106
edits
(→Prosody: Add some text and a link to Prosody docs for more info) |
|||
Line 1: | Line 1: | ||
=Security and Encryption in XMPP= | =Security and Encryption in XMPP= | ||
This page | This page provides instructions for XMPP server administrators to secure XMPP client and server connections. | ||
== | ==Current Goals== | ||
* encrypted connections between clients and servers | * encrypted connections between clients and servers (a.k.a. "c2s") | ||
* encrypted server to server connections | * encrypted server to server connections (a.k.a. "s2s") | ||
* encryption working for virtual hosted XMPP environments (more than one domain per server) | * encryption working for virtual hosted XMPP environments (more than one domain per server) | ||
Naturally, other goals might be appropriate now and in the future: end-to-end encryption for one-to-one messaging, file transfer, and voice/video (e.g., OTR and ZRTP); encryption of multi-user chatrooms; onion routing (e.g., Tor) for stanza routing; mix networks; password-free authentication; etc. | |||
==Background== | ==Background== | ||
XMPP does not encrypt connections by default (like | Although many IM clients can be configured to force encrypted connections for the c2s hop, XMPP does not encrypt connections by default (this is like using telnet instead of ssh to administer remote machines). Also, if you are communicating with someone at another server, there is no way to know if the s2s hop has been encrypted. | ||
This page will show you how to enable encryption for your user's "c2s" connections and also to encrypt and identify "s2s" connections to remote domains. | |||
===Get a server certificate=== | ===Get a server certificate=== |
edits