Writing

Feed Software, technology, sysadmin war stories, and more.

Friday, June 21, 2013

Reminder: Google Talk federation runs unencrypted

Just a short reminder for people who worry about privacy and things like that: even if you're using your own XMPP (Jabber) server for chat purposes, if you talk to people who use Google, you're doing it in the clear. Their federation links (inter-domain communications) are established without encryption.

I wrote about this last year, but in light of recent revelations it seems worthy of a second mention.

Here's how it works. I run my own XMPP server. I connect to it from an IM client on my laptop. It negotiates TLS using my rachelbythebay.com certificate, and then it's running relatively securely. Then, it sees that I have "buddies" on gmail.com and other domains which are also hosted by Google.

This makes my server reach out to the XMPP servers for gmail.com and friends, and it puts up "s2s" (server to server) links. These links are then established without TLS. There is no encryption.

Now, there's still encryption on the client side for people using Google's talk servers, but there's still a weak link in the chain.

To review:

My IM client talks to my server over TLS. Good.

Their IM client talks to Google's server over TLS. Also good.

Our servers talk to each other in the clear. Bad.

If you run your own server and care about this kind of thing, you might want to try sniffing your own traffic heading out to Google to see exactly what I'm talking about. Try a command like this:

tcpdump -nl -s 0 -X net 74.125.0.0/16 and port 5269

Look carefully. If there's anything other than random-looking garbage, it's running in the clear. Don't trust your log files. Do your own sniffing and see what an attacker would see.

I should note that it's not my server's fault. It happily runs TLS over federated links to everyone else.

Just not Google.