[Standards] New XMPP Use Case: Private Media Networks

Dirk Meyer dmeyer at tzi.de
Wed May 21 17:59:06 UTC 2008

JabberForum wrote:
> For me the only point really important will be anyway the security,
> because XMPP can probably be very secure, and I will already trust far
> more the Jabber network than any of the other IM networks which are for
> most of them not at all secure (and even more than Skype which is the
> one said very secure). But the current implementation and uses of XMPP
> are still not sufficient for me for such sensible uses. Anyway you are
> apparently studying the security consideration very fairly in your XEP
> already.

Thanks. Yes, security is the main problem here. I trust the Jabber
server, but when it comes to personal data, I only trust applications
I control. And based on my XEP it would be possible to do some nasty

> I would add also one security layer yet: some commands should be
> makable only locally (for instance on the machine itself). For instance,
> imagine you can control the heater, the aeration system or anything like
> this. You should set some limits locally that even the "owner" of the
> devices cannot change through one's account (but one can do it locally
> if one has physical access to the device for instance, or other access
> very secure). Or maybe this owner's account could run any command, but
> for critical one, they would be a second layer of security (like another
> password to give every time you make such a command, etc.).

It should be possible to only allow services for the owner. That will
be defined in the yet-to-be-written Access Control List section of the
document. Your local idea sounds nice and by accident it is already
defined. If a device only uses link-local communication and does not
register at the XMPP server, only local communication will be
possible. But I will keep the local stuff in consideration when
defining the access control list.

> I am considering the fact that often the main security breach is the
> human being. So what if someone can use your account: if you set a
> poorly secure password like most people; or if your Jabber client
> connects automatically on your main computer and gave access to this to
> someone; or simply when you leave your desktop 5 minutes without
> unconnecting from Jabber (forgetting this account is so sensible), etc. 
> Many security attacks rely on the human flaws (unless you are
> paranoid).

You can not prevent a stupid user. But the XMPP server account
password is totally useless since the network does not trust the
server. But if I have a main control app on my laptop running and you
get access to my laptop ... well, you have access.

Thanks for the feedback.


This fortune would be seven words long if it were six words shorter.

More information about the Standards mailing list