-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/05/2014 04:28 AM, Fabio Pietrosanti (naif) wrote: > Hi, > > XMPP networks are now going to be default secured with TLS in > their client-to-server and server-to-server communications by 22th > Feb.
Actually May 19th: https://github.com/stpeter/manifesto/blob/master/manifesto.txt > Most IM client support end-to-end encryption with OTR by default. I would say that many (not most) IM clients support OTR, but that they do not enable it by default. > The "Federated Architecture" make it very scalable and > distributed. That was the idea, yes. :-) > With all that "goods of COMSEC" in place, we are missing a timing > correlation protection schema for XMPP traffic, to avoid an > adversary "monitoring your internet communication line" to know > "when" you have written something. > > POND is a super technology to prevent timing correlation attacks > (https://pond.imperialviolet.org/tech.html), unfortunately it's a > closed network so i don't think it would ever get diffused (it's > also written in GO and my religion does not let me use anything > written in GO). > > So i've been thinking that we need "a method" to achieve > protection against time traffic correlation attacks on XMPP chat. > > It's possible that, by having a traffic-generator-robot (behaving > like an XMPP buddy you connect to), and an XMPP client plug-in it > would be possible to create some kind of "constant traffic timing > pattern" to avoid an adversary being able to make timing > correlation attacks. > > Something like that would be "relatively easy" to be implemented. > > This would bring "timing correlation attack protection" to the > already existing security stack of XMPP: - Client TLS encrypted > login - Server-to-Server TLS encrypted communication - end-to-end > encrypted communication with OTR - Federated architecture Thanks for the pointer, I'll check it out. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSyYbBAAoJEOoGpJErxa2pysYP/2b53vGfdmyHBHVNgW32dAWg 4u0owXP0PHZnn/LVeDFsEFFHkSTky9DM8UGDHuc1BUQmKzkn8x8VngfrkzuuXZQ/ ctsJsd8RKYqC+QDgGBSCLePXXkqVN5wjOABOmA2rtKdvULrpAqo7vxP3CI8CpjPR RP4WLuJ+ggadIu7UuhYrXfpxfEGz8HC57HLfA+E+TRaevzuYXtjLFufhXRBEJqn2 vKFg8MTPUuOIEslwaSsqxaS5sxiru3fB69umeG8NNHJGXz8hPxbeXE43H84b6QCU BLIvxlncja9egdvJwRlD5BBrAZvFlu2EW9IZHb0CNdlCXnz8gbGlbrMEN6r5AoeG hdoQFM/2/3ckHHFe5EOBP+++QWKrSZX3TaRYykozFJotdGZFa64E0alwAtwOcZ9C ps1jod9zRdz+6y0a6Ng1lVretSS/eftKc1ZBidwtZsak2+XyjVeGbiLQ0+AxK40z zIbOvhexwfU1aMzAzehKp/QpZpmm9RKsn2XHOwJGohaNarcJLHm6yGyDVGkZNI3b byNHj1SEup1ajlj+TmRYZzoqKZc5nr0CwGwn87sEb/29JBpdsXbAScjlG8hRKtua Wqcvohy7IhhkcmhvkSrCnI+eHtbNHkZSMWiA9yQiAulWrOgB3Iw7PWRqMTAIdk0y nsqyf+5HXG7uIKNdwF7b =MM17 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
