-
debacle
Is there a good abstract about the 96 vs. 128 bits OMEMO mess? Which explains, why clients should move to 96 bits and how things went wrong? TIA!
-
Ge0rG
96 bits?
-
Ge0rG
ah, 12 bytes. I was confused for a brief moment
-
Ge0rG
debacle: https://twitter.com/iNPUTmice/status/1228950491805167617
-
pep.
debacle, TL;DR: You only need to move to 12 if you want Monal to read you
-
debacle
Ge0rG Nice, first people use a medium, that prevent them from communicating in complete sentences. Then they work around it by sending many messages :-) Thanks anway!
-
debacle
pep. Yes, and I think Monal 5.0.1 just solved the problem anyway.
-
pep.
did it?
-
Ge0rG
I still think that the best solution to the OMEMO problem is to disable OMEMO
-
pep.
I doubt that's an OMEMO-only issue
-
debacle
Ah, no that's the other way around!
-
pep.
I mean this one specifically yes. Not this kind of issue though
-
debacle
*ChatSecure* 5.0.1 fixed 12 bytes IV receiving.
-
pep.
debacle, yeah, so my TL;DR holds :)
-
debacle
Monal is still "broken" by not receiving 16 bytes.
-
debacle
let's hope, there is a way for a new Monal version to accept both
-
debacle
pep. Unfortunately, at least two of my contacts use Monal. And it's my fault!
-
pep.
Maybe an incentive to push Debian to do exceptional releases? :P
-
debacle
pep. exceptional Debian release because of an Apple app. I'm so ashamed :-)
-
pep.
ha ha ha
-
moparisthebest
debacle: limitation in Apple's crypto API precludes them from accepting 16 byte IVs with it, and France's stupid laws prevent them from using another crypto lib, so I doubt monal will fix it
-
jonas’
wat?
-
debacle
moparisthebest Sounds horrible!
-
moparisthebest
jonas’, which bit do you want clarification on?
-
jonas’
moparisthebest, what’s got france to do with that? I mean, which law is that?
-
moparisthebest
https://monal.im/blog/omemo-and-french-laws/ and https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/
-
moparisthebest
as I understand it, france requires him to get approval from the prime minister to "distribute a crypto library" OR he can use apple's supplied API, since that's distributed by Apple who already has said approval
-
jonas’
that’s not really cleared anything up
-
moparisthebest
https://monal.im/blog/monal-4-3-is-coming-out-in-about-a-week-even-in-france/#comment-29385 not even that one?
-
jonas’
no
-
jonas’
because that doesn’t explain which french law and with which rationale forces GCM implementations to register somewhere
-
moparisthebest
> import of a means of cryptology which does not exclusively provide authentication or integrity control functions are subject to a prior declaration to the Prime Minister (Google Translate of French law)
-
moparisthebest
larma pasted that in dino channel earlier ^
-
lovetox
yeah and why cant i distribute my app on appstore, but every distro in the world can ship as much crypto libs as it wants to france users
-
moparisthebest
jonas’, basically apple has to approve or deny your app right? and they would not approve it for france without said certificate
-
moparisthebest
lovetox, iirc it's about shipping crypto *from* france, not *to*, I don't know, ask Apple
-
moparisthebest
> use restrictive shit OS / Ecosystem
-
moparisthebest
> surprised when it turns out to be restrictive and shitty
-
lovetox
im not a smartphone user, but this appstore monopole leads to weird stuff
-
jonas’
ISTM that france is the problem here, not iOS
-
Zash
why not both?
-
moparisthebest
french laws require apple to do this though, I guess
-
moparisthebest
or at minimum apple believes they are required to do this per french law
-
lovetox
seems to be a law to just limit encryption on smartphones
-
lovetox
they probably dont care about desktop
-
lovetox
but still weird, at this point why would you still trust apples crypto lib?
-
moparisthebest
*yet (or don't have a great way to enforce it, yet)
-
jonas’
or desktop is irrelevant
-
jonas’
my bet for "the year of the linux desktop" is when the desktop has become so irrelevant that it’s only used by nerds ;)
-
lovetox
but yeah good plan, force all application to use a single lib
-
moparisthebest
it was 2009, when everyone had a phone, running linux, sitting on top of their desk (otherwise known as their desktop) :P
-
lovetox
then outlaw that lib
-
lovetox
boom no encryption anymore :)
-
moparisthebest
lovetox, why outlaw it, it's an "approved" lib (maybe even backdoored :))
-
moparisthebest
only thing better than outlawing encryption is telling everyone you are encrypting while secretly sending copies to yourself
-
pep.
happy to see we're discussing the stupidity of French laws. I wonder if Anu would join us in protests. Anyone else interested? We have spare pitchforks!
-
moparisthebest
Anyone who willingly owns an iPhone is used to bending over I assume
-
larma
I think the reason why Apple cares so much about the apps in their App Store is that they are considered the entity importing when downloading the app on an iPhone in France. For Linux distributions and most desktop software, it is the end user doing the import when downloading the software. The reasons why Apple can not argue the same are probably that a) they don't allow any third party software to download apps from the app store, and b) they don't allow to download apps from third party sources. Their closed ecosystem kind of implies that they actually control what is downloaded and installed on the phone so they can be held liable. IANAL though ;)
-
pep.
So that would also happen with any other store thingy? Android, Microsoft? (Steam? etc., who knows what games include nowadays :p)
-
moparisthebest
But all those you can download apps without using the stores
-
moparisthebest
I don't know legally if that makes a difference or anything
-
Zash
Something like common carrier regulations where if you do mess with stuff, you're on the hook for the legality of it.