Difference between revisions of "XMPP E2E Security"

From XMPP WIKI
Jump to navigation Jump to search
Line 16: Line 16:
'''Recommendation:''' Implement.
'''Recommendation:''' Implement.


OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see https://conversations.im/omemo/audit.pdf).
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).


== XEP-0027 (PGP) ==
== XEP-0027 (PGP) ==
Line 166: Line 166:
* https://developer.pidgin.im/wiki/EndToEndXMPPCrypto
* https://developer.pidgin.im/wiki/EndToEndXMPPCrypto
* http://trevp.net/talk_2014_04_02.pdf
* http://trevp.net/talk_2014_04_02.pdf
* https://conversations.im/omemo/audit.pdf


= Discussion =
= Discussion =
If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org].
If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org].

Revision as of 17:57, 16 October 2018

This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.

Security properties

  1. Authenticity
  2. Integrity
  3. Encryption
  4. Forward secrecy
  5. Malleable encryption


Proposals

XEP-0384: OMEMO Encryption (Signal / Text Secure)

Recommendation: Implement.

OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).

XEP-0027 (PGP)

Recommendation: implement only if compatibility with legacy clients is required.

One of the first proposals for end-to-end security is based on PGP and described in XEP-0027.

The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in xsf@m.x.o) Thus it has been obsoleted by the XMPP Council in it's meeting on 2014-03-12.

OTR (Off-the-record Messaging)

Recommendation: implement only if compatibility with legacy clients is required.

OTR is a crypto protocol, specifically designed to secure instant messaging conversations.

SCIMP ( Silent Circle Instant Messaging Protocol)

Recommendation: not standardized, do not implement.

SCIMP is the cryptographic protocol used by Silent Text, which enables private conversations over standard XMPP.

Comparative Overview

Proposal Security property Communication patterns Compatibility with XMPP
Authenticity Integrity Encryption Forward secrecy Malleable encryption One-to-One Groupchat Online chats Offline messages Multiple resources Discovery of support
XEP-0027 No (messages only encrypted, not signed) No Yes No N/A Yes No Yes Yes Yes (if same keypair at all resources) No
RFC 3923 ? ? ? ? ? ? ? ? ? ? ?
XEP-0200 Yes Yes Yes Yes Yes Yes No Yes (XEP-0116/XEP-217) Yes (XEP-0187) No Yes
XTLS ? ? ? ? ? ? ? ? ? ? ?
miller-e2e Optional (Nesting signature/encryption) Yes Yes No No Yes Possible Yes No Yes Yes
OTR Yes Yes Yes Yes Yes Yes No Yes No No No
TS ? ? ? ? ? ? ? ? ? ? ?
SCIMP ? ? ? ? ? ? ? ? ? ? ?

Related Documents

Discussion

If you have any questions or comments regarding this page, please join the XSF chatroom at xsf@muc.xmpp.org.