[messaging] Double Ratchet spec

Nadim Kobeissi nadim at nadim.computer
Tue Nov 29 03:13:54 PST 2016 

Hello again,
It's been a week since my query. I'd like to know if the lack of response
indicates that Trevor or Open Whisper Systems feel this isn't something
worth clarifying.

There are many projects out there who have been impacted negatively because
of this ambiguity on how Signal Protocol might be implemented:

* Silent Circle were contacted by Open Whisper Systems and asked to modify
their implementation, which they ended up renaming to ZINA as a
consequence, away from LibSalamander ("Zina is Not Axolotl").
* ChatSecure almost lost their U.S. public funding to implement Signal
Protocol, until an agreement could be reached regarding whether a totally
independent implementation could be published on the App Store.
* Wire claims to have been asked for USD $2.5M for licensing fees for
Signal Protocol after writing their own implementation, and were forced to
update their independent implementation with a copyright notice for Open
Whisper Systems.
* Some other projects are also claiming that in the past year, before these
specs were published, they were asked to pay a licensing fee even if they
intended to independently implement Signal Protocol from scratch.

I think the above examples render my question undeniably relevant. When I
sent my question last week, it was the second time in a year that I had
formally presented it to this mailing list. Trevor and his team have had
ample time to respond.

Why is my question not eliciting a response after asking it twice over the
space of weeks and months? Would I be exaggerating if I suspected that my
question was being intentionally ignored?

Nadim

On Mon, Nov 21, 2016 at 12:26 PM, Nadim Kobeissi <nadim at nadim.computer>
wrote:

> Dear Trevor,
> Thank you very much for your diligent work on specifying these important
> protocols.
>
> For the sake of complete clarity, I must ask one final question regarding
> this matter:
>
> To my understanding, each of the three components of the Signal protocol
> have now been specified in the public domain. Does this mean that a
> third-party developer is allowed to combine these three components to
> construct a protocol that functions exactly like the full Signal protocol
> itself, without that resulting mirror being bound by the GPL license
> governing the libsignal libaries, or any other such license or restriction?
> Would that third-party developer's resulting library be publishable in the
> public domain as well, should that developer desire it?
>
> I have asked this question before these specifications were published, but
> did not receive an answer. Now that the specifications are out there in the
> public domain, I think it's appropriate for Open Whisper Systems to provide
> a clear answer to this query once and for all.
>
> Again, I congratulate you on the accomplishments your team has made
> towards making secure messaging more ubiquitous around the world. I hope
> that with this public domain approach, more developers will be able to
> follow in that stead.
>
> Regards,
> Nadim
>
> On Sun, Nov 20, 2016 at 10:18 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
>> Hi all,
>>
>> A spec for the "Double Ratchet" algorithm is available at [1].
>>
>> We'd welcome feedback, as usual.
>>
>> Trevor
>>
>> [1] https://whispersystems.org/docs/
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20161129/c1f61911/attachment.html>

More information about the Messaging mailing list