Openfires new Pep/Pubsub implementations have a bug when new pep nodes are created it uses
org.jivesoftware.openfire.pubsub.DefaultNodeConfiguration as default configuration for the node.
But in DefaultNodeConfiguration the default value for access model is open and not presence.
private AccessModel accessModel = AccessModel.open;
The XEP-0163 says this:
A PEP service MUST:
- Support the node discovery, node creation, node deletion, publish item, subscribe, unsubscribe, and item retrieval use cases specified in XEP-0060.
Support the “auto-create”, “auto-subscribe”, and “filtered-notifications” features.
- Support the “owner” and “subscriber” affiliations.
- Support the “presence” access model and set it to the default.
- Support the “open”, “roster”, and “whitelist” access models.
- Treat the account owner’s bare JID (email@example.com or <domain.tld>) as a collection node (i.e., as the root collection node for the account’s virtual pubsub service).
- Default the ‘deliver_notifications’ configuration option to true (i.e., deliver payloads by default).
- Default the ‘send_last_published_item’ configuration option to on_sub_and_presence (i.e., send the last published item on subscription and on receipt of presence). 
- A PEP service MAY support other use cases, affiliations, access models, and features, but such support is OPTIONAL.
So it has to be “presence” as default value for pep.
The problem is that if i would like to create an omemo session between to clients which are newly logged in they will create the omemo nodes in “access model = open” but other clients cant read them… so i could not create a omemo secured chatsession. if i changed access to presence in the database, i could start a omemo session without problems.
XEP-0060 defines access models:
Open Any entity may subscribe to the node (i.e., without the necessity for subscription approval) and any entity may retrieve items from the node (i.e., without being subscribed); this SHOULD be the default access model for generic pubsub services.
Presence Any entity with a subscription of type “from” or “both” may subscribe to the node and retrieve items from the node; this access model applies mainly to instant messaging systems (see RFC 3921).
So it should work with open too but it does not. ?!?