Crypto engineers tend to like the Axolotl design, which is an unusually serious cryptographic design for a messaging protocol (historically, messaging crypto has been cryptographically slapdash, with the exception of OTR).
But the reason crypto people are so positive about Signal Protocol isn't just that they like the ratchet. It's also that they trust the entire design of the system, not just the ratchet but all the rest of the cryptographic details, and also the oversight of the protocol.
It's kind of the same way that crypto engineers like stream ciphers designed as simple hash cores running in counter mode, but really what they like is stuff that Dan Bernstein designs --- they aren't encouraging you to go design your own hash-core based stream cipher!
So: it's good that these other systems adopting "Axolotl" are at least starting from a cryptographically serious place. But it's a bit jarring to see them reference "Axolotl" as if it answered the question of "why should we trust this cryptography".
A better answer would be to provide the bios of the people who designed and implemented the crypto in these systems.
I started NCC Group Cryptography Services. They're great, but I'm telling you, no: the bios are important. A single point in time audit doesn't make something secure.
Well, thanks for starting NCC Group Crypto then :) One can at least extrapolate from an audit - it surely tells you how competent the code is at a point in time, and how rapidly and competently any issues were resolved, and one can assume the same team will progress similarly.
In terms of bios: the folks working on libolm have 10-15 years each of professionally writing decent security-conscious native code, the vast majority of which (pre-Matrix) has been proprietary, with the exception of occasional contributions to things like Wireshark. I don't think they'd have described themselves as specialising in cryptography before embarking on libolm, but the team's learnt a lot along the way and the label might be more appropriate now. Ooi, what would you consider an appropriate bio? (short of being DJB or Moxie? :)
But the reason crypto people are so positive about Signal Protocol isn't just that they like the ratchet. It's also that they trust the entire design of the system, not just the ratchet but all the rest of the cryptographic details, and also the oversight of the protocol.
It's kind of the same way that crypto engineers like stream ciphers designed as simple hash cores running in counter mode, but really what they like is stuff that Dan Bernstein designs --- they aren't encouraging you to go design your own hash-core based stream cipher!
So: it's good that these other systems adopting "Axolotl" are at least starting from a cryptographically serious place. But it's a bit jarring to see them reference "Axolotl" as if it answered the question of "why should we trust this cryptography".
A better answer would be to provide the bios of the people who designed and implemented the crypto in these systems.