-
intosi
Ralph: I'm on that list.
-
Lloyd
This just came up, thought it might be of interest https://secure-resumption.com/
-
xnyhps
Lloyd: That was also mentioned here yesterday. My expectation is that nothing on XMPP is vulnerable as nothing uses TLS resumption.
-
Lloyd
xnyhps, ahh missed that apologies. Good to hear about the lack of vulnerability though
-
xnyhps
(Though I don't have much concrete evidence for that…)
-
Kev
As far as I can tell from the description, this doesn't require the client to not check server certs.
-
Kev
dwd: Are you sure this is the case?
-
Kev
Or, at least, it doesn't require as sever as 'verify nothing', I think.
-
xnyhps
Kev: The image shows the Attacker replaces the cert with its own cert.
-
Kev
I could easily have misread this. But it seemed to me to be saying that the attacker's website wasn't claiming to be the victim's website.
-
Kev
I need to work out how I'm going to grab lunch, if I'm going to be travelling across London at lunchtime.
-
Kev
Need to leave the hotel at 11 to get to the Hilton for 12:30, if TFL is to be believed.
-
xnyhps
I stand corrected, jabber.org lets you do TLS resumption.Hm.
-
Kev
Although not client strong-auth.
-
dwd
Kev, I think that the Attacker would have to pretend to be some site for which the credentials matched, at least.
-
xnyhps
Attacker has attacker.com, user visits that and it obtains the client-cert from the user and presents it to goodserver.com?
-
Kev
Maybe I should understand the attack, instead of just reading the decription.
-
Kev
+s
-
Kev
I read it as the attacker presenting their own identity.
-
Kev
And then swapping out to a MITMd session to the victim.
-
xnyhps
Yeah, I think you're right.
-
xnyhps
But of course, when you try to attack the channel-binding part of SCRAM-SHA-1-PLUS, you do need valid credentials of the server.
-
xnyhps
Or the client must have used an identical nodepart and password on your server as on the malicious server.
-
xnyhps
But if you have that, there's nothing you can win by an attack, you have the password. :)
-
ralphm
hah
-
Kev
I guess I need to start thinking about heading into town.
-
Kev
Right. See folks at precis, I guess.
-
dwd
Ah, Kitten have just started discussing the TLS MITM stuff.
-
Zash
Kitten is now?
-
dwd
Looks like the consensus might be that resumption is a no-no.
-
dwd
This is on the list.
-
Zash
ah
-
dwd
Kitten is Thursday, 1520-1650.
-
Kev
And that's my first hallway bump-into-someone.
-
Kev
Who else is here? :)
-
dwd
I'm just about to hop into the car. I should make the IETF hallway for about 6pm or so if I'm lucky; if not I'll see you at the meetup.
-
Kev
It's entirely possible I won't be here by 6pm, but we'll see. I'm intending crowd-following once precis/xmpp are done.
-
Kev
I have my pretty noob-ribbon on :)
-
dwd
If I'd gone properly, I would have qualified for a noob ribbon, plus a WG Chair dot, which I'd have found amusing.
-
stpeter
dwd: I don't think you would have been the first
-
stpeter
although it is rare
-
stpeter
for what WG are you a chair?
-
dwd
qresync, now in shutdown-wait.
-
Kev
I guess I should try to find precis.
-
Kev
Follow the yelllow arrows?
-
stpeter
I need to find that, too, but I'm still in another meeting
-
stpeter
ah, it's downstairs
-
stpeter
3 floors down in the east wing, right off the lobby
-
stpeter
this hotel has a strange layout
-
Kev
It's a labyrinth.
-
Kev
Going hunting, BRB.
-
Zash
Kev: Did you see the video?
-
Kev
I haven't watched it yet.
-
Kev
I saw that there was one.
-
fippo
hah, another two tls vulnerabilities. I think the tlswg will have fun
-
fippo
even though those were library issues
-
ralphm
Zash: was my suggestion clear?
-
Kev
So, I'm currently sat in the TLS WG session, along with assorted other XMPP people, but I note that this goes on until 6:40. ISTR Lloyd suggesting that we should be at Moz at 6:30.
-
Zash
Hmm
-
xnyhps
I thought 7?
-
ralphm
Kev: ubber can't do time travel. Disappointing
-
Kev
Upon arrival Surevine will have pizza and beer waiting (around 6:30pm). The latest schedule is posted up on http://lanyrd.com/2014/xmppuk/.
-
xnyhps
Oh, meetup had 7.
-
stpeter
do we need to sign up for Uber in order to catch a ride
-
xnyhps
I think you need to give them your credit card number.
-
Kev
I would be inclined to just grab the tube, personally, but I have an Oyster card.
-
Zash
I wanna see the series of tubes :)
-
stpeter
http://wiki.xmpp.org/web/IETF_89 says "We're planning on holding the XMPP meetup at MozSpace at 101 St. Martin's Lane, starting at 7pm."
-
stpeter
I'd be happy with the tube
-
Zash
ralphm: Your suggestion was?
-
xnyhps
I was planning to take the tube, too.
-
Kev
It's 20mins by tube, along Bakerloo, I believe.
-
Kev
https://www.google.com/maps/dir/Hilton+London+Metropole,+225+Edgware+Rd,+London+W2+1JU,+UK/51%C2%B030'37.4%22N+0%C2%B007'37.4%22W/@51.5201367,-0.1530664,13z/data=!4m12!4m11!1m5!1m1!1s0x48761ab4122b2d83:0xfdfeed0b864cbfb0!2m2!1d-0.1694932!2d51.5191439!1m3!2m2!1d-0.1270556!2d51.5103889!3e3 What a lovely URI.
-
ralphm
Zash: webrtc data channels
-
Zash
ralphm: Because that's likely to be implemented by clients anyways?
-
stpeter
ralphm: XTLS (Dirk Meyer's work) could offer a webrtc data channel as one of the transport options
-
ralphm
Zash: yes, that's my thinking
-
Zash
stpeter: Which is why it sounded like XTLS to me
- stpeter nods to Zash
-
ralphm
stpeter: yes, but I want to do away with IBB entirely
-
Zash
ralphm: Does XTLS say you have to use IBB?
-
stpeter
ralphm: so XTLS but MUST NOT offer IBB?
-
Zash
I don't see the need, really. Jingle lets you negotiate transport.
-
Zash
But what are the security bits you want to solve?
-
ralphm
Zash: well, sure, but my personal opinion is that IBB is horrible and don't want to have people need to implement it
-
stpeter
webrtc data channels seem convenient, for sure
-
ralphm
Zash: I think having out-of-band XML Streams for e2e are easier to implement
-
Ge0rG
I like IBB because it allows to leverage a trusted server for end-to-end file exchange
-
ralphm
Ge0rG: I don't see how that is better than negotiating an out-of-band connection with the server, over Jingle.
-
Ge0rG
besides, aren't XTLS and WebRTC data channels solving the same problem?
-
stpeter
Ge0rG: no
-
stpeter
Ge0rG: XTLS is end-to-end encryption - data channels would be one end-to-end transport over which we could negotiate end-to-end TLS
-
Zash
ralphm: Having IBB be MTI for E2E does indeed seem problematic. I think someone mentioned that you'd basically have to open a loopback connection to yourself, tunnel it over IBB and then starttls on that
-
Zash
Unless there are better tls libs that I've not seen
-
Ge0rG
stpeter: but webrtc has dtls for end-to-end encryption, righT?
-
ralphm
stpeter: I'm not suggesting using any of webrtc per se, just the same p2p transport for the actual bits, with sctp/rtp/dtls and all that, as you would negotiate webrtc data channels
-
fippo
stpeter: we do negotiate end-to-end (d)tls with webrtc data channels. but the exchange of fingerprints is not protected.
-
xnyhps
Zash: Wat? Aren't most TLS libraries separated from network libraries?
-
Zash
xnyhps: Not really looked further than LuaSec
-
stpeter
ralphm: ah, thanks for the clarification
-
ralphm
XTLS says:
-
ralphm
More complex scenarios are theoretically supported (e.g., encrypted file transfer using SOCKS5 bytestreams and encrypted voice chat using DTLS-SRTP) but have not yet been fully defined. XTLS theoretically can be used to establish a TLS-encrypted streaming transport or a DTLS-encrypted datagram transport, but integration with DTLS [DTLS] has not yet been prototyped so use with streaming transports is the more stable scenario.
-
ralphm
So I'm saying we go the next step and actually prototype that thing mentioned, with the same tech as used for webrtc data channels.
-
ralphm
I think this makes people's live slightly better and allows us to piggyback on that work.
-
Ge0rG
how is dtls security handled in webrtc?
-
Zash
Ge0rG: AFAIK, you send a fingerprint through the SDP blob via your whatever server.
-
fippo
ge0rg: http://tools.ietf.org/html/rfc4572#section-6
-
ralphm
http://tools.ietf.org/html/rfc5764 has a bunch of text on that, too
-
Ge0rG
so how is that solving a different problem from xtls?
-
ralphm
Zash: I don't think it depends on SDP per se, but we might have to do a jingle equivalent.
-
ralphm
Ge0rG: it solves the same problems, but without IBB and with a protocol that people will implement in other places (WebRTC)
-
ralphm
like, say, browsers
-
stpeter
BTW, XTLS = http://tools.ietf.org/id/draft-meyer-xmpp-e2e-encryption-02.txt
-
ralphm
in fact, my feeling is that we should just take the IBB guts out of draft-meyer-xmpp-e2e-encryption and replace it with dtls-rtp
-
ralphm
stpeter: ah, thanks for that link, of course
-
stpeter
ralphm: I've always rather liked the general approach of XTLS
-
Zash
stpeter, +1
-
stpeter
it would be fairly straightforward for us to take draft-meyer-xmpp-e2e-encryption-02, change it around, and submit a revised I-D
-
stpeter
call it draft-meijer-* instead of draft-meyer-* ;-)
-
ralphm
stpeter: no confusion there, I'm sure
-
stpeter
heh
-
Zash
But, do we want something that'll work with Carbons?
-
fippo
ralphm: xep 0320 is the jingle equivalent of that. even though it was actually pretty much limited to being an sdp mapping
-
fippo
ralphm: i'd like to see what ekr has in mind wrt webrtc + identity providers before going further in any direction
-
ralphm
fippo: right
-
Kev
Zash: I want something that works with carbons and with MAM.
-
ralphm
stpeter: I do want to retain the generic nature of that draft, but without any suggestion of doing ibb
-
Kev
So anything that goes out of band has some unfortunate properties there.
-
stpeter
+1 to Kev on Carbons and MAM
-
stpeter
so many requirements :-)
-
ralphm
Kev: and how does draft-miller address this?
-
Kev
That's what I'm trying to work out right now (reading it at the moment), before chatting with Matt tonight.
-
stpeter
http://tools.ietf.org/id/draft-ietf-xmpp-e2e-requirements-01.txt needs to be revisited
-
ralphm
Kev: my feeling is that it doesn't, but I might be missing something
-
m&m
carbons is supported, but possibly not MAM
-
intosi
Hello, Nelsons Column.
- m&m is taking notes for tls wg
- stpeter notes that WG notes really only need to be action items and I haven't heard many of those here
-
m&m
but note that supporting offline makes it hard (maybe impossible) to also support PFS
-
Zash
xnyhps, Kev, when do we need to leave?
-
m&m
immediately after tls-wg ends (-:
-
Kev
Depends if we want to get there for 18:30 or 19:00.
-
intosi
At what time can I invade Moz Space?
-
stpeter
the offline case makes life so much more complicated
-
Kev
If we want to get there at 18:30, when I think it 'opens' (@Edwin), we should leave here at 18:00, give or take.
-
m&m
you probably want to leave here @ 18:00 to be there by 18:30
-
Zash
My GMT+1 clock makes this very confusing.
-
Kev
Above times are Zulu.
-
ralphm
m&m: indeed. e2e might be conceptually incompatible with mam
-
xnyhps
Zash: If we want to be there on time, we need to leave 54 minutes from now.
-
ralphm
carbons is doable with oob, too
-
Kev
ralphm: I don't believe that to be true. It simply changes the tradeoffs.
-
ralphm
Kev: I think we agree
-
m&m
I think the difference is whether carbons is managed by the server, or managed by the client
-
Kev
In the simple case, anything gpg-based can be compatible with carbons and MAM, given ubiquitous private keys.
-
Kev
(Not that I'm pushing we use gpg as our approach)
-
stpeter
so much is possible, given ubiquitous private keys :-)
-
m&m
just not PFS d-:
-
Kev
Right.
-
Zash
To FS or not to FS.
-
stpeter
there is no P
-
Tobias
maybe we don't need the P :)
-
stpeter
heh
-
stpeter
"perfection is not an option"
-
m&m
Pretty-good Forward Secrecy (PgFS) d-:
-
intosi
Perfection is the opposite of delivered.
-
Zash
m&m, :D
-
m&m
Permissible Forward Secrecy
-
xnyhps
Pretty Good Forward Secrecy?
-
intosi
Poorly Guarded Privacy.
-
Zash
Hah
-
m&m
heh
-
ralphm
m&m: sure with xtls you'd need clients to figure out the multiplex
-
Zash
Yeah
-
Zash
You could also do MAM between your own resources
-
Kev
Over 174"
-
Kev
Because moving all of XMPP to the client is our favourite direction.
-
Zash
Let's build Skype with angle brackets!
-
Zash
We just need a single master authentication server
-
fippo
zash: let's use gmail.com
-
m&m
hotmail.com
-
Zash
facebook.com!
-
m&m
IM is over-rated, we should go back to email!!
-
m&m
and use more ASN.1
-
SM
m&m, you do use email :-)
-
m&m
far too much
-
stpeter
:)
-
fippo
m&m: let's make ma bell proud by putting more intelligence into the network again!
-
SM
You folks will be getting veggie pizzas if you go on
-
Zash
MattJ will be pleased
-
m&m
XMPP over DTMF
-
intosi
One combination is a nibble, not sure what data rate you can achieve.
-
Kev
Pizza has bread in it, it can't be veggie.
-
intosi
Symbol rate, I mean.
-
SM
Kev, I thought that you were in for getting everyone to try that.
-
Kev
SM: There is a long-running gag with letting MattJ know that various foods (like bread) are meats.
-
SM
Oh:)
-
m&m
haha
-
Zash
Those poor Bread animals.
-
intosi
And veggies are meat anyway, the poor greens just don't know it yet.
-
Zash
Carrots are people too!
-
intosi
That's Captain Carrot for you.
-
Kev
So, yes. We should aim to leave in about 15mins if we want to get to Moz for 18:30Z.
-
Kev
Is anyone intending leaving the session 40mins early to get to Moz, or is everyone staying to the bitter end?
-
stpeter
unfortunately m&m needs to stick around because he's taking notes
-
stpeter
I'd be game to leave, but I don't want to abandon Matt
-
Zash
We do have a backup Matt tho ;)
-
m&m
ouch
-
stpeter
heh
-
Kev
I don't really want to abandon anyone, but at the same time I'd like to get over to Moz and start bashing MattJ over the head to update MAM :)
-
Kev
So I'm inclined to leave now and apologise to m&m later :)
-
Zash
I'm hungry.
-
Kev
Zash: So you're leaving?
-
Zash
I'm follwing MattJ
-
Kev
Matt is following you.
-
Kev
You're both useless.
-
Zash
xnyhps: Decide who's leading please.
-
Kev
I'm going to head to Moz now. Others can leave or not.
-
Zash
But then either MattJ or I have to get up...
-
stpeter
I hope m&m and I can figure out how to get to MozSpace :-)
-
intosi
Just follow the scent of Pizza.
-
intosi
And remember the address, that usually helps, too ;)
-
m&m
I've got a map cached on my phone (-:
-
intosi
Should do the trick.
-
intosi
Are you using Ubbers?
-
m&m
no, Underground
-
stpeter
https://wiki.mozilla.org/London might help
-
intosi
When lost, just go to Trafalgar Square and look at one of the maps there.
-
intosi
The square is big and kinda hard to miss ;)
-
Neustradamus
I have a problem with http://planet.jabber.org/ same for you?