XMPP E2E Security
This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.
- 1 Proposals
- 2 Comparative Overview
- 3 Related Documents
- 4 Discussion
- 5 Abandoned and Legacy E2EE specifications
XEP-0384: OMEMO Encryption (Signal / Text Secure)
Recommendation: Implement if you need forward secrecy.
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).
XEP-0373: OpenPGP for XMPP / XEP-0374: OpenPGP for XMPP Instant Messaging
Recommendation: Exploratory implementations are encouraged.
The OpenPGP for XMPP (OX) specification currently consists of a baseline specification: XEP-0373 and a profile for Instant Messaging specification XEP-0374. It is under active development and thus subject to change although can be considered pretty stable regarding most parts.
OX attempts to fix the various security design flaws of XEP-0027, and additionally specifies features like "arbitrary extension element" verification and protection.
Implementations are available for Gajim and Smack, and have been successfully tested against each other for interoperability.
XEP-0027 (Legacy OpenPGP)
Recommendation: Do not implement, as the specification has serious security issues.
The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in firstname.lastname@example.org) Thus it has been obsoleted by the XMPP Council in it's meeting on 2014-03-12.
OTR (Off-the-record Messaging)
Recommendation: do not implement unless compatibility with legacy clients is required. .
|Proposal||Security property||Communication patterns||Compatibility with XMPP|
|Authenticity||Integrity||Encryption||Forward secrecy||Malleability||One-to-One||Groupchat||Offline messages||Multiple resources||Discovery of support|
|OMEMO (XEP-0384)||Yes||Except in the case of a malicious authenticated device||Yes||Yes||By authenticated devices||Yes||Yes (Non-anonymous only)||Yes||Yes||Yes|
|XEP-0374: OpenPGP for XMPP Instant Messaging||Yes||Yes||Yes||No||N/A||Yes||Possible and planned, but currently unspecified||Yes||Yes||Yes|
|Legacy PGP (XEP-0027)||No (messages only encrypted, not signed)||No||Yes||No||N/A||Yes||No||Yes||Yes (if same keypair at all resources)||No|
If you have any questions or comments regarding this page, please join the XSF chatroom at email@example.com.
Abandoned and Legacy E2EE specifications
Those specifications are very likely not relevant any more. They either gained no adoption or where replaced in favor of newer specifications. They are listed here only for the sake of completeness.