The XMPP Blog

Until our new website launches with a dedicated ‘whats on’ section, I wanted to share some events coming up that might be of interest to our community. Rikard Stridof Clayster is speaking at 2 events in June, focussing in on XMPP and IoT. Fo those of you over in America (or for those that now have an excuse to head that way!) here are the details: 12 June: IOT Expo in NYC 16 June: IOT World in Silicon Valley Hopefully we can get a blog post from Rikard after the events, to share the goodness with everyone that couldn’t attend. [Read More]

Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections (there’s a fine summary here).

This is the first step toward making the XMPP network more secure for all users.

Stay tuned for more updates as we work on ubiquitous authentication, secure DNS, end-to-end encryption, and other improvements.

The 9th of april is the Global IoT day (Internet of Things day) on the site iotday.org and on iotlive.org events and meetups around the world are celebrating and connecting live devices. #IoTDayStockholm is coordinating several schedules from events in different time zones and will be having workshops creating XMPP IoT enabled devices. These will be open to interact with, to read and write values over the secure XMPP network. [Read More]

The XMPP Standards Foundation has published a security notice describing an uncontrolled resource consumption vulnerability in several XMPP server implementations that support application-layer compression. Details can be found at https://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/.

Tomorrow sees the third security test day. Security test days help XMPP operators test-run with strong encryption settings prior to the big encryption switch-over scheduled for 19 May 2014. A large number of XMPP sites have already signed up to the ubiquitous encryption manifesto. More so, some of the participating sites have already permanently enabled strong encryption prior to the manifesto’s go-live date! One of the sites is Crypho. CTO Dr. [Read More]

While the XSF may not be mentoring a project in this years Google’s Summer of Code 2014 - we sure can celebrate and shout about the fact that some of the projects include XMPP as part of their project ideas! The Jitsi project has several projects relating to WebRTC, XMPP and the Jitsi Videobridge. XMPP/Jingle/WebRTC also plays a role in Mozilla’s project ideas for InstantBird. To name just a few… [Read More]

This Saturday (February 22, 2014), XMPP site operators are again flipping the “encrypt all traffic” switch. This is the second of four test days kicked off by the manifesto first published last fall. The aim is to encrypt all traffic between servers and clients on the public, federated XMPP network. You can take part, too: ensure you have valid certificates on your server and that encryption is properly set up (see http://wiki. [Read More]

On December 20th 2013 the XSF received some very exciting news, to end what had already been a great year - ISOC were awarding the XMPP community an incredibly generous gift to help support the work we are doing in improving privacy and security. In their own words: “The Internet Society takes a great interest in projects that will improve our existing mechanisms for on-line privacy and trust and we appreciate the XMPP Standards Foundations leadership in securing XMPP services in the wake of recent events. [Read More]

The 15th Summit is fast approaching!

On January 30th and 31st 2014 we will be meeting to talk about all things XSF and XMPP. The rough agenda is being worked on and we are also in the final stages of getting information about hotels.

To keep current about the details, please do visit the wiki page for Summit 15 often!

Tomorrow many of the folks who run public (and some that run private) facing XMPP servers will be doing a ubiquitous security test of the XMPP network. Like the IPv6 test days, on the 4th January XMPP server operators are turning on TLS encryption for s2s and c2s connections and testing to see what doesn’t work and what needs more work. The participants of this effort would like you to join others in the XMPP community and help secure users private communications. [Read More]