0

I use XMPP for sending instant messages from a bot in a server to a laptop client. I have full control of both the clients (bot and laptop client) and they are both connected to the same server which I have setup myself and I have full control of it.

The server is ejabberd with starttls_required option in ejabberd_c2s configuration. A valid ssl certificate is used for this.

I would like to know if OTR is required to encrypt my messages between those clients. I do not mind if these messages are somehow accessible from the server but I want them to be encrypted while on transit.

Do I need OTR for this senario or is the starttls_required option enough for my purposes?

Would OTR provide some more protection?

thank you

atrias
  • 88
  • 5
  • 1
    Shouldn't this be migrated to `security.stackexchange.com`? – kasperd Sep 13 '14 at 09:58
  • Well first I asked this on stackoverflow because the bot client is under development so i believed that it could go there. Then someone suggested to ask it on serverfault or superuser so I deleted that question and asked again here. So it seems that it is a multitopic related question! :) I am new to stackexchange so plz excuse me – atrias Sep 13 '14 at 11:06

1 Answers1

0

TLS is encrypting your message in transit.
Someone sniffing the network traffic will not be able to read it.
Someone with access to the server may be able to read it.

OTR adds end-to-end encryption of your chat.
Nobody except your 2 clients will be able to read it.

Of course OTR adds more protection (e.g. server is compromised).
But based on your requirements, TLS should be enough.

faker
  • 17,496
  • 2
  • 60
  • 70
  • This was my initial thought and that is why I asked this question. But I had some doubt regarding the workings of xmpp messaging. I though that it worked something like SIP which uses server only for connection initiation and then messages are passed peer-to-peer. thank you for clarification. – atrias Sep 13 '14 at 09:46