Ensure chat messages can be deciphered by all (capable) clients of both parties
-
Be usable regardless of the participants' online statuses
-
Provide a method to exchange auxilliary keying material. This could for example be used to secure encrypted file transfers.
-
+
It is a result of XMPPs federated nature that a message may pass more than just one server. Therefore it is in the users interest to secure their communication from any intermediate host. End-to-end encryption is an efficient way to protect any data exchanged between sender and receiver against passive and active attackers such as servers and network nodes.
+
OMEMO is an end-to-end encryption protocol based on the Double Ratchet specified in section Double Ratchet. It provides the following guarantees under the threat model described in the next section:
+
+
Confidentiality: Nobody else except sender and receiver is able to read the content of a message.
+
Perfect forward secrecy: A compromised long-term key does not compromise any previous message exchange.
+
Authentication: Every peer is able to authenticate the sender or receiver of a message, even if the details of the authentication process is out-of-scope for this specification.
+
Immutability: Every peer can ensure that a message was not changed by any intermediate node.
+
Plausible deniability: No participant can proof who created a specific message.
+
Asynchronicity: The usability of the protocol does not depend on the online status of any participant.
+
+
Omemo is not intended to protect against the following use cases:
+
+
An attacker has access to your device.
+
You lost your device and an attacker can read messages on your notification screen.
+
Any kind of denial-of-service attack.
+
tbc
+
+
+
The OMEMO protocol protects against passive and active attackers which are able to read, modify, replay, delay and delete messages.