Secure Communications with Jabber
-
Upload
stpeter -
Category
Technology
-
view
7.507 -
download
1
description
Transcript of Secure Communications with Jabber
![Page 1: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/1.jpg)
Jabber security
![Page 2: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/2.jpg)
Peter Saint-Andre
![Page 4: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/4.jpg)
![Page 5: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/5.jpg)
https://stpeter.im/
![Page 6: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/6.jpg)
secure communication
![Page 7: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/7.jpg)
with Jabber
![Page 8: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/8.jpg)
what is Jabber?
![Page 9: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/9.jpg)
open XML technologies
![Page 10: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/10.jpg)
real-time messaging
![Page 11: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/11.jpg)
presence
![Page 12: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/12.jpg)
multimedia negotiation
![Page 13: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/13.jpg)
collaboration
![Page 14: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/14.jpg)
and more
![Page 15: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/15.jpg)
invented by Jeremie Miller in 1998
![Page 16: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/16.jpg)
in essence...
![Page 17: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/17.jpg)
streaming XML
![Page 18: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/18.jpg)
over long-lived TCP connection
![Page 19: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/19.jpg)
client-server architecture
![Page 20: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/20.jpg)
decentralized network
![Page 21: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/21.jpg)
inter-domain messaging
![Page 22: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/22.jpg)
like email
![Page 23: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/23.jpg)
but really fast
![Page 24: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/24.jpg)
with built-in presence
![Page 25: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/25.jpg)
not just one open-source project
![Page 26: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/26.jpg)
multiple codebases
![Page 27: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/27.jpg)
open-source and commercial
![Page 28: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/28.jpg)
interoperability via XML wire protocol
![Page 29: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/29.jpg)
core protocol standardized @ IETF
![Page 30: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/30.jpg)
Extensible
![Page 31: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/31.jpg)
Messaging
![Page 32: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/32.jpg)
and
![Page 33: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/33.jpg)
Presence
![Page 34: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/34.jpg)
Protocol
![Page 35: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/35.jpg)
(XMPP)
![Page 36: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/36.jpg)
RFCs 3920 + 3921
![Page 37: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/37.jpg)
multiple implementations
![Page 38: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/38.jpg)
serious deployment
![Page 39: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/39.jpg)
how many users?
![Page 40: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/40.jpg)
we don’t know
![Page 41: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/41.jpg)
decentralized architecture
![Page 42: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/42.jpg)
100k+ servers
![Page 43: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/43.jpg)
50+ million IM users
![Page 44: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/44.jpg)
not just IM
![Page 45: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/45.jpg)
generic XML routing
![Page 46: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/46.jpg)
lots of applications beyond IM
![Page 47: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/47.jpg)
continually defining XMPP extensions
![Page 48: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/48.jpg)
XMPP Standards Foundation (XSF)
![Page 49: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/49.jpg)
developer-driven standards group
![Page 50: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/50.jpg)
that’s great, but...
![Page 51: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/51.jpg)
how secure is it?
![Page 52: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/52.jpg)
what is security?
![Page 53: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/53.jpg)
secure conversationin real life...
![Page 54: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/54.jpg)
a good friend visits your home
![Page 55: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/55.jpg)
you know and trust each other
![Page 56: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/56.jpg)
only the two of you
![Page 57: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/57.jpg)
strangers can’t enter your home
![Page 58: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/58.jpg)
your home is not bugged
![Page 59: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/59.jpg)
conversation is not recorded
![Page 60: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/60.jpg)
what you say is private and confidential
![Page 61: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/61.jpg)
contrast that with the Internet...
![Page 62: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/62.jpg)
lots of potential attacks
![Page 63: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/63.jpg)
man-in-the-middle
![Page 64: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/64.jpg)
eavesdropping
![Page 65: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/65.jpg)
unauthenticated users
![Page 66: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/66.jpg)
address spoofing
![Page 67: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/67.jpg)
weak identity
![Page 68: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/68.jpg)
rogue servers
![Page 69: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/69.jpg)
denial of service
![Page 70: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/70.jpg)
directory harvesting
![Page 71: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/71.jpg)
buffer overflows
![Page 72: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/72.jpg)
spam
![Page 73: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/73.jpg)
spim
![Page 74: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/74.jpg)
spit
![Page 75: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/75.jpg)
splogs
![Page 76: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/76.jpg)
viruses
![Page 77: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/77.jpg)
worms
![Page 78: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/78.jpg)
trojan horses
![Page 79: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/79.jpg)
malware
![Page 80: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/80.jpg)
phishing
![Page 81: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/81.jpg)
pharming
![Page 82: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/82.jpg)
information leaks
![Page 83: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/83.jpg)
inappropriate logging and archiving
![Page 84: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/84.jpg)
you get the picture
![Page 85: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/85.jpg)
the Internet is a dangerous place
![Page 86: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/86.jpg)
how do we fight these threats?
![Page 87: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/87.jpg)
sorry, but...
![Page 88: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/88.jpg)
Jabber is not a perfect technology
![Page 89: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/89.jpg)
not originally builtfor high security
![Page 90: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/90.jpg)
don’t require PGP keys or X.509 certs
![Page 91: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/91.jpg)
don’t require ubiquitous encryption
![Page 92: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/92.jpg)
tradeoffs between security and usability
![Page 93: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/93.jpg)
maybe that’s why we have 50+ million users...
![Page 94: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/94.jpg)
but privacy and security are important
![Page 95: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/95.jpg)
so what have we done to help?
![Page 96: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/96.jpg)
Jabber architecture...
![Page 97: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/97.jpg)
![Page 98: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/98.jpg)
similar to email
![Page 99: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/99.jpg)
client connects to server (TCP 5222)
![Page 100: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/100.jpg)
(or connect via HTTP binding over SSL)
![Page 101: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/101.jpg)
client MUST authenticate
![Page 102: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/102.jpg)
originally: plaintext (!) or hashed password
![Page 103: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/103.jpg)
Simple Authentication & Security Layer (SASL)
![Page 104: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/104.jpg)
RFC 4422
![Page 105: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/105.jpg)
many SASL mechanisms
![Page 106: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/106.jpg)
PLAIN (OK over encrypted connection)
![Page 107: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/107.jpg)
DIGEST-MD5
![Page 108: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/108.jpg)
EXTERNAL (with X.509 certs)
![Page 109: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/109.jpg)
GSSAPI (a.k.a. Kerberos)
![Page 110: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/110.jpg)
ANONYMOUS
![Page 111: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/111.jpg)
etc.
![Page 112: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/112.jpg)
all users are authenticated
![Page 113: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/113.jpg)
sender addresses not merely asserted
![Page 114: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/114.jpg)
server stamps user ‘from’ address
![Page 115: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/115.jpg)
Jabber IDs are logical addresses
![Page 116: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/116.jpg)
IP addressesnot exposed
![Page 117: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/117.jpg)
Jabber ID looks like an email address
![Page 120: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/120.jpg)
not limited to US-ASCII characters
![Page 121: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/121.jpg)
jiři@čechy.cz
![Page 122: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/122.jpg)
πλατω@ἑλλας.gr
![Page 123: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/123.jpg)
มฌำปจ@jabber.th
![Page 124: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/124.jpg)
ぷぉぞ@jabber.jp
![Page 125: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/125.jpg)
∞@math.it
![Page 126: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/126.jpg)
full Unicode opens phishing attacks
![Page 127: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/127.jpg)
[email protected]ᏚᎢᎵᎬᎢᎬᏒ@jabber.org
![Page 128: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/128.jpg)
clients should use “petnames”
![Page 129: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/129.jpg)
store in buddy list [tm] (a.k.a. “roster”)
![Page 130: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/130.jpg)
server stores your roster
![Page 131: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/131.jpg)
server broadcastsyour presence
![Page 132: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/132.jpg)
but only to subscribers you have authorized
![Page 133: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/133.jpg)
most traffic goes through server
![Page 134: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/134.jpg)
traffic is pure XML
![Page 135: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/135.jpg)
servers reject malformed XML
![Page 136: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/136.jpg)
servers may validate traffic against schemas
![Page 137: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/137.jpg)
difficult to inject binary objects
![Page 138: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/138.jpg)
difficult to propagate malware
![Page 139: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/139.jpg)
break alliance between viruses and spam
![Page 140: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/140.jpg)
spam virtually unknown on Jabber network
![Page 141: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/141.jpg)
why?
![Page 142: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/142.jpg)
hard to spoof addresses
![Page 143: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/143.jpg)
hard to send inline binary
![Page 144: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/144.jpg)
XHTML subset (no scripts etc.)
![Page 145: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/145.jpg)
user approval required for file transfer
![Page 146: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/146.jpg)
privacy lists to block unwanted users
![Page 147: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/147.jpg)
XMPP not immune to spam
![Page 148: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/148.jpg)
have spam-fighting tools ready when it appears
![Page 149: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/149.jpg)
challenge-response to register an account
![Page 150: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/150.jpg)
challenge-response to communicate
![Page 151: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/151.jpg)
spam reporting
![Page 152: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/152.jpg)
working on more anti-spam tools
![Page 153: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/153.jpg)
server reputation system?
![Page 154: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/154.jpg)
anonymized IP address? (groupchat spam)
![Page 155: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/155.jpg)
spammers need to overcome...
![Page 156: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/156.jpg)
bandwidth limits
![Page 157: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/157.jpg)
connection limits
![Page 158: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/158.jpg)
other denial-of-service prevention measures
![Page 159: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/159.jpg)
distributed attack or run a rogue server
![Page 160: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/160.jpg)
not impossible
![Page 161: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/161.jpg)
just harder than other networks (got email?)
![Page 162: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/162.jpg)
no rogue servers (yet)
![Page 163: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/163.jpg)
optional to federate with other servers
![Page 164: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/164.jpg)
many private XMPP servers
![Page 165: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/165.jpg)
public servers federate as needed (TCP 5269)
![Page 166: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/166.jpg)
DNS lookup to get server IP address
![Page 167: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/167.jpg)
only one hopbetween servers
![Page 168: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/168.jpg)
server identitiesare validated
![Page 169: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/169.jpg)
server dialback (identity verification)
![Page 170: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/170.jpg)
effectively prevents server spoofing
![Page 171: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/171.jpg)
receiving server checks sending domain
![Page 172: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/172.jpg)
no messages from “[email protected]”
![Page 173: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/173.jpg)
DNS poisoning can invalidate
![Page 174: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/174.jpg)
need something stronger?
![Page 175: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/175.jpg)
Transport Layer Security (TLS)
![Page 176: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/176.jpg)
RFC 4346
![Page 177: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/177.jpg)
IETF “upgrade” to SSL
![Page 178: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/178.jpg)
TLS + SASL EXTERNAL with X.509 certs
![Page 179: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/179.jpg)
strong authentication of other servers
![Page 180: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/180.jpg)
but only if certs arenot self-signed
![Page 181: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/181.jpg)
$$$
![Page 182: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/182.jpg)
real X.509 certs are expensive
![Page 183: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/183.jpg)
VeriSign, Thawte, etc.
![Page 184: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/184.jpg)
a better way...
![Page 185: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/185.jpg)
xmpp.net
![Page 186: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/186.jpg)
intermediate CA for XMPP network
![Page 187: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/187.jpg)
free digital certificates for XMPP server admins
![Page 188: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/188.jpg)
(need to prove you own the domain)
![Page 189: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/189.jpg)
root CA: StartCom
![Page 190: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/190.jpg)
ICA: XMPP Standards Foundation
![Page 191: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/191.jpg)
hopefully other CAs in future
![Page 192: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/192.jpg)
so channel encryption is a no-brainer
![Page 193: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/193.jpg)
man-in-the-middleis much harder
![Page 194: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/194.jpg)
“Mallory” is foiled
![Page 195: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/195.jpg)
but what about “Isaac” and “Justin”?
![Page 196: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/196.jpg)
![Page 197: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/197.jpg)
we can encrypt the channels
![Page 198: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/198.jpg)
but traffic is cleartext within servers!
![Page 199: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/199.jpg)
need end-to-end encryption (“e2e”)
![Page 200: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/200.jpg)
first try: OpenPGP(XEP-0027)
![Page 201: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/201.jpg)
great for geeks
![Page 202: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/202.jpg)
but Aunt Tillie doesn’t use PGP
![Page 203: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/203.jpg)
second try: S/MIME(RFC 3923)
![Page 204: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/204.jpg)
great for geeks (and some employees)
![Page 205: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/205.jpg)
but Aunt Tillie doesn’t use X.509
![Page 206: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/206.jpg)
XML encryption and digital signatures?
![Page 207: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/207.jpg)
seems natural, but not much interest (c14n?)
![Page 208: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/208.jpg)
doesn’t provide perfect forward secrecy
![Page 209: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/209.jpg)
off-the-record communication (OTR)?
![Page 210: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/210.jpg)
great idea
![Page 211: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/211.jpg)
opportunistic encryption (à la SSH)
![Page 212: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/212.jpg)
perfect forward secrecy
![Page 213: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/213.jpg)
but encrypts only the plaintext message body
![Page 214: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/214.jpg)
we need to encrypt the entire packet
![Page 215: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/215.jpg)
why?
![Page 216: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/216.jpg)
because XMPP is more than just IM
![Page 217: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/217.jpg)
protect IPs sent in multimedia negotiation
![Page 218: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/218.jpg)
protect shared XML editing data
![Page 219: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/219.jpg)
etc.
![Page 220: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/220.jpg)
solution: encrypted sessions
![Page 221: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/221.jpg)
big set of requirements...
![Page 222: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/222.jpg)
packets are confidential
![Page 223: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/223.jpg)
packet integrity
![Page 224: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/224.jpg)
replay protection
![Page 225: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/225.jpg)
key compromise does not reveal past comms
![Page 226: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/226.jpg)
don’t depend on public key infrastructure
![Page 227: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/227.jpg)
entities authenticated to each other
![Page 228: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/228.jpg)
3rd parties cannot identify entities
![Page 229: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/229.jpg)
robustness against attack (multiple hurdles)
![Page 230: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/230.jpg)
upgradeability if bugs are discovered
![Page 231: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/231.jpg)
encryption of full XMPP packets
![Page 232: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/232.jpg)
implementable by typical developer
![Page 233: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/233.jpg)
usable by typical user
![Page 234: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/234.jpg)
how to address all requirements?
![Page 235: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/235.jpg)
just a dream?
![Page 236: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/236.jpg)
bootstrap from cleartext to encryption
![Page 237: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/237.jpg)
in-band Diffie-Hellman key exchange
![Page 238: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/238.jpg)
translate “SIGMA” approach to XMPP
![Page 239: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/239.jpg)
similar to Internet Key Exchange (IKE)
![Page 240: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/240.jpg)
details in XSF XEPs 116, 188, 200
![Page 241: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/241.jpg)
simplified profile in XEP-0217
![Page 242: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/242.jpg)
major priority for2007-2008
![Page 243: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/243.jpg)
support from NLnet(thanks!)
![Page 244: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/244.jpg)
pursuing full security analysis
![Page 245: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/245.jpg)
code bounties
![Page 246: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/246.jpg)
GSoC project
![Page 247: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/247.jpg)
Jabber security summit
![Page 248: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/248.jpg)
more at blog.xmpp.org
![Page 249: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/249.jpg)
wide implementation in next ~12 months
![Page 250: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/250.jpg)
so how are we doing?
![Page 251: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/251.jpg)
spam free
![Page 252: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/252.jpg)
hard to spoof addresses
![Page 253: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/253.jpg)
pure XML discourages binary malware
![Page 254: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/254.jpg)
DoS attacks possible but not easy
![Page 255: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/255.jpg)
widespread channel encryption
![Page 256: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/256.jpg)
working hard on end-to-end encryption
![Page 257: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/257.jpg)
widely deployed in high-security environments
![Page 258: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/258.jpg)
Wall Street investment banks
![Page 259: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/259.jpg)
U.S. military
![Page 260: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/260.jpg)
MIT and other universities
![Page 261: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/261.jpg)
many public servers since 1999
![Page 262: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/262.jpg)
no major security breaches
![Page 263: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/263.jpg)
can’t be complacent
![Page 264: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/264.jpg)
always more to do
![Page 265: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/265.jpg)
security is a never-ending process
![Page 266: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/266.jpg)
analysis and hacking are encouraged
![Page 267: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/267.jpg)
if it breaks, we’ll fix it
![Page 269: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/269.jpg)
join the conversation
![Page 270: Secure Communications with Jabber](https://reader033.fdocuments.us/reader033/viewer/2022061205/54819ed4b4af9fa50d8b458d/html5/thumbnails/270.jpg)
let’s build a more secure Internet