jdev - 2020-02-18

Is there a good abstract about the 96 vs. 128 bits OMEMO mess? Which explains, why clients should move to 96 bits and how things went wrong? TIA!

96 bits?

ah, 12 bytes. I was confused for a brief moment

debacle: https://twitter.com/iNPUTmice/status/1228950491805167617

debacle, TL;DR: You only need to move to 12 if you want Monal to read you

Ge0rG Nice, first people use a medium, that prevent them from communicating in complete sentences. Then they work around it by sending many messages :-) Thanks anway!

pep. Yes, and I think Monal 5.0.1 just solved the problem anyway.

did it?

I still think that the best solution to the OMEMO problem is to disable OMEMO

I doubt that's an OMEMO-only issue

Ah, no that's the other way around!

I mean this one specifically yes. Not this kind of issue though

*ChatSecure* 5.0.1 fixed 12 bytes IV receiving.

debacle, yeah, so my TL;DR holds :)

Monal is still "broken" by not receiving 16 bytes.

let's hope, there is a way for a new Monal version to accept both

pep. Unfortunately, at least two of my contacts use Monal. And it's my fault!

Maybe an incentive to push Debian to do exceptional releases? :P

pep. exceptional Debian release because of an Apple app. I'm so ashamed :-)

ha ha ha

debacle: limitation in Apple's crypto API precludes them from accepting 16 byte IVs with it, and France's stupid laws prevent them from using another crypto lib, so I doubt monal will fix it

wat?

moparisthebest Sounds horrible!

jonas’, which bit do you want clarification on?

moparisthebest, what’s got france to do with that? I mean, which law is that?

https://monal.im/blog/omemo-and-french-laws/ and https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/

as I understand it, france requires him to get approval from the prime minister to "distribute a crypto library" OR he can use apple's supplied API, since that's distributed by Apple who already has said approval

that’s not really cleared anything up

https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/#comment-29385 not even that one?

no

because that doesn’t explain which french law and with which rationale forces GCM implementations to register somewhere

> import of a means of cryptology which does not exclusively provide authentication or integrity control functions are subject to a prior declaration to the Prime Minister (Google Translate of French law)

larma pasted that in dino channel earlier ^

yeah and why cant i distribute my app on appstore, but every distro in the world can ship as much crypto libs as it wants to france users

jonas’, basically apple has to approve or deny your app right? and they would not approve it for france without said certificate

lovetox, iirc it's about shipping crypto *from* france, not *to*, I don't know, ask Apple

> use restrictive shit OS / Ecosystem

> surprised when it turns out to be restrictive and shitty

im not a smartphone user, but this appstore monopole leads to weird stuff

ISTM that france is the problem here, not iOS

why not both?

french laws require apple to do this though, I guess

or at minimum apple believes they are required to do this per french law

seems to be a law to just limit encryption on smartphones

they probably dont care about desktop

but still weird, at this point why would you still trust apples crypto lib?

*yet (or don't have a great way to enforce it, yet)

or desktop is irrelevant

my bet for "the year of the linux desktop" is when the desktop has become so irrelevant that it’s only used by nerds ;)

but yeah good plan, force all application to use a single lib

it was 2009, when everyone had a phone, running linux, sitting on top of their desk (otherwise known as their desktop) :P

then outlaw that lib

boom no encryption anymore :)

lovetox, why outlaw it, it's an "approved" lib (maybe even backdoored :))

only thing better than outlawing encryption is telling everyone you are encrypting while secretly sending copies to yourself

happy to see we're discussing the stupidity of French laws. I wonder if Anu would join us in protests. Anyone else interested? We have spare pitchforks!

Anyone who willingly owns an iPhone is used to bending over I assume

I think the reason why Apple cares so much about the apps in their App Store is that they are considered the entity importing when downloading the app on an iPhone in France. For Linux distributions and most desktop software, it is the end user doing the import when downloading the software. The reasons why Apple can not argue the same are probably that a) they don't allow any third party software to download apps from the app store, and b) they don't allow to download apps from third party sources. Their closed ecosystem kind of implies that they actually control what is downloaded and installed on the phone so they can be held liable. IANAL though ;)

So that would also happen with any other store thingy? Android, Microsoft? (Steam? etc., who knows what games include nowadays :p)

But all those you can download apps without using the stores

I don't know legally if that makes a difference or anything

Something like common carrier regulations where if you do mess with stuff, you're on the hook for the legality of it.