Towards a mandatory, always-on and ubiquitous encryption in XMPP networks

Now that we know that our online communications are not necessarily private and secure, there is a growing need to have end-to-end encryption built into all the tools we use to communicate with family and friends (online).

The latest effort aims to build mandatory, always-on and ubiquitous encryption in the XMPP communication protocol. XMPP, short for Extensible Messaging and Presence Protocol, is “an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.”

The technology that now forms the core of XMPP was started in 1998 by Jeremy Miller. Back then, it was known as Jabber or Jabberd (Jabber server). Today, XMPP is the most popular, open source communications standard.

The latest effort to enhance the security of XMPP was started by Peter Saint-Andre, the operator of Jabber.org. It started by bringing together some of big names connected with XMPP to sign a manifesto that spells out a vision and roadmap for making XMPP a more secure communication protocol.

The preamble to the manifesto reads:

We, as operators of public services and developers of software programs that use the XMPP standard for instant messaging and real-time communication, commit to establishing ubiquitous encryption over our network on May 19, 2014.

Jabber/XMPP technologies were first released on January 4, 1999, by Jeremie Miller. Since then, channel encryption using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) has been optional on the Jabber/XMPP network. Out of respect for the users of our software and services, we believe it is time to make such encryption mandatory.

Therefore we commit to the following policies, consistent with the IETF Internet-Draft “Use of Transport Layer Security in XMPP” https://datatracker.ietf.org/doc/draft-saintandre-xmpp-tls,

For service deployments, the objectives are to:

  • Require the use of TLS for both client-to-server and server-to-server connections
  • Prefer or require TLS cipher suites that enable forward secrecy
  • Deploy certificates issued by well-known and widely-deployed certification authorities (CAs)

So the target date to upgrade XMPP network to use always-on, mandatory and ubiquitous encryption is May 19, 2014. That date will also feature an Open Discussion Day at http://opendiscussionday.org.

The complete text of the manifesto, including all the objectives, is hosted on GitHub. You may read the complete text here. If you wish to support this effort, be sure to add you name to the end of the file.

Related Posts

Shifting focus At its launch, the focus of this website was all about providing original and detailed tutorials and reviews on Linux and other UNIX-like operating sy...
Government procurement agency approves use of open source The Portuguese government agency for public procurement has published a list of open source applications it deems suitable for use by public administr...
Slate 21: HP’s Android-powered All-in-One computer First came the Slate 7, HP's Android-powered tablet computer. Now HP is about to release a 21.5 inch sibling - the Slate 21. This was what I hoped tha...
EFF releases experimental open wireless router firmware The Electronic Frontier Foundation (EFF) has announced the release of the alpha version of an Open Wireless Router firmware. It was officially announc...
Ubuntu Edge: Is there life after an unsuccessful crowd-funding campaign? At exactly 1:59 a.m. (CST) this early Thursday morning, Canonical's attempt to raise US$32 million directly from end-users via a crowd-funding campaig...
Opera 26 released. Install it on Linux Mint 17.1 and Ubuntu 14.10 I don't quite remember the last time I used Opera browser, but it's been a very long time ago. I didn't even think that the company is still developin...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*