165
edits
Difference between revisions of "XMPP E2E Security"
Jump to navigation
Jump to search
no edit summary
m (Remove table entries for unused mechanisms) |
|||
| (18 intermediate revisions by 2 users not shown) | |||
| Line 5: | Line 5: | ||
== XEP-0384: OMEMO Encryption (Signal / Text Secure) == | == XEP-0384: OMEMO Encryption (Signal / Text Secure) == | ||
'''Recommendation:''' Implement. | '''Recommendation:''' Implement if you need forward secrecy. | ||
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom). | OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom). | ||
== XEP- | == XEP-0373: OpenPGP for XMPP / XEP-0374: OpenPGP for XMPP Instant Messaging == | ||
'''Recommendation:''' implement | '''Recommendation:''' Exploratory implementations are encouraged. | ||
The OpenPGP for XMPP (OX) specification currently consists of a baseline specification: [https://xmpp.org/extensions/xep-0373.html XEP-0373] and a profile for Instant Messaging specification [https://xmpp.org/extensions/xep-0374.html XEP-0374]. It is under active development and thus subject to change although can be considered pretty stable regarding most parts. | |||
OX attempts to fix the various security design flaws of XEP-0027, and additionally specifies features like "arbitrary extension element" verification and protection. | |||
Implementations are available for Gajim and Smack, and have been successfully tested against each other for interoperability. | |||
== XEP-0027 (Legacy OpenPGP) == | |||
'''Recommendation:''' Do '''not implement''', as the specification has [https://xmpp.org/extensions/xep-0027.html#security serious security issues]. | |||
One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027]. | One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027]. | ||
| Line 19: | Line 29: | ||
== OTR (Off-the-record Messaging) == | == OTR (Off-the-record Messaging) == | ||
'''Recommendation:''' implement | '''Recommendation:''' do not implement unless compatibility with legacy clients is required. | ||
. | |||
[https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations. | [https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations. Its usage in XMPP is documented (but not standardized) in https://xmpp.org/extensions/xep-0364.html | ||
= Comparative Overview = | = Comparative Overview = | ||
| Line 29: | Line 40: | ||
!colspan="5" |Security property | !colspan="5" |Security property | ||
!colspan="2" |Communication patterns | !colspan="2" |Communication patterns | ||
!colspan=" | !colspan="3" |Compatibility with XMPP | ||
|- | |- | ||
!Authenticity | ![https://en.wikipedia.org/wiki/Digital_signature#Authentication Authenticity] | ||
!Integrity | ![https://en.wikipedia.org/wiki/Information_security#Integrity Integrity] | ||
!Encryption | ![https://en.wikipedia.org/wiki/Encryption Encryption] | ||
!Forward secrecy | ![https://en.wikipedia.org/wiki/Forward_secrecy Forward secrecy] | ||
! | ![https://en.wikipedia.org/wiki/Malleability_(cryptography) Malleability] | ||
!One-to-One | !One-to-One | ||
!Groupchat | !Groupchat | ||
!Offline messages | !Offline messages | ||
!Multiple resources | !Multiple resources | ||
!Discovery of support | !Discovery of support | ||
|- | |- | ||
|XEP-0027 | |OMEMO (XEP-0384) | ||
|Yes | |||
|Except in the case of a malicious authenticated device | |||
|Yes | |||
|Yes | |||
|By authenticated devices | |||
|Yes | |||
|Yes (Non-anonymous only) | |||
|Yes | |||
|Yes | |||
|Yes | |||
|- | |||
|XEP-0374: OpenPGP for XMPP Instant Messaging | |||
|Yes | |||
|Yes | |||
|Yes | |||
|No | |||
|N/A | |||
|Yes | |||
|Possible and planned, but currently unspecified | |||
|Yes | |||
|Yes | |||
|Yes | |||
|- | |||
|Legacy PGP (XEP-0027) | |||
|No (messages only encrypted, not signed) | |No (messages only encrypted, not signed) | ||
|No | |No | ||
| Line 51: | Line 85: | ||
|Yes | |Yes | ||
|No | |No | ||
|Yes | |Yes | ||
|Yes (if same keypair at all resources) | |Yes (if same keypair at all resources) | ||
| Line 64: | Line 97: | ||
|Yes | |Yes | ||
|No | |No | ||
|No | |No | ||
|No | |No | ||
| Line 77: | Line 109: | ||
= Discussion = | = Discussion = | ||
If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org]. | If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org]. | ||
= Abandoned and Legacy E2EE specifications = | |||
Those specifications are very likely not relevant any more. They either gained no adoption or where replaced in favor of newer specifications. They are listed here only for the sake of completeness. | |||
== draft-miller-xmpp-e2e == | |||
https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/ | |||
== ESessions == | |||
https://xmpp.org/extensions/xep-0187.html | |||
https://xmpp.org/extensions/xep-0188.html | |||
== RFC 3923: End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP) == | |||
https://tools.ietf.org/html/rfc3923 | |||