183
edits
(Clarify groupchat restrictions on OMEMO) |
|||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it. | This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it. | ||
= | = Proposals = | ||
== XEP-0384: OMEMO Encryption (Signal / Text Secure) == | |||
'''Recommendation:''' Implement. | |||
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom). | |||
== | == XEP-0027 (legacy PGP) == | ||
'''Recommendation:''' do not implement unless compatibility with legacy clients is required. | |||
One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027]. | One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027]. | ||
The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12]. | The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12]. | ||
== OTR (Off-the-record Messaging) == | == OTR (Off-the-record Messaging) == | ||
'''Recommendation:''' do not implement unless compatibility with legacy clients is required. | |||
. | |||
[https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations. Its usage in XMPP is documented (but not standardized) in https://xmpp.org/extensions/xep-0364.html | |||
[https:// | |||
= Comparative Overview = | = Comparative Overview = | ||
Line 65: | Line 30: | ||
!colspan="5" |Security property | !colspan="5" |Security property | ||
!colspan="2" |Communication patterns | !colspan="2" |Communication patterns | ||
!colspan=" | !colspan="3" |Compatibility with XMPP | ||
|- | |- | ||
!Authenticity | ![https://en.wikipedia.org/wiki/Digital_signature#Authentication Authenticity] | ||
!Integrity | ![https://en.wikipedia.org/wiki/Information_security#Integrity Integrity] | ||
!Encryption | ![https://en.wikipedia.org/wiki/Encryption Encryption] | ||
!Forward secrecy | ![https://en.wikipedia.org/wiki/Forward_secrecy Forward secrecy] | ||
! | ![https://en.wikipedia.org/wiki/Malleability_(cryptography) Malleability] | ||
!One-to-One | !One-to-One | ||
!Groupchat | !Groupchat | ||
!Offline messages | !Offline messages | ||
!Multiple resources | !Multiple resources | ||
!Discovery of support | !Discovery of support | ||
|- | |- | ||
|XEP- | |OMEMO (XEP-0384) | ||
|Yes | |Yes | ||
|Except in the case of a malicious authenticated device | |||
|Yes | |Yes | ||
|Yes | |Yes | ||
|By authenticated devices | |||
|Yes | |Yes | ||
|Yes (Non-anonymous only) | |||
|Yes | |Yes | ||
|Yes | |Yes | ||
|Yes | |Yes | ||
|- | |- | ||
| | |Legacy PGP (XEP-0027) | ||
|No (messages only encrypted, not signed) | |||
|No | |||
| | |||
| | |||
|Yes | |Yes | ||
|No | |||
|N/A | |||
|Yes | |Yes | ||
|No | |No | ||
|Yes | |Yes | ||
|Yes (if same keypair at all resources) | |||
|Yes | |||
|No | |No | ||
|- | |- | ||
|OTR | |OTR | ||
Line 152: | Line 75: | ||
|Yes | |Yes | ||
|No | |No | ||
|No | |No | ||
|No | |No | ||
|No | |No | ||
|} | |} | ||
Line 187: | Line 83: | ||
* https://developer.pidgin.im/wiki/EndToEndXMPPCrypto | * https://developer.pidgin.im/wiki/EndToEndXMPPCrypto | ||
* http://trevp.net/talk_2014_04_02.pdf | * http://trevp.net/talk_2014_04_02.pdf | ||
* https://conversations.im/omemo/audit.pdf | |||
= Discussion = | = Discussion = | ||
If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org]. | If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org]. |
edits