Activity
Trac:
Username: poly
Cc: sukhbir, boklm to sukhbir, boklm, poly@darkdepths.net-
Let's bring the Axolotl ratchet encryption protocal that is used in Signal to Tor Messenger! https://github.com/trevp/axolotl/wiki
The desktop Gajim XMPP client already has an experimental OMEMO plugin here: https://github.com/kalkin/gajim-omemo
Pidgin is working on it here: https://developer.pidgin.im/ticket/16537
Jitsi has a ticket for OMEMO here: https://github.com/jitsi/jitsi/issues/199
Chatsecure has a blog about implimenting OMEMO here: https://chatsecure.org/blog/chatsecure-conversations-zom/
Chris from ChatSecure had this to say here: https://www.bountysource.com/issues/26695270-implement-omemo-axolotl
''"This work is semi-permanently on hold because of the license conflict. Moxie said that the public specification for Axolotl is incomplete, so it will be impossible for us to produce an alternative implementation that isn't a derivative work of one of the GPL libraries. '' Open Whisper Systems owns the full copyright on AxolotlKit so they can relicense it for distribution on the App Store for their own apps. They are currently licensing libaxolotl-java to WhatsApp for the Android version, but for whatever reason haven't yet done the same for WhatsApp iOS and AxolotlKit. I've been told there are no near-term plans to license AxolotlKit to other apps.
However, there may be a light at the end of the tunnel: https://github.com/SilentCircle/libsalamander '' It appears that the Silent Circle team has implemented their own version of Axolotl using only the public specification and (presumably) avoided any reverse engineering of the GPL code. It is licensed Apache 2.0 so it could be used without issue on the App Store. I'm not sure if the key exchange is compatible with libaxolotl-java, among other things, so there is a chance it may not be compatible with Conversations current implementation of OMEMO."''
I don't know how best to represent this on TRAC, but this bug has also been filed upstream at InstantBird. You can find the issue here: https://bugzilla.mozilla.org/show_bug.cgi?id=1237416 If anyone has an account at bugzilla, it might be worth it to somehow keep both tickets updated as the other one gets updated.
From what I understand, Tor Messenger would need to impliment these two ProtoXEPs to get OMEMO to work. Should I make a child ticket to add support for them? Are there other XEPs that need to be added? Do other people have other subtasks that they know would need to get done to make this transition?
https://conversations.im/xeps/omemo-filetransfer.html
XEP-xxxx: OMEMO Encrypted Jingle File Transfer Abstract: This specification defines a Jingle application for transfering encrypted files from one entity to another. The protocol is based on the regular Jingle File Transfer specification and diverges from that only in the description of the file.
https://conversations.im/xeps/multi-end.html
XEP-xxxx: OMEMO Encryption Abstract: This specification defines a protocol for end-to-end encryption in one-on-one chats that may have multiple clients per account. Author: Andreas Straub
Trac:
Username: vegansalad Since Tor Messenger doesn't need to submit to Apple's licensing war against GPL, the only 2 bits of signal to extract from your lengthy quote are:
- https://github.com/SilentCircle/libsalamander exists; and
- "it may not be compatible with Conversations current implementation of OMEMO".
-
The main devs for Chatsecure, Conversations, and Monal are discussing creating a modifying version of OMEMO based on the OLM protocol (which is pretty similar to what the axolotl protocol v2 looked like.). https://github.com/anurodhp/Monal/issues/9
They want to build a tweaked version of something like OMEMO that would be incompatible with existing OMEMO clients, but that would be able to communicate with XMPP clients in the iOS app store like ChatSecure.
If Tor Messenger is going to impliment an encryption protocol like OMEMO, it might be worth it to use the fork that these people are building instead of OMEMO itself so that Tor Messenger users can communicate with iOS users using a Signal based encryption standard. Also, OMEMO was created by the Conversations App person, so it he is transitioning to something else, it might be good to use that instead of OMEMO.
Trac:
Username: vegansalad
Reviewer: N/A to N/A -
Seems like they are looking to base it off of the Apache 2.0 licenced OLM ratchet implementation: https://matrix.org/git/olm/ https://github.com/chrisballinger/OLMKit/tree/olmkit/xcode
Trac:
Username: vegansalad 
Notes from the OTRv4 meeting: https://lists.cypherpunks.ca/pipermail/otr-dev/2016-March/002447.html
-
Trac:
Username: platypus
Cc: sukhbir, boklm, poly@darkdepths.net to sukhbir, boklm, poly@darkdepths.net, platypus@mailbox.org -
OMEMO is now based on the OLM Protocol instead of the Signal Protocol (formerly named the Axolotl Protocol).
It now has an official XEP: https://xmpp.org/extensions/xep-0384.html
Both OMEMO and OLM have been audited by third parties: https://conversations.im/omemo/audit.pdf https://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/
Some of this content is outdated, but a lot of documentation was written a few months ago about OMEMO here: https://we.riseup.net/riseup/xmpp
OMEMO is being ported to Profanity.im as well https://github.com/boothj5/profanity/issues/658
Usability for the only desktop client that supports OMEMO currently, Gajim, is not perfect. https://current.workingdirectory.net/posts/2017/encrypted-mucs/
It'd be great to see Tor Messenger work with InstantBird in order to support OMEMO.
What are some blockers that prevent this from happening?
Trac:
Username: vegansalad -
Any updates on this? I saw that OMEMO integration was being discussed upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1237416
The best mobile XMPP client, Conversations, is depreciating OTR support in their 2.0 version and will make OMEMO default: https://twitter.com/iNPUTmice/status/939171488942436352
It's time to play some catch up and get OMEMO to finally work in Tor Messenger! Thoughts?
Trac:
Username: vegansalad ChatSecure has implemented this as well and it works quite nicely, just that mesages are not syncing to Tor Messenger as there's no OMEMO support :/
Trac:
Cc: sukhbir, boklm, poly@darkdepths.net, platypus@mailbox.org to sukhbir, boklm, poly@darkdepths.net, platypus@mailbox.org, cypherpunks<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)
sad but true: https://blog.torproject.org/sunsetting-tor-messenger
luckily there are alternatives: https://blog.torproject.org/tor-heart-onion-messaging
.. and maybe someday
Trac:
Status: new to closed
Resolution: N/A to wontfixmentioned in issue #17606 (closed)
