Partner links

Towards a mandatory, always-on and ubiquitous encryption in XMPP networks

Encryption cracked EPFL

Now that we know that our online communications are not necessarily private and secure, there is a growing need to have end-to-end encryption built into all the tools we use to communicate with family and friends (online).

The latest effort aims to build mandatory, always-on and ubiquitous encryption in the XMPP communication protocol. XMPP, short for Extensible Messaging and Presence Protocol, is “an open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.”

The technology that now forms the core of XMPP was started in 1998 by Jeremy Miller. Back then, it was known as Jabber or Jabberd (Jabber server). Today, XMPP is the most popular, open source communications standard.

The latest effort to enhance the security of XMPP was started by Peter Saint-Andre, the operator of Jabber.org. It started by bringing together some of big names connected with XMPP to sign a manifesto that spells out a vision and roadmap for making XMPP a more secure communication protocol.

The preamble to the manifesto reads:

We, as operators of public services and developers of software programs that use the XMPP standard for instant messaging and real-time communication, commit to establishing ubiquitous encryption over our network on May 19, 2014.

Jabber/XMPP technologies were first released on January 4, 1999, by Jeremie Miller. Since then, channel encryption using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) has been optional on the Jabber/XMPP network. Out of respect for the users of our software and services, we believe it is time to make such encryption mandatory.

Therefore we commit to the following policies, consistent with the IETF Internet-Draft “Use of Transport Layer Security in XMPP” https://datatracker.ietf.org/doc/draft-saintandre-xmpp-tls,

For service deployments, the objectives are to:

  • Require the use of TLS for both client-to-server and server-to-server connections
  • Prefer or require TLS cipher suites that enable forward secrecy
  • Deploy certificates issued by well-known and widely-deployed certification authorities (CAs)

So the target date to upgrade XMPP network to use always-on, mandatory and ubiquitous encryption is May 19, 2014. That date will also feature an Open Discussion Day at http://opendiscussionday.org.

The complete text of the manifesto, including all the objectives, is hosted on GitHub. You may read the complete text here. If you wish to support this effort, be sure to add you name to the end of the file.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
0
Hya, what do you think? Please comment.x
()
x