I don't agree, I think XMPP could be good solution, while yes attack surface is quite large but it will be in any case, because even if you create the very minimalist chat protocol possible (let's say basically use asymmetric cryptography for messages which are plaintext without any features) you still can have bugs in cryptography library, network stack, OS/kernel. This part will be same no matter what messaging protocol you use. So by changing plaintext to other payload such as XMPP we introduce another layer but this layer could be parsed in a sandbox / virtual machine thus even if you receive malicious message it couldn't exploit other parts of your system and it would work exactly like that simple plaintext protocol. Now but what if there's a bug in cryptography library, well you have already lost even with your basic plaintext protocol...


2014-07-07 11:41 GMT+03:00 stef <s@ctrlc.hu>:
On Mon, Jul 07, 2014 at 09:11:24AM +0200, edhelas wrote:
> I really think that we need to focus on an existent standard and improve it,
> and for me XMPP seem to be the perfect protocol for all theses things :
> - Standard IM + chatroom
> - Video/Audio conferencing (with Jingle, we are using it with WebRTC on
> Movim)
> - Pubsub (for newsfeeds, blogging)
> - Geolocation
> - Vcard4 support
> - SASL2 authentication
> - OTR support
> - Full encryption between the servers (https://xmpp.net/list.php)
> - and so on…

i dunno, but xml based protocol (attack surface), geolocation (privacy),
video/audio conferencing (traffic analysis), etc are all attributes i do not
want in a secure communication protocol and a protocol that supports these is
considered bloated. also the huge amounts of known/guessable plaintext in xmpp
are quite worrisome. i agree NIH is bad, but xmpp is as bad for a post-snowden
adversary model.