The XMPP Blog

Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections (there’s a fine summary here).

This is the first step toward making the XMPP network more secure for all users.

Stay tuned for more updates as we work on ubiquitous authentication, secure DNS, end-to-end encryption, and other improvements.

The 9th of april is the Global IoT day (Internet of Things day) on the site iotday.org and on iotlive.org events and meetups around the world are celebrating and connecting live devices. #IoTDayStockholm is coordinating several schedules from events in different time zones and will be having workshops creating XMPP IoT enabled devices. These will be open to interact with, to read and write values over the secure XMPP network.  [Read More]

The XMPP Standards Foundation has published a security notice describing an uncontrolled resource consumption vulnerability in several XMPP server implementations that support application-layer compression. Details can be found at https://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/.

Tomorrow sees the third security test day. Security test days help XMPP operators test-run with strong encryption settings prior to the big encryption switch-over scheduled for 19 May 2014. A large number of XMPP sites have already signed up to the ubiquitous encryption manifesto. More so, some of the participating sites have already permanently enabled strong encryption prior to the manifesto’s go-live date! One of the sites is Crypho. CTO Dr. Yiorgis Gozadinos explained his thinking in enabling strong encryption: “Everybody should have the right to privacy and confidentiality. Providing sane, strong encryption standards built-in in XMPP is a huge step to that direction."  [Read More]

While the XSF may not be mentoring a project in this years Google’s Summer of Code 2014 - we sure can celebrate and shout about the fact that some of the projects include XMPP as part of their project ideas! The Jitsi project has several projects relating to WebRTC, XMPP and the Jitsi Videobridge. XMPP/Jingle/WebRTC also plays a role in Mozilla’s project ideas for InstantBird.  [Read More]

This Saturday (February 22, 2014), XMPP site operators are again flipping the “encrypt all traffic” switch. This is the second of four test days kicked off by the manifesto first published last fall. The aim is to encrypt all traffic between servers and clients on the public, federated XMPP network. You can take part, too: ensure you have valid certificates on your server and that encryption is properly set up (see http://wiki.xmpp.org/web/Securing_XMPP along with the documentation for your XMPP server software), then test your configuration using the tools at the IM Observatory running at XMPP.net.  [Read More]

On December 20th 2013 the XSF received some very exciting news, to end what had already been a great year - ISOC were awarding the XMPP community an incredibly generous gift to help support the work we are doing in improving privacy and security. In their own words: “The Internet Society takes a great interest in projects that will improve our existing mechanisms for on-line privacy and trust and we appreciate the XMPP Standards Foundations leadership in securing XMPP services in the wake of recent events. We know that the XMPP community is working to ensure ubiquitous TLS encryption on the public XMPP network, use DNSSEC and DANE in XMPP, more widely implement the Off-the-Record (OTR) protocol, and support both key pinning and certificate transparency.”  [Read More]

The 15th Summit is fast approaching!

On January 30th and 31st 2014 we will be meeting to talk about all things XSF and XMPP. The rough agenda is being worked on and we are also in the final stages of getting information about hotels.

To keep current about the details, please do visit the wiki page for Summit 15 often!

Tomorrow many of the folks who run public (and some that run private) facing XMPP servers will be doing a ubiquitous security test of the XMPP network. Like the IPv6 test days, on the 4th January XMPP server operators are turning on TLS encryption for s2s and c2s connections and testing to see what doesn’t work and what needs more work. The participants of this effort would like you to join others in the XMPP community and help secure users private communications.  [Read More]

Alex has started the membership application process for Q4 2013.

Members whose renewals are up this quarter will need to file new applications by December 31st 2013.

The list of those who need to renew can be found at 2013 Q4 membership applications.