Standardizing by Running Code: The Signal Protocol and De Facto Standardization in End-to-End Encrypted Messaging

19 Pages Posted: 30 Jan 2018

See all articles by Ksenia Ermoshina

Ksenia Ermoshina

University of Angers - French National Center for Scientific Research (CNRS)

Francesca Musiani

French National Center for Scientific Research (CNRS)

Date Written: January 22, 2018

Abstract

In the wake of the Snowden revelations, encryption of communications at a large scale and in a ‘usable’ manner has become a matter of public concern. This turning of encryption into a ‘political’ issue, coupled with seminal secure messaging protocols such as PGP (Pretty Good Privacy) and OTR (Off-the-Record Messaging) starting to show their age in terms of security and usability, has led to renewed efforts by the cryptography community (in particular by academic and free software colectives) to create next-generation secure messaging protocols. One of the leading motivations behind this effort consisted to facilitate key exchange and key verification process, previously identified as the main obstacles to the mass adoption of encryption (Whitten & Tygar, 1999). The most advanced and popular of these next generation protocols is currently the Signal Protocol (formerly Axolotl, firstly introduced in Signal and adopted or forked by other instant messaging applications, ranging from WhatsApp and Wire to Matrix and Conversations). While the Signal protocol is widely adopted and considered as an improvement over both OTR and PGP, it remains officially unstandardized, even though there is an informal draft elaborated towards that goal by the protocol’s creators, Trevor Perrin and Moxie Marlinspike.

This paper analyses the reasons behind this absence of official standardization and explores how and why, in parallel, a de facto standardization process is happening in the field of end-to-end encrypted messaging that mostly revolves around the development and adoption of the Signal protocol. Drawing from an ongoing three-year investigation, from an STS perspective, of end-to-end encrypted messaging, we seek to unveil the ‘subtle’ processes that make the Signal protocol a quasi-standard. In its conclusions, the paper seeks to comment on the governance implications of this quasi-standardization process, both for the end-to-end encrypted messaging field and for the main existing Internet governance standardization bodies, such as the IETF.

Keywords: GigaNet

Suggested Citation

Ermoshina, Ksenia and Musiani, Francesca, Standardizing by Running Code: The Signal Protocol and De Facto Standardization in End-to-End Encrypted Messaging (January 22, 2018). GigaNet: Global Internet Governance Academic Network, Annual Symposium 2017, Available at SSRN: https://ssrn.com/abstract=3107259 or http://dx.doi.org/10.2139/ssrn.3107259

Ksenia Ermoshina

University of Angers - French National Center for Scientific Research (CNRS)

3, rue Michel-Ange
Paris cedex 16, 75794
France

Francesca Musiani (Contact Author)

French National Center for Scientific Research (CNRS) ( email )

3, rue Michel-Ange
Paris, 75794
France

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
161
Abstract Views
1,443
Rank
372,696
PlumX Metrics