pep/blog.bouah.net
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

First draft of slixmpp-omemo-release

Browse source 
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2019-02-24 19:56:08 +00:00
parent c31354de53
commit 1b6dee1e36
1 changed files with 95 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
content/posts/slixmpp-omemo-release.md Normal file
View file

@ -0,0 +1,95 @@
---
title: "Slixmpp gets OMEMO support"
date: 2019-02-23T22:06:50Z
draft: true
---
TL;DR: Developers can already experiment with the [slixmpp-omemo][slix-omemo] plugin.
Please give us feedback on the [tracker] or in the [channel]!
After [almost a year][opkode-gulash] since I started working on the [OMEMO]
(end-to-end) encryption mechanism support for [Slixmpp], I am happy to finally
announce a first release. I would like to get feedback, I am sure there are
still plenty of things to improve, and so I encourage developers to do their
worst, and report their findings.
This library provides an interface to [python-omemo].
You can find the code at
[https://lab.louiz.org/poezio/slixmpp-omemo][slix-omemo].
Documentation is available in the [README][slix-omemo-README], and there is
also an [echo bot][slix-omemo-bot], with lots of comments.
Thanks to Syndace and [Daniel] for the help with the OMEMO implementation, and
[mathieui] and [Link Mauve] for the help on Slixmpp, and moral support.
[slix-omemo]: https://lab.louiz.org/poezio/slixmpp-omemo
[tracker]: https://lab.louiz.org/poezio/slixmpp-omemo/issues
[channel]: xmpp:slixmpp@muc.poez.io?join
[opkode-gulash]: https://opkode.com/blog/2018-gulaschprogrammiernacht/
[OMEMO]: https://xmpp.org/extensions/xep-0384.html
[Slixmpp]: https://lab.louiz.org/poezio/slixmpp
[slix-omemo-README]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/README.rst
[slix-omemo-bot]: https://lab.louiz.org/poezio/slixmpp-omemo/blob/master/examples/echo_client.py
[python-omemo]: https://github.com/Syndace/python-omemo
[Daniel]: https://gultsch.de
[mathieui]: xmpp:mathieui@mathieui.net?message
[Link Mauve]: xmpp:linkmauve@linkmauve.fr?message
## Separate repository
As you may have noticed, this plugin is served via separate repository. This
is for licensing purposes. As much as I like GPL and copyleft, Slixmpp is
licensed under the MIT license, and this is probably not going to change.
Fortunately for Slixmpp, this split should not last forever.
The [python-omemo] library that is used, developed by Syndace, is a complete
reimplementation of the Signal Protocol, unlike [python-axolotl], which is a
port of the original library implemented in Signal.
The only bits that prevent him for releasing his library under MIT is the
wireformat, that has to be the same as the original implementation as
specified in [XEP-0384][OMEMO]. Providing that we define another wireformat
for all OMEMO implementations to use, this restriction will go away, (still
easier said than done.)
[python-axolotl]: https://pypi.org/project/python-axolotl/
## Why OMEMO?
There is still lots of things to be improved in OMEMO, the specification.
I would personally like to see what is usually called _Full Stanza
Encryption_, (it's really only partial). Today, an OMEMO implementation will
only encrypt the plaintext part of messages you send, and either leak
everything else, (e.g., chatstates, receipts, corrections, xhtml-im), or
effectively disable them, for privacy-conscious implementations.
I would also like to drop _Forward Secrecy_, in the context of Instant
Messaging. And I would like to have a better way to manage all these device
keys, and I know there are people working on this already.
Not having all these options heavily degrade user experience in my opinion,
and that is my main concern.
Not having OMEMO though, is also not great either for user experience, as many
implementations nowadays provide it, and some even enable it by default,
making it impossible for us Slixmpp users to communicate with, without having
to ask the sender to turn it off first.
While I would prefer to see other alternatives, this library should help with
the current situation, and we can go back to work on fixing the world.
## What's next?
Apart from the tons of bugs that I'll have to fix in the following days/weeks,
now that we have the foundations, next step is to implement OMEMO in [Poezio].
Any help is welcome!
[Poezio]: https://poez.io