Taking A Peek At Google Talk Authentication

So as per my previous post on the matter, and the buzz in general, I decided to go ahead and give the official client a whirl. I started using the new service via iChat and Adium last night, but wanted to see how the actual Google client looked and take a peek at how it works.

As you’ve probably heard, the system is based on the Jabber protocol — which is basically a set of standards built on streaming XML. Here are some details if you’re interested.

Anyway, my curiousity is focused around the authentication piece, so I fired up a sniffer and watched myself login. My side first sent an “auth xmlns” that included an X-GOOGLE-TOKEN (I can’t include the actual content since WordPress is eating the XML) which consisted of a very long alphanumeric string. The server then responded with a “success xmlns” response. After that the exchange of information ensued.

One key piece of information here is the fact that Google’s Jabber implementation doesn’t currently support encryption. From their website:

Google Talk currently does not encrypt chats or calls. But we are working hard to make many improvements to Google Talk while it is in beta, and we plan to fully support encryption of chats and calls before our official release.

No big deal — it’s still beta.

Anyway, I have to get back to work but I’ll be looking more into this later…