Extensible Messaging and Presence Protocol (XMPP)
•
0 likes•271 views
The document provides information about the Extensible Messaging and Presence Protocol (XMPP): - XMPP is an open-source communication protocol for message-oriented middleware based on XML. It allows for near-real-time exchange of structured yet extensible data between any two or more network entities. - XMPP supports instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data. - The document discusses XMPP architecture, standards, security mechanisms like TLS and SASL, and the basic client-server communication flow when establishing an XMPP connection.
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Extensible Messaging and Presence Protocol (XMPP)
Similar to Extensible Messaging and Presence Protocol (XMPP) (20)
More from Sean Tsai
Recently uploaded
Recently uploaded (20)
Extensible Messaging and Presence Protocol (XMPP)
- 1. Extensible Messaging and Presence Protocol (XMPP) 2016.3.1 1 Sean
- 2. Extensible Messaging and Presence Protocol (XMPP) • A communication protocol based on XML. • Designed to be extensible. • Jeremie Miller began working on the Jabber technology in 1998. (Originally named Jabber) 2 1999~2000 RFC 3920 RFC 3921 2011 RFC 6120 RFC 6121 RFC 6122 2015 RFC 7622
- 3. XMPP的優點 • 因為使用xml,所以不限制訊息內容 • 支援的程式很多 • 很多 open source 可以使用 • 分散式 • 安全 3
- 4. XMPP的缺點 • IP 一換,整個連線需重連(驗證重做) ▫ 以手機而言,Wi-Fi/3G 轉換就會換 IP • 不能傳二進位資訊 (但可透過base64編碼傳送) 4
- 5. XMPP RFCs • RFC 3920 → RFC 6120 Extensible Messaging and Presence Protocol (XMPP): Core • RFC 3921 → RFC 6121 Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence • RFC 6122 → RFC 7622 Extensible Messaging and Presence Protocol (XMPP): Address Format 5
- 6. XMPP Architecture • Distributed client-server architecture 6 cyberlink.co m google.co m sean@cyberlink.com bob@google.com TC P TC P TC P TC P
- 7. Jabber ID (JID) • XMPP address • Bare JID ▫ <localpart@domainpart> ▫ EX: sean@cyberlink.com • Full JID ▫ <localpart@domainpart/resourcepart> ▫ EX: sean@cyberlink.com/123456789 7
- 8. XML Stanzas • iq ▫ Info/query • message ▫ Send a Message to a JID (a user or a group) • presence ▫ Broadcast message 8
- 9. Open a Stream – Initial Stream 9 <?xml version=‘1.0’?> <stream:stream to='u.cyberlink.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client‘ xml:lang='en' version='1.0'> TC P sean@cyberlink.com cyberlink.co m Port:5222
- 10. 10 <?xml version > <stream:stream version="1.0" from="u.cyberlink.com" id="3053277074" xml:lang="en“ xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client‘ > TC P sean@cyberlink.com cyberlink.co m Open a Stream – Response Stream
- 11. Stream Negotiation - Presence 11 <presence ….> <show/> </presence> TC P sean@cyberlink.com cyberlink.co m
- 12. Stream Negotiation - iq 12 <iq id=“1” type=“get”> … </iq> TC P sean@cyberlink.com cyberlink.co m <iq id=“1” type=“result”> … </iq> type: get, set, result, error
- 13. Stream Negotiation - message 13 <message….> Hello </message> TC P sean@cyberlink.com cyberlink.co m
- 14. Stream Negotiation – Close Stream 14 </stream> TC P sean@cyberlink.com cyberlink.co m </stream>
- 15. Client Server Communication Overview 15 <?xml version='1.0'?> <stream from=“samo@cyberlink.com” to=“cyberlink.com”> <presence …>Online</presence> <iq …>…</iq> <message …>Hello</message> </stream>
- 16. Authentication for XMPP • Transport Layer Security (TLS) ▫ Secure the stream from tampering and eavesdropping. ▫ MUST send a new initial stream header after finish. • Simple Authentication and Security Layer (SASL) ▫ Authenticate a stream. (U: base64(id+token)) ▫ MUST send a new initial stream header after finish. 16
- 17. Cryptography • Symmetric ▫ Use the same key for encrypt/decrypt. ▫ Security: Poor ▫ Performance: Good • Asymmetric ▫ Use public key for encryption and use private for decryption. ▫ Security: Good ▫ Performance: Poor 17
- 18. TLS • TLS 1.0 • TLS 1.1 • TLS 1.2 • TLS 1.3 (draft) • Employ a handshake using asymmetric cipher. 18
- 19. Stream Header 19 <?xml version='1.0'?> <stream from=“sean@cyberlink.com” to=“cyberlink.com”> <?xml version='1.0'?> <stream id=“++TR84Sm6A3hnt3Q065SnAbbk3Y=” to=“sean@cyberlink.com” from=“cyberlink.com”> TC P sean@cyberlink.com cyberlink.co m
- 20. TLS Negotiation 20 <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> <required/> </starttls> </stream:features> TC P sean@cyberlink.com cyberlink.co m
- 21. 21 <stream:features xmlns="http://etherx.jabber.org/streams"> <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <failure xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> </stream:stream> or I R TLS Handshake Protocol
- 22. TLS Handshake Protocol 22 Client_hello(client_version, session_id, cipher_ suites, compression_methods, ) TC P sean@cyberlink.com cyberlink.co m PKc PrKc RNc RNc RNc
- 23. TLS Handshake Protocol TC P sean@cyberlink.com cyberlink.co m Server_hello(client_version, session_id, cipher_ suites, compression_methods, ) PKc PrKc PKs PrKs RNsRNc RNs RNc RNs
- 24. TLS Handshake Protocol 24 TC P sean@cyberlink.com cyberlink.co m Server_Certificate(CA, ) PKc PrKc PKs PrKs PKs RNsRNc RNsRNc
- 25. TLS Handshake Protocol 25 TC P sean@cyberlink.com cyberlink.co m PKc PrKc PKs PrKsPKs Check server certificate RNsRNcRNsRNc
- 26. TLS Handshake Protocol 26 TC P sean@cyberlink.com cyberlink.co m PKc PrKc PKs PrKsPKs Client_Certificate(CA, ) PKc RNsRNcRNsRNc
- 27. TLS Handshake Protocol 27 TC P sean@cyberlink.com cyberlink.co m PKc PrKc PKs PrKsPKs PKc RNsRNc RNsRNcPMS Generate random pre-master-secretPMS
- 28. TLS Handshake Protocol 28 TC P sean@cyberlink.com cyberlink.co m PKc PrKc PKs PrKsPKs Encrypted with PKs PKc RNsRNc RNsRNc PMS PMS PMS
- 29. TLS Handshake Protocol 29 TC P sean@cyberlink.com cyberlink.co m PKs PrKsPKc Calculae Master-Secret fromMS RNsRNc RNsRNc PMS PMS MS
- 30. TLS Handshake Protocol 30 TC P sean@cyberlink.com cyberlink.co m MS MS Calculae Master-Secret fromMS RNsRNc PMS
- 31. TLS Handshake Protocol 31 TC P sean@cyberlink.com cyberlink.co m 1. Change cipher spec 2. Client finish MS MS
- 32. TLS Handshake Protocol 32 TC P sean@cyberlink.com cyberlink.co m 1. Change cipher spec 2. Server finish MS MS
- 33. 33 <stream:features xmlns="http://etherx.jabber.org/streams"> <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> <failure xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> </stream:stream> or I R TLS Handshake Protocol
- 35. Restarts • On successful negotiation of a feature that necessitates a stream restart, both parties MUST consider the previous stream to be replaced but MUST NOT send a closing </stream> tag and MUST NOT terminate the underlying TCP connection. • The initiating entity then MUST send a new initial stream header. 35
- 36. 36
- 38. SASL Negotiation 38 <stream:features xmlns="http://etherx.jabber.org/streams"> <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl“ mechanism="PLAIN"> ADc2ODAwMQBkMGY2ZjllMi00YmRlLTQ2ZjItOGI2Yi1lNDM0OTk 2ZjczZGQ= </auth> <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl" /> R R I
- 40. Resource Binding 40 <stream:features xmlns:stream="http://etherx.jabber.org/streams"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/> </stream:features> TC P sean@cyberlink.com cyberlink.co m
- 41. Resource Binding 41 <stream:features xmlns="http://etherx.jabber.org/streams"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" /> <session xmlns="urn:ietf:params:xml:ns:xmpp-session" /> </stream:features> <iq type="set" id="97fe2b99-dfa6-4fa0-a963-f27e840b1adb-1"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> <resource>mobile</resource> </bind> </iq> <iq type="result" id="97fe2b99-dfa6-4fa0-a963-f27e840b1adb-1"> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"> <jid>juliet@im.example.com/mobile</jid> </bind> </iq> R R I
- 42. Currently Design for U • Remove the mechanism of RESTART. • Add <CLResumed/> for doing SASL and binding again after reconnecting. 42
- 43. CLResume: server give info 43 <clresumed xmlns="urn:xmpp:custom:resume" status="success" sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZXJsa W5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGLTlEOTgt RjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3cE=" expiration="2592000"/> TC P sean@cyberlink.com cyberlink.co m
- 44. Begin Resume 44 <clresumed xmlns="urn:xmpp:custom:resume" sessionid="g2gEbQAAAAYzMTgwMDFtAAAAD3UuY3liZX JsaW5rLmNvbW0AAAAkRjg5MjlFMzctRTAwMi00QzdGL TlEOTgtRjkxNTFGNUQ3NEI5aANiAAAFkmIACeRcYgAM3 cE=" /> TC P sean@cyberlink.com cyberlink.co m
- 46. XMPP Connection Steps w/o clresume C -> S stream C <- S stream / feature:starttls C -> S starttls C <- S proceed C <> S tls handshake C -> S stream C <- S stream / feature:sasl C -> S auth C <- S auth C -> S stream C <- S stream / feature:bind C -> S bind C <- S bind
- 47. XMPP Connection Steps w/ clresume (not resume case) C -> S stream C <- S stream / feature:starttls C -> S starttls C <- S proceed C <> S tls handshake C -> S stream C <- S stream / feature:sasl C -> S auth C <- S auth C -> S stream C <- S stream / feature:bind C -> S bind C <- S bind C <- S clresume
- 48. XMPP Connection Steps w/ CLResume (resume case) C -> S stream C <- S stream / feature:starttls C -> S starttls C <- S proceed C <> S tls handshake C -> S stream C <- S stream / feature:sasl C -> S clresume C <- S clresume
- 49. Q&A 49