XMPP E2E Security

From XMPP WIKI
Revision as of 11:45, 1 March 2014 by Tobiasfar (Talk) (XEP-0027 (PGP))

Jump to: navigation, search

This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.

Security properties

  1. Authenticity
  2. Integrity
  3. Encryption
  4. Forward secrecy
  5. Malleable encryption


Compatibility of Security Properties with XMPP Features

One-to-One Chat

Multi-User Chat

Proposals

XEP-0027 (PGP)

One of the first proposals for end-to-end security is based on PGP and described in XEP-0027.

The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in xsf@m.x.o)

RFC 3923 (S/MIME)

XEP-0116

XEP-0200

XTLS

XTLS, as described in draft-meyer-xmpp-e2e-encryption-02, uses Jingle to negotiate an end-to-end stream between two XMPP clients and establishes a TLS connection over this stream. This stream can also reside within existing connections, with In-Band Bytestreams.

miller-e2e

This is the protocol described in draft-miller-xmpp-e2e-06, which allows encryption and signing of arbitrary XMPP stanzas.

OTR (Off-the-record Messaging)

OTR is a crypto protocol, specifically designed to secure instant messaging conversations.

TS (Text Secure Protocol)

Text Secure is a rather new open mobile messenger which has an openly specified protocol. This protocol is described here.

SCIMP ( Silent Circle Instant Messaging Protocol)

SCIMP is the cryptographic protocol used by Silent Text, which enables private conversations over standard XMPP.

Comparative Overview

Proposal Security property Communication patterns Compatibility with XMPP
Authenticity Integrity Encryption Forward secrecy Malleable encryption One-to-One Groupchat Online chats Offline messages Multiple resources Discovery of support
PGP No (messages only encrypted, not signed) No Yes No No Yes No Yes Yes Yes (if same keypair at all resources) No
RFC 3923 ? ? ? ? ? ? ? ? ? ? ?
XEP-0116 ? ? ? ? ? ? ? ? ? ? ?
XEP-0200 ? ? ? ? ? ? ? ? ? ? ?
XTLS ? ? ? ? ? ? ? ? ? ? ?
miller-e2e ? ? ? ? ? ? ? ? ? ? ?
OTR Yes Yes Yes Yes Yes Yes No Yes No No No
TS ? ? ? ? ? ? ? ? ? ? ?
SCIMP ? ? ? ? ? ? ? ? ? ? ?

Related Documents

Discussion

If you have any questions or comments regarding this page, please join the XSF chatroom at xsf@muc.xmpp.org.