Initiative to harden the security and privacy of Openfire Meetings

[astrometrics]

Again I'm a newbie here.

This issue is an proposal of an initiative to improve and/or make exactly known:

• P2P over centralized connection methods,
• General Security and Privacy.

Some initial suggestions would be:

• Eliminate external (execution time) dependencies such as calling external libraries, pictures, modules, services, etc. All calls should be restricted to the Openfire server.
• Elucidate the exact role of each port group, how to harden the firewall for in the Openfire Server.
• Explore the necessity and usage of the internal Openfire Stun server, and others such as Coturn (if it is needed at all), in a way to make P2P happen as a default when possible.
• Maybe that was done already, but a clear pie recipe for LetsEncrypt and self signed certificates.
• Maximize usage of database as a central repository for data, explore database encryption and hardening (which may be important in the case of a VPS).
• A table of when certain XEPs are being used like Jingle File Transfer (XEP-0234), HTTP File Upload (XEP-0363), etc to maximize or make it clear the usage of P2P.
• etc

[astrometrics]

Maybe IgniteRealTime team, etc could be the owner of this one, maybe in some other context, as it has some importance. I'll gladly participate.

[deleolajide]

Thank you for the suggestions :-)

What has been suggested here was the basis of creating openfire meetings in the first place instead of using stand-alone jitsi-meet in a docker container. Most of the requirements stated are implemented or inherited as a consequence of using Openfire as the container.

It would be nice if someone could document the required detail information as a series of wiki pages here or somewhere else at ignite-realtime.