Steps to reproduce:

Hello
Please add in this forum
Components for Chat Core (mozilla.org)
https://bugzilla.mozilla.org/describecomponents.cgi?product=Chat%20Core
the category:

Echo Servers for encrypted chat: Integration of simple to admin chat servers

to be able to discuss this open source and well-developed option to chat encrypted.

The request then is, to please add for chat in Thunderbird not only protocols and architectures which require high sophisticated chat servers, no one can set up.
In the future chat servers are needed easily to be set up by every school class teacher.

Chat over Matrix and also XMPP, e.g., is a hassle to set up such a referring server. Another suggestion has been made to use e-Mail-Servers for chat over the encrypted POPTASTIC protocol. That can be looked up in this request: https://bugzilla.mozilla.org/show_bug.cgi?id=1777771

The future of that encrypted variant is, that e-mail providers might not allow the encryption over their service. Hence a second easy to install alternative as complimentary solution in Thunderbird is needed: Using simple to install encrypted chat servers – that’s is why this request is made.

The ideas is, to use echo servers for chat in Thunderbird.

Actual results:

There are already many servers given for the Echo Protocol: That is:
SmokeStack-Server, Spot-On Server , Spot-On Lite Deamon Server, GoldBug Server etc.

As far as a crypto workshop here has shown, SmokeStack is probably the most easiest to install server for encrypted chat. It can be found here:
https://f-droid.org/de/packages/org.purple.smokestack/

A test server IP can be found in the chat app:

https://f-droid.org/de/packages/org.purple.smoke/

That test server Ip works also with the above mentioned chat apps deploying the echo chat protocol. But this request is not about the chat over that open protocol, but to chat over an easy to set up chat server, which handles encryption.

Expected results:

Chat in Thunderbird needs two requirements, servers for encrypted chat and servers, which are easy to install.

SmokeStack installs on Android and is the easiest to install and administer chat server, everyone can try out.

Also the future-proof algorithm McEliece is handle over the Smoke-Ecosystem. That allows also to chat with Thunderbirds from the Mobile App Smoke then.

PS: As Thunderbird has acquired a K9 Android App by time the request will come to handle chat also over K9. The Java ode for Chat over these servers is then already given and a relevant future integration for messaging in Thunderbird.

Thanks for the iplementation of the compatibility with chat over one of these above mentioned echo chat servers, which are easy to install and admin.
It is not about specific requiements, but about to give the users and communities the power back, to install a chat server on their own on premise and being not dependend on chat servers using kubernetes at AWS and such.

Is there a protocol description available? I only see references to some implementations.

Echo Chat is done over one of these servers (= simple http/s listeners)

• Spot-On: https://github.com/textbrowser/spot-on
• Smoke: https://github.com/textbrowser/smoke
• Spot-On-Lite Deamon Server: https://github.com/textbrowser/spot-on-lite
• SmokeStack Android Server: https://github.com/textbrowser/smokestack
• GoldBug: https://sourceforge.net/projects/goldbug/

Chat apps are accordingly. And also TBird Chat could address these servers as requested above.

How the Echo Protocol works is best documented in the original App Spot-On:
https://github.com/textbrowser/spot-on/tree/master/branches/trunk/Documentation
https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Documentation/Spot-On.pdf
https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Documentation/Spot-On.odt

Please see also the c++ code for documentation of the message format.

Manual
https://www.amazon.com/-/de/dp/3749435065

Hybrid System: Spot-On implements a hybrid system for authenticity and confidentiality. Per-message authentication and encryption keys are generated. The two keys are used for authenticating and encapsulating data. The two keys are encapsulated via the public key portion of the system. The application also provides a mechanism for distributing session-like keys for data encapsulation. The private keys are encapsulated via the public key system. An additional mechanism allows for the distribution of session-like keys via previously-established private keys. Digital signatures are optionally applied to the data.

As an example, please consider the following message format:

EPublic Key(Encryption Key || Hash Key) || EEncryption Key(Data) || HHash Key (EPublic Key(Encryption Key || Hash Key) || EEncryption Key(Data)).

The private-key authentication and encryption mechanism is identical to the procedure discussed in the Encrypted and Authenticated Containers section.

All Message formats are described here:
https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Documentation/MESSAGES

Code implementation of the message format: - search for keyword message -as the kernel handles the messages and decryption:
https://github.com/textbrowser/spot-on/blob/master/branches/trunk/Kernel/spot-on-kernel-a.cc

however, more than a handfull of server software for the echo chat is given supporting all plattforms.
if you implement the client side chat in TBird, you can use this test server and need not to set up an own server:

Echo-Testserver for echo chat:
5.180.182.220: 4710

Echo Chat is the only and first implementation of McEliece encrypted chat and the servers do not handle any plaintext.
Hence it is future proof.

Claudio, please stop CCing people on bugs. There is no reason for me to be CCd on this or any other of your bugs for now. I am aware that they exist, but there is no need for me to be CCd. Further, please consider https://bugzilla.mozilla.org/page.cgi?id=etiquette.html especially when adding someone back as CC after they removed themselves.

Excuse me, Martin, Patrick requested to import the e-Mail talk with him to this bug and he added you to CC in email there.
So you are right, you need not to be present here too, as it was unknown, how close you work with him, as he CCed you. Please dont feel offended.