Opensource communication frameworks: XMPP, SIP, AMQP, MQTT, CAP, IAX



Reaction score: 713
Messages: 1,557

An opensource framework allows interoperable and inter-organizational use between different offerings (or servers). Signal can't be compared in this category, because it is simply an opensource client offered by one provider or organization, and not a standard for interoperable use: it can be compared to other opensource apps on a separate merit.

If one wants to host their own server or wants a choosing that is interoperable with others, or a choice of software clients to use, then an opensource messaging standard or framework is the way to go.

IETF recognized frameworks
IETF recognizes XMPP (Extensible Messaging and Presence Protocol) and SIP (Session Initiation Protocol) as opensource standards for secure communication. IAX (Inter-Asterisk eXchange 2) which is associated with Asterisk is acknowledged by IETF, but not at the level of a standard by this governing organization. MGCP (Media Gateway Control Protocol) is an IETF opensource framework for VOIP that has been surpassed by SIP and IAX.

IAX (eaks) makes up for some shortcomings of SIP. SIP is not practical for use behind a NAT, but IAX is.

There is overlap between XMPP/Jingle and SIP/Simple. XMPP was intended for text communications, and as a Jingle extension to allow voice and video. SIP was intended for voice communication, but later added Simple for text communication.

OASIS recognized frameworks
(Advanced Message Queuing Protocol), MQTT (Message Queuing Telemetry Transport) and CAP (Common Alerting Protocol) are open standards recognized by OASIS. CAP is an important but more specific offering by OASIS.

MQTT is meant for Internet of Things (IoT) or device communication. MQTT is useful for automation, logistics, manufacturing, smart home, energy and transportation. For some IoT purposes, MQTT can be used in place of Bluetooth. MQTT-SN addresses very constrained networks. Eclipse organization takes an active interest in MQTT. See: net/mosquitto and net/py-paho-mqtt

AMQP is an open standard for secure business messaging. It's used by a lot of financial firms. See: net/rabbitmq

CAP is an XML implementation used for emergency alerts. It's used by National Oceanic and Atmospheric Administration (NOAA), Emergency Alert Services (EAS), FEMA and other agencies.

World Wide Web Consortium (W3C) is an open standards platform organization for the Internet. WebRTC is an open-source standard by W3C for voip communication on the web through an API. For an API, JavaScript is mentioned.

LwM2M (Lightweight Machine to Machine) is an open specification by OMA. JupiterMesh is an open specification by Zigbee. These are for hardware and IoT communication.

Secure authentication and encryption of streams
For secure communication, OMEMO or PGP is needed for XMPP. It is easy to verify whether OMEMO or PGP are switched on. Jingle and other file or media transports still need additional encryption.

SIP needs both SIPS (SIP Secure) and SRTP (Secure RTP) for secure communication, but this requires a professional to set up devices on both ends of the line. It is difficult to confirm whether SIP communications are encrypted, or when they become unencrypted, unless it is set up by an expert in such a way that calls drop the moment they become insecure. Many software offerings don't have SIPS availability: PJSIP. SIPS negotiates a link between clients and servers, then SRTP transports voice directly from client to client.

SRTP ports and port options:
* Asterisk ports have net/pjsip and SRTP options: both must be enabled
* net/pjsip has an EXTSRTP option, which must be enabled
* EXSRTP and SRTP options both pull in the net/libsrtp2 library
* net/libsrtp was long depreciated and replaced by a newer version, libsrtp2, because it conflicted with OpenSSL in base of previous FreeBSD versions
* audio/baresip is an SIP client which had the srtp option: DTLS_SRTP is now available as an option, but is marked as broken

For IAX, RSA key exchange or MD5 hashing only secures the authentication handshake. The communication stream also requires a dynamic key (aes128) or VPN.

MQTT's authentication is too basic to allow secure conversation, however it can use SSL/TLS.

CoAP (Constrained Application Protocol) is a framework from IETF as an alternative to MQTT, but it provides no security mechanisms.

* MQTT and CoAP, IoT Protocols

Further Reading
Last edited:


Active Member

Reaction score: 51
Messages: 115

That rabbitmq package looks pretty neat. I think I could program a script to instant message myself an alert from a server with it.

{Financial data breaks a threshold, system stat breaks a threshold, some sort of device monitor breaks a threshold...the dog ran out of food...the house temp dropped below zero, etc.}

Edit: I suppose any xmpp terminal client should be able to do the same.


Active Member

Reaction score: 51
Messages: 115

And there it is: sendxmpp
Config file {need to chmod 600 this file}:
username: myusername
jserver: mychatserver.extension
port: 5222
password: mypassword

send a message {this server requires TLS}:

echo "hello world" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s hello someotheruser@servername.extension

Here's a perl script intended for crontab

#!/usr/local/bin/perl -w

$TIME = `date "+%r"`;
$DATE = `date "+%m/%d/%Y"`;

$VAR1 = "echo \"Finished Collecting Weather Data @ $TIME on $DATE\" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s weatherupdate myname\@mychatserver.extension";



Active Member

Reaction score: 51
Messages: 115

Upon further reading the above is a Perl module that can be used to send and receive xmpp messages.

It's the same module that sendxmpp uses. Anyways it looks really neat and easy to setup a control system with it where you can control a machine with your cellphone/tablet just by using Perl scripts and an xmpp client on the remote device.