jdev - 2023-09-04

From what I understand there are 3 namespaces for omemo

- eu.siacs.conversations.axolotl - urn:xmpp:omemo:1 - urn:xmpp:omemo:2

is there any client that still uses the first one? to my knowledge all clients use omemo:1

I was told that dino uses the first one and doesnt use even omemo:1

MSavoritias (fae,ve) I do

https://github.com/movim/movim/blob/master/src/Moxl/Stanza/OMEMO.php#L27

why? also you dont advertise the second one at all?

Because I didn't changed it yet, should I ?

thats what i am asking too. i thought all clients were using omemo:1 and were stuck on that because "reasons".

Well, if we decide to all make the switch, I'm ready to change this

hmm. now i am also curious is that we are using omemo:1 but clients advertise the first one because compatibility

i would love for it to be at least this

well gajim devs at least says that they dont support omemo:1 at all

well this should a be warning at the top of xmpp.org not to use it for more than a toy. the "omemo" encryption that is. if thats the state on the other clients too

as a rule of thumb, the any decentralized coordinated ecosystem moves slower than most expect

there are various reasons for that, for example, software releases being coupled on distribution releases. so if you want maximum interoperability, you have to support an established namespaces for a relativly long period of time (think, for example, debian oldstable)

the problem is not that it moves slow

which, in turn, further disincentivizes the adoption of new versions of the namespace

thats not my problem at least

my problem is that xmpp is known as the secure that uses encryption based on signal. and xmpp.org and the apps do nothing to make it obvious that it is very much not signal encryption

the eu.*.axolotl namespace is using libsignal, so I am not sure where your assumption that its not using "signal encryption" steems from

if you go here https://xmpp.org/extensions/xep-0384.html#revision-history-v0.4.0

it says that at 0.4 it says > Incorporate the double ratchet protocol specification.

thats what i wanted a clarification on

right, but it does not state that it did previously use something else. that's your interpretation of the text :)

in short: omemo has always been used something that more or less was directly derived from what signal does/did ✏

well if we are using then omemo:1 why are we not using the namespace?

as per my original question. I was told omemo:1 is a different protocol

sorry, I don't get the question, could you rephrase it?

right now we are using eu.siacs.conversations.axolotl

as the namespace

yes, it is a different xmpp wire protocol, but the encryption scheme has always been signal'ly/double ratched/x3dh

is it this part?

Use XEP-0420: Stanza Content Encryption. Use AES256/CBC to encrypt SCE payload.

the different wire protocol

those are some of the reasons the wire protocol was changed, yes

ah and also Use wrapping 'keys' element for key elements in 'header'.

ok

thanks for the clarifications. that was a scare ^^'

yw

https://xmpp.org/about/myths/