The Network

2004-11-10

I've started to think about how to make the XMPP network into the most secure messaging network on the open Internet. As far as I can see so far, there are several pieces to the puzzle:

  1. We need to get the existing open-source server codebases in compliance with RFC 3920 regarding TSL and SASL for server-to-server communications. There are probably three or four main open-source server implementations, plus of course the commercial ones. Both jabberd2 and ejabberd are probably close to compliant. The venerable jabberd 1.4 codebase is the biggest challenge, but I've heard rumors that Matthias Wimmer has been working on its s2s security features.

  2. We need to get XMPP addresses into standard certificates. This is easier said than done, even though RFC 3920 specifies where the address goes. I've been talking with the good people at CAcert about whether/how to do this, but that's only CAcert, which is not really a trusted source yet. I have not yet talked about this with Thawte, Verisign, and the like.

  3. Do we use existing certificate authorities, or attempt to set up the Jabber Software Foundation (or a subsidiary thereof) as a root CA for the XMPP network? If we can't get XMPP addresses into standard certs, then we may need to set up our own CA and a web of trust based on that (e.g., using a concept similiar to Thawte's web of trust notaries). This might enable us to more quickly bootstrap certificates into the deployed base of XMPP servers, naturally with appropriate identity authentication and audit policies. Using existing certificate authorities would also cost money, which the JSF doesn't especially have a lot of and which most of the free public XMPP servers would not be able to afford.

  4. This doesn't say anything about client-side certs or end-to-end encryption, just server-to-server communications. But I think that server-to-server is a good place to start, and perhaps we can build out the client side from there.


Peter Saint-Andre > Journal