Page 5: Jabber network infrastructure and functions
Anatomy of a Jabber Address
A Jabber address is constructed very similar to an email. A Jabber identity (JID) has a form of the type firstname.lastname@example.org, which also makes them easy to remember. The client, then, can also be associated with different data sources, with a system reminiscent of Mac OS. Hence, it is possible for a user to establish parallel connections to a server, using the same JID for each connection. So he could create a permanent connection from home with a certain JID, but use the same one to connect the laptop he uses when he moves. The system allows Jabber to determine exactly which IP to use within a conversation.
There are several possible levels of encryption: client-server, server-server and even client-client communications can be encrypted. The user can use any of these methods of his choice. As with email, the S / MIME method can be used. However, this choice requires a lot of additional information to be sent, and brings with it important difficulties of use; so most Jabber developers tend to overlook it in client development.
One of the most common methods in the Jabber community is based on Open PGP, described in a dedicated page (Jabber Open PGP Usage, in English); this method has yet to be recognized as the Internet Standard, but it is not the only flaw. OpenPGP encryption, in fact, has a vulnerability, linked to the fact that the keys cannot be changed for long periods of time, so if someone manages to steal or break the system, it will be easy to access communications. This problem also allows unauthorized operators to find out who is involved in a given conversation, who said what and at what time.
Without the right key, decryption is impossible. That's good, because encryption in instant messaging is just as important as it is in e-mail.
To stem these vulnerabilities, a new form of off-the-record (OTR) messaging was created. In this context, disposable temporary keys are inserted, which are often changed during the conversation. The OTR system uses a library developed by Ian Goldberg and Nikita Borisov, and uses AES, SHA1-HMAC and several RSA algorithms, to manage key exchange and tracking. The keys are shared through a specific protocol, the Diffie-Hellman.
Jabber's third encryption method is currently in an experimental state. Its description is documented, in English, in This Page. This technique uses SSH, SSH Mask Transport Protocol and OTR, and may, in the future, outperform the previous two methods. But for now XMPP.org recommends using it for experimental purposes only.
The cryptographic methods available to Jabber clients depend, essentially, on the choices of the developers. Anyone interested in exploring OTR methods should check out the plug-ins available, which are numerous.Jabber network infrastructure and functions