XMPP E2E Security

This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.

= Security properties =


 * 1) Authenticity
 * 2) Integrity
 * 3) Encryption
 * 4) Forward secrecy
 * 5) Malleable encryption

= Compatibility of Security Properties with XMPP Features =

Multi-User Chat
= Proposals =

XEP-0027 (PGP)
One of the first proposals for end-to-end security is based on PGP and described in XEP-0027.

The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in xsf@m.x.o)

XTLS
XTLS, as described in draft-meyer-xmpp-e2e-encryption-02, uses Jingle to negotiate an end-to-end stream between two XMPP clients and establishes a TLS connection over this stream. This stream can also reside within existing connections, with In-Band Bytestreams.

miller-e2e
This is the protocol described in draft-miller-xmpp-e2e-06, which allows encryption and signing of arbitrary XMPP stanzas.

OTR (Off-the-record Messaging)
OTR is a crypto protocol, specifically designed to secure instant messaging conversations.

TS (Text Secure Protocol)
Text Secure is a rather new open mobile messenger which has an openly specified protocol. This protocol is described here.

SCIMP ( Silent Circle Instant Messaging Protocol)
SCIMP is the cryptographic protocol used by Silent Text, which enables private conversations over standard XMPP.

= Comparative Overview =

= Related Documents = = Discussion = If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org].
 * https://developer.pidgin.im/wiki/EndToEndXMPPCrypto