Jabber moves to full encryption
On May 19, 2014, the full transition of the Jabber network to full encryption will take place. It will be encrypted as a connection from the client to the server (C2S), and between servers (S2S). This was agreed by representatives of the largest Jabber servers and XSF members - the XMPP Standards Foundation. Now using Jabber will be 99% safe for the end user.
Understanding current security and privacy concerns, the Jabber network switches to a fully protected mode of operation. The agreement is fixed in the XMPP Protocol Security Manifesto located on Github:
“The world is changing, the Internet is changing. And with each month, year, people are more and more thinking about the privacy of the information transmitted by them to the network. No one wants his correspondence with a friend \ favorite \ colleague \ employer to be read by anyone else.
The XMPP protocol supports encryption by design, both at the level of most clients and at the level of almost all server implementations, but not all users are aware of this, and not all administrators have correctly configured the server software. This manifesto is actually designed to formally strengthen encryption on the XMPP network by combining server operators who want to ensure privacy and security for their users. It also means informing users about data encryption, about setting up their software. ”
On Saturday, March 22, 2014 - the third test day will be held. On one day, many servers will switch to full encryption, and communication with servers that do not support encryption will be disabled. In particular, the connection with Gmail, which does not support server-to-server encryption, will be lost. This is the penultimate chance to check the readiness of the jabber servers (there will be one more before the final transition), and in the Russian-speaking environment no one is in a hurry about it.
How many such servers? How to prepare for the transition to full encryption user, and how - the admin? I need to tell you a lot. Under the cut the answers to these questions and consequences.
So, the XMPP Software Foundation team and personally its executive director Peter St. André turned to everyone who uses and / or administers the XMPP server with the Manifest.
There is a case for everyone:
')
For users
- Go to TLS.
- Campaign server admins to join manifest
- Write instructions for setting% YourFavouriteJabberClient% for dummies
Already have instructions for:
QIP , 
Psi / Psi + , 
Miranda 
Pidgin 
Jasmine IM , jTalk , Talkonaut .
Waiting for their heroes:Pidgin already found 
Adium and 
other
For admins
Step 1: Get a certificate. Free StartSSL ride. Instructions .
Step 2: Disable unencrypted connections. Instructions for Ejabberd, Prosody, Openfire, TigaseIM
Step 3: Check your server on XMPP.net
- Agitate server users to join manifest
- Write instructions for setting% YourFavouriteJabberClient% for dummies
Step 4. On Sunday, March 23, allow unencrypted connections again until the next test day on April 19. And finally say goodbye to unencrypted connections May 19, 2014.
For developers
ENCRYPTION BROWSING Check that your clients can connect to servers with these settings.
The manifest can be signed by any developer / administrator of the jabber server. To sign up, simply add your name and position to the list of signatories via pull-request: github.com/stpeter/manifesto
Do you have your own Jabber server with open registration? Sign up!
Subscribers more than 60 people.
Authors of the XMPP protocol, members of the XSF: Peter St. Andre, Jeremy Miller
Ejabberd, Tigase, prosody, Metronome IM server developers
Gajim, Jitsi, Adium, Miranda NG, VSTalk, Yaxim customers
Jappix, Buddycloud, JWChat Web Clients
…and many others.
Separately, you can select the pioneer alexeycv , who represents Russian Jabber servers with its jabberon.ru in this list. Other servers showed less flexibility and social responsibility.
jabber.ccc.de - a large German server,
jabber.at - the dudes who made the open source panel for registration on jabber servers,
jabberon.ru - liberal jabber server
jabber-hosting.com is a free jabber server for a domain,
other.
upd: the Yandex press service provided the following comment:
Will Yandex require SSL / TLS to connect starting May 19?
We are thinking of starting to require SSL / TLS to connect, but we don’t want to promise anything.
What is the company's position on the XMPP service as a whole: is it planned to close?
No, we are not planning to close XMPP.
The plans to abandon the unencrypted connection is unknown.
Articles from the author-developer XMPP.net:
XMPP over TOR blog.thijsalkema.de/blog/2013/06/11/xmpp-federation-over-tor-hidden-services
State on TLS part 1 , part 2 , part 3
StartSSL or how to get rid of self-signed certificates - Habr
Understanding current security and privacy concerns, the Jabber network switches to a fully protected mode of operation. The agreement is fixed in the XMPP Protocol Security Manifesto located on Github:
“The world is changing, the Internet is changing. And with each month, year, people are more and more thinking about the privacy of the information transmitted by them to the network. No one wants his correspondence with a friend \ favorite \ colleague \ employer to be read by anyone else.
The XMPP protocol supports encryption by design, both at the level of most clients and at the level of almost all server implementations, but not all users are aware of this, and not all administrators have correctly configured the server software. This manifesto is actually designed to formally strengthen encryption on the XMPP network by combining server operators who want to ensure privacy and security for their users. It also means informing users about data encryption, about setting up their software. ”
 | Jabber network is a set of servers on the Internet, working under the XMPP protocol and supporting interserver communication with each other. Any user of one server can write to the user on any server. |
 | The XMPP protocol is an open free protocol for transferring data (messages, sound, video, etc.), which can be used both in the public network (Jabber) and in the local network (intranet, local chats of enterprises, providers, etc.), and also in proprietary services (WhatsApp, Facebook, Odnoklassniki) |
On Saturday, March 22, 2014 - the third test day will be held. On one day, many servers will switch to full encryption, and communication with servers that do not support encryption will be disabled. In particular, the connection with Gmail, which does not support server-to-server encryption, will be lost. This is the penultimate chance to check the readiness of the jabber servers (there will be one more before the final transition), and in the Russian-speaking environment no one is in a hurry about it.
How many such servers? How to prepare for the transition to full encryption user, and how - the admin? I need to tell you a lot. Under the cut the answers to these questions and consequences.
So, the XMPP Software Foundation team and personally its executive director Peter St. André turned to everyone who uses and / or administers the XMPP server with the Manifest.
There is a case for everyone:
')
For users
- Go to TLS.
- Campaign server admins to join manifest
- Write instructions for setting% YourFavouriteJabberClient% for dummies
Already have instructions for:
QIP , Psi / Psi + , Miranda Pidgin Jasmine IM , jTalk , Talkonaut .Waiting for their heroes:
Adium and otherFor admins
Step 1: Get a certificate. Free StartSSL ride. Instructions .
Step 2: Disable unencrypted connections. Instructions for Ejabberd, Prosody, Openfire, TigaseIM
Step 3: Check your server on XMPP.net
- Agitate server users to join manifest
- Write instructions for setting% YourFavouriteJabberClient% for dummies
Step 4. On Sunday, March 23, allow unencrypted connections again until the next test day on April 19. And finally say goodbye to unencrypted connections May 19, 2014.
For developers
Accept manifest
The manifest can be signed by any developer / administrator of the jabber server. To sign up, simply add your name and position to the list of signatories via pull-request: github.com/stpeter/manifesto
Do you have your own Jabber server with open registration? Sign up!
Subscribers more than 60 people.
Authors of the XMPP protocol, members of the XSF: Peter St. Andre, Jeremy Miller
Ejabberd, Tigase, prosody, Metronome IM server developers
Gajim, Jitsi, Adium, Miranda NG, VSTalk, Yaxim customers
Jappix, Buddycloud, JWChat Web Clients
…and many others.
Separately, you can select the pioneer alexeycv , who represents Russian Jabber servers with its jabberon.ru in this list. Other servers showed less flexibility and social responsibility.
Question and Answer Section
Which servers participate in test days and support the Manifest?
Jabber.org is the main server for all XMPP,jabber.ccc.de - a large German server,
jabber.at - the dudes who made the open source panel for registration on jabber servers,
jabberon.ru - liberal jabber server
jabber-hosting.com is a free jabber server for a domain,
other.
What is the position of the server jabberon.ru?
Administration of the server jabberon.ru supports this manifest. We will participate in all the following promotions, tests that will be conducted as part of the XMPP Encryption Manifest.What is the position of the server jabber.ru?
Administration service in the course of the Manifesto. The service supports encryption for anyone who wants to use it. There are no plans to abandon the unencrypted connection. Ermine comment, server administrator: “I suppose we are not ready to offer customers options to users on the day of the TLS test”What is the position of the server ya.ru?
Yandex supports encryption for anyone who wants to use it. The plans to abandon the unencrypted connection is unknown.upd: the Yandex press service provided the following comment:
Will Yandex require SSL / TLS to connect starting May 19?
We are thinking of starting to require SSL / TLS to connect, but we don’t want to promise anything.
What is the company's position on the XMPP service as a whole: is it planned to close?
No, we are not planning to close XMPP.
What is the position of the qip.ru server?
Administration service in the course of the Manifesto. Encryption is supported for anyone who wants to use it. Forcing the transition to an encrypted connection is hampered by a huge audience of the service, but is being considered.The plans to abandon the unencrypted connection is unknown.
Interestingly, Dukgo will also transfer their servers to this innovation?
Really interesting, but unknown.What to read
Slightly abbreviated translation of the manifesto into Russian - Jabberon.ruArticles from the author-developer XMPP.net:
XMPP over TOR blog.thijsalkema.de/blog/2013/06/11/xmpp-federation-over-tor-hidden-services
State on TLS part 1 , part 2 , part 3
StartSSL or how to get rid of self-signed certificates - Habr
You will not believe…
Source: https://habr.com/ru/post/208338/
All Articles