Add a section over ejabberd and OTR
[ach-master.git] / src / practical_settings / im.tex
1 %%\subsection{Instant Messaging Systems}
2 \subsubsection{XMPP / Jabber}
3 \todo{ts: Describe ejabberd configuration. Reference to Peter`s manifesto https://github.com/stpeter/manifesto}
4
5 \subsubsection{Server configuration}
6
7 For servers, we mostly recommend to apply what's proposed by the {\it Peter's manifesto}\footenote{https://github.com/stpeter/manifesto}.
8
9 In short:
10 \begin{itemize}
11     \item require the use of TLS for both client-to-server and server-to-server connections
12     \item prefer or require TLS cipher suites that enable forward secrecy
13     \item deploy certificates issued by well-known and widely-deployed certification authorities (CAs)
14 \end{itemize}
15
16 The last point being out-of-scope for this section, we will only cover the first two points.
17
18 \paragraph{ejabberd}
19
20 ejabberd is one of the popular Jabber server.  In order to be compliant with the manifesto, you should adapt your configuration\footnote{http://www.process-one.net/docs/ejabberd/guide_en.html}:
21 \begin{lstlisting}[breaklines]
22 {listen,
23  [
24   {5222, ejabberd_c2s, [
25                         {access, c2s},
26                         {shaper, c2s_shaper},
27                         {max_stanza_size, 65536},
28                         starttls,
29                         starttls_required, 
30                         {certfile, "/etc/ejabberd/ejabberd.pem"}
31                        ]},
32   {5269, ejabberd_s2s_in, [
33                            {shaper, s2s_shaper},
34                            {max_stanza_size, 131072}
35                           ]},
36
37   %%% Other input ports
38 ]}.
39 {s2s_use_starttls, required_trusted}.
40 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
41 \end{lstlisting}
42
43
44 \subsubsection{Chat privacy - Off-the-Record Messaging (OTR)}
45
46 The OTR protocol works on top of the Jabber protocol(\footnote{https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html}).  
47 It add to popular chat clients (Adium, Pidgin...) the following propoerties for chiffered chats:
48 \begin{itemize}
49     \item Authentification
50     \item Integrity
51     \item Confidentiality
52     \item Forward privacy
53 \end{itemize}
54
55 It bascially uses Diffie-Helleman, AES and SHA1. 
56
57 There are no specific configuration required but the protocol itself worth to be mentionned.
58
59 \subsubsection{IRC}