src/practical_settings/im.tex

   1 %%\subsection{Instant Messaging Systems}
   2 \subsubsection{XMPP / Jabber}
   3 \todo{ts: Describe ejabberd configuration. Reference to Peter`s manifesto https://github.com/stpeter/manifesto}
   4
   5 \subsubsection{Server configuration}
   6
   7 For servers, we mostly recommend to apply what's proposed by the {\it Peter's manifesto}\footnote{https://github.com/stpeter/manifesto}.
   8
   9 In short:
  10 \begin{itemize}
  11     \item require the use of TLS for both client-to-server and server-to-server connections
  12     \item prefer or require TLS cipher suites that enable forward secrecy
  13     \item deploy certificates issued by well-known and widely-deployed certification authorities (CAs)
  14 \end{itemize}
  15
  16 The last point being out-of-scope for this section, we will only cover the first two points.
  17
  18 \paragraph{ejabberd}
  19
  20 ejabberd is one of the popular Jabber servers.  In order to be compliant
  21 with the manifesto, you should adapt your
  22 configuration\footnote{\url{http://www.process-one.net/docs/ejabberd/guide_en.html}}:
  23 \begin{lstlisting}[breaklines]
  24 {listen,
  25  [
  26   {5222, ejabberd_c2s, [
  27                         {access, c2s},
  28                         {shaper, c2s_shaper},
  29                         {max_stanza_size, 65536},
  30                         starttls,
  31                         starttls_required,
  32                         {certfile, "/etc/ejabberd/ejabberd.pem"}
  33                        ]},
  34   {5269, ejabberd_s2s_in, [
  35                            {shaper, s2s_shaper},
  36                            {max_stanza_size, 131072}
  37                           ]},
  38
  39   %%% Other input ports
  40 ]}.
  41 {s2s_use_starttls, required_trusted}.
  42 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
  43 \end{lstlisting}
  44
  45
  46 \subsubsection{Chat privacy - Off-the-Record Messaging (OTR)}
  47
  48 The OTR protocol works on top of the Jabber protocol(\footnote{https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html}).
  49 It adds to popular chat clients (Adium, Pidgin...) the following propoerties for ciphered chats:
  50 \begin{itemize}
  51     \item Authentification
  52     \item Integrity
  53     \item Confidentiality
  54     \item Forward privacy
  55 \end{itemize}
  56
  57 It basically uses Diffie-Hellman, AES and SHA1.
  58
  59 There are no specific configurations required but the protocol itself is worth to be mentioned.
  60
  61 \subsubsection{IRC}