Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XEP-0384: Introduce ODR, improve specification #460

Closed
wants to merge 1 commit into from

Conversation

@strb
Copy link
Contributor

@strb strb commented Mar 29, 2017

This new version of the specification introduces the OMEMO Double
Ratchet. We now use our own, new wire format, making the protocol
independent from third parties.

This revision also improves the general quality of the specification
by describing behaviors in more detail and using terminology more
consistently.

This new version of the specification introduces the OMEMO Double
Ratchet. We now use our own, new wire format, making the protocol
independent from third parties.

This revision also improves the general quality of the specification
by describing behaviors in more detail and using terminology more
consistently.
@alibitek
Copy link

@alibitek alibitek commented Mar 30, 2017

Why the implementation notes now have a focus towards using Signal implementations?

I see that the current version (v0.2) of this XEP has removed all references to Olm, which were present in the 0.0.2 version

As Olm implements the same Double Ratchet algorithm, albeit with some differences, I think it matches the requirements for the "OMEMO Double Ratchet (ODR)" and can be used instead of Signal. Right?

If someone is looking into integrating XMPP with OMEMO encryption in a closed source app they cannot do so using Signal due to its GPLv3 licensing.

Because Olm is licensed under Apache License 2.0 can be used in applications where releasing their source is not an option.

@Flowdalic
Copy link
Contributor

@Flowdalic Flowdalic commented Mar 31, 2017

Because Olm is licensed under Apache License 2.0 it can be used in commercial applications.

You can use libsignal-protocol-java / smack-omemo-signal in commercial applications too.

@alibitek
Copy link

@alibitek alibitek commented Mar 31, 2017

@Flowdalic Without releasing the source code of the application and without having to pay WhisperSystems?

@ara4n
Copy link

@ara4n ara4n commented Apr 1, 2017

See https://mail.jabber.org/pipermail/standards/2017-March/032551.html for some attempts at clarity from the Olm side.

@remko
Copy link
Contributor

@remko remko commented Apr 1, 2017

As a result of the discussion in that thread, I also suggest this PR be moved back to Olm.

This would also solve the underspecification of some parts in this PR that result from defining our own Ratchet (e.g. header serialization format for authentication).

Some of the changes in this PR are still valid, though (e.g. more consistent tag names, the encryption scheme for the payload (which is also consistent with Olm)).

Some things will need to be added, including the authentication of identity through signatures, and at a later point the (optional?) signing of pre-keys.

@remko
Copy link
Contributor

@remko remko commented May 6, 2017

Added the described changes in #463

@horazont horazont changed the title Introduce ODR, improve specification XEP-0384: Introduce ODR, improve specification Aug 22, 2017
@horazont
Copy link
Contributor

@horazont horazont commented Aug 22, 2017

@strb Can you please sign the IPR via the CLA-bot thing?

(You probably did agree already in the past, but it’s easier to have it on record here.)

@horazont horazont added this to Pinged via E-Mail in Author Tracking Sep 17, 2017
@horazont
Copy link
Contributor

@horazont horazont commented Sep 23, 2017

@strb Am I right in my assumption that this PR can be closed since #482 has been merged?

@horazont
Copy link
Contributor

@horazont horazont commented Oct 4, 2017

I am closing this for inactivity. Feel free to reopen.

@horazont horazont closed this Oct 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Author Tracking
Pinged via Email / XMPP
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants