Towards a mandatory, always-on and ubiquitous encryption in XMPP networks

Now that we know that our online communications are not necessarily private and secure, there is a growing need to have end-to-end encryption built into all the tools we use to communicate with family and friends (online).

The latest effort aims to build mandatory, always-on and ubiquitous encryption in the XMPP communication protocol. XMPP, short for Extensible Messaging and Presence Protocol, is “an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.”

The technology that now forms the core of XMPP was started in 1998 by Jeremy Miller. Back then, it was known as Jabber or Jabberd (Jabber server). Today, XMPP is the most popular, open source communications standard.

The latest effort to enhance the security of XMPP was started by Peter Saint-Andre, the operator of It started by bringing together some of big names connected with XMPP to sign a manifesto that spells out a vision and roadmap for making XMPP a more secure communication protocol.

The preamble to the manifesto reads:

We, as operators of public services and developers of software programs that use the XMPP standard for instant messaging and real-time communication, commit to establishing ubiquitous encryption over our network on May 19, 2014.

Jabber/XMPP technologies were first released on January 4, 1999, by Jeremie Miller. Since then, channel encryption using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) has been optional on the Jabber/XMPP network. Out of respect for the users of our software and services, we believe it is time to make such encryption mandatory.

Therefore we commit to the following policies, consistent with the IETF Internet-Draft “Use of Transport Layer Security in XMPP”,

For service deployments, the objectives are to:

  • Require the use of TLS for both client-to-server and server-to-server connections
  • Prefer or require TLS cipher suites that enable forward secrecy
  • Deploy certificates issued by well-known and widely-deployed certification authorities (CAs)

So the target date to upgrade XMPP network to use always-on, mandatory and ubiquitous encryption is May 19, 2014. That date will also feature an Open Discussion Day at

The complete text of the manifesto, including all the objectives, is hosted on GitHub. You may read the complete text here. If you wish to support this effort, be sure to add you name to the end of the file.

Related Posts

Converting Apache Rewrite Rules to Nginx Rewrite Rules Last week we published a blog about Creating NGINX Rewrite Rules. In this complementary blog, we’ll discuss how to convert Apache HTTP server rewr...
Linux Deepin renamed to Deepin. Deepin 2014 beta released Linux Deepin has been renamed to Deepin and the first (and last) beta of what will become Deepin 2014 has been released. Details of the beta release w...
public sector major driver open source desktop Spain's public administrations are an important driver for the advance of open source software on desktop computers. That is one of the conclusions of...
Deploy and manage any cluster manager with Docker Swarm Swarm is native clustering for Docker. Swarm allows production deployment and management of multi-host, multi-container distributed applications at sc...
Open source key to software re-use of public administrations "Free and open source software enables more effective actions, with a very low cost, when financing small projects for public administrations", says O...
Biological Computers: Genetically Modified Cells Communicate Like Electronic Circuits Genetically modified cells can be made to communicate with each other as if they were electronic circuits. Using yeast cells, a group of researchers a...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Leave a Comment

Your email address will not be published. Required fields are marked *