Difference between pages "Board and Council Elections 2018" and "XMPP E2E Security"

From XMPP WIKI
(Difference between pages)
Jump to navigation Jump to search
 
 
Line 1: Line 1:
In accordance with the [https://xmpp.org/about/xsf/bylaws XSF Bylaws], once a year the [http://xmpp.org/about-xmpp/xsf/ XMPP Standards Foundation] holds elections for its [http://xmpp.org/about-xmpp/xsf/the-xsf-board-of-directors/ Board of Directors] and for the [http://xmpp.org/about-xmpp/xsf/xmpp-council/ XMPP Council].
This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.


If you are interested in running for Board or Council, please add a wiki page about your candidacy to one or both of the following sections by the close of business on '''November 4th, 2018'''.
= Proposals =


== XEP-0384: OMEMO Encryption (Signal / Text Secure) ==


'''''Note: XMPP Council members must be [http://xmpp.org/about-xmpp/xsf/xsf-member-list/ elected members] of the XSF; however, there is no such restriction for the Board of Directors.'''''
'''Recommendation:''' Implement.


== The meeting particulars are ==
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).
* Date: 2018-11-22
* Time: 19:00 UTC
* Location: [xmpp:xsf@muc.xmpp.org?join xsf chatroom]


== Board of Directors ==
== XEP-0373: OpenPGP for XMPP / XEP-0374: OpenPGP for XMPP Instant Messaging ==
* [[Guus der Kinderen for Board 2018]]
* [[Ralph Meijer for Board 2018]]
* [[Nicolas Vérité for Board 2018]]
* [[Matthew Wild for Board 2018]]
* [[Arc Riley for Board 2018]]
* [[Severino Ferrer de la Peñita for Board 2018]]


== XMPP Council ==
'''Recommendation:''' Exploratory implementations are encouraged.
* [[Dave Cridland for Council 2018]]
 
* [[Emmanuel Gil Peyrot for Council 2018]]
The OpenPGP for XMPP (OX) specification currently consists of a baseline specification: [https://xmpp.org/extensions/xep-0373.html XEP-0373] and a profile for Instant Messaging specification [https://xmpp.org/extensions/xep-0374.html XEP-0374]. It is under active development and thus subject to change although can be considered pretty stable regarding most parts.
* [[Georg Lukas for Council 2018]]
 
* [[Kevin Smith for Council 2018]]
OX attempts to fix the various security design flaws of XEP-0027, and additionally specifies features like "arbitrary extension element" verification and protection.
* [[User:Jwi/Council_2018|Jonas Schäfer for Council 2018]]
 
Implementations are available for Gajim and Smack, and have been successfully tested against each other for interoperability.
 
== XEP-0027 (Legacy OpenPGP) ==
 
'''Recommendation:''' Do '''not implement''', as the specification has [https://xmpp.org/extensions/xep-0027.html#security serious security issues].
 
One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027].
 
The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12].
 
== OTR (Off-the-record Messaging) ==
 
'''Recommendation:''' do not implement unless compatibility with legacy clients is required.
.
 
[https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations. Its usage in XMPP is documented (but not standardized) in https://xmpp.org/extensions/xep-0364.html
 
= Comparative Overview =
{| class="wikitable" style="text-align: center;"
|-
!rowspan="2" |Proposal
!colspan="5" |Security property
!colspan="2" |Communication patterns
!colspan="3" |Compatibility with XMPP
|-
![https://en.wikipedia.org/wiki/Digital_signature#Authentication Authenticity]
![https://en.wikipedia.org/wiki/Information_security#Integrity Integrity]
![https://en.wikipedia.org/wiki/Encryption Encryption]
![https://en.wikipedia.org/wiki/Forward_secrecy Forward secrecy]
![https://en.wikipedia.org/wiki/Malleability_(cryptography) Malleability]
!One-to-One
!Groupchat
!Offline messages
!Multiple resources
!Discovery of support
|-
|OMEMO (XEP-0384)
|Yes
|Except in the case of a malicious authenticated device
|Yes
|Yes
|By authenticated devices
|Yes
|Yes (Non-anonymous only)
|Yes
|Yes
|Yes
|-
|XEP-0374: OpenPGP for XMPP Instant Messaging
|Yes
|Yes
|Yes
|No
|N/A
|Yes
|Possible and planned, but currently unspecified
|Yes
|Yes
|Yes
|-
|Legacy PGP (XEP-0027)
|No (messages only encrypted, not signed)
|No
|Yes
|No
|N/A
|Yes
|No
|Yes
|Yes (if same keypair at all resources)
|No
|-
|OTR
|Yes
|Yes
|Yes
|Yes
|Yes
|Yes
|No
|No
|No
|No
|}
 
= Related Documents =
* https://developer.pidgin.im/wiki/EndToEndXMPPCrypto
* http://trevp.net/talk_2014_04_02.pdf
* https://conversations.im/omemo/audit.pdf
 
= Discussion =
If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org].
 
= Abandoned and Legacy E2EE specifications =
 
Those specifications are very likely not relevant any more. They are listed here only for the sake of completeness.
 
== draft-miller-xmpp-e2e ==
 
https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/
 
== ESessions ==
 
https://xmpp.org/extensions/xep-0187.html
https://xmpp.org/extensions/xep-0188.html

Revision as of 09:35, 14 November 2018

This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.

Proposals

XEP-0384: OMEMO Encryption (Signal / Text Secure)

Recommendation: Implement.

OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).

XEP-0373: OpenPGP for XMPP / XEP-0374: OpenPGP for XMPP Instant Messaging

Recommendation: Exploratory implementations are encouraged.

The OpenPGP for XMPP (OX) specification currently consists of a baseline specification: XEP-0373 and a profile for Instant Messaging specification XEP-0374. It is under active development and thus subject to change although can be considered pretty stable regarding most parts.

OX attempts to fix the various security design flaws of XEP-0027, and additionally specifies features like "arbitrary extension element" verification and protection.

Implementations are available for Gajim and Smack, and have been successfully tested against each other for interoperability.

XEP-0027 (Legacy OpenPGP)

Recommendation: Do not implement, as the specification has serious security issues.

One of the first proposals for end-to-end security is based on PGP and described in XEP-0027.

The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in xsf@m.x.o) Thus it has been obsoleted by the XMPP Council in it's meeting on 2014-03-12.

OTR (Off-the-record Messaging)

Recommendation: do not implement unless compatibility with legacy clients is required. .

OTR is a crypto protocol, specifically designed to secure instant messaging conversations. Its usage in XMPP is documented (but not standardized) in https://xmpp.org/extensions/xep-0364.html

Comparative Overview

Proposal Security property Communication patterns Compatibility with XMPP
Authenticity Integrity Encryption Forward secrecy Malleability One-to-One Groupchat Offline messages Multiple resources Discovery of support
OMEMO (XEP-0384) Yes Except in the case of a malicious authenticated device Yes Yes By authenticated devices Yes Yes (Non-anonymous only) Yes Yes Yes
XEP-0374: OpenPGP for XMPP Instant Messaging Yes Yes Yes No N/A Yes Possible and planned, but currently unspecified Yes Yes Yes
Legacy PGP (XEP-0027) No (messages only encrypted, not signed) No Yes No N/A Yes No Yes Yes (if same keypair at all resources) No
OTR Yes Yes Yes Yes Yes Yes No No No No

Related Documents

Discussion

If you have any questions or comments regarding this page, please join the XSF chatroom at xsf@muc.xmpp.org.

Abandoned and Legacy E2EE specifications

Those specifications are very likely not relevant any more. They are listed here only for the sake of completeness.

draft-miller-xmpp-e2e

https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/

ESessions

https://xmpp.org/extensions/xep-0187.html https://xmpp.org/extensions/xep-0188.html

Retrieved from "https://wiki.xmpp.org/web/index.php?title=Board_and_Council_Elections_2018&oldid=10488"