New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XEP-0384: Introduce ODR, improve specification #460

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
6 participants
@strb
Contributor

strb commented Mar 29, 2017

This new version of the specification introduces the OMEMO Double
Ratchet. We now use our own, new wire format, making the protocol
independent from third parties.

This revision also improves the general quality of the specification
by describing behaviors in more detail and using terminology more
consistently.

Introduce ODR, improve specification
This new version of the specification introduces the OMEMO Double
Ratchet. We now use our own, new wire format, making the protocol
independent from third parties.

This revision also improves the general quality of the specification
by describing behaviors in more detail and using terminology more
consistently.

@gkdr gkdr referenced this pull request Mar 30, 2017

Closed

More permissive license #10

@vanitasvitae vanitasvitae referenced this pull request Mar 30, 2017

Merged

OMEMO encryption #117

@alibitek

This comment has been minimized.

Show comment
Hide comment
@alibitek

alibitek Mar 30, 2017

Why the implementation notes now have a focus towards using Signal implementations?

I see that the current version (v0.2) of this XEP has removed all references to Olm, which were present in the 0.0.2 version

As Olm implements the same Double Ratchet algorithm, albeit with some differences, I think it matches the requirements for the "OMEMO Double Ratchet (ODR)" and can be used instead of Signal. Right?

If someone is looking into integrating XMPP with OMEMO encryption in a closed source app they cannot do so using Signal due to its GPLv3 licensing.

Because Olm is licensed under Apache License 2.0 can be used in applications where releasing their source is not an option.

alibitek commented Mar 30, 2017

Why the implementation notes now have a focus towards using Signal implementations?

I see that the current version (v0.2) of this XEP has removed all references to Olm, which were present in the 0.0.2 version

As Olm implements the same Double Ratchet algorithm, albeit with some differences, I think it matches the requirements for the "OMEMO Double Ratchet (ODR)" and can be used instead of Signal. Right?

If someone is looking into integrating XMPP with OMEMO encryption in a closed source app they cannot do so using Signal due to its GPLv3 licensing.

Because Olm is licensed under Apache License 2.0 can be used in applications where releasing their source is not an option.

@Flowdalic

This comment has been minimized.

Show comment
Hide comment
@Flowdalic

Flowdalic Mar 31, 2017

Contributor

Because Olm is licensed under Apache License 2.0 it can be used in commercial applications.

You can use libsignal-protocol-java / smack-omemo-signal in commercial applications too.

Contributor

Flowdalic commented Mar 31, 2017

Because Olm is licensed under Apache License 2.0 it can be used in commercial applications.

You can use libsignal-protocol-java / smack-omemo-signal in commercial applications too.

@alibitek

This comment has been minimized.

Show comment
Hide comment
@alibitek

alibitek Mar 31, 2017

@Flowdalic Without releasing the source code of the application and without having to pay WhisperSystems?

alibitek commented Mar 31, 2017

@Flowdalic Without releasing the source code of the application and without having to pay WhisperSystems?

@ara4n

This comment has been minimized.

Show comment
Hide comment
@ara4n

ara4n Apr 1, 2017

See https://mail.jabber.org/pipermail/standards/2017-March/032551.html for some attempts at clarity from the Olm side.

ara4n commented Apr 1, 2017

See https://mail.jabber.org/pipermail/standards/2017-March/032551.html for some attempts at clarity from the Olm side.

@remko

This comment has been minimized.

Show comment
Hide comment
@remko

remko Apr 1, 2017

Contributor

As a result of the discussion in that thread, I also suggest this PR be moved back to Olm.

This would also solve the underspecification of some parts in this PR that result from defining our own Ratchet (e.g. header serialization format for authentication).

Some of the changes in this PR are still valid, though (e.g. more consistent tag names, the encryption scheme for the payload (which is also consistent with Olm)).

Some things will need to be added, including the authentication of identity through signatures, and at a later point the (optional?) signing of pre-keys.

Contributor

remko commented Apr 1, 2017

As a result of the discussion in that thread, I also suggest this PR be moved back to Olm.

This would also solve the underspecification of some parts in this PR that result from defining our own Ratchet (e.g. header serialization format for authentication).

Some of the changes in this PR are still valid, though (e.g. more consistent tag names, the encryption scheme for the payload (which is also consistent with Olm)).

Some things will need to be added, including the authentication of identity through signatures, and at a later point the (optional?) signing of pre-keys.

@remko

This comment has been minimized.

Show comment
Hide comment
@remko

remko May 6, 2017

Contributor

Added the described changes in #463

Contributor

remko commented May 6, 2017

Added the described changes in #463

@horazont horazont changed the title from Introduce ODR, improve specification to XEP-0384: Introduce ODR, improve specification Aug 22, 2017

@horazont

This comment has been minimized.

Show comment
Hide comment
@horazont

horazont Aug 22, 2017

Contributor

@strb Can you please sign the IPR via the CLA-bot thing?

(You probably did agree already in the past, but it’s easier to have it on record here.)

Contributor

horazont commented Aug 22, 2017

@strb Can you please sign the IPR via the CLA-bot thing?

(You probably did agree already in the past, but it’s easier to have it on record here.)

@horazont horazont added this to Pinged via E-Mail in Author Tracking Sep 17, 2017

@horazont

This comment has been minimized.

Show comment
Hide comment
@horazont

horazont Sep 23, 2017

Contributor

@strb Am I right in my assumption that this PR can be closed since #482 has been merged?

Contributor

horazont commented Sep 23, 2017

@strb Am I right in my assumption that this PR can be closed since #482 has been merged?

@horazont

This comment has been minimized.

Show comment
Hide comment
@horazont

horazont Oct 4, 2017

Contributor

I am closing this for inactivity. Feel free to reopen.

Contributor

horazont commented Oct 4, 2017

I am closing this for inactivity. Feel free to reopen.

@horazont horazont closed this Oct 4, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment