Difference between revisions of "XMPP E2E Security"
m (Tweak recommendation wording to make it lean more towards "do not implement")
m (Fill out OMEMO Authenticity table cell)
|Line 45:||Line 45:|
Revision as of 18:53, 16 October 2018
This page aims to provide an overview, comparison and evaluation of existing and proposed end-to-end security solutions for XMPP, after providing the characteristings of the XMPP setting with regard to communication and the security of it.
XEP-0384: OMEMO Encryption (Signal / Text Secure)
OMEMO is based on the Signal double ratchet and provides forward secrecy, compatibility with history retrieval for devices that are already part of the ratchet, and a number of other benefits over legacy encryption mechanisms. It has had an independent third party audit (see related links at bottom).
XEP-0027 (legacy PGP)
Recommendation: do not implement unless compatibility with legacy clients is required.
The way XEP-0027 uses PGP, it doesn't provide protection from replay attacks. It also only encrypts messages and doesn't sign them, so they could be replaced with different correctly encrypted messages on the wire.(Source: chat in email@example.com) Thus it has been obsoleted by the XMPP Council in it's meeting on 2014-03-12.
OTR (Off-the-record Messaging)
Recommendation: do not implement unless compatibility with legacy clients is required. .
|Proposal||Security property||Communication patterns||Compatibility with XMPP|
|Authenticity||Integrity||Encryption||Forward secrecy||Malleable encryption||One-to-One||Groupchat||Online chats||Offline messages||Multiple resources||Discovery of support|
|OMEMO (XEP-0384)||Yes||?||Yes||Yes||?||Yes||Yes (with limitations)||Yes||Yes||Yes||Yes|
|Legacy PGP (XEP-0027)||No (messages only encrypted, not signed)||No||Yes||No||N/A||Yes||No||Yes||Yes||Yes (if same keypair at all resources)||No|
If you have any questions or comments regarding this page, please join the XSF chatroom at firstname.lastname@example.org.