3

I have been working on an application running over XMPP. I would like to know which all popular security layers are available over the XMPP protocol, similar to SSL over http.

Anonymous Platypus
  • 1,392
  • 3
  • 18
  • 33

1 Answers1

6

The core XMPP specification defines how it integrates with TLS for transport security, and SASL for authentication.

There is also a standard end-to-end signing and encryption protocol that can be used to ensure protection of messages from sender to ultimate recipient, whereas TLS only protects up to the next relay host. This end-to-end protocol builds on S/MIME.

Also, depending on the context, you may have the option to put clients and servers in their own VPN, which will protect the traffic against outsiders. This is generic to every networked application and is done at the OS level.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475