pep/blog.bouah.net
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Review by lool0, thanks!

Browse source 
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2019-02-24 21:53:55 +00:00
parent 2db452c30f
commit 8d75a9962e
1 changed files with 21 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
content/posts/slixmpp-omemo-release.md
View file

@ -10,9 +10,9 @@ Please give us feedback on the [tracker] or in the [channel]!
After [almost a year][opkode-gulash] since I started working on the [OMEMO]
(end-to-end) encryption mechanism support for [Slixmpp], I am happy to finally
announce a first release. I would like to get feedback, I am sure there are
still plenty of things to improve, and so I encourage developers to do their
worst, and report their findings.
announce a first release. I would like to get feedback. I am sure there are
still plenty of things to improve, and so I encourage developers to bring out
their inner vandal, break it and report their findings.
This library provides an interface to [python-omemo].
@ -22,7 +22,7 @@ Documentation is available in the [README][slix-omemo-README], and there is
also an [echo bot][slix-omemo-bot], with lots of comments.
Thanks to Syndace and [Daniel] for the help with the OMEMO implementation, and
[mathieui] and [Link Mauve] for the help on Slixmpp, and moral support.
[mathieui] and [Link Mauve] for the help on Slixmpp and moral support.
[slix-omemo]: https://lab.louiz.org/poezio/slixmpp-omemo
@ -41,13 +41,13 @@ Thanks to Syndace and [Daniel] for the help with the OMEMO implementation, and
## Separate repository
As you may have noticed, this plugin is served via separate repository. This
As you may have noticed, this plugin is served via a separate repository. This
is for licensing purposes. As much as I like GPL and copyleft, Slixmpp is
licensed under the MIT license, and this is probably not going to change.
Fortunately for Slixmpp, this split should not last forever.
Fortunately for Slixmpp this split should not last forever.
The [python-omemo] library that is used, developed by Syndace, is a complete
reimplementation of the Signal Protocol, unlike [python-axolotl], which is a
The [python-omemo] library that is used -- developed by Syndace -- is a complete
reimplementation of the Signal Protocol unlike [python-axolotl], which is a
port of the original library implemented in Signal.
The only bits that prevent him for releasing his library under MIT is the
@ -61,24 +61,25 @@ easier said than done.)
## Why OMEMO?
There is still lots of things to be improved in OMEMO, the specification.
There is still lots of things to be improved in the OMEMO specification.
I would personally like to see what is usually called _Full Stanza
Encryption_ (it's really only partial). Today, an OMEMO implementation will
only encrypt the plaintext part of messages you send, and either leak
everything else (e.g., chatstates, receipts, corrections, xhtml-im), or
effectively disable them, for privacy-conscious implementations.
I would personally like to see what is usually called _Full Stanza Encryption_
added to the spec. Today, an OMEMO implementation will only encrypt the
plaintext (`<body/>`) part of messages you send, and either leak everything
else (e.g., chatstates, receipts, corrections, xhtml-im), or effectively
disable them, for privacy-conscious implementations.
I would also like to drop _Forward Secrecy_, in the context of Instant
Messaging. And I would like to have a better way to manage all these device
keys, and I know there are people working on this already.
Not having all these options heavily degrade user experience in my opinion,
and that is my main concern.
Not having all these options (or having them, in the case of _Forward
Secrecy_) heavily degrades user experience in my opinion, and that is my main
concern.
Not having OMEMO though, is also not great either for user experience, as many
implementations nowadays provide it, and some even enable it by default,
making it impossible for us Slixmpp users to communicate with, without having
Not having OMEMO though, is also not great either for user experience, many
implementations nowadays provide it, and some even enable it by default.
This makes it impossible for us Slixmpp users to communicate without having
to ask the sender to turn it off first.
While I would prefer to see other alternatives, this library should help with
@ -88,7 +89,7 @@ the current situation, and we can go back to work on fixing the world.
## What's next?
Apart from the tons of bugs that I'll have to fix in the following days/weeks,
now that we have the foundations, next step is to implement OMEMO in [Poezio].
now that we have the foundations next step is to implement OMEMO in [Poezio].
Any help is welcome!