Implement OMEMO (Multi-End Message and Object Encryption)

NEW
Unassigned

Status

Chat Core
XMPP
a year ago
2 months ago

People

(Reporter: comzeradd, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
OMEMO (Multi-End Message and Object Encryption) is an XMPP extension for the Axolotl protocol.

See more here: http://conversations.im/omemo/

Currently the only Desktop app that supports it is Gajim through this plugin: https://github.com/kalkin/gajim-omemo/
Component: Other → XMPP
Product: Instantbird → Chat Core
Summary: Implement OMEMO → Implement OMEMO (Multi-End Message and Object Encryption)

Comment 1

4 months ago
OMEMO is now based on the OLM Protocol instead of the Signal Protocol (formerly named the Axolotl Protocol).

It now has an official XEP: ​https://xmpp.org/extensions/xep-0384.html

Both OMEMO and OLM have been audited by third parties:
​https://conversations.im/omemo/audit.pdfhttps://www.nccgroup.trust/us/our-research/matrix-olm-cryptographic-review/

Some of this content is outdated, but a lot of documentation was written a few months ago about OMEMO here: ​https://we.riseup.net/riseup/xmpp

OMEMO is being ported to Profanity.im as well ​https://github.com/boothj5/profanity/issues/658

Usability for the only desktop client that supports OMEMO currently, Gajim, is not perfect. ​https://current.workingdirectory.net/posts/2017/encrypted-mucs/

It'd be great to see InstantBird collaborate with downstream Tor Messenger in order to support OMEMO in both clients.

The Tor Messenger OMEMO ticket has more information and can be found here: https://trac.torproject.org/projects/tor/ticket/17457

What are some blockers that prevent this from happening?

Comment 2

4 months ago
(In reply to kurtis from comment #1)
> It'd be great to see InstantBird collaborate with downstream Tor Messenger
> in order to support OMEMO in both clients.
>  
> What are some blockers that prevent this from happening?

I don't think there are any blockers other than finding a developer with the time to implement it. In fact, if this is implemented without depending on an external library like OTR, it should be easier to upstream.

Comment 3

4 months ago
Can you explain your second sentence further?

Comment 4

4 months ago
(In reply to kurtis from comment #3)
> Can you explain your second sentence further?

OTR support is still an addon (and not shipped by default) in large part because of its dependencies, see bug 1147369.

Comment 5

3 months ago
You could theoretically use the JS implementation of OMEMO....
You need to log in before you can comment on or make changes to this bug.