|
|
| Line 1: |
Line 1: |
| This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.
| | == Dates and Times == |
|
| |
|
| = Proposals =
| | Friday December 27th - Monday December 30th 2019 |
|
| |
|
| == XEP-0384: OMEMO Encryption (Signal / Text Secure) == | | == Contact == |
|
| |
|
| '''Recommendation:''' Implement.
| | Join us in the chatroom: xmpp:xmpp-sprint@chat.cluxia.eu?join |
|
| |
|
| OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).
| | Also accessible via https://chat.cluxia.eu/anon/#xmpp-sprint |
|
| |
|
| == XEP-0373: OpenPGP for XMPP / XEP-0374: OpenPGP for XMPP Instant Messaging == | | == Venue == |
|
| |
|
| '''Recommendation:''' Exploratory implementations are encouraged.
| | 36C3 @ Messe Leipzig |
|
| |
|
| The OpenPGP for XMPP (OX) specification currently consists of a baseline specification: [https://xmpp.org/extensions/xep-0373.html XEP-0373] and a profile for Instant Messaging specification [https://xmpp.org/extensions/xep-0374.html XEP-0374]. It is under active development and thus subject to change although can be considered pretty stable regarding most parts.
| | We have applied for an assembly. |
|
| |
|
| OX attempts to fix the various security design flaws of XEP-0027, and additionally specifies features like "arbitrary extension element" verification and protection.
| | Unlike regular XMPP Developer Sprints you need a ticket for this sprint as we are just hooking onto the 36C3. If you are a (somewhat active) member of the XMPP Community come talk to us in our sprint channel and we might have a voucher for you. (The voucher only gives you the right to '''buy''' a ticket before regular sale starts. |
|
| |
|
| Implementations are available for Gajim and Smack, and have been successfully tested against each other for interoperability.
| | == Accommodation == |
|
| |
|
| == XEP-0027 (Legacy OpenPGP) ==
| | Various around the city. Book early. Hotels sell out quickly during congress. |
|
| |
|
| '''Recommendation:''' Do '''not implement''', as the specification has [https://xmpp.org/extensions/xep-0027.html#security serious security issues].
| | == Attendees == |
|
| |
|
| One of the first proposals for end-to-end security is based on [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP] and described in [http://xmpp.org/extensions/xep-0027.html XEP-0027].
| | {| class="wikitable sortable" |
| | | ! Name (optional) |
| The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.[http://logs.xmpp.org/xsf/140301/#11:22:52 (Source: chat in xsf@m.x.o)] Thus it has been obsoleted by the XMPP Council in it's [http://logs.xmpp.org/council/2014-03-12/#16:08:19 meeting on 2014-03-12].
| | ! Nickname |
| | | ! Sprint project(s) |
| == OTR (Off-the-record Messaging) ==
| | ! booked |
| | | ! comments |
| '''Recommendation:''' do not implement unless compatibility with legacy clients is required.
| |
| .
| |
| | |
| [https://otr.cypherpunks.ca/ OTR] is a crypto protocol, specifically designed to secure instant messaging conversations. Its usage in XMPP is documented (but not standardized) in https://xmpp.org/extensions/xep-0364.html
| |
| | |
| = Comparative Overview =
| |
| {| class="wikitable" style="text-align: center;" | |
| |-
| |
| !rowspan="2" |Proposal | |
| !colspan="5" |Security property
| |
| !colspan="2" |Communication patterns
| |
| !colspan="3" |Compatibility with XMPP
| |
| |-
| |
| ![https://en.wikipedia.org/wiki/Digital_signature#Authentication Authenticity]
| |
| ![https://en.wikipedia.org/wiki/Information_security#Integrity Integrity]
| |
| ![https://en.wikipedia.org/wiki/Encryption Encryption]
| |
| ![https://en.wikipedia.org/wiki/Forward_secrecy Forward secrecy] | |
| ![https://en.wikipedia.org/wiki/Malleability_(cryptography) Malleability] | |
| !One-to-One | |
| !Groupchat | |
| !Offline messages
| |
| !Multiple resources
| |
| !Discovery of support
| |
| |-
| |
| |OMEMO (XEP-0384)
| |
| |Yes
| |
| |Except in the case of a malicious authenticated device
| |
| |Yes
| |
| |Yes
| |
| |By authenticated devices
| |
| |Yes
| |
| |Yes (Non-anonymous only)
| |
| |Yes
| |
| |Yes
| |
| |Yes
| |
| |-
| |
| |XEP-0374: OpenPGP for XMPP Instant Messaging
| |
| |Yes
| |
| |Yes
| |
| |Yes
| |
| |No
| |
| |N/A
| |
| |Yes
| |
| |Possible and planned, but currently unspecified
| |
| |Yes
| |
| |Yes
| |
| |Yes
| |
| |-
| |
| |Legacy PGP (XEP-0027)
| |
| |No (messages only encrypted, not signed)
| |
| |No
| |
| |Yes
| |
| |No
| |
| |N/A
| |
| |Yes
| |
| |No
| |
| |Yes
| |
| |Yes (if same keypair at all resources)
| |
| |No
| |
| |- | | |- |
| |OTR | | | Daniel Gultsch |
| |Yes | | | iNPUTmice |
| |Yes | | | |
| |Yes | | | yes |
| |Yes | | | |
| |Yes
| |
| |Yes
| |
| |No
| |
| |No
| |
| |No
| |
| |No
| |
| |} | | |} |
|
| |
| = Related Documents =
| |
| * https://developer.pidgin.im/wiki/EndToEndXMPPCrypto
| |
| * http://trevp.net/talk_2014_04_02.pdf
| |
| * https://conversations.im/omemo/audit.pdf
| |
|
| |
| = Discussion =
| |
| If you have any questions or comments regarding this page, please [xmpp:xsf@muc.xmpp.org?join join the XSF chatroom at xsf@muc.xmpp.org].
| |
|
| |
| = Abandoned and Legacy E2EE specifications =
| |
|
| |
| Those specifications are very likely not relevant any more. They are listed here only for the sake of completeness.
| |
|
| |
| == draft-miller-xmpp-e2e ==
| |
|
| |
| https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/
| |
|
| |
| == ESessions ==
| |
|
| |
| https://xmpp.org/extensions/xep-0187.html
| |
| https://xmpp.org/extensions/xep-0188.html
| |