Gateways are widely used in XMPP for communicating with third-party networks, often referred to as "legacy networks". The existing mechanisms face two significant security challenges:
This specification proposes a solution to address the second issue. It defines a method for gateways to instruct end-user clients on how to format and encrypt payloads.
Common encryption algorithms, such as OpenPGP, are often used by third-party networks; however, protocols typically employ their own formatting beforehand. By providing a mechanism that explains how to format the payload and which algorithm to use for encryption, clients can format and encrypt payloads themselves. This allows gateways to forward encrypted payloads (and apply additional treatments if necessary) without being able to access or decrypt the plain text content.
This specification provides the general mechanism for relayed encryption; separate XEPs will specify specific encryption algorithms and payload formatting means.
The design goals of this XEP are:
Note: This specification focuses on gateways for <message/> stanzas, but it may be extended later for Pubsub-based gateways or other use cases.
This section defines key terms used throughout this specification.
A gateway needs to define two things to allow for relayed encryption: a formatter and an encrypter. The formatter is used to teach clients how to arrange the content of the payload before encrypting it, and the encrypter specifies which algorithms and parameters must be used. This specification defines a wrapper to then send the encrypted payload to the gateway. In addition, a generic method to request data necessary for the formatter and encrypter is also specified.
A formatter describes how a client must arrange payload content before encryption. It can be a well-known format (e.g., MIME) that the client can use if it knows it, or it can be a generic formatter using sandboxed technology (such as WebAssembly). The output of the formatter will be used internally by the client directly as input for the encrypter.
To specify the formatter to use, a Service Discovery (XEP-0030) [1] disco feature of 'urn:xmpp:gre:formatter:[FORMATTER_NAME]:[VERSION]' MUST be announced, where [FORMATTER_NAME] is the short name of the formatter, and [VERSION] is the version of the formatter specification to use. A gateway MAY specify several versions of the same formatter if it supports more than one; the client SHOULD use the highest version that it implements. Gateways MAY have more than one kind of formatter, in which case the client chooses which one to use based on its internal implementation.
Specifications of formatters SHOULD be named with the following template: "GRE Formatter: [FORMATTER NAME]" and MUST have the tags "gre" and "formatter".
An encrypter describes to a client which encryption algorithm and parameters must be used when encrypting the payload. It specifies necessary details such as the type of encryption, key size, mode of operation, initialization vectors (if applicable), and any other required parameters. The output of the encrypter will be the encrypted payload that is sent to the gateway. Encrypter specifications SHOULD specify how various keys and other required data are exchanged. Encrypter MUST specify how the <encrypted/> element (as specified in Sending and Receiving Encrypted Data) children must be built to send the message.
As with formatters, an encrypter can be a well-known encryption algorithm (e.g., OpenPGP) or a generic encrypter using sandboxed technology (such as WebAssembly). However, unlike formatters, sandboxing is not enough for encrypters; they must also be verified and validated. Since the encrypter is a crucial part of the system, nothing provided by a gateway can be used without further validation. A generic encrypter specification MUST specify how to verify and validate provided generic encrypters.
To specify the encrypter to use, a Service Discovery (XEP-0030) [1] disco feature of 'urn:xmpp:gre:encrypter:[ENCRYPTER_NAME]:[VERSION]' MUST be announced, where [ENCRYPTER_NAME] is the short name of the encrypter, and [VERSION] is the version of the encrypter specification to use. A gateway MAY specify several versions of the same encrypter if it supports more than one; the client SHOULD use the highest version that it implements. Gateways MAY have more than one kind of encrypter, in which case the client chooses which one to use based on its internal implementation.
Specifications of encrypters SHOULD be named with the following template: "GRE Encrypter: [ENCRYPTER_NAME]" and MUST have the tags "gre" and "encrypter".
Some data may be necessary to format and/or encrypt a message. This specification provides a simple mechanism to retrieve data from a gateway to prepare encryption.
To exchange data, a client MAY send an <iq/> of type 'get', which MUST include a "data" child element qualified by the namespace 'urn:xmpp:gre:0'. The "formatter" attribute MUST be set to the namespace of the chosen formatter, and the "encrypter" attribute MUST be set to the namespace of the chosen encrypter. This element MAY contain arbitrary child elements specified either by the used formatter and/or encrypter specifications. The stanza MUST be sent to the bare JID of the destination, i.e., the "localpart" of the JID MUST be specified (as the returned data may be specific to the recipient).
The gateway MUST return the data in a form as specified in Data Forms (XEP-0004) [2]. The form MUST have a "FORM_TYPE" of "urn:xmpp:gre:data" and MUST include a 'sender_id' field for which the value is the ID used on the legacy network as seen by other entities on the legacy network (e.g., the "from" email seen by the recipient for an email gateway).
Formatter and encrypter specific data MAY be added to the form, using namespaced fields with Clark Notation as explained in Field Standardization for Data Forms (XEP-0068) [3].
<iq type='get'
from='romeo@example.net/orchard'
to='some_user@gateway.example.org'
id='data1'>
<data xmlns='urn:xmpp:gre:0'
formatter='urn:xmpp:gre:formatter:some_formatter:0'
encrypter='urn:xmpp:gre:encrypter:some_encrypter:0'>
<!-- Arbitrary child elements can be added here -->
</data>
</iq>
<iq type='result'
from='some_user@gateway.example.org'
to='romeo@example.net/orchard'
id='data1'>
<data xmlns='urn:xmpp:gre:0'>
<x xmlns='jabber:x:data' type='result'>
<field var='FORM_TYPE' type='hidden'>
<value>urn:xmpp:gre:data</value>
</field>
<field var='sender_id'>
<value>some_id_for_legacy_network@example.com</value>
</field>
<!-- Other fields can be added here as per formatter and encrypter specifications -->
</x>
</data>
</iq>
Once a message has been encrypted and is ready to be sent to the gateway for relay, the client MUST create an <encrypted/> element as a child of the <message/> stanza. This element MUST have the namespace 'urn:xmpp:gre:0', a "formatter" attribute with the namespace of the used formatter, and an "encrypter" attribute with the namespace of the used encrypter. The children of this element MUST follow the specification of the chosen encrypter.
<message to='some_user@gateway.example.org'>
<encrypted xmlns='urn:xmpp:gre:0'
formatter='urn:xmpp:gre:formatter:example_formatter:0'
encrypter='urn:xmpp:gre:encrypter:example_encrypter:0'>
<!-- DATA AS SPECIFIED BY ENCRYPTER -->
</encrypted>
</message>The gateway is then free to adapt the encrypted data and transmit it using the legacy network protocol.
The same element is used by the gateway to send encrypted messages from entities on the legacy network.
The following business rules apply to Gateway Relayed Encryption:
If an entity supports Gateway Relayed Encryption, it MUST advertise it by including the "urn:xmpp:gre:0" discovery feature in response to a Service Discovery (XEP-0030) [1] information request. In addition, entities MUST support at least one formatter and one encrypter, and MUST include the corresponding namespace in their feature.
<iq type='get'
from='juliet@example.org/balcony'
to='some_gateway.example.org'
id='disco1'>
<query xmlns='http://jabber.org/protocol/disco#info'/>
</iq>
<iq type='result'
from='some_gateway.example.org'
to='juliet@example.org/balcony'
id='disco1'>
<query xmlns='http://jabber.org/protocol/disco#info'>
...
<feature var='urn:xmpp:gre:0'/>
<feature var='urn:xmpp:gre:formatter:example_formatter:0'/>
<feature var='urn:xmpp:gre:encrypter:example_encrypter:0'/>
...
</query>
</iq>If a gateway accepts only content encrypted using this specification, it MUST advertise it by adding the "urn:xmpp:gre:encrypted_only:0" feature.
The following security considerations apply to the Gateway Relayed Encryption protocol:
This document does not require interaction with the Internet Assigned Numbers Authority (IANA) [8].
TODO
Thanks to NLNet foundation/NGI Zero Core for funding the work on this specification.
This document in other formats: XML PDF
This XMPP Extension Protocol is copyright © 1999 – 2024 by the XMPP Standards Foundation (XSF).
Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the "Specification"), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.
## NOTE WELL: This Specification is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. ##
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which can be found at <https://xmpp.org/about/xsf/ipr-policy> or obtained by writing to XMPP Standards Foundation, P.O. Box 787, Parker, CO 80134 USA).
The HTML representation (you are looking at) is maintained by the XSF. It is based on the YAML CSS Framework, which is licensed under the terms of the CC-BY-SA 2.0 license.
The Extensible Messaging and Presence Protocol (XMPP) is defined in the XMPP Core (RFC 6120) and XMPP IM (RFC 6121) specifications contributed by the XMPP Standards Foundation to the Internet Standards Process, which is managed by the Internet Engineering Task Force in accordance with RFC 2026. Any protocol defined in this document has been developed outside the Internet Standards Process and is to be understood as an extension to XMPP rather than as an evolution, development, or modification of XMPP itself.
The primary venue for discussion of XMPP Extension Protocols is the <standards@xmpp.org> discussion list.
Discussion on other xmpp.org discussion lists might also be appropriate; see <https://xmpp.org/community/> for a complete list.
Errata can be sent to <editor@xmpp.org>.
The following requirements keywords as used in this document are to be interpreted as described in RFC 2119: "MUST", "SHALL", "REQUIRED"; "MUST NOT", "SHALL NOT"; "SHOULD", "RECOMMENDED"; "SHOULD NOT", "NOT RECOMMENDED"; "MAY", "OPTIONAL".
1. XEP-0030: Service Discovery <https://xmpp.org/extensions/xep-0030.html>.
2. XEP-0004: Data Forms <https://xmpp.org/extensions/xep-0004.html>.
3. XEP-0068: Field Data Standardization for Data Forms <https://xmpp.org/extensions/xep-0068.html>.
4. XEP-0380: Explicit Message Encryption <https://xmpp.org/extensions/xep-0380.html>.
5. XEP-0280: Message Carbons <https://xmpp.org/extensions/xep-0280.html>.
6. XEP-0106: JID Escaping <https://xmpp.org/extensions/xep-0106.html>.
7. XEP-0247: Jingle XML Streams <https://xmpp.org/extensions/xep-0247.html>.
8. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols, such as port numbers and URI schemes. For further information, see <http://www.iana.org/>.
Note: Older versions of this specification might be available at https://xmpp.org/extensions/attic/
First draft.
@report{poisson2025gre,
title = {Gateway Relayed Encryption},
author = {Poisson, Jérôme},
type = {XEP},
number = {xxxx},
version = {0.0.1},
institution = {XMPP Standards Foundation},
url = {https://xmpp.org/extensions/xep-xxxx.html},
date = {2025-01-12/2025-01-12},
}END