Pengdows

Everyone deserves privacy.
Home
Mission Statement
Privacy Information
Store
About Us (Services)
Products
Privacy Statement
Jabber
Contact Us
Jabber is another IM protocol, like AIM, ICQ, MSN/Windows Live Messenger, or YahooJabber however based entirely on open XML standards.  This allows you to run your own server with any of your choice of clients.  It includes support for SSL and TLS, giving you a level of security and privacy above and beyond any of the "big" IM tools.

At Pengdows we believe that Jabber is a superior solution when compared to any of the big IM networks for several reasons.

  • It is platform independant. Servers and clients are available for just about any OS you like.
  • It can be limited to an intranet for companies that would like the convienice of IM without the security breach risks.
  • Because it can be setup internally by a company you can have a single contact address. In other words, something like this can be added to your emails
    • You may reach me via Jabber or email at user@example.com.
  • Severs could be configured to log all messages for compliance with regulations like HIPPA or law enforcement.
  • It supports standards.  Open standards are always a good thing.
  • End to end encryption can be added for those who need greater security. This can be done using PGP currently. X.509 specifications are being added and other tools like OTR and Simp may be used.

 

You might ask "Skype, Trillian and IMSecure support encryption without any user intervention, why should I use Jabber and its encryption, or something like Simp or OTR instead"?

Skype, Trillian and IMSecure all have the same problem; you have no way of validating the keys yourself.  So, even if you have 128bit AES encryption going, you have no way of validating that you are talking to who you think, nor do you have any way to prove that there isn't a man in the middleIMSecure is actually less secure than the others because, unless they have changed things, it only uses 56bit encryption. 

OTR is good encryption and has its place. It includes perfect forward secrecy and the ability to validate keys out of band. However, it's cumbersome and, because it isn't integrated with (most) clients, there is very little obvious feedback to the user on your encryption state. By contrast, Simp is easier to use and you may use your choice of keys, like PGP, a generate key (such as an RSA or Elliptical Curve key), or even an X.509 cert from a CA.  The really special part is that if you use an X.509 cert or a PGP key, you can have validated this info out of band or trust the signatures on the key.  For example, if I sign an email using the same certificate you get from Simp when I chat with you via IM, then you know that you are talking to the same person. Additionally X.509 certs from a trusted CA will have already been validated for you, thus if someone in another country IMs you, and Simp presents their Class 3 certificate from Thawte, you are reasonably sure that they are who the cert says. The same goes for Class 2 certificates from StartCom.

Finally, there are several changes in the works for the Jabber Standards like requiring SSL encryption for "Server to Server" and "Client to Server" communication, VoIP support, and support for video.
Powered By EnterpriseDBPowered By ASP.NETStartCom Validated
Questions? Comments? email me at: alaricd@pengdows.com
Page Last Modified on: Unknown