From 93a6fedc014f2bcd7404a47274619c22d5506838 Mon Sep 17 00:00:00 2001 From: Jesper Hess Nielsen Date: Sun, 22 Jan 2017 13:56:01 +0100 Subject: [PATCH] Document support for OMEMO & OpenPGP, add blogpost --- _pages/01_connect.md | 10 ++++++++-- _posts/2017-01-22-support-for-omemo.md | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 _posts/2017-01-22-support-for-omemo.md diff --git a/_pages/01_connect.md b/_pages/01_connect.md index 5a56538..34f1c54 100644 --- a/_pages/01_connect.md +++ b/_pages/01_connect.md @@ -26,11 +26,17 @@ Simply add _username_@xmpp.dk in your client and click “register” or check t The connection between your client and xmpp.net is encrypted using TLS. The server requires TLS connections to other XMPP servers. This means that if you can't connect to a friend, their provider is not configured to use TLS and the xmpp.dk server will refuse the connection. Your friend should either convince their provider to enable TLS server-to-server connections, or switch to a provider that has proper encrypted transport support. -Since you can't (and shouldn't) trust your xmpp server, I require you always enable [Off-The-Record (OTR)][off-the-record] in your chat client. +Since you can't (and shouldn't) trust your xmpp server, I require you always enable secure end-to-end encryption in your chat client. Supported modes are: + +* [Off-The-Record (OTR)][off-the-record] +* [OMEMO][omemo] +* GPG + This will give you end-to-end encrypted chat that cannot be decrypted while in transit and, depending on the settings of your client, will not be logged on your local machine. ## Federation xmpp.dk allows federated connections to all other *S2S TLS-enabled Jabber servers* so you can chat with anyone that has a Jabber account as long as their provider supports TLS and is configured correctly. [jabber-clients]: https://xmpp.org/software/clients.html -[off-the-record]: https://otr.cypherpunks.ca/ \ No newline at end of file +[off-the-record]: https://otr.cypherpunks.ca/ +[omemo]:https://conversations.im/omemo/ \ No newline at end of file diff --git a/_posts/2017-01-22-support-for-omemo.md b/_posts/2017-01-22-support-for-omemo.md new file mode 100644 index 0000000..bbd6e81 --- /dev/null +++ b/_posts/2017-01-22-support-for-omemo.md @@ -0,0 +1,22 @@ +--- +title: OMEMO, OTR and GPG suppprt +layout: post +--- +The XMPP foundation has begun standardizing the [OMEMO end-to-end encryption protocol][omemo-xep]. Therefore, +I decided it would be a good time to include support for this interesting new protocol on the xmpp.dk server. + +In practice, this means I have installed a new plugin, mod_e2e_policy, which enables support for the three major +e2e encryption standards on XMPP nowadays, namely OTR (which you already know quite well), OMEMO and OpenPGP/GPG. + +OMEMO provides several advantages over OTR. Among other things, it supports offline messages, group chats (which means +I can also start looking into enabling MUC conferences on the server at some point) and also it does away with +user-based fingerprints and instead uses device-based keys. This is especially useful if you're connected on multiple +devices simultaneously. As you know, this was problematic with OTR, but with OMEMO you can get end-to-end encryption +on all of your devices and hopefully never lose a message. + +As always, if you have any trouble or want to ask questions, you can always [contact me directly](/contact/) over Jabber +or you can reach out on our [Twitter][twitter]. + + +[omemo-xep]:https://conversations.im/omemo/ +[twitter]:https://twitter.com/xmppdk \ No newline at end of file