Changes between Version 1 and Version 2 of EndToEndXMPPCrypto

Timestamp:

Jan 26, 2014, 1:39:37 AM (10 years ago)

Author:

elb

Comment:

--

EndToEndXMPPCrypto

@@ -13 +13 @@
  * '''Reliance on SSL PKI.'''  Similar to proprietary protocols, this is an obvious non-starter.  Who trusts those guys?
  * '''Limited third-party authentication functionality.'''  Most or all existing protocols provide only limited support for authenticating an interlocutor's keys.  In some cases the keys are used only for the protocol in question, and verification is provided only by the client itself.  Some protocols use exclusively a specific third-party authentication mechanism (e.g., GPG or x.509 certificates with CA signatures).
+
+== Desiderata ==
+
+I consider these features essential to a protocol that satisfies this call:
+
+ * '''Strong authentication.'''  All data exchanged via the protocol should have strong authentication.  Not all data may be encrypted, but all data should be authenticated.
+ * '''XMPP Presence integration.'''  This means that XMPP presence stanzas for a client supporting the protocol should provide, at a minimum:
+  * Notification that the client supports e2e encryption
+  * Public key material or equivalent information, or a method to retrieve it
+  * A cryptographically secured authentication mechanism for the above items (may, in this case, be a self-signature using the key material itself)
+ There may be additional room for integration here; for example, authentication of the basic presence information is also desirable, but I do not consider it a strict requirement.
+ * '''Streamlined one-on-one Chat.'''  An equivalent protocol to the XMPP simple <message> stanza with a cleartext <body>, only encrypted and authenticated.  The point of this protocol is to minimize overhead for typical one-on-one chat, for the benefit of mobile and bandwidth- or computationally-constrained clients.