[liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support

Discussion:

[liberationtech] New public XMPP / Jabber server with Forward Secrecy/DNSSEC/Tor Hidden Service/DANE support - jabber.calyxinstitute.org

Nicholas Merrill

2014-01-30 22:13:37 UTC

Permalink

Hey all

I wanted to let everyone here know that we (The Calyx Institute) opened
an experimental public and free Jabber / XMPP server to the public today
that has a number of interesting security features / policies

You can read the details here:
https://www.calyxinstitute.org/projects/public_jabber_xmpp_server

If you have any problems connecting or using it, feel free to send me an
OTR-encrypted message to nick at calyxinstitute.org

best,

Nick

--
Nicholas Merrill
Executive Director
The Calyx Institute
287 Spring Street
New York, NY 10013

shelley

2014-01-30 22:25:47 UTC

Permalink

Looks good, I will try it out.  Thanks Nick- much respect for you and Calyx.

-Shelley

 On Jan 30, 2014 2:14 PM, Nicholas Merrill <lists at calyx.com> wrote:

Hey all

I wanted to let everyone here know that we (The Calyx Institute) opened

an experimental public and free Jabber / XMPP server to the public today

that has a number of interesting security features / policies

You can read the details here:

https://www.calyxinstitute.org/projects/public_jabber_xmpp_server

If you have any problems connecting or using it, feel free to send me an

OTR-encrypted message to nick at calyxinstitute.org

best,

Nick
--
Nicholas Merrill

Executive Director

The Calyx Institute

287 Spring Street

New York, NY 10013

--
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140130/67be4ae8/attachment.html>

Gregory Maxwell

2014-01-30 22:29:21 UTC

Permalink

Post by Nicholas Merrill
Hey all
I wanted to let everyone here know that we (The Calyx Institute) opened
an experimental public and free Jabber / XMPP server to the public today
that has a number of interesting security features / policies

"We can't force you, but you are strongly encouraged to use Off The
Record Messaging to further encrypt your private conversations
end-to-end. "

Why can't you force it? The cleartext is available to the server. The
OTR traffic is trivially identifiable.

You might want to just rephrase it to say that you don't force it
rather than can't?

Jonathan Wilkes

2014-01-31 00:02:29 UTC

Permalink

Post by Gregory Maxwell

"We can't force you, but you are strongly encouraged to use Off The
Record Messaging to further encrypt your private conversations
end-to-end. "
Why can't you force it? The cleartext is available to the server. The
OTR traffic is trivially identifiable.
You might want to just rephrase it to say that you don't force it
rather than can't?

Since many people socialize mainly over the internet nowadays, OTR as an
option means that most if not all of your users will leak data in the
form of the plaintext conversations that _lead_ them to use OTR in a
particular circumstance. Worse, even if the reason for starting an OTR
conversation starts out-of-band (off the internet) you're userbase is
then divided into a small group of people who have "something to hide"
and everyone else.

So I'd recommend forcing OTR. Then the people discussing lolcats won't
feel so bad about wasting their time, because even seemingly frivolous
privacy helps to protect everyone else's.

-Jonathan

Nathan of Guardian

2014-01-31 00:23:44 UTC

Permalink

Post by Jonathan Wilkes
So I'd recommend forcing OTR. Then the people discussing lolcats won't
feel so bad about wasting their time, because even seemingly frivolous
privacy helps to protect everyone else's.

Is there any existing plugin or configuration for a common XMPP server
(Prosody, eJabberD) for "filter all message traffic and only allow OTR"?
If not, that might be a useful thing for someone to implement.

On the other hand, what you are asking for is to have the server run a
regex check on every messages that comes through, which may not sit well
with users even if is automated.

+n

Jonathan Wilkes

2014-01-31 02:22:27 UTC

Permalink

Post by Nathan of Guardian

I'm not sure on that one.

Post by Nathan of Guardian
On the other hand, what you are asking for is to have the server run a
regex check on every messages that comes through, which may not sit well
with users even if is automated.

If that scares users then they need to take their fear back to the
drawing board.

-Jonathan

Post by Nathan of Guardian
+n

Nicholas Merrill

2014-01-31 16:37:47 UTC

Permalink

" Why can't you force it? [OTR] The cleartext is available to the
server. The OTR traffic is trivially identifiable. You might want to
just rephrase it to say that you don't force it rather than can't?

As Nate from Guardian noted, the reason we "can't" is mainly a lack of a
plugin for Prosody to block all traffic but OTR (or OTR handshakes)

That is however exactly the type of progress we are hoping to make with
this experiment

Does anyone want to whip up some lua code to block non-OTR traffic ?
Any prosody devs on the list ?

thanks,

Nick

--
Nicholas Merrill
Executive Director
The Calyx Institute
287 Spring Street
New York, NY 10013

Nicholas Merrill

2014-01-31 17:05:53 UTC

Permalink

OK the server should now enforce OTR and reject clear text

thanks to Matthew Wild for some very quick work :)

Nick

--
Nicholas Merrill
Executive Director
The Calyx Institute
287 Spring Street
New York, NY 10013