Category Archives: Security

We support OMEMO!

A few days ago Daniel Gultsch added the column XEP-0384: OMEMO Encryption to his compliance list. It suggested that only conversations.im supports OMEMO Encryption, which isn’t true. Yesterday an explanation was added to one of the source files of the ComplianceTester and also a question mark was added to the column mentioned above, which is a link to this explanation.

Daniel Gultsch strongly recommends that the servers PEP module should support publish-options. If enabled, Conversations starting with version 1.20, will be able to send OMEMO encrypted messages to clients, without the need to add them to your roster first. This is a great new feature and we like it, and would like to support it, but currently the PEP module from Prosody does not support publish-options (yet).

Long speak short: You can still use Conversations and other clients with OMEMO over our and other servers, but without the feature of writing encrypted messages to persons, who are not in your address book.

For more information please see here at 5222.de. I also reused some text of the blog post of Sebastian as it describes everything quite good. So thank you for that, Sebastian! 😉

Captcha activated for account registration

One of the main reasons we were really looking forward for ejabberd 2.1.6 is the support of captcha for mod_register. This module handles in-band registration, which means the interface where users can register through their client. This interface is also abused by spammers. We hope that the use of captchas will prevent most spam registrations.

If you client does not support captcha you well see a url where you can see the captcha in your browser window.