Support XEP-0384: OMEMO Encryption #421
Comments
|
It looks like they decided against it in #233 but I'm a bit unclear as to why, it seemed like they didn't like the multi-device support, but if so they could just implement it without multi-device support, ie only allow encrypting to/trusting a single key instead of multiple, wouldn't that work well? |
|
I guess I should have read the archived issues. Thanks for pointing this out. |
|
Hi, The decision from #233 stands - primarily because adding another encryption protocol adds a lot of complexity, without any real advantage in our opinion. We will support OTRv4 when that is complete, though. |
|
I'm sorry I'm still a bit confused as to the reasoning. It's too complex to add another encryption protocol that exists and is widely implemented, but you will add a different new encryption protocol that nothing supports that might be finished sometime in the future? 😕 I must be missing something else. |
|
OTRv4 is not a different protocol - as in - CoyIM will continue supporting OTR, and in order to do that, we need to support the latest version of it when OTR comes along. That means one protocol with different versions, instead of several different protocols. The thing you're missing here is the second part of the sentence, which is "without any real advantage" - we would add OMEMO if we felt it added significant capabilities that can make our users more secure - but right now, OMEMO is not enough to warrant the increase in complexity. I'm a bit confused about why people keep coming back to OMEMO. If you really want OMEMO so bad, CoyIM is probably not the chat client for you. |
Because being able to send encrypted messages to a contact who is offline at the time of sending the messages is a very nice feature that OTR doesn't have.
Thanks for making it clear, at least I won't waste time waiting for something that will never happen. |
|
I agree that being able to send encrypted messages to offline contacts is a nice feature - but it doesn't balance out the negative effects of implementing the rest of OMEMO, at least not for the goals of CoyIM. However, OTRv4 will support offline messages as well. |
So you'd rather wait for something that doesn't yet exist and will never be as functional as OMEMO, than implement OMEMO right now, enhance all users' security and comfort tenfold and never have to worry about any of OTR's inherent defects anymore? Please reconsider your decision, instead of wasting time on OTRvWhatever rather than helping improve OMEMO with what you believe it could do better. |
|
I would love to watch a debate between @iNPUTmice and @olabini regarding OTRv4 vs. OMEMO. @olabini: since this topic keeps coming up for the Coy project, can you write up a short post about "the negative effects of implementing the rest of OMEMO"? I personally think you are mistaken about this, but I want to hear your arguments. |
|
Hi, First, @d9h02f - I would ask you to be civil. As I've made clear a number of times, we disagree with you in your evaluation of OMEMO. No amount of screaming and hyperbole is going to change that. We design and implement CoyIM to the best of our ability, and we make our judgments about security and privacy tradeoffs. If those judgments don't suit you, then come with rational arguments for your point of view and don't act like you're entitled to an open source project to follow your every whim and concern. And to make this clear, and repeating this once more, CoyIM will NOT support OMEMO at the moment, and we have no interest in supporting it in the future. It doesn't match our judgments for what is appropriate for CoyIM. If that doesn't suit you, CoyIM is simply not for you. |
|
Hi, @herbsmn, I must admit that I've already spent too much time on dealing with OMEMO supporters. The reasons for not implementing OMEMO have been documented in several different issues in this issue tracker (for some reason the OMEMO supporters keep opening new issues instead of adding to the existing ones). I'm personally not interested in spending more time on this, since I feel I've documented our concerns in sufficient detail. About negative effects - every time you add new code to a project, you increase the complexity, which also increases the risk for vulnerabilities. In order to try to handle this, we want to avoid extraneous complexity in CoyIM. Adding new protocols have a tendency to give you exponential increases in complexity, so in order to do that, the value of that new protocol from a security standpoint must be high enough to balance out the increased risk in all those additional code paths. |
|
I want to be able to tell people they can use CoyIM to chat securely. You are actively preventing this and haven't even given one (1) argument for sticking with a horribly broken, outdated and useless protocol. Well, you did, but they've been consistently refuted, and your head is stuck so far up your rear end that you haven't even acknowledged these refutations let alone realised that you're completely and utterly mistaken. "But the code complexity" is a nice tech-speak alternative way of saying "I'm too lazy to do it properly". CoyIM is making communication less instead of more secure. Thanks for wasting a lot of time and resources that could have made the world a better place. |
|
I don't really see any point in engaging with you - you are clearly a troll. So congrats, we are blocking you. |
|
@olabini Hi I'm new to this, but I've read the issue here carefully.
I think multi-device functionality is a massive benefit, don't you? That way, a user could have secure conversations on their desktop with Coy, and also on their mobile device with Conversations or ChatSecure. I've reviewed OTRv4 changes and it doesn't look like it is adding multi-device support. |
|
Hi @trosel ! OTR since version 3 have supported multi-devices. Sometimes it doesn't because clients have not implemented it; but from a protocol perspective it has always had. So, OTRv4 does support multi-device. Thanks! |
Hello there,
I think supporting OMEMO is an important feature for a modern Jabber client.
This is somehow related to #270.
The text was updated successfully, but these errors were encountered: