debacleIs there a good abstract about the 96 vs. 128 bits OMEMO mess?
Which explains, why clients should move to 96 bits and how things went wrong?
TIA!
Ge0rG96 bits?
Ge0rGah, 12 bytes. I was confused for a brief moment
pep.debacle, TL;DR: You only need to move to 12 if you want Monal to read you
debacleGe0rG Nice, first people use a medium, that prevent them from communicating in complete sentences. Then they work around it by sending many messages :-) Thanks anway!
debaclepep. Yes, and I think Monal 5.0.1 just solved the problem anyway.
pep.did it?
Ge0rGI still think that the best solution to the OMEMO problem is to disable OMEMO
pep.I doubt that's an OMEMO-only issue
debacleAh, no that's the other way around!
pep.I mean this one specifically yes. Not this kind of issue though
debacle*ChatSecure* 5.0.1 fixed 12 bytes IV receiving.
pep.debacle, yeah, so my TL;DR holds :)
debacleMonal is still "broken" by not receiving 16 bytes.
pulkomandyhas left
debaclelet's hope, there is a way for a new Monal version to accept both
debaclepep. Unfortunately, at least two of my contacts use Monal. And it's my fault!
pep.Maybe an incentive to push Debian to do exceptional releases? :P
debaclepep. exceptional Debian release because of an Apple app. I'm so ashamed :-)
pep.ha ha ha
rionhas left
rionhas joined
pulkomandyhas joined
larmahas left
pulkomandyhas left
pulkomandyhas joined
larmahas joined
sonnyhas left
lovetoxhas left
Marchas left
Marchas joined
paulhas left
Marchas left
Marchas joined
moparisthebestdebacle: limitation in Apple's crypto API precludes them from accepting 16 byte IVs with it, and France's stupid laws prevent them from using another crypto lib, so I doubt monal will fix it
lovetoxhas joined
lovetoxhas left
lovetoxhas joined
jonas’wat?
pulkomandyhas left
pulkomandyhas joined
debaclemoparisthebest Sounds horrible!
pulkomandyhas left
moparisthebestjonas’, which bit do you want clarification on?
jonas’moparisthebest, what’s got france to do with that? I mean, which law is that?
moparisthebesthttps://monal.im/blog/omemo-and-french-laws/ and https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/
moparisthebestas I understand it, france requires him to get approval from the prime minister to "distribute a crypto library" OR he can use apple's supplied API, since that's distributed by Apple who already has said approval
jonas’that’s not really cleared anything up
moparisthebesthttps://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/#comment-29385 not even that one?
pulkomandyhas joined
jonas’no
jonas’because that doesn’t explain which french law and with which rationale forces GCM implementations to register somewhere
moparisthebest> import of a means of cryptology which does not exclusively provide authentication or integrity control functions are subject to a prior declaration to the Prime Minister
(Google Translate of French law)
moparisthebestlarma pasted that in dino channel earlier ^
lovetoxyeah and why cant i distribute my app on appstore, but every distro in the world can ship as much crypto libs as it wants to france users
moparisthebestjonas’, basically apple has to approve or deny your app right? and they would not approve it for france without said certificate
moparisthebestlovetox, iirc it's about shipping crypto *from* france, not *to*, I don't know, ask Apple
moparisthebest> use restrictive shit OS / Ecosystem
moparisthebest> surprised when it turns out to be restrictive and shitty
lovetoxim not a smartphone user, but this appstore monopole leads to weird stuff
jonas’ISTM that france is the problem here, not iOS
Zashwhy not both?
moparisthebestfrench laws require apple to do this though, I guess
moparisthebestor at minimum apple believes they are required to do this per french law
lovetoxseems to be a law to just limit encryption on smartphones
lovetoxthey probably dont care about desktop
lovetoxbut still weird, at this point why would you still trust apples crypto lib?
moparisthebest*yet (or don't have a great way to enforce it, yet)
jonas’or desktop is irrelevant
jonas’my bet for "the year of the linux desktop" is when the desktop has become so irrelevant that it’s only used by nerds ;)
lovetoxbut yeah good plan, force all application to use a single lib
moparisthebestit was 2009, when everyone had a phone, running linux, sitting on top of their desk (otherwise known as their desktop) :P
lovetoxthen outlaw that lib
lovetoxboom no encryption anymore :)
moparisthebestlovetox, why outlaw it, it's an "approved" lib (maybe even backdoored :))
moparisthebestonly thing better than outlawing encryption is telling everyone you are encrypting while secretly sending copies to yourself
pulkomandyhas left
Wojtekhas left
pulkomandyhas joined
paulhas joined
Wojtekhas joined
pulkomandyhas left
pulkomandyhas joined
pulkomandyhas left
pulkomandyhas joined
sonnyhas joined
kikuchiyohas left
lovetoxhas left
pulkomandyhas left
pulkomandyhas joined
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas joined
pulkomandyhas left
pulkomandyhas joined
kikuchiyohas left
kikuchiyohas joined
debaclehas left
pep.happy to see we're discussing the stupidity of French laws. I wonder if Anu would join us in protests. Anyone else interested? We have spare pitchforks!
kikuchiyohas left
Wojtekhas left
moparisthebestAnyone who willingly owns an iPhone is used to bending over I assume
kikuchiyohas joined
kikuchiyohas left
paulhas left
asterixhas left
larmaI think the reason why Apple cares so much about the apps in their App Store is that they are considered the entity importing when downloading the app on an iPhone in France.
For Linux distributions and most desktop software, it is the end user doing the import when downloading the software. The reasons why Apple can not argue the same are probably that a) they don't allow any third party software to download apps from the app store, and b) they don't allow to download apps from third party sources. Their closed ecosystem kind of implies that they actually control what is downloaded and installed on the phone so they can be held liable. IANAL though ;)
pep.So that would also happen with any other store thingy? Android, Microsoft? (Steam? etc., who knows what games include nowadays :p)
moparisthebestBut all those you can download apps without using the stores
moparisthebestI don't know legally if that makes a difference or anything
ZashSomething like common carrier regulations where if you do mess with stuff, you're on the hook for the legality of it.