Encrypted Instant Messaging

[toddatpurism]

Create an Encrypted Instant Messaging Service

Initially this can be jabber/xmpp based.

[toddatpurism]

Server Side:

• [ ] XMPP https://xmpp.org/ probably by using
• [ ] Prosody https://prosody.im/

Client Side:

Off-The-Record needed

• [ ] OTR https://www.otr.im

Mobile

• [ ] ChatSecure https://chatsecure.org/

Desktop

• [ ] Pidgin https://pidgin.im/
• [ ] Adium https://adium.im/

[joeyh-purism]

Prosody has a plugin to allow LDAP authentication, which we will use.

[joeyh-purism]

While we want to use OTR to fully encrypt communications between clients, we also need transport level security, for two reasons:

1. To encrypt the metadata of who is communicating with who.
2. Because users may not always choose to, or be able to use OTR. (Although we could modify the clients to warn when users are not using OTR.)

The XMPP server should be limited to opening TLS encrypted connections with other XMPP servers and with clients, and never un-encrypted connections. It should do proper checking of server certificates. XMPP servers sometimes are configured to not bother with that.

[joeyh-purism]

To configure the XMPP client, we need https://github.com/purism/purist/issues/14