Misplaced Pages

#427572

48-406: The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing . This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of

96-405: A socialist millionaire protocol implementation in libotr. Instead of comparing key checksums, knowledge of an arbitrary shared secret can be utilised for which relatively low entropy can be tolerated. Version 3 of the protocol was published in 2012. As a measure against the repeated reestablishment of a session in case of several competing chat clients being signed on to the same user address at

144-888: A "virtual server". The method called "Multi-party Off-the-Record Messaging" (mpOTR) which was published in 2009 works without a central management host and was introduced in Cryptocat by Ian Goldberg et al. In 2013, the Signal Protocol was introduced, which is based on OTR Messaging and the Silent Circle Instant Messaging Protocol (SCIMP). It brought about support for asynchronous communication ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants. OMEMO , introduced in an Android XMPP client called Conversations in 2015, integrates

192-472: A better extension, multi-end-to-multi-end encryption ( OMEMO , XEP-0384) end-to-end encryption between users. This gives a higher level of security, by encrypting all data from the source client and decrypting again at the target client; the server operator cannot decrypt the data they are forwarding. Messages can also be encrypted with OpenPGP , for example with the software Gajim . While several service discovery protocols exist today (such as zeroconf or

240-686: A flaw in the key exchange. As a result, version 2 of the OTR protocol was published in 2005 which implements a variation of the proposed modification that additionally hides the public keys. Moreover, the possibility to fragment OTR messages was introduced in order to deal with chat systems that have a limited message size, and a simpler method of verification against man-in-the-middle attacks was implemented. In 2007 Olivier Goffart published mod_otr for ejabberd , making it possible to perform man-in-the-middle attacks on OTR users who don't check key fingerprints. OTR developers countered this attack by introducing

288-646: A list of public XMPP servers where users may register at (for example on the XMPP.net website). Several large public IM services natively use or used XMPP, including LiveJournal 's "LJ Talk", Nimbuzz , and HipChat . Various hosting services, such as DreamHost , enable hosting customers to choose XMPP services alongside more traditional web and email services. Specialized XMPP hosting services also exist in form of cloud so that domain owners need not directly run their own XMPP servers, including Cisco Webex Connect, Chrome.pl, Flosoft.biz, i-pobox.net, and hosted.im. XMPP

336-613: A logical endpoint identifier - the JID, instead of by an explicit IP Address present opportunities to use XMPP as an Overlay network implementation on top of different underlay networks. The original and "native" transport protocol for XMPP is Transmission Control Protocol (TCP), using open-ended XML streams over long-lived TCP connections. As an alternative to the TCP transport, the XMPP community has also developed an HTTP transport for web clients as well as users behind restricted firewalls . In

384-500: A numerical value called priority . Messages simply sent to username@example.com will go to the client with highest priority, but those sent to username@example.com/mobile will go only to the mobile client. The highest priority is the one with largest numerical value. JIDs without a username part are also valid, and may be used for system messages and control of special features on the server. A resource remains optional for these JIDs as well. The means to route messages based on

432-446: A single client application. This was done through entities called transports or gateways to other instant messaging protocols like ICQ , AIM or Yahoo Messenger , but also to protocols such as SMS , IRC or email . Unlike multi-protocol clients , XMPP provides this access at the server level by communicating via special gateway services running alongside an XMPP server. Any user can "register" with one of these gateways by providing

480-409: A variety of levels and may prove ideal as an extensible middleware or Message-oriented middleware (MOM) protocol. At the moment, XMPP does not support Quality of Service (QoS); assured delivery of messages has to be built on top of the XMPP layer. There are two XEPs proposed to deal with this issue, XEP-0184 Message delivery receipts which is currently a draft standard, and XEP-0333 Chat Markers which

528-1015: Is Google , which in August 2005 introduced Google Talk , a combination VoIP and IM system that uses XMPP for instant messaging and as a base for a voice and file transfer signaling protocol called Jingle . The initial launch did not include server-to-server communications; Google enabled that feature on January 17, 2006. Google later added video functionality to Google Talk, also using the Jingle protocol for signaling. In May 2013, Google announced XMPP compatibility would be dropped from Google Talk for server-to-server federation, although it would retain client-to-server support. Google Talk has since been dropped from Google's line of products. In January 2008, AOL introduced experimental XMPP support for its AOL Instant Messenger (AIM) service, allowing AIM users to communicate using XMPP. However, in March 2008, this service

SECTION 10

#1732801092428

576-658: Is a server-to-server gateway, which enables a non-XMPP server deployment to connect to native XMPP servers using the built in interdomain federation features of XMPP. Such server-to-server gateways are offered by several enterprise IM software products, including: XMPP is implemented by many clients, servers, and code libraries. These implementations are provided under a variety of software licenses. Numerous XMPP server software exist, some well known ones include ejabberd and Prosody . A large number of XMPP client software exist on various modern and legacy platforms, including both graphical and command line based clients. According to

624-435: Is also used in deployments of non-IM services, including smart grid systems such as demand response applications, message-oriented middleware, and as a replacement for SMS to provide text messaging on many smartphone clients. Some of the largest messaging providers use, or have been using, various forms of XMPP based protocols in their backend systems without necessarily exposing this fact to their end users. One example

672-562: Is another example. XMPP is the de facto standard for private chat in gaming related platforms such as Origin , and PlayStation , as well as the now discontinued Xfire and Raptr . Two notable exceptions are Steam and Xbox LIVE ; both use their own proprietary messaging protocols. Jeremie Miller began working on the Jabber technology in 1998 and released the first version of the jabberd server on January 4, 1999. The early Jabber community focused on open-source software, mainly

720-511: Is best transmitted out-of-band , using in-band messages to coordinate. The best example of this is the Jingle XMPP Extension Protocol, XEP-0166. Using the extension called Jingle , XMPP can provide an open means to support machine-to-machine or peer-to-peer communications across a diverse set of networks. This feature is mainly used for IP telephony (VoIP). XMPP supports conferences with multiple users, using

768-557: Is considered experimental. Since XML is text based, normal XMPP has a higher network overhead compared to purely binary solutions. This issue was being addressed by the experimental XEP-0322: Efficient XML Interchange (EXI) Format, where XML is serialized in an efficient binary manner, especially in schema-informed mode. This XEP is currently deferred. In-band binary data transfer is limited. Binary data must be first base64 encoded before it can be transmitted in-band. Therefore, any significant amount of binary data (e.g., file transfers )

816-573: Is more efficient than polling, where many of the polls return no new data. Because the client uses HTTP, most firewalls allow clients to fetch and post messages without any hindrances. Thus, in scenarios where the TCP port used by XMPP is blocked, a server can listen on the normal HTTP port and the traffic should pass without problems. Various websites let people sign into XMPP via a browser. Furthermore, there are open public servers that listen on standard http (port 80) and https (port 443) ports, and hence allow connections from behind most firewalls. However,

864-617: Is reminiscent of the Simple Mail Transfer Protocol (SMTP), a client–server model; clients do not talk directly to one another as it is decentralized - anyone can run a server. By design, there is no central authoritative server as there is with messaging services such as AIM , WLM , WhatsApp or Telegram . Some confusion often arises on this point as there is a public XMPP server being run at jabber.org , to which many users subscribe. However, anyone may run their own XMPP server on their own domain. Every user on

912-514: Is well-suited for cloud computing where virtual machines, networks, and firewalls would otherwise present obstacles to alternative service discovery and presence-based solutions. Cloud computing and storage systems rely on various forms of communication over multiple levels, including not only messaging between systems to relay state but also the migration or distribution of larger objects, such as storage or virtual machines. Along with authentication and in-transit data protection, XMPP can be applied at

960-797: The Double Ratchet Algorithm used in Signal into the instant messaging protocol XMPP ("Jabber") and also enables encryption of file transfers. In the autumn of 2015 it was submitted to the XMPP Standards Foundation for standardisation. Currently, version 4 of the protocol has been designed. It was presented by Sofía Celi and Ola Bini on PETS2018. In addition to providing encryption and authentication — features also provided by typical public-key cryptography suites, such as PGP , GnuPG , and X.509 ( S/MIME ) — OTR also offers some less common features: As of OTR 3.1,

1008-645: The Internet of Things . Several XMPP extensions are part of the experimental implementation: Efficient XML Interchange (EXI) Format; Sensor Data; Provisioning; Control; Concentrators; Discovery. These efforts are documented on a page in the XMPP wiki dedicated to Internet of Things and the XMPP IoT mailing list. The IETF XMPP working group has produced a series of Request for Comments (RFC) documents: The most important and most widely implemented of these specifications are: XMPP has often been regarded as

SECTION 20

#1732801092428

1056-489: The Service Location Protocol ), XMPP provides a solid base for the discovery of services residing locally or across a network, and the availability of these services (via presence information), as specified by XEP-0030 DISCO. One of the original design goals of the early Jabber open-source community was enabling users to connect to multiple instant messaging systems (especially non-XMPP systems) through

1104-582: The application layer . The architecture of the XMPP network is similar to email ; anyone can run their own XMPP server and there is no central master server. This federated open system approach allows users to interoperate with others on any server using a 'JID' user account, similar to an email address. XMPP implementations can be developed using any software license and many server, client, and library implementations are distributed as free and open-source software . Numerous freeware and commercial software implementations also exist. Originally developed by

1152-418: The near-real-time exchange of structured data between two or more network entities. Designed to be extensible , the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware , including signalling for VoIP , video, file transfer , gaming and other uses. Unlike most commercial instant messaging protocols, XMPP is defined in an open standard in

1200-436: The open-source community , the protocols were formalized as an approved instant messaging standard in 2004 and have been continuously developed with new extensions and features. Various XMPP client software are available on both desktop and mobile platforms and devices - by 2003 the protocol was used by over ten million people worldwide on the network, according to the XMPP Standards Foundation . The XMPP network architecture

1248-913: The IANA-registered port for BOSH is actually 5280, not 80. The XMPP Standards Foundation or XSF (formerly the Jabber Software Foundation) is active in developing open XMPP extensions, so called XEP . However, extensions can also be defined by any individual, software project, or organization. To maintain interoperability, common extensions are managed by the XSF. XMPP applications beyond IM include: chat rooms , network management , content syndication , collaboration tools, file sharing , gaming, remote systems control and monitoring, geolocation , middleware and cloud computing , VoIP, and identity services. Building on its capability to support discovery across local network domains , XMPP

1296-471: The IETF's XMPP Working Group were the addition of TLS for channel encryption and SASL for authentication). The XMPP Working group also produced specifications RFC 3922 and RFC 3923. In 2011, RFC 3920 and RFC 3921 were superseded by RFC 6120 and RFC 6121 respectively, with RFC 6122 specifying the XMPP address format. In 2015, RFC 6122 was superseded by RFC 7622. In addition to these core protocols standardized at

1344-448: The IETF, the XMPP Standards Foundation (formerly the Jabber Software Foundation) is active in developing open XMPP extensions. The first IM service based on XMPP was Jabber.org, which has operated continuously and offered free accounts since 1999. From 1999 until February 2006, the service used jabberd as its server software, at which time it migrated to ejabberd (both of which are free software application servers). In January 2010,

1392-581: The OTR protocol also reveals used MAC keys as part of the next message, after they have already been used to authenticate previously received messages, and will not be re-used. This cryptography-related article is a stub . You can help Misplaced Pages by expanding it . XMPP Extensible Messaging and Presence Protocol ( abbreviation XMPP , originally named Jabber ) is an open communication protocol designed for instant messaging (IM), presence information , and contact list maintenance. Based on XML (Extensible Markup Language), it enables

1440-427: The OTR session with the buddies that have it enabled, without interfering with regular, unencrypted conversations. Version 4 of the protocol has been in development since 2017 by a team led by Sofía Celi, and reviewed by Nik Unger and Ian Goldberg. This version aims to provide online and offline deniability, to update the cryptographic primitives, and to support out-of-order delivery and asynchronous communication. OTR

1488-676: The XMPP website, some of the most popular software include Conversations and Quicksy ( Android ), Dino ( BSD , Windows , Unix , Linux ), Converse.js (web browser, Linux , Windows , macOS ), Gajim ( Windows , Linux ), Monal ( macOS , iOS ), and Swift.IM (macOS, Windows, Linux). Lately, Monal has been forked as a Quicksy release for iOS . Other clients include: Bombus, ChatSecure , Coccinella , Miranda NG , Pidgin , Psi , Tkabber , Trillian , and Xabber . There are thousands of XMPP servers worldwide, many public ones as well as private individuals or organizations running their own servers without commercial intent. Numerous websites show

Off-the-record messaging - Misplaced Pages Continue

1536-464: The client to have direct access to the Internet. However, the client proxy model may violate terms of service on the protocol used (although such terms of service are not legally enforceable in several countries) and also requires the user to send their IM username and password to the third-party site that operates the transport (which may raise privacy and security concerns). Another type of gateway

1584-544: The future. As of version 3 of the protocol specification, an extra symmetric key is derived during authenticated key exchanges that can be used for secure communication (e.g., encrypted file transfers ) over a different channel. Support for encrypted audio or video is not planned. ( SRTP with ZRTP exists for that purpose.) A project to produce a protocol for multi-party off-the-record messaging (mpOTR) has been organized by Cryptocat , eQualitie , and other contributors including Ian Goldberg. Since OTR protocol v3 (libotr 4.0.0)

1632-400: The information needed to log on to that network, and can then communicate with users of that network as though they were XMPP users. Thus, such gateways function as client proxies (the gateway authenticates on the user's behalf on the non-XMPP service). As a result, any client that fully supports XMPP can access any network with a gateway without extra code in the client, and without the need for

1680-553: The jabberd server, but its major outcome proved to be the development of the XMPP protocol. The Internet Engineering Task Force (IETF) formed an XMPP working group in 2002 to formalize the core protocols as an IETF instant messaging and presence technology. The early Jabber protocol , as developed in 1999 and 2000, formed the basis for XMPP as published in RFC 3920 and RFC 3921 in October 2004 (the primary changes during formalization by

1728-412: The network has a unique XMPP address, called JID (for historical reasons, XMPP addresses are often called Jabber IDs ). The JID is structured like an email address with a username and a domain name (or IP address ) for the server where that user resides, separated by an at sign ( @ ) - for example, “ alice@example.com “: here alice is the username and example.com the server with which

1776-481: The original specification, XMPP could use HTTP in two ways: polling and binding . The polling method, now deprecated, essentially implies messages stored on a server-side database are being fetched (and posted) regularly by an XMPP client by way of HTTP 'GET' and 'POST' requests. The binding method, implemented using Bidirectional-streams Over Synchronous HTTP ( BOSH ), allows servers to push messages to clients as soon as they are sent. This push model of notification

1824-531: The participants. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP ". The OTR protocol was designed by cryptographers Ian Goldberg and Nikita Borisov and released on 26 October 2004. They provide a client library to facilitate support for instant messaging client developers who want to implement the protocol. A Pidgin and Kopete plugin exists that allows OTR to be used over any IM protocol supported by Pidgin or Kopete, offering an auto-detection feature that starts

1872-535: The plugin supports multiple OTR conversations with the same buddy who is logged in at multiple locations. These clients support Off-the-Record Messaging out of the box (incomplete list). The following clients require a plug-in to use Off-the-Record Messaging. Although Gmail's Google Talk uses the term "off the record", the feature has no connection to the Off-the-Record Messaging protocol described in this article, its chats are not encrypted in

1920-466: The protocol supports mutual authentication of users using a shared secret through the socialist millionaire protocol. This feature makes it possible for users to verify the identity of the remote party and avoid a man-in-the-middle attack without the inconvenience of manually comparing public key fingerprints through an outside channel. Due to limitations of the protocol, OTR does not support multi-user group chat as of 2009 but it may be implemented in

1968-415: The same time, more precise identification labels for sending and receiving client instances were introduced in version 3. Moreover, an additional key is negotiated which can be used for another data channel. Several solutions have been proposed for supporting conversations with multiple participants. A method proposed in 2007 by Jiang Bian, Remzi Seker, and Umit Topaloglu uses the system of one participant as

Off-the-record messaging - Misplaced Pages Continue

2016-623: The service migrated to the proprietary M-Link server software produced by Isode Ltd. In September 2008, Cisco Systems acquired Jabber, Inc., the creators of the commercial product Jabber XCP. The XMPP Standards Foundation (XSF) develops and publishes extensions to XMPP through a standards process centered on XMPP Extension Protocols (XEPs, previously known as Jabber Enhancement Proposals - JEPs). The following extensions are in especially wide use: XMPP features such as federation across domains, publish/subscribe, authentication and its security even for mobile endpoints are being used to implement

2064-460: The specification Multi-User Chat (MUC) (XEP-0045). From the point of view of a normal user, it is comparable to Internet Relay Chat (IRC). XMPP servers can be isolated (e.g., on a company intranet ), and secure authentication ( SASL ) and point-to-point encryption ( TLS ) have been built into the core XMPP specifications. Off-the-Record Messaging (OTR) is an extension of XMPP enabling encryption of messages and data. It has since been replaced by

2112-541: The use of message authentication codes (MACs) by making sure that if an attacker is able to decrypt the messages, they would also know the MAC key as part of the protocol, and would thus be able to forge authentic-looking messages. For example, in the Off-the-Record Messaging (OTR) protocol, MAC keys are derived from the asymmetric decryption key through a cryptographic hash function . In addition to that,

2160-435: The user is registered. Since a user may wish to log in from multiple locations, they may specify a resource . A resource identifies a particular client belonging to the user (for example home, work, or mobile). This may be included in the JID by appending a slash followed by the name of the resource. For example, the full JID of a user's mobile account could be username@example.com/mobile . Each resource may have specified

2208-479: The way described above—and could be logged internally by Google even if not accessible by end-users. Deniable authentication In cryptography , deniable authentication refers to message authentication between a set of participants where the participants themselves can be confident in the authenticity of the messages, but it cannot be proved to a third party after the event. In practice, deniable authentication between two parties can be achieved through

2256-580: Was discontinued. As of May 2011, AOL offers limited XMPP support. In February 2010, the social-networking site Facebook opened up its chat feature to third-party applications via XMPP. Some functionality was unavailable through XMPP, and support was dropped in April 2014. Similarly, in December 2011, Microsoft released an XMPP interface to its Microsoft Messenger service . Skype , its de facto successor, also provided limited XMPP support. Apache Wave

2304-664: Was presented in 2004 by Nikita Borisov, Ian Avrum Goldberg , and Eric A. Brewer as an improvement over the OpenPGP and the S/MIME system at the "Workshop on Privacy in the Electronic Society" (WPES). The first version 0.8.0 of the reference implementation was published on 21 November 2004. In 2005 an analysis was presented by Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk that called attention to several vulnerabilities and proposed appropriate fixes, most notably including

#427572