Many users of XMPP (Extensible Messaging and Presence Protocolformerly Jabber) chat services are going to be more secure starting this week. The XMPP Standards Foundation announced that a large number of services using the public XMPP chat network began making encrypted connections mandatory on Monday. <\/p>\n
The new encryption effort is largely focused on communication between XMPP servers. Many chat clients already use encrypted connections to communicate, so this move is largely about making the back end of XMPP services more secure, Ralph Meijer, an XMPP Standards Foundation board member, told PCWorld. <\/p>\n
The move to making encryption a requirement across many XMPP servers is all too important after theongoing Snowden revelationsrevealed the NSA was passively monitoring data flows within the internal networks of major corporations such as Google and Yahoo. <\/p>\n
Server-to-server TLS encryption will make this kind of monitoring of XMPP-based chats far more difficult. <\/p>\n
The effort to encrypt connections for XMPP services has been months in the making after Peter Saint-Andre, who runs jabber.org, published a manifesto in October calling for wide adoption of encrypted connections for XMPP services. <\/p>\n
Entitled, \"A Public Statement Regarding Ubiquitous Encryption on the XMPP Network,\" the document calls for XMPP operators and developers to start requiring Transport Layer Security (TLS) connections as of Monday, May 19, 2014. <\/p>\n
In XMPP circles, May 19 is dubbed Open Discussion Day, which is meant to promote open communications systems and protocols such as XMPP. <\/p>\n
TLS is a commonly used protocol for securing web communications. Recently, the Heartbleed bug in the implementation of SSL\/TLS by the OpenSSL Foundation made millions of websites vulenerable to attack. TLS itself, however, is still seen as secure. <\/p>\n
It's not clear exactly how many services are using TLS connections since XMPP is an open standard that requires voluntary compliance with the encryption effort. Nevertheless, more than 70 XMPP service operators and software developers have signed on to support the call to require TLS. <\/p>\n
Notable supporters include the lead developer of Adium, a popular chat client for OS X; Jeremie Miller, the creator of Jabber; and the creator of ChatSecure for Android (formerly Gibberbot). <\/p>\n
<\/p>\n