Opensource communication frameworks: XMPP, SIP, AMQP, MQTT, CAP, IAX

sidetone

sidetone

An opensource framework allows interoperable and inter-organizational use between different offerings (or servers). Signal can't be compared in this category, because it is simply an opensource client offered by one provider or organization, and not a standard for interoperable use: it can be compared to other opensource apps on a separate merit.

If one wants to host their own server or wants a choosing that is interoperable with others, or a choice of software clients to use, then an opensource messaging standard or framework is the way to go.

IETF recognized frameworks
IETF recognizes XMPP (Extensible Messaging and Presence Protocol) and SIP (Session Initiation Protocol) as opensource standards for secure communication. IAX (Inter-Asterisk eXchange 2) which is associated with Asterisk is acknowledged by IETF, but not at the level of a standard by this governing organization. MGCP (Media Gateway Control Protocol) is an IETF opensource framework for VOIP that has been surpassed by SIP and IAX.

IAX (eaks) makes up for some shortcomings of SIP. SIP is not practical for use behind a NAT, but IAX is.

There is overlap between XMPP/Jingle and SIP/Simple. XMPP was intended for text communications, and as a Jingle extension to allow voice and video. SIP was intended for voice communication, but later added Simple for text communication.

OASIS recognized frameworks
AMQP (Advanced Message Queuing Protocol), MQTT (Message Queuing Telemetry Transport) and CAP (Common Alerting Protocol) are open standards recognized by OASIS. CAP is an important but more specific offering by OASIS.

MQTT is meant for Internet of Things (IoT) or device communication. MQTT is useful for automation, logistics, manufacturing, smart home, energy and transportation. For some IoT purposes, MQTT can be used in place of Bluetooth. MQTT-SN addresses very constrained networks. Eclipse organization takes an active interest in MQTT. See: net/mosquitto and net/py-paho-mqtt

AMQP is an open standard for secure business messaging. It's used by a lot of financial firms. See: net/rabbitmq

CAP is an XML implementation used for emergency alerts. It's used by National Oceanic and Atmospheric Administration (NOAA), Emergency Alert Services (EAS), FEMA and other agencies.

W3C
World Wide Web Consortium (W3C) is an open standards platform organization for the Internet. International Digital Publishing Forum (IDPF) was an opensource standards organization which has merged with W3C in 2016. ePub was fostered by IDPF, and it is now under W3C. WebRTC is an open-source standard by W3C for VOIP communication on the web through an API. For an API, JavaScript is mentioned.

More
LwM2M (Lightweight Machine to Machine) is an open specification by OMA (Open Mobile Alliance) Specworks, which IPSO (Internet Protocol for Smart Objects) Alliance has merged with. JupiterMesh is an open specification by Zigbee. These are for hardware and IoT communication.

Secure authentication and encryption of streams
For secure communication, OMEMO or PGP is needed for XMPP. It is easy to verify whether OMEMO or PGP are switched on. OMEMO is an opensource technology originally developed for Signal messenger. Jingle and other file or media transports still need additional encryption.

SIP needs both SIPS (SIP Secure) and SRTP (Secure RTP) for secure communication, but this requires a professional to set up devices on both ends of the line. It is difficult to confirm whether SIP communications are encrypted, or when they become unencrypted, unless it is set up by an expert in such a way that calls drop the moment they become insecure. Many software offerings don't have SIPS availability: PJSIP. SIPS negotiates a link between clients and servers, then SRTP transports voice directly from client to client.

SRTP ports and port options:
* Asterisk ports have net/pjsip and SRTP options: both must be enabled
* net/pjsip has an EXTSRTP option, which must be enabled
* EXSRTP and SRTP options both pull in the net/libsrtp2 library
* net/libsrtp was long depreciated and replaced by a newer version, libsrtp2, because it conflicted with OpenSSL in base of previous FreeBSD versions
* audio/baresip is an SIP client which had the srtp option: DTLS_SRTP is now available as an option, but is marked as broken

For IAX, RSA key exchange or MD5 hashing only secures the authentication handshake. The communication stream also requires a dynamic key (aes128) or VPN.

MQTT's authentication is too basic to allow secure conversation, however it can use SSL/TLS.

CoAP (Constrained Application Protocol) is a framework from IETF as an alternative to MQTT, but it provides no security mechanisms.

Sources
Further Reading
Tags
 
Last edited:
That rabbitmq package looks pretty neat. I think I could program a script to instant message myself an alert from a server with it.

{Financial data breaks a threshold, system stat breaks a threshold, some sort of device monitor breaks a threshold...the dog ran out of food...the house temp dropped below zero, etc.}

Edit: I suppose any xmpp terminal client should be able to do the same.
 
And there it is: sendxmpp
Config file {need to chmod 600 this file}:
~/.sendxmpprc
Code: 
username: myusername
jserver: mychatserver.extension
port: 5222
password: mypassword

send a message {this server requires TLS}:

echo "hello world" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s hello someotheruser@servername.extension

Here's a perl script intended for crontab

Perl: 
#!/usr/local/bin/perl -w
#---------------------------#
# PROGRAM: XMPPSCRIPT        #
#---------------------------#


$TIME = `date "+%r"`;
$DATE = `date "+%m/%d/%Y"`;
chomp($DATE);
chomp($TIME);

$VAR1 = "echo \"Finished Collecting Weather Data @ $TIME on $DATE\" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s weatherupdate myname\@mychatserver.extension";

system("$VAR1");
 
https://metacpan.org/pod/Net::XMPP

Upon further reading the above is a Perl module that can be used to send and receive xmpp messages.

It's the same module that sendxmpp uses. Anyways it looks really neat and easy to setup a control system with it where you can control a machine with your cellphone/tablet just by using Perl scripts and an xmpp client on the remote device.
 
ramon15v said:
And it seems that MGCP is one of the most reliable solutions as an opensource framework for VOIP, isn't it?
Click to expand...
What I read was in terms of how many people are using it, and that SIP and IAX have gained steam. IIRC, this was from one of the Asterisk books, which was pro IAX.

I looked a little more about the protocol. MGCP is also known as H.248. It uses plain-text, so that may mean it's not be ideal for secure communications. But it might be compatible with POTS switching.

If you know something about MGCP's strengths, let us know.
 
sidetone said:
An opensource framework allows interoperable and inter-organizational use between different offerings (or servers). Signal can't be compared in this category, because it is simply an opensource client offered by one provider or organization, and not a standard for interoperable use: it can be compared to other opensource apps on a separate merit.

If one wants to host their own server or wants a choosing that is interoperable with others, or a choice of software clients to use, then an opensource messaging standard or framework is the way to go.

IETF recognized frameworks
IETF recognizes XMPP (Extensible Messaging and Presence Protocol) and SIP (Session Initiation Protocol) as opensource standards for secure communication. IAX (Inter-Asterisk eXchange 2) which is associated with Asterisk is acknowledged by IETF, but not at the level of a standard by this governing organization. MGCP (Media Gateway Control Protocol) is an IETF opensource framework for VOIP that has been surpassed by SIP and IAX.

IAX (eaks) makes up for some shortcomings of SIP. SIP is not practical for use behind a NAT, but IAX is.

There is overlap between XMPP/Jingle and SIP/Simple. XMPP was intended for text communications, and as a Jingle extension to allow voice and video. SIP was intended for voice communication, but later added Simple for text communication.

OASIS recognized frameworks
AMQP (Advanced Message Queuing Protocol), MQTT (Message Queuing Telemetry Transport) and CAP (Common Alerting Protocol) are open standards recognized by OASIS. CAP is an important but more specific offering by OASIS.

MQTT is meant for Internet of Things (IoT) or device communication. MQTT is useful for automation, logistics, manufacturing, smart home, energy and transportation. For some IoT purposes, MQTT can be used in place of Bluetooth. MQTT-SN addresses very constrained networks. Eclipse organization takes an active interest in MQTT. See: net/mosquitto and net/py-paho-mqtt

AMQP is an open standard for secure business messaging. It's used by a lot of financial firms. See: net/rabbitmq

CAP is an XML implementation used for emergency alerts. It's used by National Oceanic and Atmospheric Administration (NOAA), Emergency Alert Services (EAS), FEMA and other agencies.

W3C
World Wide Web Consortium (W3C) is an open standards platform organization for the Internet. WebRTC is an open-source standard by W3C for voip communication on the web through an API. For an API, JavaScript is mentioned.

More
LwM2M (Lightweight Machine to Machine) is an open specification by OMA. JupiterMesh is an open specification by Zigbee. These are for hardware and IoT communication.

Secure authentication and encryption of streams
For secure communication, OMEMO or PGP is needed for XMPP. It is easy to verify whether OMEMO or PGP are switched on. Jingle and other file or media transports still need additional encryption.

SIP needs both SIPS (SIP Secure) and SRTP (Secure RTP) for secure communication, but this requires a professional to set up devices on both ends of the line. It is difficult to confirm whether SIP communications are encrypted, or when they become unencrypted, unless it is set up by an expert in such a way that calls drop the moment they become insecure. Many software offerings don't have SIPS availability: PJSIP. SIPS negotiates a link between clients and servers, then SRTP transports voice directly from client to client.

SRTP ports and port options:
* Asterisk ports have net/pjsip and SRTP options: both must be enabled
* net/pjsip has an EXTSRTP option, which must be enabled
* EXSRTP and SRTP options both pull in the net/libsrtp2 library
* net/libsrtp was long depreciated and replaced by a newer version, libsrtp2, because it conflicted with OpenSSL in base of previous FreeBSD versions
* audio/baresip is an SIP client which had the srtp option: DTLS_SRTP is now available as an option, but is marked as broken

For IAX, RSA key exchange or MD5 hashing only secures the authentication handshake. The communication stream also requires a dynamic key (aes128) or VPN.

MQTT's authentication is too basic to allow secure conversation, however it can use SSL/TLS.

CoAP (Constrained Application Protocol) is a framework from IETF as an alternative to MQTT, but it provides no security mechanisms.

Sources
* ietf.org
* www.oasis-open.org
* asteriskdocs.org
* eclipse.org: MQTT and CoAP, IoT Protocols

Further Reading
Tags
Click to expand...
What a succinct literature review with references!



This post will remain a reference point to signalling protocols and their implementations in FreeBSD for several people.

Thank you ❤️?
 
For ruby there is
Code: 
rubygem-amqp
rubygem-amqp-utils
rubygem-bunny
For python there is
Code: 
devel/py37-pika
net/py37-amqp
net/py37-pamqp
net/py37-txamqp
 
Organizations that contribute to RFC's
IETF, Internet Architecture Board (IAB), Internet Research Task Force (IRTF) and independent entities have different roles in contribution to RFC's. These, plus "Editorial" make up the RFC series.

IETF is the only one that stewards the Standards Track for RFC's. IAB and IETF both recommend best practices for RFC's. IETF, IRTF, IAB and Independent entities all have Experimental, Informational and Historical RFC's. https://www.rfc-editor.org/faq/


Interesting protocols used on top of XMPP
  • XEP-0179: Jingle IAX Transport Method
  • XEP-0127: Common Alerting Protocol (CAP) Over XMPP
  • XEP-XXXX: SIP/SDP Over XMPP (SoX) - is an early and experimental proposal, which isn't an official standard
    • RFC 4566: Session Description Protocol (SDP) - used by SIP, WebRTC. SDP is used in a lot of software technologies from W3C and IETF
      • RFC 2974: Session Announcement Protocol (SAP) - experimental protocol for data, including multicast sessions

Common Alerting Protocol (CAP) implementations
  • Alert Hub uses CAP, and this implementation is used by many organizations around the world, including IFRC (International Federation of Red Cross/Crescent), NOAA, FEMA and ITU (a UN organization). CAP Editor and Cap Alert Hub are software offered by Alert Hub for CAP transmission.
  • Eden is another framework on top of CAP. It is used for tsunami and earthquake warnings in several countries along the Indian Ocean and Asian Pacific. Eden has been used for emergency responses to COVID as well. It is stewarded by the Sahana project. SAMBRO is a message broker for Eden.
 
Matrix isn't an opensource standard; it's an opensource service/software from an organization like Signal is. Signal and others are good products, while they are in a different category, as they're organizations rather than open standards.

Matrix is contributing to a proposed opensource standard of MIMI (https://datatracker.ietf.org/group/mimi/about/). Before this, Matrix tried to also become an open standard of its own, but didn't. XMPP is also trying to influence MIMI, which other client organizations could potentially contribute to.

Matrix contributed a proposed message format https://datatracker.ietf.org/doc/draft-ralston-mimi-matrix-message-format/ and a proposed transport layer https://datatracker.ietf.org/doc/draft-ralston-mimi-linearized-matrix/ for MIMI.

Matrix's involvement in MIMI can be seed at: https://matrix.org/blog/2022/12/25/the-matrix-holiday-update-2022/#ietf-mimi.

Also, https://teamwire.eu/en/mimi-with-mls-the-new-standard-for-interoperability-of-messaging-apps/.

For the purposes of Matrix' contribution to a proposed OpenSource standard, and to clarify that Matrix's comparison to an open standard, it's beneficial that it was brought up.
 
Microblogging protocols
ActivityPub is social networking protocol endorsed by W3C. net-im/gotosocial is the ActivityPub port on FreeBSD. Mastodon and Instagram are more popular services which use this protocol. Other services which use ActivityPub include PixelFed, Friendica, Pleorma, and a Wordpress plugin. Organizations contributing to ActivityPub also include: Mozilla, Flipboard, Medium, Tumblr and Meta. These organizations may benefit through their services having some interoperability such as by the feature of cross posting between them.

For a list of Mastodon ports on FreeBSD: psearch -c net -c net-im -s mastodon.

The AT protocol is a newer standard used by BlueSky which was founded in part by Twitter co-founder Jack Dorsey. Jabber creator Jeremie Miller is on the board of directors. This protocol is opensource, but it's not an open standard, at least not at this time. The AT protocol has more features than Activity Pub, such as being able to message globally, in addition to being community specific.


References; Further reading
 
Last edited:
Thanks, I tried Tokodon net-im/tokodon.

It's OK, but intensely weird after the advanced web interface.

As far as I can tell: no response to Page Down or Page Up keys, that's a showstopper for me.
 
Last edited:
grahamperrin said:
Thanks, I tried Tokodon net-im/tokodon.

It's OK, but intensely weird after the advanced web interface.

As far as I can tell: no response to Page Down or Page Up keys, that's a showstopper for me.
Click to expand...
What is your favorite application for secure day-to-day communication, e.g. telegram, whatsapp, signal, others like ...
 
MQTT is not created for chat but it can be used. I've been studying it recently and looks interesting. Simple chat client can be implemented easily.
 
The Fediverse is a group of social networks which are opensource and have the ability to be interconnected in a decentralized way. Microblogging and media sharing are included in such networks.

The Fediverse was initially based on ActivityPub, which is an opensource standard endorsed by W3C, but it has become inclusive of other standards including the AT protocol. ActivityPub was started by the Social Web Networking Group through the W3C, and this was the beginning of the Fediverse. A few offerings which used ActivityPub are in a previous post on this thread.

Often, bridges and other layers are used to connect or display communication between platforms on different open source social protocols on the Fediverse. Communication between different platforms on the same protocol such as ActivityPub is much easier and doesn't require additional bridge layers. A bridge layer would be like XMPP or Discord messages being displayed and/or interacted with in an IRC chat.

Companies which own proprietary social networking services have also offered their own services for the Fediverse. Some services are based on openstandards, but have been proprietary anyway. These would be different services by them which are intended to interact with an opensource Fediverse.

In addition to ActivityPub and AT, Diaspora, and OStatus are other protocols.

 
You must log in or register to reply here.
Back
Top