Towards a mandatory, always-on and ubiquitous encryption in XMPP networks

Now that we know that our online communications are not necessarily private and secure, there is a growing need to have end-to-end encryption built into all the tools we use to communicate with family and friends (online).

The latest effort aims to build mandatory, always-on and ubiquitous encryption in the XMPP communication protocol. XMPP, short for Extensible Messaging and Presence Protocol, is “an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.”

The technology that now forms the core of XMPP was started in 1998 by Jeremy Miller. Back then, it was known as Jabber or Jabberd (Jabber server). Today, XMPP is the most popular, open source communications standard.

The latest effort to enhance the security of XMPP was started by Peter Saint-Andre, the operator of Jabber.org. It started by bringing together some of big names connected with XMPP to sign a manifesto that spells out a vision and roadmap for making XMPP a more secure communication protocol.

The preamble to the manifesto reads:

We, as operators of public services and developers of software programs that use the XMPP standard for instant messaging and real-time communication, commit to establishing ubiquitous encryption over our network on May 19, 2014.

Jabber/XMPP technologies were first released on January 4, 1999, by Jeremie Miller. Since then, channel encryption using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) has been optional on the Jabber/XMPP network. Out of respect for the users of our software and services, we believe it is time to make such encryption mandatory.

Therefore we commit to the following policies, consistent with the IETF Internet-Draft “Use of Transport Layer Security in XMPP” https://datatracker.ietf.org/doc/draft-saintandre-xmpp-tls,

For service deployments, the objectives are to:

  • Require the use of TLS for both client-to-server and server-to-server connections
  • Prefer or require TLS cipher suites that enable forward secrecy
  • Deploy certificates issued by well-known and widely-deployed certification authorities (CAs)

So the target date to upgrade XMPP network to use always-on, mandatory and ubiquitous encryption is May 19, 2014. That date will also feature an Open Discussion Day at http://opendiscussionday.org.

The complete text of the manifesto, including all the objectives, is hosted on GitHub. You may read the complete text here. If you wish to support this effort, be sure to add you name to the end of the file.

Related Posts

Deploying a scalable Jenkins cluster with Docker and Rancher Containerization brings several benefits to traditional CI platforms where builds share hosts: build dependencies can be isolated, applications can be...
U.S. To Introduce Draconian Anti-Piracy Censorship Bill The U.S. Government is determined to put an end to online piracy. In an attempt to give copyright holders and the authorities all the tools required t...
Government to increase open source in key IT projects The Dutch government wants to increase the use of open standards and source in some of its key IT projects, minister for Foreign Trade Frank Heemksker...
EFF releases experimental open wireless router firmware The Electronic Frontier Foundation (EFF) has announced the release of the alpha version of an Open Wireless Router firmware. It was officially announc...
I quit using Linux because… Here's a very simple question. What can you infer from the image shown below? Once in a while, a prominent or not so prominent member of the Linu...
Intel Lifts the Hood on its “Single-Chip Cloud Computer” Chips that can simulate a supernova or predict a hurricane are yesterday’s goal, if Intel’s recently unveiled 48-core research chip is any indication....

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*