@xmpp I'm intrigued and I'll listen in, but just out of curiosity: why PGP, if we already have OMEMO? Sry for the ignorance!!

@clayogra @xmpp @vanitasvitae sorry to read that, the room has been victim of spam bombing, and many spammers have had to be rejected. You have been rejected by mistake due to that.

@xmpp @vanitasvitae @Goffi i too would love some info on this. it'd be great if there was something online to read about why openpgp over omemo, what the use cases are here.

@jauntywunderkind420 @xmpp @vanitasvitae one use case : with OMEMO (and PFS), you can only get messages from the time since you've joined a conversation. It may be desirable to access all time archives (e.g. in a university, association or enterprise, for the knowledge base). This also applies to non IM use cases (namely Pubsub).

@Goffi @xmpp @vanitasvitae thanks. OMEMO seems widely adopted & popular. i'd be curious to hear from the openpgp camp why they went that route, what capabilities that brings.

that seems to match close to clayogra's original question:
> I'm intrigued and I'll listen in, but just out of curiosity: why PGP, if we already have OMEMO? Sry for the ignorance!!

still looking for any answers to that.

@jauntywunderkind420 @xmpp @vanitasvitae

just to be clear: there is not a "openpgp camp ", it's a complementary method, the aim is not to replace or compete with OMEMO, and there are many OMEMO advocates following OX improvements.

We are doing discussions to have the best possible UX, so your client of choice can do select right options without being annoying for users.

OMEMO will probably stay the main option for most users in IM.

@Goffi @jauntywunderkind420 @xmpp with pgp you could decrypt the messages on almost any device, even a client that doesn't support encryption or from old data archives.

@clayogra @xmpp OMEMO and OpenPGP have different capabilities and perfectly complement each other.

OMEMO for instance does not allow you to keep a server side message archive, while OpenPGP does.
OpenPGP however does not provide forward secrecy.

So it depends on your use-case and there are people that might prefer OpenPGP over OMEMO :)

@0 that’s your cue — explain why PGP if we already have OMEMO! ^^

@clayogra this is a really good question, no need to be ashamed :)

@wiktor @0
It's independent of the device. You are able to use the WoT. There may some use cases where OpenPGP without Perfect Forward Secrecy is better.
Keep in mind that XMPP is not only protocol to have a Smartphone chat. There is also IoT. If I don't use a Smartphone and just login on a shared device, I can use my OpenPGP Token.
You work in a company where the communication is encrypted, but the company needs access to the communication,.....

@clayogra @xmpp Why not?
OpenPGP has some advantages over omemo, such as you can use whatever cipher you want (RSA4096, ed25519) and it's kind of more secure as you'd use the same key in every device, so you don't have to manually verify the omemo keys.

The choice of cipher and also the encrypted-messages-on-server part, I understand, but I'd argue that OMEMO is in fact "more secure" because of PFS. But then again I may be wrong ;)


Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.