Wednesday, August 21, 2013
council@muc.xmpp.org
August
Mon Tue Wed Thu Fri Sat Sun
      1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
             
XMPP Council Room | https://xmpp.org/about/xmpp-standards-foundation#council | Room logs: http://logs.xmpp.org/council/ | https://trello.com/b/ww7zWMlI/xmpp-council-agenda

[00:02:54] *** bear shows as "online" and his status message is "Available"
[00:20:37] *** bear shows as "away" and his status message is "Available"
[00:24:16] *** Lance has left the room
[01:02:38] *** m&m has joined the room
[01:02:48] *** m&m has left the room
[01:02:51] *** m&m has joined the room
[01:45:08] *** Lance shows as "online"
[01:45:08] *** Lance shows as "online"
[02:20:24] *** m&m has left the room
[02:26:25] *** Lance has left the room
[02:34:17] *** m&m has joined the room
[02:46:04] *** bear shows as "online" and his status message is "Available"
[02:56:15] *** bear shows as "away" and his status message is "Available"
[03:01:35] *** bear shows as "online" and his status message is "Available"
[03:13:19] *** bear shows as "away" and his status message is "Available"
[03:40:38] *** bear shows as "online" and his status message is "Available"
[03:50:38] *** bear shows as "away" and his status message is "Available"
[04:09:46] *** m&m has left the room
[04:11:13] *** bear shows as "online" and his status message is "Available"
[04:21:12] *** bear shows as "away" and his status message is "Available"
[04:29:34] *** bear shows as "online" and his status message is "Available"
[04:40:19] *** bear shows as "away" and his status message is "Available"
[05:06:49] *** bear shows as "online" and his status message is "Available"
[05:16:49] *** bear shows as "away" and his status message is "Available"
[05:59:42] *** Kev shows as "online"
[06:02:15] *** bear shows as "online" and his status message is "Available"
[06:11:01] *** Tobias has joined the room
[06:11:04] *** Tobias shows as "online" and his status message is "Available"
[06:12:15] *** bear shows as "away" and his status message is "Available"
[06:22:21] *** Tobias shows as "away" and his status message is "Available"
[06:34:53] *** Tobias shows as "online" and his status message is "Available"
[06:49:33] *** Neustradamus has joined the room
[07:11:36] *** Kev shows as "away"
[07:11:54] *** Kev shows as "online"
[07:12:04] *** Tobias shows as "away" and his status message is "Available"
[07:16:27] *** Lance shows as "online"
[07:16:28] *** Lance shows as "online"
[07:18:31] *** Tobias shows as "online" and his status message is "Available"
[07:32:55] *** Tobias shows as "away" and his status message is "Available"
[07:40:44] *** Lance has left the room
[07:45:52] *** Tobias shows as "online" and his status message is "Available"
[08:35:52] *** Tobias shows as "away" and his status message is "Available"
[08:35:56] *** Tobias shows as "online" and his status message is "Available"
[09:06:19] *** Kev shows as "away"
[09:11:14] *** Kev shows as "online"
[09:53:44] *** Tobias has joined the room
[09:53:48] *** Tobias shows as "online" and his status message is "Available"
[10:20:31] *** Tobias shows as "online" and his status message is "working"
[10:35:59] *** Tobias shows as "online" and his status message is "Available"
[10:39:09] *** Kev shows as "away"
[11:02:48] *** Kev shows as "online"
[11:12:10] <Kev> The only thing I have on the agenda for today is the list of purgatory XEPs Peter mailed 'round.
[11:42:52] *** Kev shows as "away"
[11:50:25] *** Kev shows as "online"
[12:10:52] *** Tobias shows as "away" and his status message is "Available"
[12:27:54] *** Tobias shows as "online" and his status message is "Available"
[12:44:28] *** jabberjocke has joined the room
[12:44:28] *** jabberjocke shows as "online"
[13:33:56] *** m&m has joined the room
[13:51:06] *** m&m shows as "away" and his status message is "stuffage"
[13:58:17] *** Tobias has left the room
[13:58:22] *** Tobias has joined the room
[13:58:22] *** Tobias shows as "online" and his status message is "Available"
[14:04:30] *** Kev shows as "away"
[14:09:30] *** Tobias shows as "away" and his status message is "Available"
[14:09:47] *** jabberjocke has left the room
[14:29:33] *** m&m has left the room
[14:29:50] *** m&m has joined the room
[14:29:58] *** m&m shows as "online"
[14:42:39] *** m&m shows as "away" and his status message is "stuffage"
[14:47:15] *** m&m shows as "online"
[14:56:16] *** m&m shows as "dnd" and his status message is "JSON teleconference"
[15:00:26] *** ralphm has joined the room
[15:00:32] *ralphm waves
[15:01:00] *** m&m has left the room
[15:01:32] *** Kev shows as "online"
[15:02:38] <Kev> Hi Ralph.
[15:02:41] *** Tobias has joined the room
[15:02:43] <Kev> 10mins:)
[15:03:01] *** Tobias has left the room
[15:03:06] <ralphm> Kev: I always aim for :00, so I'm surely on time
[15:03:12] <Kev> Seems reasonable.
[15:03:36] *** Tobias has joined the room
[15:05:01] <Tobias > Jtalk's muc is still a bit buggy
[15:08:12] *** psaintan has joined the room
[15:08:26] <psaintan> greetings
[15:08:39] <Tobias > Guten tag
[15:09:32] <ralphm> Goede dag!
[15:10:38] <psaintan> :)
[15:10:51] <Tobias > Interestingly jtalk lists all my multi session nicks
[15:10:54] <psaintan> m&m is in the JSON WG meeting all day and won't join us here
[15:11:18] <Kev> IIt is time.
[15:11:31] <Kev> psaintan: He said last week he couldn't make it - although I was hoping he'd suggest a better time.
[15:11:42] <Kev> 1) Roll call.
[15:11:46] <Kev> M&M sends apologies.
[15:11:48] <Kev> I'm here.
[15:11:53] <ralphm> here
[15:12:01] *psaintan is here via his @cisco.com JID
[15:12:23] <Tobias > Here
[15:12:29] <ralphm> psaintan: fancy
[15:12:31] *Kev pokes MattJ
[15:12:37] *** Tobias has left the room
[15:12:46] <Kev> Tobias leaves in disgust.
[15:12:51] <psaintan> :)
[15:12:55] <ralphm> Still one left, I guess
[15:12:58] *** Tobias has joined the room
[15:13:18] <Tobias > Still there
[15:13:18] <Kev> 2) Stuff stuck at proposed.
[15:13:36] <Kev> XEP-0152: Reachability Addresses

XEP-0220: Server Dialback

XEP-0288: Bidirectional Server-to-Server Connections

XEP-0297: Stanza Forwarding

XEP-0301: In-Band Real Time Text

[15:13:57] <Kev> Does it seem sensible to vote on them going to Draft next week?
[15:14:06] *** MattJ has joined the room
[15:14:14] <Kev> I need to review the 301 diff (Please, everyone else, do feel free to do a review and comment!).
[15:14:23] <psaintan> fippo sent me some editorial nits about 220 and I will process those ASAP
[15:14:40] <Kev> I keep hoping to have a chance to do a cleanroom implementation of 220, but then I don't get around to it, so that's no reason to delay.
[15:14:45] <psaintan> we can ping fippo about 288
[15:14:59] <psaintan> yeah, dialback has been stable for a long time :-)
[15:15:33] <Tobias >
Bidi not though
[15:15:37] <Kev> So, everyone ok with just voting on the lot next week?
[15:15:47] <MattJ> Yes, I think so
[15:15:49] <ralphm> just out of curiousity, apart from GTalk connectivity, how much do we still need dialback?
[15:15:52] <Tobias > Fine with me
[15:15:58] <MattJ> I have some small modifications to make to 297, so I'll push those this week
[15:16:41] <Kev> ralphm: We might not want to use the in-dialback proof method, but I think we still want to keep the dialback protocol stuff around.
[15:16:42] <psaintan> ralphm: well, POSH and DNA and such actually use dialback for signalling, about piggybacking so I think we'll keep it around for a while longer :)
[15:16:45] <Kev> At least from what I understand.
[15:16:54] <psaintan> right
[15:17:24] <Kev> OK. So that's all on the agenda for a vote next week.
[15:17:26] <MattJ> psaintan, can they function without dialback at the moment?
[15:17:31] <Kev> Did I miss anything for this week?
[15:17:42] <Kev> ProtoXEPs or whatever.
[15:17:57] <ralphm> I knew about all this, of course, but still wondering if the landscape has changed enough to do everything with regular tls/sasl
[15:18:03] <psaintan> MattJ: see http://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/ and provide feedback on the xmpp@ietf.org list :-)
[15:18:19] <psaintan> ralphm: for initial connections, yes
[15:18:29] <psaintan> ralphm: for piggybacked domain pairs, unclear
[15:18:45] *ralphm nods
[15:18:49] <Kev> Shoving SASL exchanges into the middle of a stream would be somewhat unorthodox.
[15:18:56] <Kev> OK.
[15:18:58] <Kev> 3) Date of next.
[15:19:02] <ralphm> psaintan: is this a point of attention in the XMPP WG
[15:19:02] <Kev> SBTSBC?
[15:19:03] <ralphm> ?
[15:19:28] <psaintan> although (AOB) I would like to start pushing the communityforward to fully encrypted hops
[15:19:40] <psaintan> ralphm: the DNA stuff is
[15:19:47] <ralphm> right
[15:19:50] <Kev> I'll take that as a 'yes' to SBTSBC, then.
[15:19:57] <Kev> 4) AOB
[15:19:57] <psaintan> Kev: yes :-)
[15:20:01] <ralphm> Kev: yes
[15:20:09] <Tobias > Yes on the time
[15:20:12] <Kev> So, SEX day. Please, for the love of all that's good, let's not call it SEX day.
[15:20:14] <MattJ> Kev, you could just have the whole meeting yourself :P
[15:20:20] <MattJ> +1
[15:20:24] <MattJ> and I'm replying to that post...
[15:20:28] <psaintan> huh?
[15:20:36] <psaintan> oh
[15:20:36] <Kev> I realise as geeks we have the humour capabilities of a three-year-old, but still.
[15:20:36] <MattJ> psaintan, see Simon's latest email
[15:20:43] <psaintan> I started reading that but hadn't gotten that far
[15:20:49] <psaintan> agreed on the naming!
[15:21:00] <Tobias > Hehe
[15:21:25] <Kev> psaintan: Do we know what 'fully encrypted' means?
[15:21:40] <psaintan> Kev: TLS anyway
[15:21:45] <psaintan> channel encryption
[15:21:48] <psaintan> with cert checking
[15:21:55] <Kev> Cert checking...for what?
[15:22:02] <Kev> CAs?
[15:22:08] <psaintan> RFC 6125 stuff
[15:22:10] <ralphm> Kev: I guess we're done here?
[15:22:13] *** Tobias has left the room
[15:22:27] <Kev> Yeah, I'm happy enough that this is a tangent.
[15:22:31] <Kev> Thanks all.
[15:22:33] <psaintan> :)
[15:22:34] *Kev bangs the gavel
[15:22:37] *** Tobias has joined the room
[15:22:53] <Kev> psaintan: So, this means that any server not automatically fetching certs and doing OCSP and stuff should stop federating, right?
[15:22:58] <Kev> s/certs/CRLs/
[15:23:06] <Tobias > Thanks
[15:23:12] <psaintan> well, no one does OCSP as I understand it
[15:23:39] <Kev> That was somewhat my point.
[15:23:44] <psaintan> Kev: I know you're tired and overworked, so please just s/fully// and we'll move on
[15:24:04] <Tobias > Peter, and crls?
[15:24:26] <Kev> I wasn't being entirely belligerent. If we want to have a big 'turn off encryption and partition the network' event, I think we should have a reasonable handle on what's involved.
[15:24:36] <psaintan> well, sure, people should do all that stuff, but at least doing RFC 6125 checks is a good idea
[15:24:39] <Tobias > What servers do crl?
[15:24:57] <Kev> Tobias: Fully, without having to fetch manually? Just M-Link of which I'm aware.
[15:25:05] <Kev> And even then, only by configuration I think.
[15:25:28] <psaintan> I'm not necessarily in favor of a flag day, but it would be a step in the right direction if several of the larger nodes required TLS and proper certs (and we had helpful HOWTOs in place so that admins of other servers could get up to speed)
[15:25:35] <Tobias > Yup. 3rd party fetching
[15:25:54] <Kev> I'd suggest we just go with 'require unchecked TLS' first.
[15:26:22] <Kev> And this does effectively blackhole gmail, which isn't something I'm entirely comfortable with..
[15:26:27] <psaintan> CRLs and OCSP are two solutions to a problem that might be solved in other ways (e.g., shorter-lived certificates), but that's a wider discussion
[15:26:42] <psaintan> maybe we wait until Google turns off federation
[15:27:22] <Tobias > Peter, nobody knows when that is though
[15:27:40] <psaintan> sure
[15:27:52] <psaintan> so perhaps we need to take the lead
[15:28:23] <psaintan> we don't necessarily make it permanent at first
[15:28:32] <psaintan> we can experiment as people did with IPv6
[15:29:00] <Kev> I don't think anyone (significant)'s tried promoting IPv6 by turning off v4 though, have they?
[15:29:30] <psaintan> heh
[15:29:32] <Kev> I'm not anti-TLS-on-S2S, although I realise my "Let's think this through" sounds a bit like it.
[15:29:51] <psaintan> I'm in favor of c2s first of all
[15:30:01] <psaintan> that's an easier step to take
[15:30:07] <Kev> That one is much easier.
[15:30:09] <psaintan> yes
[15:30:27] <psaintan> and will help us isolate some bugs, fix some software out there in the world, etc.
[15:31:17] <Kev> I'd be happy with someone coming up with a list of steps on the road to secure XMPP, and it probably looks a bit like:
No PLAIN/78 without TLS
No C2S without TLS
[15:31:29] <Kev> Require SCRAM-SHA1-PLUS with TLS where possible.
[15:31:43] <Kev> (e.g. it's not possible while backing on to AD or whatever)
[15:31:50] *** Tobias has left the room
[15:31:57] <Kev> I'd be very happy to sort out (1) on j.org, finally.
[15:32:04] <Kev> Then plan to do (2) in a couple of months.
[15:32:08] <Kev> I think (3) might be a little optimistic.
[15:32:27] <psaintan> that seems eminently reasonable
[15:33:07] *** Tobias has joined the room
[15:33:08] <psaintan> I wonder which server products have configuration bits for these things
[15:33:25] <psaintan> and whether we need to figure that out for the more widely-deployed servers
[15:33:37] <MattJ> Prosody already disallows PLAIN (or legacy auth, if enabled) on unencrypted connections - and most clients do anyway
[15:33:40] <Kev> I think it'd be good to sort out a roadmap to security.
[15:33:47] <psaintan> Kev: yes
[15:33:53] <Kev> And then we can let the vendors have this, so we know that software can do it.
[15:33:57] <MattJ> and as a config option to enforce TLS
[15:34:04] <MattJ> and has a config option to enforce TLS
[15:34:05] <Kev> And then gently encourage admins to move towards it.
[15:34:25] <psaintan> we might have carrots and we might have sticks
[15:34:29] <Kev> MattJ: M-Link has a config option to re-enable PLAIN without TLS, and we've got that switched on on jabber.org
[15:34:44] <psaintan> xmpp.net might have a role to play here in reporting and self-testing
[15:35:59] <ralphm> Kev: why?
[15:36:07] <psaintan> I do wonder if prosody-users and buddycloud-dev are the right venues for the discussion :-)
[15:36:18] <Kev> ralphm: Because when we initially deployed, there were so many users that suddenly couldn't connect.
[15:36:25] <Kev> Maybe, three years on, this wouldn't be the case.
[15:36:43] <ralphm> Kev: surely you have statistics on this?
[15:36:46] <psaintan> Kev: yeah, a lot of those users were on old OS X releases IIRC
[15:37:04] <Kev> ralphm: Could generate stats, but I don't have any to hand.
[15:37:12] <ralphm> oh
[15:37:33] <Kev> But we can't generate stats or whether those users have just configured their client in a stupid way, or don't have another option in their client for some reason.
[15:37:35] <Kev> But anyway.
[15:37:53] <Tobias > <3 stats
[15:37:54] <Kev> I'm entirely in favour of just making an announcement once the migration dust has settled and disabling this option on jabber.org
[15:38:26] <psaintan> Kev: yes, I've been waiting to bring up such issues until after the migration
[15:38:27] <Kev> And then making another announcement and after a couple of months requiring TLS.
[15:38:34] <psaintan> yes
[15:38:53] <Kev> I'd /like/ to then require SCRAM-SHA1-PLUS, but that's a bit trickier :)
[15:38:57] <psaintan> :)
[15:38:59] <psaintan> indeed
[15:39:05] <psaintan> one step at a time
[15:39:19] <Kev> Although at least Tobias and I are using clients that'd work fine with. Anyone else? :)
[15:39:35] <psaintan> I think we all agree on the goal, but we need to be prepared and think through the various issues that will arise
[15:39:55] <Kev> psaintan: 'tis all I ask.
[15:39:56] <psaintan> Kev: I use Swift for stpeter@jabber.org but in Psi at the moment
[15:40:13] <Tobias > psi's just got scram without plus
[15:40:33] <psaintan> and flipping multiple switches at once is a recipe for not understanding what's causing various problems
[15:40:36] <Kev> SCRAM without PLUS isn't much better than DIGEST-MD5 :)
[15:40:38] *** Zash has joined the room
[15:40:39] *** Zash shows as "online"
[15:41:04] <Tobias > Kev, interop wise it does
[15:41:14] <Kev> Or, at least, it's the -PLUS magic that's relevant to the TLS conversation.
[15:41:25] <Tobias > Sure
[15:41:26] *** Tobias has left the room
[15:42:46] *psaintan reviews various emails about XEP-0220 so we can advance it
[15:44:46] <ralphm> Kev: everything is much better than DIGEST-MD5 in my humble opinion
[15:44:53] <ralphm> even DIGEST
[15:44:56] <ralphm> eh
[15:44:57] <ralphm> PLAIN
[15:44:59] <psaintan> heh
[15:44:59] <Kev> In terms of interop, yes.
[15:45:06] <Kev> In security properties, maybe not.
[15:45:18] <ralphm> and in terms of bat shit crazy omgbbq who the hell thought this up
[15:45:29] <Kev> Then DIGEST-MD5 > *, yes.
[15:46:21] <Kev> Although I think this is more just a case of 'things have got better, we're better at doing this now'.
[15:46:40] <ralphm> Kev: no
[15:48:56] *** Tobias has joined the room
[15:51:02] *** Tobias has left the room
[15:56:54] <ralphm> Kev: i.e. your colleagues (among others) were already discussing all the bad things in DIGEST-MD5 over a decade ago over in the sasl wg
[16:03:06] *** Tobias has left the room
[16:04:53] *** Lance has joined the room
[16:04:54] *** Lance shows as "online"
[16:13:04] *** Tobias has joined the room
[16:13:10] *** Tobias shows as "online" and his status message is "Available"
[16:16:43] *** Tobias has left the room
[16:21:59] *** Neustradamus has joined the room
[16:39:36] <Kev> I wonder if at any point Simon's going to move this discussion somewhere a bit more appropriate than prosody-users.
[16:39:47] <Zash> Heh
[16:41:15] <MattJ> Yes, operators@ would have been more appropriate I think :)
[16:41:30] <MattJ> It's a question of deployment, not implementation
[16:41:45] <Kev> operators@, or if he wants it to be XSF-endorsed, members@
[16:41:45] <MattJ> (at this point I think all popular implementations are capable of what we're discussing)
[16:42:01] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[16:46:57] <Kev> Could be.
[16:48:37] <Kev> Although I think doing some self-signed CA leap-of-faith-with-dialback stuff would possibly be better than public-CA-based PKI stuff.
[16:49:06] <Kev> Depending what the things people are concerned about are.
[16:52:01] *** ralphm shows as "xa" and his status message is "Not available as a result of being idle"
[16:52:45] *** m&m has joined the room
[16:53:42] *** m&m shows as "online"
[16:54:35] <psaintan> OK, I've incorporated fippo's feedback on 220
[16:56:00] <psaintan> but yeah, agreed on operators@
[16:56:02] <psaintan> brb
[16:56:20] *** m&m shows as "away" and his status message is "stuffage"
[17:06:21] *** Kev shows as "away"
[17:06:54] *** m&m shows as "online"
[17:09:30] *** Zash has left the room
[17:09:36] *** Zash has joined the room
[17:09:47] *** Zash shows as "online"
[17:13:45] *** Kev shows as "online"
[17:27:14] *** Tobias has joined the room
[17:27:22] *** Tobias shows as "online" and his status message is "Available"
[17:27:25] *** Kev shows as "away"
[17:42:09] *** ralphm shows as "online"
[18:02:37] *** m&m shows as "away" and his status message is "stuffage"
[18:02:40] *** m&m shows as "online"
[18:02:47] *** m&m shows as "away" and his status message is "stuffage"
[18:49:38] *** bear shows as "online" and his status message is "Available"
[18:51:09] *** Tobias shows as "online" and his status message is "out for a bike ride..."
[18:51:43] *** Tobias shows as "online" and his status message is "bike ride -> clearing brain (:"
[19:03:51] *** Tobias shows as "away" and his status message is "bike ride -> clearing brain (:"
[19:08:09] *** bear has left the room
[19:09:47] *** bear has joined the room
[19:09:48] *** bear shows as "online" and his status message is "Available"
[19:11:54] *** m&m shows as "online"
[19:19:44] *** bear shows as "away" and his status message is "Available"
[19:29:21] *** m&m shows as "away" and his status message is "stuffage"
[19:30:56] *** m&m shows as "online"
[19:32:30] *** Kev shows as "online"
[19:43:55] *** m&m shows as "away" and his status message is "stuffage"
[19:53:57] *** bear shows as "online" and his status message is "Available"
[20:00:17] *** m&m shows as "online"
[20:09:26] *** bear shows as "away" and his status message is "Available"
[20:10:14] *** m&m shows as "away" and his status message is "stuffage"
[20:19:38] *** ralphm shows as "away" and his status message is "Away as a result of being idle"
[20:25:41] *** Tobias shows as "online" and his status message is "bike ride -> clearing brain (:"
[20:25:54] *** Tobias shows as "online" and his status message is "Available"
[20:29:39] *** ralphm shows as "xa" and his status message is "Not available as a result of being idle"
[20:32:55] *** Kev shows as "away"
[20:35:32] *** Kev shows as "online"
[20:38:48] *** m&m shows as "online"
[20:39:17] *** psaintan has left the room
[20:47:17] *** Kev shows as "away"
[20:48:17] *** Kev shows as "online"
[21:13:40] *** bear shows as "online" and his status message is "Available"
[21:24:31] *** bear shows as "away" and his status message is "Available"
[21:25:38] *** Zash shows as "away"
[21:28:28] *** Kev shows as "away"
[21:33:08] *** bear shows as "online" and his status message is "Available"
[21:43:10] *** bear shows as "away" and his status message is "Available"
[21:46:45] *** m&m shows as "away" and his status message is "stuffage"
[22:01:47] *** bear shows as "online" and his status message is "Available"
[22:02:19] *** m&m has left the room
[22:11:54] *** bear shows as "away" and his status message is "Available"
[22:28:54] *** Tobias shows as "away" and his status message is "Available"
[22:32:53] *** Tobias shows as "online" and his status message is "Available"
[22:35:31] *** bear shows as "online" and his status message is "Available"
[22:45:31] *** bear shows as "away" and his status message is "Available"
[23:05:46] *** bear shows as "online" and his status message is "Available"
[23:15:46] *** bear shows as "away" and his status message is "Available"
[23:24:53] *** Tobias shows as "away" and his status message is "Available"
[23:29:59] *** Tobias shows as "online" and his status message is "Available"
[23:36:27] *** bear shows as "online" and his status message is "Available"
[23:41:44] *** Tobias shows as "away" and his status message is "Available"
[23:46:28] *** bear shows as "away" and his status message is "Available"