3.9 KiB
| title | date | draft |
|---|---|---|
| Slixmpp gets OMEMO support | 2019-02-23T22:06:50Z | true |
TL;DR: Developers can already experiment with the slixmpp-omemo plugin.
Please give us feedback on the tracker or in the channel!
After almost a year since I started working on the OMEMO (end-to-end) encryption mechanism support for Slixmpp, I am happy to finally announce a first release. I would like to get feedback, I am sure there are still plenty of things to improve, and so I encourage developers to do their worst, and report their findings.
This library provides an interface to python-omemo.
You can find the code at
https://lab.louiz.org/poezio/slixmpp-omemo.
Documentation is available in the README, and there is
also an echo bot, with lots of comments.
Thanks to Syndace and Daniel for the help with the OMEMO implementation, and mathieui and Link Mauve for the help on Slixmpp, and moral support.
Separate repository
As you may have noticed, this plugin is served via separate repository. This is for licensing purposes. As much as I like GPL and copyleft, Slixmpp is licensed under the MIT license, and this is probably not going to change. Fortunately for Slixmpp, this split should not last forever.
The python-omemo library that is used, developed by Syndace, is a complete reimplementation of the Signal Protocol, unlike python-axolotl, which is a port of the original library implemented in Signal.
The only bits that prevent him for releasing his library under MIT is the wireformat, that has to be the same as the original implementation as specified in XEP-0384. Providing that we define another wireformat for all OMEMO implementations to use, this restriction will go away, (still easier said than done.)
Why OMEMO?
There is still lots of things to be improved in OMEMO, the specification.
I would personally like to see what is usually called Full Stanza Encryption, (it's really only partial). Today, an OMEMO implementation will only encrypt the plaintext part of messages you send, and either leak everything else, (e.g., chatstates, receipts, corrections, xhtml-im), or effectively disable them, for privacy-conscious implementations.
I would also like to drop Forward Secrecy, in the context of Instant Messaging. And I would like to have a better way to manage all these device keys, and I know there are people working on this already.
Not having all these options heavily degrade user experience in my opinion, and that is my main concern.
Not having OMEMO though, is also not great either for user experience, as many implementations nowadays provide it, and some even enable it by default, making it impossible for us Slixmpp users to communicate with, without having to ask the sender to turn it off first.
While I would prefer to see other alternatives, this library should help with the current situation, and we can go back to work on fixing the world.
What's next?
Apart from the tons of bugs that I'll have to fix in the following days/weeks, now that we have the foundations, next step is to implement OMEMO in Poezio.
Any help is welcome!