How to enforce OTR?

Unai_Rodriguez · July 4, 2012, 5:00am

Dear All,

We are planning to use Openfire and Spark across our organization. Since some users will be connecting from the Internet (i.e. outside our corporate network and with no VPN), is there a way of enforcing OTR?

It seems that by default OTR is off and users might just forget to click on the padlock icon.

We’re open to other suggestions on how to enforce that all communications are encrypted. Our Openfire has already been configure to “require” encrypted connections but if I’m not mistaken that is only for client to server communications (not client to client).

It would be acceptable if only the part of the communication that happens over the Internet is encrypted (e.g.: one user from within the corporate network chatting with another user connected over the Internet – only the user connected from the Internet will require encryption).

Thank you so much.

With Best Wishes,

Unai Rodriguez

wroot · July 4, 2012, 7:19am

In Jabber/XMPP text messages are client-server-client, not client-client. So everything should be encrypted if you enforce SSL connection i nthe server settings. There is no option to enforce OTR.

Unai_Rodriguez · July 4, 2012, 7:33am

wroot,

Thank you so much for your answer. I have just been testing and looking into XMPP specification and indeed, there are no c2c connections, only c2s and s2s. So setting the encryption to required solves the issue.

Valentin_Cretu · September 19, 2012, 11:54am

Does this apply to webClients also ?

wroot · September 19, 2012, 12:55pm

Yes. Webclient still has to make a connection to a server and send messages through it. But. I think this only covers the connection between a site hosting a webclient and Openfire server. But to use a webclient one has to connect to a site hosting it via browser. So the site hosting a webclient must use some kind of SSL also, to encrypt what is sent from a browser to a site.