E2E in chat (was: Re: S/Mime usage)

Patrick Cloke patrick at cloke.us
Fri Oct 11 12:12:03 UTC 2019


Wiktor,

On 10/11/19 7:23 AM, Wiktor Kwapisiewicz wrote:

> On 09.10.2019 21:58, Patrick Cloke wrote:
>> It is unfortunately hard to get a clear picture of what is worth
>> implementing for XMPP
>
> XSF publishes Compliance Suites every year that group features that
> they consider "worth implementing". See for example:
> https://xmpp.org/extensions/xep-0412.html
>
> There are also tests run by companies that invest in XMPP heavily:
> https://compliance.conversations.im/tests/
I hadn't seen this exact compliance test site before. Thanks! I think it
is only half the picture though. If a server implements an XEP, but no
clients do, then it is not necessarily worth implementing. (There's also
the aspect of trying to understand what clients are popular, I haven't
looked into this for XMPP in a very long time though.)
>> (i.e. how many users exist that support different end-to-end
>> encryption technologies).
>
> That's not the impression I got from XSF mailing lists. There are
> three groups of E2E technologies within XMPP: legacy (OTR and old
> OpenPGP), recommended (OMEMO and new OMEMO) and there is also MLS that
> some XSF council members believe will replace OMEMO long-term but the
> spec is not ready.
>
> Currently OMEMO is widely implemented, see: https://omemo.top/
I should probably join the XSF mailing list... the thing missing from
that site is some understanding of how popular each of those clients
are. (What percentage of the user population supports it, not what
percentage of clients do.) Anyway, I'm not against supporting OMEMO, but
supporting OTR was a good baseline since it helps all the protocols
implemented in Thunderbird, and a bunch of the work had already been
done a few years ago. Kai and Alex finished integrating it.
> OTR, as the wiki page indicates, is used in either legacy clients
> where multiprotocol support is necessary. (There is also OTRv4 in
> development supported by one client that showcases it: https://coy.im ).
I've seen the OTRv4 stuff, a bit, but haven't been plugged into whether
clients really plan to implement it or not. My understanding is that it
is very incompatible with OTRv3, which is unfortunate from a technical
standpoint.
>> The major downside, in my understanding, is that OTR does not support
>> multi-user chats. I'm sure
>> there are some others, but OTR seemed like a good place to start.
>>
>> There's a bug [1] about implementing OMEMO for anyone who is interested!
>
> Thanks for the reference!

No problem. I think it'd be good to have multiple options here.
Hopefully the other users you're talking to have at least one that
overlaps! I'm unsure how hard it would be to incorporate OMEMO, but I'd
be willing to help guide someone who is interested.

Last thing I'll say is that if there are specific XMPP features that are
missing from Thunderbird please start by filing a bug
<https://bugzilla.mozilla.org/enter_bug.cgi?product=Chat+Core&component=XMPP>
(probably a bug per XEP / feature). Unfortunately most of my use of XMPP
is via GTalk [1] which has a pretty terrible feature set.

--Patrick

[1] Yes, it still works.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20191011/c14f3955/attachment.html>


More information about the tb-planning mailing list