Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.

Comments for ...and if only Google can read your IMs...

You should have done your homework on OTR and end-to-end encryption over XMPP a bit more. :-)

Here's what's on the XMPP/Jabber menu: RFC 3923: http://www.xmpp.org/specs/rfc3923.html PGP: http://www.jabber.org/jeps/jep-0027.html Encrypted Sessions: http://www.jabber.org/jeps/jep-0116.html

It's currently a sloppy mess. Pretty much only PGP is deployed and supported by clients at the moment. The use of S/MIME in the above RFC is ugly, and everyone on the standards-jig mailing list has gotten distracted with spim.

Perhaps by time I get to the point where I have to have it, things will be settled.

Hey Nolan,

So I actually tried to get a handle on XMPP privacy before I wrote this post, and most of what I turned up was related to PGP or cert-based schemes. The parts of XMPP that have seen IETF work only seem to talk about them, anyway. As much as I love (and use!) pgp/gpg, I don't consider it even the beginning of a viable approach, and cert-based schemes are a complete non-starter, which is why I wrote this post. Plausible deniability and forward secrecy are massively important and PGP/cert based schemes aren't likely to provide either without essentially re-inventing OTR.

I was unaware of JEP-0116, which appears to provide everything I want out of Google Talk, but it's marked "experimental" and it'll be some time after software is deployed based on it that i'll feel confident basing my privacy on it. Which leaves us back at square one: Google has the ability to set expectations, and today, there's running code in OTR that (with a required protocol change) can provide most of what I'd like to see.

I guess at the end of the day I see a lot of room for pragmatism on this: whether or not it's done within the context of XMPP or layered on top, I don't so much care. I just care that whatever wins is done in a widespread, by-default kind of way so that users come to expect it.

If users are the "weak link" in these systems, then they need to be turned into the enforcement mechanism for their own privacy. Either OTR or JEP-0116 seem to be promising in that direction, with the right UI attached (I can't stress that enough).

Regards

by alex at
Yes! I get so frustrated when people propose exactly the wrong solutions to IM security. I think OTR is a bit too complicated for people to understand -- but what seems even more hard for them to understand is that IM is a unique security situation and needs a special solution (like OTR).
by mid at