-
kevin.
back, after a long time. 8)
-
Simon
Where were you Kevin?
-
Simon
oh not the Kev. There is more than one.
-
kevin.
There are two.
-
Kev
There's only one me, though.
-
Simon
Kev, how's Doomsong's cert fixing going?
-
Simon
Or are you gunning for DNSSEC being widespread enough that you can drop it? :)
-
kevin.
yeah, only one kev smith. and i'm not that
-
Kev
Simon: I need to sort this out, thanks for reminding me
- Kev puts into todo
-
Kev
Conveniently, I'm in the middle of capturing todos at the moment :)
-
Simon
buddycloud.com/org just completed readiness for Jan 4th.
-
fippo
simon: post to operators@ instead
-
fippo
91.5% of servers allowing starttls is good.
-
Simon
fippo: will do in the future
-
Simon
MITM says "I'd rather not startTLS". So still MITM-able.
-
fippo
we're not going to stop being MITM-able in january.
-
Simon
agreed: 4th Jan will help us understand what breaks.
-
Simon
like the ipv6 days.
-
Simon
My point is that we have a benchmark and can see if we're increasing.
-
fippo
http://mail.jabber.org/pipermail/standards/2007-July/016086.html
-
fippo
take that as comparison :-)
-
Simon
shocking…
-
Simon
makes the http cert world look pristine.
-
fippo
sure. nobody seemed to care back then
-
fippo
and your 8.5% figure is misleading. tls will typically be used when it's offered, so it's likely used on 91.5% of the connections
-
fippo
and 51% are most likely non-mitmable
-
fippo
which is not bad
-
Simon
how many of that 8.5% are also doing certificate auth?
-
fippo
I don't think many people are requiring certificate auth
-
Simon
so still mitm-able then.
-
fippo
sure.
-
fippo
but manifesto is not about changing that
-
Simon
I'm going to log a check for that on https://bitbucket.org/xnyhps/xmppoke/issues?status=new&status=open
-
fippo
there is no safe way to tell if a remote server enforces your cert
-
Simon
https://bitbucket.org/xnyhps/xmppoke/issue/12/test-for-invalid-certificates-certificate
-
fippo
simon: I like that ;-)
-
fippo
kev: just pushed updated jingle-grouping/jingle-sources :-)
-
Kev
fippo: There is for C2S, mind.
-
Simon
kev: cert checking or Jingle?
-
Kev
A way to check that the other end's connection to you isn't MITMable.
-
Simon
yeah - imho this is important. (ref: one of DWD's speeches on certs and authenticity etc etc)
-
Kev
Simon: So, do you use -PLUS? :)
-
Kev
fippo: So, ready for a revote on Wednesday, then?
-
Simon
g+?
-
fippo
kev: yes please
-
Kev
Simon: No, SCRAM-SHA-1-PLUS.
-
Kev
That's the only way the server can check that the client's not going to be MITMd.
-
Simon
kev - yes.
-
Kev
And even that's not perfect.
-
Simon
I'm more concerned about s2s in this case.
-
fippo
kev: but that doesn't allow you to tell if the remote server is using your cert to auth either (actually, why would it request scram from you?)
-
Kev
fippo: -PLUS doesn't help with S2S, but it helps greatly with C2S.
-
Kev
But only if a client doesn't allow a downgrade to PLAIN.
-
Kev
Which ~=everyone does.
-
MattJ
Kev, and Swift? :)
-
Kev
Swift doesn't do mech pinning.
-
MattJ
"Yet"?
-
MattJ
I've been considering taking a client and making it "totally secure", and re-releasing it
-
Kev
Yet, indeed.
-
MattJ
Swift is obviously a good candidate
-
Kev
There are a number of sensible things to do there, and motivation to do them.
-
MattJ
I'm talking about removing support for anything but TLS 1.2, SCRAM-PLUS, etc.
-
MattJ
No certificate validation bypass
-
Kev
This doesn't sound like fun
-
MattJ
For whom? :)
-
Kev
Well - what's the motivation?
-
Kev
Protection against downgrades is very sensible, and doesn't stop users using the client.
-
Kev
But stripping out widely used things because they're not deemed to be maximally secure doesn't seem altogether helpful.
-
Kev
How many TLS 1.1 vulnerabilities are we seeing?
-
MattJ
Just because we aren't seeing them doesn't mean they aren't there
-
Kev
And there's no point forking Swift for this, BTW. We have a mechanism for enforcing policies by sysadmins.
-
MattJ
Everyone should realise that by now :)
-
MattJ
Kev, then I'd repackage it at least
-
Kev
Why?
-
MattJ
and you probably wouldn't want me calling it just "Swift" at that point
-
MattJ
then how do I configure it?
-
MattJ
brb
-
Kev
Linux: Install an extra make-Swift-paranoid package, Windows you can have such a checkbox in the installer, and I'm sure something can be worked out for Mac.
-
Simon
the node-XMPP guys are doing some good work to move their code to nicely support TLSv.1.2
-
MattJ
Kev, are there docs on this?
-
Kev
MattJ: No.
-
Kev
But happy to chat about it over <- there in swift@.
-
MattJ
Ok, when I have some time :)
-
Simon
oops - didn't mean to dredge up the digest beast in members@
-
MattJ
Too late, it is awake
-
Simon
Hopefully it's died out by the time I'm back (10th Jan)
-
Kev
I'm not sure bringing up requirements for TLS is necessarily staying on-message at the moment.
-
Kev
While there's simultaneously the opportunistic TLS days happening.
-
MattJ
For folks not in the Prosody room, I'm currently working on a mod_manifesto
-
MattJ
https://matthewwild.co.uk/uploads/mod_manifesto_1.png
-
Simon
That's really nice MattJ
-
Simon
In terms of the text - it might put it in context to describe the problem/why at the start.
-
MattJ
It's configurable by the admin, but this is the default message - I'm happy to take suggested amendments
-
MattJ
I don't want it t o get too verbose
-
Simon
yes.
-
MattJ
I should clarify that the list is completely automated - it is only sent to users who have contacts on unencrypted s2s links
-
Simon
I'd expect nothing less from the Prosody team.
-
MattJ
I'm going to implement the actual test days into the module too if I can - overriding the config to allow only encrypted connections for the 24h period
-
MattJ
which also means I'm aiming for UTC...
-
MattJ
unless people think that's a bad idea
-
Simon
TZ of least confusion.
-
waqas
MattJ: Do we have good error responses on lack of TLS?
-
MattJ
waqas, as good as could be expected
-
waqas
Both for local users, and for remote
-
MattJ
I'm thinking of having mod_manifesto rewrite them for the test day though
-
MattJ
waqas, yes, the error message says that the delivery failure was due to lack of encryption
-
waqas
The folks we probably want to make the most aware of this are the people on servers without good encryption
-
waqas
Not the local users, who are already on a good server
-
MattJ
Yep
-
MattJ
I considered spamming them, but... ;)
- Simon is impressed with Prosody's preparedness.
-
Simon
I expect all users will get a notification until jabber.org gets ready.
-
Kev
jabber.org /is/ ready, is it not?
-
Kev
In that the only thing that's needed to be ready is to have a cert.
-
fippo
kev: i think it would be good to have jabber.org reject non-tls connection
-
Simon
https://xmpp.net/result.php?domain=jabber.org&type=server
-
fippo
otherwise "but it works with jabber.org!!!!" is true
-
Simon
and fix it's cipherlist
-
Kev
Simon: Nothing on that page looks incompatible with servers participating in the event.
-
Kev
To me.
-
Kev
fippo: Yes, I expect we will.
-
fippo
i wonder why jabber.orgs pubkey score is sooo low
-
Kev
Because it bundles the root (Which is a pretty sensible thing to do)?
-
MattJ
Why is it a sensible thing to do?
-
Kev
MattJ: Because if you're going to do leap of faith, having the root gives you a better basis for future upgrades.
-
Simon
Presumably the root should come from outside the connections / OS /Browser.
-
Simon
intermediate should be included though
-
Simon
also the cert is for conference.jabber.org.
-
Kev
The cname is c.j.o, which isn't the same thing.
-
Kev
It has the right SANs in it as far as I know.
-
fippo
there is a bug for xmpp.net that it should show SANs
-
fippo
i even have code for it but can't get the tool itself to work for me
-
Simon
fippo: this one https://bitbucket.org/xnyhps/xmppoke/issue/3/show-certificate-subjectalternativenames ?
-
fippo
simon: yeah
-
Simon
If anyone is looking for a well considered, peer reviewed ciphersuite, Mozilla Opsec have a good writeup: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite
-
Simon
fippo: solved you cert problem a different way https://xmpp.net/result.php?domain=estos.de&type=server ?
-
fippo
simon: huh? it has always shown as valid
-
fippo
it just doesn't show why this one is valid :-)
-
Simon
reread your xmpppoke issue. Makes sense now.
-
Simon
interestingly buddycloud.com refuses to speak to jabber.org too with the current cert.
-
Simon
Dec 15 21:34:43 s2sout22aafc0 info Beginning new connection attempt to jabber.org. ([208.68.163.218]:5269) Dec 15 21:34:44 mod_s2s warn Forbidding insecure connection to/from jabber.org. Dec 15 21:34:44 s2sout22aafc0 info outgoing s2s stream buddycloud.com->jabber.org. closed: stream closed Dec 15 21:34:44 s2sout22aafc0 info sending error replies for 2 queued stanzas because of failed outgoing connection to jabber.org.
-
Simon
s2s_secure_auth = true s2s_require_encryption = true
-
MattJ
I don't know why that would be
-
MattJ
Haaa
-
MattJ
I know what the issue is, there is a '.' at the end of the hostname
-
Simon
the cert or the contact?
-
MattJ
Someone is trying to send something to "jabber.org."
-
Simon
right
-
MattJ
I vaguely recall something about this in the RFC
-
MattJ
Yes, it's in 6122
-
MattJ
It must be stripped, but it doesn't say where
-
MattJ
well, it says: "this character MUST be stripped from the domainpart before the JID of which it is a part is used for the purpose of routing an XML stanza, comparing against another JID, or constructing an [XMPP‑URI]. "
-
MattJ
So it's a client bug for allowing it and a server bug for not stripping it either I suppose
-
Simon
server bug for storing it in the roster table too?
-
MattJ
Not necessarily storing it
-
MattJ
I don't know if roster entries must be in normalized form
-
Zash
Let's blame jabber.org for answering to "jabber.org."
-
Zash
Prosody says host-unknown