[Standards] End-to-end security in MUCs

George Kadianakis desnacked at riseup.net
Fri Dec 7 16:09:29 UTC 2012


I'm lately looking into (the absence of) secure multi-party chat

Specifically, I'm interested in protocols that provide end-to-end
confidentiality, authentication and PFS between the chat members.

mpOTR [0] is the first protocol that comes to mind, but the paper is
not complete and there are many questions to answer before
implementing it [1].

Looking at the XMPP ecosystem to see if any useful protocols have been
suggested, I noticed two relevant proposals: XEP-0116 [2] and XTLS [3].

Unfortunately, if my understanding is correct, neither of these
proposals provides the properties I'm looking for:

Specifically, XEP-0116 seems to setup an end-to-end secure channel in
a two-party chat but there is no reference to MUCs in the

The XTLS specification talks about its application in MUCs in the
'Introduction' section, but if I understand correctly it's only
capable of setting up a TLS link between the client and the MUC
service, and not pairwise between the clients. That's not sufficient,
since the MUC service is honest-but-curious in my threat model.

Am I reading the specs right? Are there any other solutions that I've


[0]: http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf
[1]: https://github.com/cryptocat/cryptocat/wiki/mpOTR-Specification
[2]: http://xmpp.org/extensions/xep-0116.html
[3]: https://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption-02

More information about the Standards mailing list