Difference between revisions of "XMPP E2E Security"

Jump to navigation Jump to search
1,728 bytes removed ,  17:54, 16 October 2018
Add OMEMO and remove unused legacy protocols that aren't useful
(Remove section that's incomplete and not entirely accurate since it may be misleading)
(Add OMEMO and remove unused legacy protocols that aren't useful)
Line 11: Line 11:


= Proposals =
= Proposals =
== XEP-0027 (PGP) ==
One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027].


The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12].
== XEP-0384: OMEMO Encryption (Signal / Text Secure) ==
 
'''Recommendation:''' Implement.


== RFC 3923 (S/MIME) ==
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see https://conversations.im/omemo/audit.pdf).


== XEP-0200 (Stanza Encryption) ==
== XEP-0027 (PGP) ==
The Stanza Encryption, as described in [http://xmpp.org/extensions/xep-0200.html XEP-0200] is a general framework for securing arbitrary stanzas in a one-to-one established session. It relies on other XEPs to provide the necessary parameters like key material and algorithms, but itself supports re-keying. This XEP as well as those required to use it are very abstract to support a wide range of algorithms and methods.


=== XEP-0116 (ESession) ===
'''Recommendation:''' implement only if compatibility with legacy clients is required.
For usage between two online partners, the ESession protocol as defined in [http://xmpp.org/extensions/xep-0116.html XEP-0116] specifies how to exchange parameters for XEP-0200 using [http://xmpp.org/extensions/xep-0155.html XEP-0155 (Stanza Session Negotiation)]. Its support for various methods to authenticate the partner (or letting that be) makes it very complex to implement.  


=== XEP-0217 (Simple ESession) ===
One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027].
To simplify implementation, the simpler [http://xmpp.org/extensions/xep-0217.html XEP-0217] defines only a subset of XEP-0116 with exactly one method (Short authentication codes, SAS) to authenticate the partner, and thus is compatible to XEP-0116 implementations.


=== XEP-0187 (Offline ESession) ===
The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12].
For usage with offline messages, the offline version of ESessions as defined in [http://xmpp.org/extensions/xep-0187.html XEP-0187] uses [http://xmpp.org/extensions/xep-0189.html XEP-0189 (Public Key Publishing)] via PEP (Personal Eventing Protocol) instead of the active initiation of an ESession.


== XTLS ==
== OTR (Off-the-record Messaging) ==
XTLS, as described in [https://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption draft-meyer-xmpp-e2e-encryption], uses Jingle to negotiate an end-to-end stream between two XMPP clients and establishes a TLS connection over this stream. This stream can also reside within existing connections, with [http://xmpp.org/extensions/xep-0047.html In-Band Bytestreams].


== miller-e2e ==
'''Recommendation:''' implement only if compatibility with legacy clients is required.
This is the protocol described in [http://tools.ietf.org/html/draft-miller-xmpp-e2e draft-miller-xmpp-e2e], which allows encryption and signing of arbitrary XMPP stanzas.


== OTR (Off-the-record Messaging) ==
[https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations.
[https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations.
== TS (Text Secure Protocol) ==
Text Secure is a rather new open mobile messenger which has an openly specified protocol. This protocol is described [https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2 here].


== SCIMP ( Silent Circle Instant Messaging Protocol) ==
== SCIMP ( Silent Circle Instant Messaging Protocol) ==
183

edits

Navigation menu