2019-02-24 19:56:08 +00:00
|
|
|
---
|
|
|
|
title: "Slixmpp gets OMEMO support"
|
|
|
|
date: 2019-02-23T22:06:50Z
|
|
|
|
draft: true
|
|
|
|
---
|
|
|
|
|
|
|
|
TL;DR: Developers can already experiment with the [slixmpp-omemo][slix-omemo] plugin.
|
|
|
|
Please give us feedback on the [tracker] or in the [channel]!
|
|
|
|
|
|
|
|
|
|
|
|
After [almost a year][opkode-gulash] since I started working on the [OMEMO]
|
|
|
|
(end-to-end) encryption mechanism support for [Slixmpp], I am happy to finally
|
|
|
|
announce a first release. I would like to get feedback, I am sure there are
|
|
|
|
still plenty of things to improve, and so I encourage developers to do their
|
|
|
|
worst, and report their findings.
|
|
|
|
|
|
|
|
This library provides an interface to [python-omemo].
|
|
|
|
|
|
|
|
You can find the code at
|
|
|
|
[https://lab.louiz.org/poezio/slixmpp-omemo][slix-omemo].
|
|
|
|
Documentation is available in the [README][slix-omemo-README], and there is
|
|
|
|
also an [echo bot][slix-omemo-bot], with lots of comments.
|
|
|
|
|
|
|
|
Thanks to Syndace and [Daniel] for the help with the OMEMO implementation, and
|
|
|
|
[mathieui] and [Link Mauve] for the help on Slixmpp, and moral support.
|
|
|
|
|
|
|
|
|
|
|
|
[slix-omemo]: https://lab.louiz.org/poezio/slixmpp-omemo
|
|
|
|
[tracker]: https://lab.louiz.org/poezio/slixmpp-omemo/issues
|
|
|
|
[channel]: xmpp:slixmpp@muc.poez.io?join
|
|
|
|
[opkode-gulash]: https://opkode.com/blog/2018-gulaschprogrammiernacht/
|
|
|
|
[OMEMO]: https://xmpp.org/extensions/xep-0384.html
|
|
|
|
[Slixmpp]: https://lab.louiz.org/poezio/slixmpp
|
|
|
|
[slix-omemo-README]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/README.rst
|
|
|
|
[slix-omemo-bot]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/examples/echo_client.py
|
|
|
|
[python-omemo]: https://github.com/Syndace/python-omemo
|
|
|
|
[Daniel]: https://gultsch.de
|
|
|
|
[mathieui]: xmpp:mathieui@mathieui.net?message
|
|
|
|
[Link Mauve]: xmpp:linkmauve@linkmauve.fr?message
|
|
|
|
|
|
|
|
|
|
|
|
## Separate repository
|
|
|
|
|
|
|
|
As you may have noticed, this plugin is served via separate repository. This
|
|
|
|
is for licensing purposes. As much as I like GPL and copyleft, Slixmpp is
|
|
|
|
licensed under the MIT license, and this is probably not going to change.
|
|
|
|
Fortunately for Slixmpp, this split should not last forever.
|
|
|
|
|
|
|
|
The [python-omemo] library that is used, developed by Syndace, is a complete
|
|
|
|
reimplementation of the Signal Protocol, unlike [python-axolotl], which is a
|
|
|
|
port of the original library implemented in Signal.
|
|
|
|
|
|
|
|
The only bits that prevent him for releasing his library under MIT is the
|
|
|
|
wireformat, that has to be the same as the original implementation as
|
|
|
|
specified in [XEP-0384][OMEMO]. Providing that we define another wireformat
|
2019-02-24 20:56:57 +00:00
|
|
|
for all OMEMO implementations to use, this restriction will go away (still
|
2019-02-24 19:56:08 +00:00
|
|
|
easier said than done.)
|
|
|
|
|
|
|
|
[python-axolotl]: https://pypi.org/project/python-axolotl/
|
|
|
|
|
|
|
|
|
|
|
|
## Why OMEMO?
|
|
|
|
|
|
|
|
There is still lots of things to be improved in OMEMO, the specification.
|
|
|
|
|
|
|
|
I would personally like to see what is usually called _Full Stanza
|
2019-02-24 20:56:57 +00:00
|
|
|
Encryption_ (it's really only partial). Today, an OMEMO implementation will
|
2019-02-24 19:56:08 +00:00
|
|
|
only encrypt the plaintext part of messages you send, and either leak
|
2019-02-24 20:56:57 +00:00
|
|
|
everything else (e.g., chatstates, receipts, corrections, xhtml-im), or
|
2019-02-24 19:56:08 +00:00
|
|
|
effectively disable them, for privacy-conscious implementations.
|
|
|
|
|
|
|
|
I would also like to drop _Forward Secrecy_, in the context of Instant
|
|
|
|
Messaging. And I would like to have a better way to manage all these device
|
|
|
|
keys, and I know there are people working on this already.
|
|
|
|
|
|
|
|
Not having all these options heavily degrade user experience in my opinion,
|
|
|
|
and that is my main concern.
|
|
|
|
|
|
|
|
Not having OMEMO though, is also not great either for user experience, as many
|
|
|
|
implementations nowadays provide it, and some even enable it by default,
|
|
|
|
making it impossible for us Slixmpp users to communicate with, without having
|
|
|
|
to ask the sender to turn it off first.
|
|
|
|
|
|
|
|
While I would prefer to see other alternatives, this library should help with
|
|
|
|
the current situation, and we can go back to work on fixing the world.
|
|
|
|
|
|
|
|
|
|
|
|
## What's next?
|
|
|
|
|
|
|
|
Apart from the tons of bugs that I'll have to fix in the following days/weeks,
|
|
|
|
now that we have the foundations, next step is to implement OMEMO in [Poezio].
|
|
|
|
|
|
|
|
Any help is welcome!
|
|
|
|
|
|
|
|
[Poezio]: https://poez.io
|