1 %%\subsection{Instant Messaging Systems}
2 \subsubsection{XMPP / Jabber}
3 \todo{ts: Describe ejabberd configuration. Reference to Peter`s manifesto https://github.com/stpeter/manifesto}
5 \subsubsection{Server configuration}
7 For servers, we mostly recommend to apply what's proposed by the {\it Peter's manifesto}\footnote{https://github.com/stpeter/manifesto}.
11 \item require the use of TLS for both client-to-server and server-to-server connections
12 \item prefer or require TLS cipher suites that enable forward secrecy
13 \item deploy certificates issued by well-known and widely-deployed certification authorities (CAs)
16 The last point being out-of-scope for this section, we will only cover the first two points.
20 ejabberd is one of the popular Jabber servers. In order to be compliant
21 with the manifesto, you should adapt your
22 configuration\footnote{\url{http://www.process-one.net/docs/ejabberd/guide_en.html}}:
23 \begin{lstlisting}[breaklines]
26 {5222, ejabberd_c2s, [
29 {max_stanza_size, 65536},
32 {certfile, "/etc/ejabberd/ejabberd.pem"}
34 {5269, ejabberd_s2s_in, [
36 {max_stanza_size, 131072}
41 {s2s_use_starttls, required_trusted}.
42 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
46 \subsubsection{Chat privacy - Off-the-Record Messaging (OTR)}
48 The OTR protocol works on top of the Jabber protocol(\footnote{https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html}).
49 It adds to popular chat clients (Adium, Pidgin...) the following propoerties for ciphered chats:
51 \item Authentification
57 It basically uses Diffie-Hellman, AES and SHA1.
59 There are no specific configurations required but the protocol itself is worth to be mentioned.