From 1b6dee1e369634866b436aa66f69974648ac7575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Sun, 24 Feb 2019 19:56:08 +0000 Subject: [PATCH] First draft of slixmpp-omemo-release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Maxime “pep” Buquet --- content/posts/slixmpp-omemo-release.md | 95 ++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 content/posts/slixmpp-omemo-release.md diff --git a/content/posts/slixmpp-omemo-release.md b/content/posts/slixmpp-omemo-release.md new file mode 100644 index 0000000..5f0385d --- /dev/null +++ b/content/posts/slixmpp-omemo-release.md @@ -0,0 +1,95 @@ +--- +title: "Slixmpp gets OMEMO support" +date: 2019-02-23T22:06:50Z +draft: true +--- + +TL;DR: Developers can already experiment with the [slixmpp-omemo][slix-omemo] plugin. +Please give us feedback on the [tracker] or in the [channel]! + + +After [almost a year][opkode-gulash] since I started working on the [OMEMO] +(end-to-end) encryption mechanism support for [Slixmpp], I am happy to finally +announce a first release. I would like to get feedback, I am sure there are +still plenty of things to improve, and so I encourage developers to do their +worst, and report their findings. + +This library provides an interface to [python-omemo]. + +You can find the code at +[https://lab.louiz.org/poezio/slixmpp-omemo][slix-omemo]. +Documentation is available in the [README][slix-omemo-README], and there is +also an [echo bot][slix-omemo-bot], with lots of comments. + +Thanks to Syndace and [Daniel] for the help with the OMEMO implementation, and +[mathieui] and [Link Mauve] for the help on Slixmpp, and moral support. + + +[slix-omemo]: https://lab.louiz.org/poezio/slixmpp-omemo +[tracker]: https://lab.louiz.org/poezio/slixmpp-omemo/issues +[channel]: xmpp:slixmpp@muc.poez.io?join +[opkode-gulash]: https://opkode.com/blog/2018-gulaschprogrammiernacht/ +[OMEMO]: https://xmpp.org/extensions/xep-0384.html +[Slixmpp]: https://lab.louiz.org/poezio/slixmpp +[slix-omemo-README]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/README.rst +[slix-omemo-bot]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/examples/echo_client.py +[python-omemo]: https://github.com/Syndace/python-omemo +[Daniel]: https://gultsch.de +[mathieui]: xmpp:mathieui@mathieui.net?message +[Link Mauve]: xmpp:linkmauve@linkmauve.fr?message + + +## Separate repository + +As you may have noticed, this plugin is served via separate repository. This +is for licensing purposes. As much as I like GPL and copyleft, Slixmpp is +licensed under the MIT license, and this is probably not going to change. +Fortunately for Slixmpp, this split should not last forever. + +The [python-omemo] library that is used, developed by Syndace, is a complete +reimplementation of the Signal Protocol, unlike [python-axolotl], which is a +port of the original library implemented in Signal. + +The only bits that prevent him for releasing his library under MIT is the +wireformat, that has to be the same as the original implementation as +specified in [XEP-0384][OMEMO]. Providing that we define another wireformat +for all OMEMO implementations to use, this restriction will go away, (still +easier said than done.) + +[python-axolotl]: https://pypi.org/project/python-axolotl/ + + +## Why OMEMO? + +There is still lots of things to be improved in OMEMO, the specification. + +I would personally like to see what is usually called _Full Stanza +Encryption_, (it's really only partial). Today, an OMEMO implementation will +only encrypt the plaintext part of messages you send, and either leak +everything else, (e.g., chatstates, receipts, corrections, xhtml-im), or +effectively disable them, for privacy-conscious implementations. + +I would also like to drop _Forward Secrecy_, in the context of Instant +Messaging. And I would like to have a better way to manage all these device +keys, and I know there are people working on this already. + +Not having all these options heavily degrade user experience in my opinion, +and that is my main concern. + +Not having OMEMO though, is also not great either for user experience, as many +implementations nowadays provide it, and some even enable it by default, +making it impossible for us Slixmpp users to communicate with, without having +to ask the sender to turn it off first. + +While I would prefer to see other alternatives, this library should help with +the current situation, and we can go back to work on fixing the world. + + +## What's next? + +Apart from the tons of bugs that I'll have to fix in the following days/weeks, +now that we have the foundations, next step is to implement OMEMO in [Poezio]. + +Any help is welcome! + +[Poezio]: https://poez.io