[messaging] Double Ratchet spec

Sam Lanning sam at samlanning.com
Tue Nov 29 20:55:48 PST 2016


Thanks moxie for the very comprehensive response to Nadim's concerns.

Sam.

On 29 Nov 2016 7:23 pm, "Moxie Marlinspike" <moxie at thoughtcrime.org> wrote:

>
> If there are any lingering IP questions around these documents:
>
> 1) Open Whisper Systems has not filed for any patents.
>
> 2) All Open Whisper Systems code is available under an open source license.
>
> 3) All of our specifications are placed in the public domain.
>
> 4) Open Whisper Systems welcomes third-party use of the terminology
> we've used in these documents.
>
> Regarding the documents we published and the full Signal Protocol:
>
> As we previously stated, Signal Protocol includes multiparty,
> multidevice, media, and authentication features built on top of the
> elements we've recently documented.  Signal Protocol is also a moving
> target; we're continuing to make enhancements for new use cases and new
> security features, and will continue doing so for the foreseeable
> future.  Once we've gotten more experience managing the documents we've
> published thus far, we'll consider how to document these higher-level
> elements and new features.
>
> We've made an effort to release standalone documents in order to make
> these concepts easier to reuse by different projects with different
> environments and constraints, and to avoid confusion between projects
> using Signal-like mechanisms and the full Signal Protocol.
>
> Regarding use of the names "Signal" and "Signal Protocol":
>
> These documents provide the flexibility projects with different
> constraints might need to implement something that works for them, so
> there is a fair amount of leeway in terms of how they're used as well as
> how they're combined and built upon.  As a result, our preference is
> that when people use what we've documented to construct their own
> protocols, such creations use an independent name.
>
> For example, the SlickSecure Mesenger might use a protocol called
> "Slick," and describe it as "Slick uses X3DH[ref] with such and such
> encoding and such and such key types in such and such way. The output is
> used to construct a Double Ratchet[ref] session in such and such way,
> etc..."
>
> We want to maintain "Signal" and "Signal Protocol" as names associated
> with up-to-date high-quality software, the latest protocol features, and
> all the specific choices that we've made in implementing these concepts.
>  We've made those choices very carefully, we will continue to update
> them carefully, and we want people to have confidence they will benefit
> from that care when they see the word "Signal."
>
> The Signal trademark allow us to ensure that remains true; we hope to
> develop a trademark licensing program in the near future, similar to
> what the Linux Foundation does with Linux.  In the meantime, definitely
> get in touch if you want to use the name "Signal" to represent your app.
>
> Thanks,
>
> - moxie
>
> On 11/20/2016 01:18 PM, Trevor Perrin wrote:
> > Hi all,
> >
> > A spec for the "Double Ratchet" algorithm is available at [1].
> >
> > We'd welcome feedback, as usual.
> >
> > Trevor
> >
> > [1] https://whispersystems.org/docs/
> > _______________________________________________
> > Messaging mailing list
> > Messaging at moderncrypto.org
> > https://moderncrypto.org/mailman/listinfo/messaging
> >
>
> --
> http://www.thoughtcrime.org
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20161129/b6e3f4a2/attachment.html>


More information about the Messaging mailing list