axolotl, OMEMO vs OpenPGP

Bernhard Reiter bernhard at
Mon Mar 21 17:10:52 CET 2016

On Monday 21 March 2016 at 16:33:34, Bernhard Reiter wrote:
> OMEMO says it does the trick of being "forward secret" and
> offline capable. Is this even possible while being end-to-end,
> e.g. not trusting a service provider?
> If I am offline I could not create ephemeral session keys
> or does this depend on previously exchanged keys?

Dominik, Vincent and Florian write

  <p>Unlike similar XEPs, e.g. OMEMO, this XEP <em>does not</em>
  provide Perfect Forward Secrecy (PFS), but as an advantage in return,
  allows users to read their archived conversations (respectively
  their encrypted data) later on. Of course, only as long as they still
  possess the according secret key. PFS and being
  able to decrypt archived messages are mutually exclusive, i.e. one
  can not have both. We therefore consider this XEP complementary to
  similar ones which also provide end-to-end encryption but with a
  different feature set.</p>

-- (CEO) (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160321/0db9eb8e/attachment.sig>

More information about the Gnupg-devel mailing list