[Gajim-devel] XEP-0065 encryption

Yann Leboulanger asterix at lagaule.org
Thu Apr 14 23:02:40 CEST 2016 

On 04/14/2016 10:48 PM, Yann Leboulanger wrote:
> On 04/13/2016 12:24 PM, Илья Валеев wrote:
>>  
>>> Gajim automatically tries jingle FT first, and encryption if both
>>> parties support it. But except by reading XML, you currently can't
>>> know nor enforce encryption. Suggestions welcome.
>> For example: new string option "file_transfer" (maybe conflict with
>> "use_ft_proxies") with this variants:
>>
>> *I.* auto
>> Default value, act as Gajim act today.
>>
>> *II.* inband
>> Send files with IBB.
>>
>> *III.* proxy
>> Send it with proxy defined in XEP-0065
>>
>> *IV.* jingle
>>
>> *Also:*
>> - Display icon for every position in list of transferring files, which
>> display encrypted transfer or not (for example, green closed lock and
>> red open lock)
>> - Warn user when file transfer is not encrypted before transfer starts
>> and give choise, continue without encryption or not
>>
>> Think that such transparency will help not only me, but all people
>> that cares about there security.
>>
>> I use gpg and in my case IBB would be encrypted, right? What kind of
>> encryption can offer jingle (I hear that XTLS
>> <https://xmpp.org/extensions/inbox/jingle-xtls.html> is deprecated)?
>> Is there any possibilities of end-to-end encrypting proxy filetransfer?
> You mixed several things: The way to negociate the transfer, the
> transport used to do it. Jingle and proxy are not orthogonal.
> Moreover, IBB should only be used as a fallback way. It uses a lot of BW
> and CPU for the server, and it's slow. Servers are not done to transfer
> so much data.
> I agree that displaying an encryption icon is a must have, and I already
> thought about that.
> Warn the user could be an option, but with a "do not warn me anymore"
> checkbox. Because that could annoy a lot on every transfer.
> IBB is NOT encrypted. you send your file plain. The link to your server
> may be encrypted if you're connect securely. But:
>  - the server owner has the file plain
>  - you have no idea if the S2S connection is secure
>  - you have no idea if the connection between your contact and his
> server is secure
>
> Once again, GPG is not used to encrypt / sign a file before it's sent.
>
> We indeed use XTLS even if this XEP has never been released
>
This is what we use:
http://xmpp.org/extensions/inbox/jingle-xtls.html

More information about the Gajim-devel mailing list