[messaging] IETF standardization of a next-gen messaging protocol

Matthew Hodgson matthew at matrix.org
Sun Oct 2 05:56:46 PDT 2016


>> On 2 Oct 2016, at 12:21, Tobias Markmann <tmarkmann at googlemail.com> wrote:
>> * How does this relate to other standardization efforts? (You already
>>   mentioned olm, there's also OMEMO which is currently gaining some
>>   traction.)
> OMEMO is currently being adjusted to use Olm instead of Signal, so that it will be more implementation and standardization friendly [1], and will probably be standardized by the XSF afterwards.

For those not familiar: Olm is an independent implementation of the Double Ratchet algorithm based on the original sketch by Trevor & Moxie, written in C/C++14 by the Matrix.org team. It's released under the Apache 2.0 license at https://matrix.org/git/olm, and we've published a formal spec for it at https://matrix.org/docs/spec/olm.html. Olm is independent of the actual messaging protocol (eg it's used fine for both Matrix and XMPP/OMEMO). We've spoken at length to Moxie about Olm, and understand that he is fine with an independent liberal-licensed implementation as long as we make it abundantly clear that it's nothing to do with Signal, or Signal protocol, and is just a double ratchet impl.

Seperately, Megolm is a new ratchet we've designed specifically for the problem of handling group conversations with selectively shareable history for syncing between devices. It's also included in libolm, and the formal spec is at https://matrix.org/docs/spec/megolm.html. Megolm is very new (less than a month old), although it's being beta'd in https://riot.im/app currently. It uses Olm to exchange the group ratchet state between participants. 

Olm (and megolm) are currently being audited by NCC Group as part of a publicly released audit (which has already shown up some stuff we need to address; eg whether Olm prekeys should be signed and whether Megolm sessions suffer from replay attacks). We were going to hold off making a big announcement until the audit's done and we've fixed the thinkos, but I guess this thread preempts that :)

Obviously we are very interested in Olm (and perhaps Megolm) being usable as an unencumbered, liberal licensed, and well-specified E2E protocol for the purposes being discussed here. However, we've been too busy building it and shipping it in Riot to get stuck into standardisation stuff yet! We would certainly like to be part of a BOF discussion though :)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20161002/19d04b9b/attachment.html>

More information about the Messaging mailing list