Security Progress

by Peter Saint-Andre

2009-02-20

I hate to say this, but it's an embarrassment that after 10 years we still don't have good, usable end-to-end encryption for XMPP. Lately several folks have been working to change that, led by Dirk Meyer (whom I had the pleasure to meet at the recent XMPP Summit). Dirk and I have been working hard on a technology we're calling XTLS, which was originally inspired by some comments I received from Eric Rescorla regarding the potential to use Transport Layer Security for end-to-end encryption of IM messages (and everything else we send over XMPP). I think this approach is starting to take shape, but it is still very much a work in progress so feedback is welcome on the security@xmpp.org discussion list.

UPDATE: The latest version is now an IETF Internet-Draft available here.


Peter Saint-Andre > Journal