0a5d26d014a9ea5e74e573d274fed519845fec1e
[ach-master.git] / src / practical_settings / im.tex
1 %%\subsection{Instant Messaging Systems}
2 \subsubsection{XMPP / Jabber}
3 \todo{ts: Describe ejabberd configuration. Reference to Peter`s manifesto https://github.com/stpeter/manifesto}
4
5 \subsubsection{Server configuration}
6
7 For servers, we mostly recommend to apply what's proposed by the {\it Peter's manifesto}\footnote{https://github.com/stpeter/manifesto}.
8
9 In short:
10 \begin{itemize}
11     \item require the use of TLS for both client-to-server and server-to-server connections
12     \item prefer or require TLS cipher suites that enable forward secrecy
13     \item deploy certificates issued by well-known and widely-deployed certification authorities (CAs)
14 \end{itemize}
15
16 The last point being out-of-scope for this section, we will only cover the first two points.
17
18 \paragraph{ejabberd}
19
20 ejabberd is one of the popular Jabber server.  In order to be compliant
21 with the manifesto, you should adapt your
22 configuration\footnote{\url{http://www.process-one.net/docs/ejabberd/guide_en.html}}:
23 \begin{lstlisting}[breaklines]
24 {listen,
25  [
26   {5222, ejabberd_c2s, [
27                         {access, c2s},
28                         {shaper, c2s_shaper},
29                         {max_stanza_size, 65536},
30                         starttls,
31                         starttls_required, 
32                         {certfile, "/etc/ejabberd/ejabberd.pem"}
33                        ]},
34   {5269, ejabberd_s2s_in, [
35                            {shaper, s2s_shaper},
36                            {max_stanza_size, 131072}
37                           ]},
38
39   %%% Other input ports
40 ]}.
41 {s2s_use_starttls, required_trusted}.
42 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
43 \end{lstlisting}
44
45
46 \subsubsection{Chat privacy - Off-the-Record Messaging (OTR)}
47
48 The OTR protocol works on top of the Jabber protocol(\footnote{https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html}).  
49 It add to popular chat clients (Adium, Pidgin...) the following propoerties for chiffered chats:
50 \begin{itemize}
51     \item Authentification
52     \item Integrity
53     \item Confidentiality
54     \item Forward privacy
55 \end{itemize}
56
57 It bascially uses Diffie-Helleman, AES and SHA1. 
58
59 There are no specific configuration required but the protocol itself worth to be mentionned.
60
61 \subsubsection{IRC}