XMPP: basics, security, constrained networks

WebSocket
WebSockets comes with XMPP through RFC 7395. RFC 6455 is the overall WebSocket protocol. This was meant to replace previous technologies of Bidirectional data transfer (including BOSH) over HTTP. It works over TCP, allowing connections in both directions.

wss:// is the URI prefix for secure WebSocket. Data is secured under this transport, and not via frameworks under it. wss shouldn't be redirected to un-secure protocols like ws:// and http://. WebSocket was meant to work under HTTP ports 80 and 443. It is adaptable to have its own ports in the future, and to be improved to have a better handshake.

There were (or are) two ways to use XMPP with WebSocket (XMPP/WS): through a proxy server (like BOSH through a connection manager proxy), or have XMPP integrated with WebSocket at the server. Enabling WebSocket on an XMPP server requires configuration of a module.

WebSocket communications consist of: a handshake, and data transfer. Each XMPP stanza is en-capsuled or carried by 1 WebSocket message. WebSockets also uses pings to maintain or coordinate XMPP connections.

WSAPI is the WebSocket API for joining HTTP web applications to this protocol. For more details on WSAPI: https://www.w3.org/TR/websockets/


Comparisons to BOSH
WebSocket was meant for HTML5, for use with many applications. BOSH was made for XMPP. (BOSH previously replaced Jabber HTTP Polling [XEP-0025])
WebSocket can be used with Javascript. Bosh relies on Javascript with complicated libraries.

WebSocket uses less bytes for a message transfer than BOSH. Bosh uses long polling, and has "high transport overhead compared to XMPP's native binding to TCP." WebSocket overcomes webpolling problems over HTTP. Supposedly, WebSocket uses under 10 bytes of overhead for small messages. BOSH may use over 150 bytes of each pair of request and response headers.

From earlier information I read, it seemed that BOSH was better than WebSockets for intermittent network branches. WebSockets may be better, at least in many ways. WebSocket is “a more elegant, modern and faster replacement to Bosh,” according to ejabberd-websocket's module readme.

Bayeux and Comet were other methods for HTTP that haven't gained as much traction.


Improving Reliability
WebSocket can use Stream Management Extension [XEP-0198] to better manage stream connections, and to help overcome shortcomings compared to BOSH. Stream Management Extension does a good job of managing interrupted (temporary disconnected) connections.

Client State Indication [XEP-0352] also helps on intermittent mobile networks. It allows the server to hold data until mobile client has a better connection.

XMPP Ping Extension [XEP-0199] can also be used, but many browsers aren't compatible with it.

For mobile connections, see: Mobile Considerations on LTE Networks [XEP-0286].


Additional Refs and See also:
* https://stackoverflow.com/questions...all-for-bosh-over-websockets-and-long-polling
* Known Issues and Best Practices for the Use of Long Polling and Streaming in Bidirectional HTTP - https://tools.ietf.org/html/rfc6202
* The Definitive Guide to HTML5 WebSocket: [Chapter 4] Building Instant Messaging and Chat over WebSocket with XMPP
* https://www.websocket.org/aboutwebsocket.html
* https://www.websocket.org/quantum.html
 
Is OMEMO broken only for programs on FreeBSD? Or is it broken across the XMPP network? I've seen a comment on the Internet, saying this happened a time before. Maybe OMEMO is supposed to be compatible across different clients, but hasn't been recently?

I tried OMEMO on Gajim and Dino recently, and they didn't work. It worked on Gajim late last year.

Lurch is an OMEMO plugin available for libpurple.
 
Last edited:
OMEMO recently worked between Gaijim and Dino.

There weren't updates available for Gajim for a long time. It may have been one of the cryptographic dependencies that needed upgrading.
 
  • Thanks
Reactions: a6h
I had trouble with OMEMO not working between two phones.

OMEMO has worked between Dino and Gajim from FreeBSD before. I also found it useful then, to upgrade these programs, plus their dependencies, to make OMEMO start working again.

So far, I found out that OMEMO on Conversations on my Android works with both Dino and Gajim on FreeBSD. The problem may be on the other user's phone. Or the account needs to be of the same domain.

I'll ask on their venue for support about it.
 



Updates:
  • OMEMO for XMPP was adopted from Signal.
  • With appropriate XEP's, Websockets may be enough to overcome problems for intermittent/constrained networks that weren't as problematic to BOSH. Otherwise, without those XEP's, Websockets has less overhead and is faster than BOSH. This is written about in a previous post above, and also discussed in a link above. BOSH is also obsolete, but still in wide use. Websockets may be the way to go, as it is also HTML5 compatible.
 
Last edited:
This doesn't go into detail on Jingle and its use. It also doesn't cover XMPP server setup, client manager setup and firewall settings. Information on data/stream compression is also lacking, because a lot of methods were obsoleted and not replaced. I either couldn't find it, or it's not available. XEP-0322: Efficient XML Interchange (EXI) Format may still be relevant for stream/data compression, because it was deferred, but not obsoleted. Also, XEP-0322 would need to be updated, because one option it refers to is obsolete. If you're knowledgeable on those topics, feel free to link to or build a resource on it. This still can work as an intro for those related topics.

https://xmpp.404.city/ and https://list.jabber.at have XMPP server directories, but use of these for service isn't recommended by the server directory https://providers.xmpp.net for their D grade. Some which have a D grade are ok to use, so it depends on the reasons given there.

It was put together to update this thread and clear-up/organize the information which was posted as it was learned about. The books on it are outdated, but were a good place to learn the basics about XMPP, then lots of information had to be updated from that. This focuses on Websocket rather than BOSH use, as it's modern and current XEP's compensate for its setbacks. An updated text with updated information was lacking, so this serves as an intro or an update.

Thread firewall-settings-for-xmpp.61219 is about firewall settings, more specifically about PF on FreeBSD, however, it's outdated mainly on Websocket and Jingle.

Related thread on XMPP chatroom for FreeBSD: Thread xmpp-chat-for-freebsd-for-anyone-interested.87642.

For more XMPP/Jabber related threads on this forum:

License
If allowed, because the attached PDF contains recycled wording from my posts in this thread, released under FreeBSD Documentation License, BSD Documentation License and Creative Commons: Attribution 4.0 International (CC BY 4.0) license. Attribute https://forums.freebsd.org.
If the rules don't allow it to be re-licensed to the above, the PDF is still available from this forum here. You can make your own version for updates, corrections and additions, and post that on this forum. It's meant so people using FreeBSD, other operating systems, mobile phones or a combination of those can use.
 

Attachments

  • xmpp-basics-2023.pdf
    89.1 KB · Views: 77
Back
Top