Miscellaneous

At the recent Summit 17, we were very happy to welcome Dominik Renzel and István Koren from the recently launched site xmppresearch.org. The declared mission of the project is to: "collect and to present scientific research work based on XMPP" The site, which is a collaboration between RWTH Aachen University and Technische Universität Dresden, contains articles on recent XMPP-related research, demos and a comprehensive bibliography. They’ve recently blogged about their experiences at Summit 17. [Read More]

There’s some recent discussion about the sky falling for XMPP at Google. See this blog post by Dan York for example. In reality, we don’t know the state of XMPP inside Google because they don’t share their use of XMPP with the XSF. We do know Android’s Google Cloud Messaging uses it. We know Hangouts Videochat uses it. We know Google Talk still (insecurely) federates with (some) XMPP services. But from an outside perspective, Google has made no major recent changes in terms of how they’re using XMPP from what we can observe. [Read More]

We’d like to say a big “thank you” to two companies who have recently signed up as sponsors of the XMPP Standards Foundation. Erlang Solutions are a new XSF sponsor who specialise in providing businesses with scalable solutions via the creation, integration, delivery and lifetime support of products and services based on the Erlang and Elixir programming languages. ProcessOne, a returning sponsor, are a leading provider in messaging platforms designed for scale and robustness. ProcessOne have developed ejabberd, an ubiquitous XMPP server that has been deployed to power some of the largest messaging platform in the world. Many people will remember their CEO, Mickaël Rémond, as a member of the Board of the XSF for a number of years. [Read More]

“Why should I use XMPP?” is a question we get asked a lot. Our answer is often technically-focussed, as there are plenty of reasons XMPP might be the right choice, or we might explain about the benefits of a federated approach - where everyone can run their own server and control their own data. Either way, the fact it is an ‘open standard’ never ceases to be mentioned. Open standards have many advantages over proprietary formats (too many to list in one blog post) but one in particular is that it gives you the choices and control about how you access your data and services. [Read More]

Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections (there’s a fine summary here). This is the first step toward making the XMPP network more secure for all users. Stay tuned for more updates as we work on ubiquitous authentication, secure DNS, end-to-end encryption, and other improvements. [Read More]

The XMPP Standards Foundation has published a security notice describing an uncontrolled resource consumption vulnerability in several XMPP server implementations that support application-layer compression. Details can be found at https://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/. [Read More]

On December 20th 2013 the XSF received some very exciting news, to end what had already been a great year - ISOC were awarding the XMPP community an incredibly generous gift to help support the work we are doing in improving privacy and security. In their own words: “The Internet Society takes a great interest in projects that will improve our existing mechanisms for on-line privacy and trust and we appreciate the XMPP Standards Foundations leadership in securing XMPP services in the wake of recent events. We know that the XMPP community is working to ensure ubiquitous TLS encryption on the public XMPP network, use DNSSEC and DANE in XMPP, more widely implement the Off-the-Record (OTR) protocol, and support both key pinning and certificate transparency.” [Read More]

Peter Saint-Andre has created a Manifest for others to join, debate and discuss about a plan for upgrading the XMPP network to always-on, mandatory, ubiquitous encryption. https://github.com/stpeter/manifesto To quote Peter: In short: we owe it to those who use XMPP technologies to improve the security of the network (and thanks to Thijs Alkemade, we now have better ways to test such security, using the newly-launched “IM Observatory” at xmpp.net). Although we know that channel encryption is not the complete answer, it’s the right thing to do because it will help to protect people’s communications from prying eyes. [Read More]

The XMPP Standards Foundation has advanced XEP-0301 (In-Band Real Time Text) from Experimental to Draft in its standards process. This technology enables “conversational text” to be exchanged instantly while it is being typed or created, which has applications in live speech transcription, systems for the deaf and hard of hearing, and other situations where speech is not practical. [Read More]

XEP-0297, which defines a method for forwarding XMPP stanzas from one entity to another, has been advanced to a status of Draft within the XSF’s standards process. [Read More]