XMPP switches on mandatory encryption
XMPP switches on mandatory encryption
Posted May 22, 2014 12:08 UTC (Thu) by pizza (subscriber, #46)Parent article: XMPP switches on mandatory encryption
This isn't accurate. Google deactivited/b0rked XMPP federation for Google Hangouts (presence information is federated, but nothing else) but Google Talk remains fully federated with XMPP.
Unfortunately, as users (and domains) can switch from Talk to Hangouts at whim, coupled with that half-kinda-sorta-but-not-really Hangouts federation, folks outside of the Google mothership don't know if a given @gmail.com address works with real, federated XMPP or not.
Also, the elephant in the room with this mandatory encrption is that Google is still the largest federated XMPP userbase, probably greater than everyone else combined, and they do *not* support encrypted S2S connections. In other words, that manifesto, and the May 19th date became the voluntary de-peering of Google Talk for all those involved.
The real problem here has been the utter lack of communication out of Google with respect to the future of Talk and XMPP federation. Many, many, many of Google's business users rely on this heavily, and will not accept a forced-hangouts migration due to its lack of interoperability/federation with standard corporate messaging suites (all based on XMPP; even Microsoft's Lync!).
Similarly, I use my own server for both business and personal work, and the *vast* majority (ie all but two) are using google-hosted XMPP. If I were to sign up on this manifesto and cut off google, I'd basically torpedo my ability to communicate.
This is particularly frustrating because Google's the only reason XMPP hit the mainstream; they were one of its earliest (and loudest) champions, and we were all able to convince our employers and whatnot to go along.
Sigh.
Posted May 22, 2014 19:34 UTC (Thu)
by Comet (subscriber, #11646)
[Link] (1 responses)
Thus turning on STARTTLS breaks _reliably_ a service which was broken _unreliably_ and results in a more manageable and understandable service.
Those who want to talk to Google users and are willing to have their messages pass through Google will typically have a Google account of their own, so can tell their XMPP client to sign into multiple accounts instead of trying to depend upon Google's broken federation.
The non-Google account thus has link encryption and protection against purely passive sniffing by those without access to the servers, and talks to "the world of XMPP except Google and Facebook" and people talking with Google or Facebook users just have a connection to those XMPP services. (Facebook may not federate, but they do at least offer STARTTLS for XMPP these days).
Posted May 23, 2014 11:14 UTC (Fri)
by pizza (subscriber, #46)
[Link]
Eh, unless you use end-end crypyo (PGP or OTR) with XMPP, you're implicitly trusting the servers on both ends, and even S2S crypto won't change that. I find the "but teh google is reading ur email!" argument rather silly, because they are no different than any other "free" provider in that regard. And most of the "paid" providers too, I suspect. And that's even before the likes of the NSA are considered.
But that is besides the point. XMPP's killer feature was its federated nature. I just fear they've deliberately shot themselves in both feet in the name of progress, because in doing so they've deliberately de-federated from not only Google, but I suspect the majority of the corporate XMPP IM solutions as well. Thanks to Metcalfe's Law, this really does raise the question "why bother with XMPP at all, then?"
XMPP switches on mandatory encryption
XMPP switches on mandatory encryption