Hi, XMPP networks are now going to be default secured with TLS in their client-to-server and server-to-server communications by 22th Feb.
Most IM client support end-to-end encryption with OTR by default. The "Federated Architecture" make it very scalable and distributed. With all that "goods of COMSEC" in place, we are missing a timing correlation protection schema for XMPP traffic, to avoid an adversary "monitoring your internet communication line" to know "when" you have written something. POND is a super technology to prevent timing correlation attacks (https://pond.imperialviolet.org/tech.html), unfortunately it's a closed network so i don't think it would ever get diffused (it's also written in GO and my religion does not let me use anything written in GO). So i've been thinking that we need "a method" to achieve protection against time traffic correlation attacks on XMPP chat. It's possible that, by having a traffic-generator-robot (behaving like an XMPP buddy you connect to), and an XMPP client plug-in it would be possible to create some kind of "constant traffic timing pattern" to avoid an adversary being able to make timing correlation attacks. Something like that would be "relatively easy" to be implemented. This would bring "timing correlation attack protection" to the already existing security stack of XMPP: - Client TLS encrypted login - Server-to-Server TLS encrypted communication - end-to-end encrypted communication with OTR - Federated architecture -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
