[guardian-dev] GSoC 2013 proposal: Gibberbot secure file transfers

Georg Lukas georg at op-co.de
Wed Feb 27 15:09:19 EST 2013


Hey folks,

I would like to suggest that GP stands up as a mentoring organization
for the upcoming Google Summer of Code [0], with implementing secure
file transfer in Gibberbot/SMACK as the project (feel free to add other
project ideas, though).

Currently, XMPP lacks a way to securely transmit files from one user to
another. Several proposals exist [1-5], but none of them is a finished
standard, and existing implementations are hard to find (so far I only
found Gajim supporting XEP-0116, and Jitsi using SRTP/ZRTP over Jingle).


There are several tasks that need to be accomplished for this:

1. Somebody with a good understanding of crypto handshake protocols
   needs to evaluate the proposals and choose which one to implement.

2. Jingle-based file transfers (cleartext, [6]) need to be implemented
   in SMACK (it already supports "regular" file transfers [7], and their
   API should be re-used).

3. Key handshake support needs to be added to SMACK, according to the
   chosen protocol.

4. combine (2) + (3) = encrypted file transfers

5. a Gibberbot frontend needs to be created (I heard one is in the works
   already)


Steps 2-5 can be "outsourced" to GSoC students, whereas 1 requires some
effort from the organization.

DISCLAIMER: Of course, I have a personal interest in this affair ;-)
As the project janitor of yaxim [8] I hope to be able to profit from
encryption support in/with SMACK, so that I can integrate it in my app
as well. Being just a single person, I do not see good chances for being
accepted as a project mentor (and neither do I have the time to
contribute significantly).

Also, if somebody here knows some Googlers, it could help getting the
project accepted.


Kind regards,

Georg

[0] http://www.google-melange.com/gsoc/homepage/google/gsoc2013
[1] Encrypted Session Negotiation: http://xmpp.org/extensions/xep-0116.html
[2] Jingle XTLS: http://xmpp.org/extensions/inbox/jingle-xtls.html
[3] XTLS: http://tools.ietf.org/html/draft-meyer-xmpp-e2e-encryption-02
[4] E2E Object Encryption: http://tools.ietf.org/html/draft-miller-xmpp-e2e-03
[5] OTR v3: http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html
[6] Jingle File Transfer: http://xmpp.org/extensions/xep-0234.html
[7] SI File Transfer: http://xmpp.org/extensions/xep-0096.html
[8] http://yaxim.org/
-- 
|| http://op-co.de ++  GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N  ++
|| gpg: 0x962FD2DE ||  o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+  ||
|| Ge0rG: euIRCnet ||  X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y?   ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130227/2c9e5067/attachment.pgp>


More information about the Guardian-dev mailing list