Surevine are expert at securing the technology which best meets our clients’ needs. Because collaboration requires interoperability and because our clients’ care about what’s going on “under the hood”, the solutions we deliver are often based on open systems.
Surevine’s solution-oriented approach can be seen in our deep technical expertise in secure chat and real time communications. Our engineers take a breadth-first view of the technology landscape, with a particular emphasis on the security and interoperability of different technology choices. Whether that be through our involvement in the UK Government’s open standards board, the IT Industry’s Secure Chorus initiative with UK NCSC’s backing, or deep involvement in the leading open platforms in this space: Matrix, Rocket.Chat, and XMPP.
Our deep technical expertise in securing real-time communications can be illustrated through our strong heritage with XMPP (the eXtensible Messaging and Presence Protocol). This covers not only many of the Ignite Realtime components, but also the XMPP server Openfire.
Surevine are world leaders in secure chat, and there is no better example than our expertise in XMPP. We have extensive experience in customising, extending, configuring and deploying XMPP-based solutions for the most security conscious organisations, globally.
Deployed instances relied on by National Security and for real-time military communications
Member of the XMPP Standards Board, Technical Council, and authors of published XMPP Extensions Protocols (XEPs)
Project lead of the Openfire project (the “reference implementation” of the XMPP standard) and Ignite Realtime community
As part of our deep expertise in securing real-time communications, for XMPP-based digital services, we deliver:
We can offer consultancy, support and bespoke development, as well as hosting, of XMPP-based digital services.
What is XMPP for?
XMPP is a communications protocol used for instant messaging. It’s used to communicate structured data between software components in near-real-time. XMPP is an open standard, and many of the client and server implementations are open source. This has led to broad adoption – with many organisations using it for internal communications. It’s also used for chat in many online games (EVE Online, Fortnite) and used by the Nintendo Switch to power its push notifications.
How does the XMPP protocol work?
The XMPP protocol works via structured XML transmitted over a protocol such as TCP. As well as the original standard, codified as RFCs, there are hundreds of XEPs, or XMPP Extension Protocols which add additional features or functionality to the Standard. Examples include Multi-user Chat, Publish/Subscribe features, message archiving, copying messages to all devices a user is logged in to (called carbons), and chat markers (to see where other users have read up to).
Is XMPP secure?
Whilst the XMPP standards largely cover the structure of the information transmitted, rather than the transmission of that information, the RFC also requires that all client/server implementations support encrypted communications, which can be configured for use for all communications between clients and servers, and between communicating servers. There are XEPs, including some written by Surevine, which enhance this security further. For example, OMEMO enables device fingerprinting (ensuring that even compromised credentials won’t permit a user to be spoofed) and forward secrecy (meaning that compromising the encryption keys won’t allow you decrypt old messages).
What is Openfire used for?
Openfire is a fully featured XMPP server used by security conscious organisations around the world. It has a 15-year track record/heritage, a dedicated core team of developers, and boasts a broad set of built-in XEP implementations and others available through its plugin architecture. Its extensible, plugin-based architecture provides a valuable platform for features. The vibrant community is something which Surevine is committed to active and ongoing support to of to ensure that all of those who need real-time communications can benefit from ever-improving security.