Digital signatures for XMPP messages are a desirable addition to the currently standardized peer to peer digital signatures (strong authentication based on PKI). Digital signatures on XMPP messages can enable:
- Message Origin Authentication
- End to end Content Integrity checks
- Binding of Security Labels to messages by Clients, MUC Rooms, and Gateways
Previous attempts to standardize have not gained general acceptance, and have a number of problems. Ad hoc implementation efforts that we are aware of also have problems.
Isode is working to enable a standard. XEP-0274 "Design Considerations for Digital Signatures in XMPP" has been developed primarily by Isode staff and has just been published. It looks at requirements and possible approaches to meeting these requirement. It looks particularly at approaches using the XMLDSIG XML digital signature standard, which we believe is the most promising direction.
Both requirements and technical solution to address these requirements are complex. We believe that wide participation will be crucial to develop a workable and widely adopted standard in this space.