with current Conversations
https://github.com/siacs/Conversations of @iNPUTmice
https://github.com/iNPUTmice (incl. OMEMO, avaters, image-upload,
etc.)?
(I hope 100% yes and would doubt you would drop the chance to have
interoparability out-of-the-box between both, but I want to be sure...)


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqHwQ_U7EHvK3DBZhM9WOc59awWY5oks5qbljvgaJpZM4F9dxj
.

Member

chrisballinger commented Aug 1, 2016

Our goal is compatibility

On Mon, Aug 1, 2016 at 1:37 PM, therob84 notifications@github.com wrote:

@chrisballinger https://github.com/chrisballinger great news!
After you will have realeased a ChatSecure-Verison in the near future with
OMEMO, should it be completely compatible with current Conversations
https://github.com/siacs/Conversations of @iNPUTmice
https://github.com/iNPUTmice (incl. OMEMO, avaters, image-upload,
etc.)?
(I hope 100% yes and would doubt you would drop the chance to have
interoparability out-of-the-box between both, but I want to be sure...)


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqHwQ_U7EHvK3DBZhM9WOc59awWY5oks5qbljvgaJpZM4F9dxj
.

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Aug 26, 2016

Hi Chris, how is it going with the application integration? Thanks for an update! :)

Hi Chris, how is it going with the application integration? Thanks for an update! :)

@Asara

This comment has been minimized.

Show comment
Hide comment
@Asara

Asara Aug 31, 2016

I am also curious about omemo integration. Chatsecure's lack of it is essentially the only reason for not migrating from Signal.

Asara commented Aug 31, 2016

I am also curious about omemo integration. Chatsecure's lack of it is essentially the only reason for not migrating from Signal.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Sep 9, 2016

Member

Just got back from vacation! Expect to see some good progress soon

On Tue, Aug 30, 2016 at 5:16 PM, Asara notifications@github.com wrote:

I am also curious about omemo integration. Chatsecure's lack of it is
essentially the only reason for not migrating from Signal.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqHwKARfGzcXxDaaX_fF7YdE2J-LqSks5qlMf7gaJpZM4F9dxj
.

Member

chrisballinger commented Sep 9, 2016

Just got back from vacation! Expect to see some good progress soon

On Tue, Aug 30, 2016 at 5:16 PM, Asara notifications@github.com wrote:

I am also curious about omemo integration. Chatsecure's lack of it is
essentially the only reason for not migrating from Signal.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#376 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAfqHwKARfGzcXxDaaX_fF7YdE2J-LqSks5qlMf7gaJpZM4F9dxj
.

@jsmith000

This comment has been minimized.

Show comment
Hide comment
@jsmith000

jsmith000 Oct 6, 2016

Should we expect an update this month? :)

Should we expect an update this month? :)

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Oct 6, 2016

Member

Yesterday we decrypted our first OMEMO message from Conversations. Encryption is pretty close as well, and if all goes to plan we should be able to send our first encrypted message later today. Took a long time to develop all the individual pieces in a modular, reusable, well documented way, and it feels great to see them fall into place.

The big blocker for release is properly choosing and displaying the crypto state (plaintext/OTR/OMEMO), and fingerprint / device management UI. There is also a concern about security risks associated with stale devices brought up in the OMEMO security audit, so we need to work with @iNPUTmice for a shared solution on that.

Member

chrisballinger commented Oct 6, 2016

Yesterday we decrypted our first OMEMO message from Conversations. Encryption is pretty close as well, and if all goes to plan we should be able to send our first encrypted message later today. Took a long time to develop all the individual pieces in a modular, reusable, well documented way, and it feels great to see them fall into place.

The big blocker for release is properly choosing and displaying the crypto state (plaintext/OTR/OMEMO), and fingerprint / device management UI. There is also a concern about security risks associated with stale devices brought up in the OMEMO security audit, so we need to work with @iNPUTmice for a shared solution on that.

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Oct 6, 2016

Really really awsome your work!
Good that you stayed in contact with @iNPUTmice
https://github.com/iNPUTmice and Anu Pokharel here and in monal-forum.
Keep on this great work! I hope it will help spread omemo into the
world. Thanks for letting us know your progress!

therob84 commented Oct 6, 2016

Really really awsome your work!
Good that you stayed in contact with @iNPUTmice
https://github.com/iNPUTmice and Anu Pokharel here and in monal-forum.
Keep on this great work! I hope it will help spread omemo into the
world. Thanks for letting us know your progress!

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Nov 1, 2016

hey @chrisballinger ... how your hard work is going these days? Still satisfied with the results?
I guess you know a lot of people are eager to read some news.....maybe also a ROUGH release date for ChatSecure with OMEMO? Best regards, Robert

therob84 commented Nov 1, 2016

hey @chrisballinger ... how your hard work is going these days? Still satisfied with the results?
I guess you know a lot of people are eager to read some news.....maybe also a ROUGH release date for ChatSecure with OMEMO? Best regards, Robert

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Nov 1, 2016

Member

Everything works as far as the OMEMO encryption itself, but we are currently fixing things we broke before we release a beta, and polishing some new UI.

Aiming for a beta release next week?

Member

chrisballinger commented Nov 1, 2016

Everything works as far as the OMEMO encryption itself, but we are currently fixing things we broke before we release a beta, and polishing some new UI.

Aiming for a beta release next week?

@therob84

This comment has been minimized.

Show comment
Hide comment
@therob84

therob84 Nov 1, 2016

@chrisballinger ... As I hoped at least YOU got my intention exactly right and you found worth to spent this 20 seconds for a fast and constructive note here - thanks, very friendly!!

P.S.:...On both your twitter streams I couldn't find anything with similar news content, Daniel, which is the reason why I repeatedly misused this issue tracker...just in lack of appropriate other media. Or would you suggest to "Shut up if you can't contribute anything to the project" (which I can't at this stage, unfortunately)? (rhetorical question!)

therob84 commented Nov 1, 2016

@chrisballinger ... As I hoped at least YOU got my intention exactly right and you found worth to spent this 20 seconds for a fast and constructive note here - thanks, very friendly!!

P.S.:...On both your twitter streams I couldn't find anything with similar news content, Daniel, which is the reason why I repeatedly misused this issue tracker...just in lack of appropriate other media. Or would you suggest to "Shut up if you can't contribute anything to the project" (which I can't at this stage, unfortunately)? (rhetorical question!)

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Nov 1, 2016

Member

@therob84 unfortunately I don't update social media very often. I think it's okay to poke us occasionally, just don't go overboard.

Estimating how long software will take is one of the unsolved problems of software development: https://www.quora.com/Why-are-software-development-task-estimations-regularly-off-by-a-factor-of-2-3

Member

chrisballinger commented Nov 1, 2016

@therob84 unfortunately I don't update social media very often. I think it's okay to poke us occasionally, just don't go overboard.

Estimating how long software will take is one of the unsolved problems of software development: https://www.quora.com/Why-are-software-development-task-estimations-regularly-off-by-a-factor-of-2-3

@Asara

This comment has been minimized.

Show comment
Hide comment
@Asara

Asara Nov 3, 2016

@chrisballinger
Thanks for the update. I personally don't have an iOS device but am eagerly waiting for OMEMO support. Currently there is no good alternative for Signal because of the lack of OMEMO.

I use LibreSignal and it is no longer being updated/expires in a couple of days, and as such the next best solution is XMPP + OMEMO. Once this is complete, we will have the best solution, and you are appreciated greatly.

Thanks for the awesome work.

Asara commented Nov 3, 2016

@chrisballinger
Thanks for the update. I personally don't have an iOS device but am eagerly waiting for OMEMO support. Currently there is no good alternative for Signal because of the lack of OMEMO.

I use LibreSignal and it is no longer being updated/expires in a couple of days, and as such the next best solution is XMPP + OMEMO. Once this is complete, we will have the best solution, and you are appreciated greatly.

Thanks for the awesome work.

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Nov 4, 2016

This is all about ChatSecure for iOS right? So ChatSecure for Android is dead and will never support OMEMO?

This is all about ChatSecure for iOS right? So ChatSecure for Android is dead and will never support OMEMO?

@joostrijneveld

This comment has been minimized.

Show comment
Hide comment
@joostrijneveld

joostrijneveld Nov 4, 2016

On Android, I would not immediately see a benefit of competing with Conversations, with which ChatSecure-iOS will ideally be fully compatible..

On Android, I would not immediately see a benefit of competing with Conversations, with which ChatSecure-iOS will ideally be fully compatible..

@hex-m

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Nov 4, 2016

Exactly, that was a year ago, that's why I am asking, a year is a long time, anything can change :)

Exactly, that was a year ago, that's why I am asking, a year is a long time, anything can change :)

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Nov 4, 2016

Member

ChatSecure Android is deprecated and there are no plans to change that. The code lives on as Zom Android but it might not be your flavor. I was originally thinking of skinning Conversations to make a new ChatSecure Android, but we don't have the resources to keep it up to date with the latest upstream, and it wouldn't really offer much beyond a different skin.

Member

chrisballinger commented Nov 4, 2016

ChatSecure Android is deprecated and there are no plans to change that. The code lives on as Zom Android but it might not be your flavor. I was originally thinking of skinning Conversations to make a new ChatSecure Android, but we don't have the resources to keep it up to date with the latest upstream, and it wouldn't really offer much beyond a different skin.

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Nov 5, 2016

Thank you @chrisballinger -- I am interested in an alternative for Conversations because it is currently too difficult to use for non-tech people. The biggest hurdly is the installation, people are not willing to spend the money in the playstore for an app that nobody of their peers except me is using, and then downloading the f-droid apk, changing the settings to allow external apk, that's all too difficult.

Thank you @chrisballinger -- I am interested in an alternative for Conversations because it is currently too difficult to use for non-tech people. The biggest hurdly is the installation, people are not willing to spend the money in the playstore for an app that nobody of their peers except me is using, and then downloading the f-droid apk, changing the settings to allow external apk, that's all too difficult.

@lovetox

This comment has been minimized.

Show comment
Hide comment
@lovetox

lovetox Nov 5, 2016

so basically your friends dont want to spend 3 dollar/euro once to chat with you?

thats a really good reason to develop a whole client that does nothing different but not costing 3 dollar/euro. i will start to develop this for you today !

lovetox commented Nov 5, 2016

so basically your friends dont want to spend 3 dollar/euro once to chat with you?

thats a really good reason to develop a whole client that does nothing different but not costing 3 dollar/euro. i will start to develop this for you today !

@Mikaela

This comment has been minimized.

Show comment
Hide comment
@Mikaela

Mikaela Nov 5, 2016

so basically your friends dont want to spend 3 dollar/euro once to chat with you?

What if these friends don't own a payment card or don't want to feed it's detailts to Google (or anywhere else by that matter) or happen to be without any financial support and need this 3€ to food?

Mikaela commented Nov 5, 2016

so basically your friends dont want to spend 3 dollar/euro once to chat with you?

What if these friends don't own a payment card or don't want to feed it's detailts to Google (or anywhere else by that matter) or happen to be without any financial support and need this 3€ to food?

@DreamFlasher

This comment has been minimized.

Show comment
Hide comment
@DreamFlasher

DreamFlasher Nov 5, 2016

@lovetox That's the developer speaking. Well, yes exactly, nobody would spend 3 dollar if there are hundreds of free clients. Clients all their friends are using. The question I need to answer them is: "Why can't you just use Whatsapp, Facebook or Telegram as everyone else? They are all encrypted now too!" Paying 3$ means friction. Friction that will slow down the spread of Conversations.

@lovetox That's the developer speaking. Well, yes exactly, nobody would spend 3 dollar if there are hundreds of free clients. Clients all their friends are using. The question I need to answer them is: "Why can't you just use Whatsapp, Facebook or Telegram as everyone else? They are all encrypted now too!" Paying 3$ means friction. Friction that will slow down the spread of Conversations.

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Nov 5, 2016

Member

If I were Daniel I'd make Conversations free to download but include more in-app purchases and enable them for users who downloaded the app before a certain date. However it's his app and he can do whatever works best for him.

That said, I believe that Zom Android will get OMEMO support at some point in 2017.

Member

chrisballinger commented Nov 5, 2016

If I were Daniel I'd make Conversations free to download but include more in-app purchases and enable them for users who downloaded the app before a certain date. However it's his app and he can do whatever works best for him.

That said, I believe that Zom Android will get OMEMO support at some point in 2017.

@amenk

This comment has been minimized.

Show comment
Hide comment
@amenk

amenk Nov 5, 2016

amenk commented Nov 5, 2016

@chrisballinger

This comment has been minimized.

Show comment
Hide comment
@chrisballinger

chrisballinger Dec 7, 2016

Member

I'd say this issue is resolved! Stay tuned for the 4.0 release.

Member

chrisballinger commented Dec 7, 2016

I'd say this issue is resolved! Stay tuned for the 4.0 release.

@vanitasvitae

This comment has been minimized.

Show comment
Hide comment
@vanitasvitae

vanitasvitae Dec 7, 2016

That's really great news!

That's really great news!

@Asara

This comment has been minimized.

Show comment
Hide comment
@Asara

Asara Dec 7, 2016

Thank you so much!

Asara commented Dec 7, 2016

Thank you so much!

Echolon added a commit to Echolon/omemo-top that referenced this issue Oct 5, 2017

ChatSecure can do OMEMO - why not 100% ?
I suggested to set ChatSecure 100% because basically you can use OMEMO an it works. Yes, Push Notification might stuggle, but it works for the moment. ChatSecure/ChatSecure-iOS#376

@Echolon Echolon referenced this issue in bascht/omemo-top Oct 5, 2017

Closed

ChatSecure can do OMEMO - why not 100% ? #80

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment