-
pep.
https://gultsch.de/ daniel s/in moving/is moving/
-
edhelas
MattJ yup. But I'd also like to generalize to pretty much everything we have in XMPP
-
goffi
daniel: just seen that conversations enable OMEMO by default, what happens if the other client doesn't implement it?
-
jonasw
for those of us who implement/implemented voice calls: http://oaktrust.library.tamu.edu/handle/1969.1/ETD-TAMU-2011-05-9116
-
fippo
jonasw: how does that compare to opus with CBR? (something the wire folks contributed back to the webrtc.org lib)?
-
jonasw
fippo, I have no idea
-
jonasw
someone who may work on jingle voice in jabbercat has researched that stuff
-
jonasw
kudos to them for even thinking about timing sidechannels
-
jonasw
(and with research I mean "looked for papers", not "written that paper")
-
daniel
> https://gultsch.de/ daniel s/in moving/is moving/ pep.: thanks
-
goffi
daniel: ^
-
daniel
?
-
goffi
[07:33][goffi] daniel: just seen that conversations enable OMEMO by default, what happens if the other client doesn't implement it?
-
daniel
it wont be able to decrypt the message
-
goffi
daniel: conversations won't send it unencrypted then?
-
daniel
not by default
-
daniel
you can of course switch to unencrypted manually
-
goffi
daniel: you have a warning or something obvious so people know how to do it?
-
daniel
nope
-
daniel
(unless you don't publish any keys at all)
-
goffi
looks like you're breaking compatibility
-
Zash
And keys are published by ... default ?
-
flow
goffi, i'd say it impedes communication with certain clients, not really a compatiblity issue
-
flow
I wonder if the situation could be improved a bit if the receiving client informs the sending that he doesn't the support the encryption mechanism, possibly based on EME
-
flow
Is there a way to send outgoing messages from the bare JID to conceal the resource?
-
daniel
flow, well detection is not really the issue. downgrade attacks are
-
flow
daniel, how do you detect it (reliable)?
-
goffi
flow: OMEMO is experimental, not an official standard yet. It's forcing it's use except if user change default which is not obvious to apparently. So yes it's breaking compatibility. Popular clients like Movim are not implementing it. It sounds like a terrible idea to me.
-
daniel
or let me repharse; we have mechanism that would allow us to detect under certain conditions; however that doesn't seem like a problem worth solving because downgrades
-
flow
daniel, I can see how that way is appealing from a pragmatic pratical point of view, i'm mostly interested thinking about potential solutions how a modular/extensible federated network could deal with multiple encryption schemes with minimal interoperability issues
-
daniel
flow: well because of the +notify thing in the Disco features we do know if a client supports omemo
-
daniel
If we can access disco
-
daniel
Speaking from a purely technical perspective
-
daniel
Assuming the other one is online and has presence subscription
-
MattJ
I was going to say that still allows a server MITM to strip that feature from disco
-
MattJ
But then a server may also unpublish keys
-
flow
MattJ, not if you always unconditional send omemo
-
flow
not sure what conversation's omemo-by-default does
-
MattJ
if you've communicated before?
-
daniel
MattJ, of course. that's why i'm not doing this
-
flow
daniel: is there a knob to turn off omemo-by-default?
-
daniel
not yet. i'm still on the fence whether this is a good idea
-
flow
daniel, so just to make sure I understand: If there is no such knob, I won't be able to communicate with someone using conversations if I use a client which does not support omemo?
-
jonasw
(and you have ever published keys)
-
jonasw
(which conversations does by default)
-
daniel
oh sorry. currently you can turn it off on a per conversation basis
-
daniel
the encryption/lock icon doesn't go away
-
daniel
just omemo is selected as default instead of none
-
flow
daniel, if the remote has published omemo keys, or always?
-
daniel
there isn't a app wide button to change the default for all conversations
-
daniel
flow, always
-
jonasw
what
-
jonasw
so how do you send encrypted messages if the remote hasn’t published keys?
-
flow
ahh ok, so a common flow would be that converstations send an omemo message, recipient replies "sorry, no can do", conversation user turns off omemo for that conversation
-
daniel
it will pop up the error dialog that it can't find keys
-
flow
that flow will always be possible?
-
jonasw
m(
-
daniel
> ahh ok, so a common flow would be that converstations send an omemo message, recipient replies "sorry, no can do", conversation user turns off omemo for that conversation that's how i imagine it. yes
-
jonasw
I’m really looking forward explaining to family how to that
-
flow
I think I could life with that
-
jonasw
that class of family for whom conversations is "ohhhh, you mean that thing on my phone"
-
goffi
daniel: does use need to do that on each new discussion with the same user ?
-
goffi
user*
-
flow
but on the other hand, that also allows for downgrade attacks
-
goffi
daniel: does user needs to do that on each new discussion with the same recipient ?
-
daniel
like i said; it's only about changing the defaults
-
daniel
not about forcing omemo
-
jonasw
alternatively, I’ll make our MUCs non-members-only
-
jonasw
that should do the trick too
-
daniel
goffi, no conversations are persistent across the life span of the app
-
daniel
there is no such thing as a 'new discussion'
-
jonasw
my understanding was that omemo would only be enabled when conversations was able to discover keys for all participants, which I could agree to. but this is really, really bad.
-
goffi
OK, that's better than I imagined
-
goffi
but I'm still worried that it's not obvious to change as you said previously. And what if recipient use OX instead? I personnaly prefer OX over OMEMO
-
daniel
lol
-
goffi
lol?
-
daniel
we can think about that when people have implemented ox
-
flow
true
-
daniel
I feel like I'm repeating myself. But the change is just about the default. So if previously a lot of people had to tell their contacts to _enable_ omemo for a specific conversation some other people now have to tell their contacts to disable omemo
-
daniel
And my argument is that outside the xmpp developer bubble a lot less people now have to ask their friends to change that
-
jonasw
daniel, I don’t see why you would default to enabling omemo if the contact not even has keys published
-
goffi
The recipient may not even know that there is a message
-
goffi
then "you have to disable OMEMO" "How?" "I have not idea"
-
goffi
no*
-
daniel
wait. you don't implement eme? :-)
-
goffi
clients not implementing OMEMO may definitely not implement eme indeed (which is not more standard than OMEMO by the way).
-
daniel
Conversations will add a clear text body if it detects the other party has at least one client online that doesn't support omemo
-
daniel
i was kidding about the eme
-
daniel
i'm not a fan of eme
-
daniel
for exactly that reason
-
daniel
bad clients don't implement it
-
daniel
good clients probably have the encryption anyway
-
goffi
daniel: it's not a question of bad or good, it's a question of priorities, which may differs from yours.
-
goffi
I have not implemented eme and I'm planning to, but Pubsub and blog stuff are more important to me.
-
goffi
and we are not all full time devs. Thanks to avoid insulting client developers.
-
edhelas
daniel there's no bad or good clients, Pidgin supports OMEMO, it's a good XMPP client for you ?
-
MattJ
daniel, what is the error dialog like when there are no keys? Does give an option to disable OMEMO for that contact?
-
daniel
MattJ, not yet. but there will be one if you previously haven't successfully send an omemo message
-
MattJ
That would be great
-
Ge0rG
OMEMO used to be a little UX nightmare. Now it has become the doom of Conversations :>
-
MattJ
I'm in favour of increasing security. End-to-end encryption with trivial downgrade attacks from the entity it's protecting against is... well, pointless
-
edhelas
can't wait for Conversations to support SIMS, to make it a good client again :3
-
MattJ
But I'm not in favour of making our lives even harder in increasing adoption of XMPP though
-
daniel
sims was planed for 2.0 - but it is actually a lot harder than I thought
-
goffi
I'm not against E2E encryption by default either, but I'm worrying about compatibility issues. And OMEMO is not a standard yet.
-
daniel
so it has to wait for 2.1 or 2.2
-
Ge0rG
I can not implement E2EE for *ehm* Regulatory Compliance Reasons.
-
Ge0rG
daniel: which OMEMO namespace is Conversations using currently?
-
daniel
Ge0rG, the one in the XEP :-) :-)
-
edhelas
daniel oh, good news :)
-
Ge0rG
> This specification defines the following XMPP namespaces: > - eu.siacs.conversations.axolotl Uhm. 🤦
-
edhelas
Ge0rG all the cool kids in town have their own client name in XMPP namespaces now
-
Ge0rG
But I want to be a cool kid too! Can I invent my own encryption protocol and have my name in the namespace? Like `pro.lukas.georg.doublerot13`?
-
jonasw
hah
-
daniel
probably; if you start the marketing campaign and get people to implement it
-
Ge0rG
I can start by adding this to all my messages: `<encryption xmlns='urn:xmpp:eme:0' namespace='pro.lukas.georg.doublerot13'/>
- jonasw files bugreport
-
jonasw
"rot13 undefined for emoji"
-
Zash
Let me tell you about my latest invention: ROT1114111
-
Ge0rG
jonasw: double rot13 WFM
-
jonasw
"but I don’t want to break abstraction by special-casing double-rot13!!!"
-
flow
layers!
- Maranda guesses he'll call someone Tr0eT from now on.
-
daniel
,oO(not sure thus is how double rot13 works)
-
Maranda
, oO(who said it's "double")
-
Maranda
🤣 🤣
-
edhelas
regarding the multiplication of E2E standards in XMPP I'm proposing a new XEP to cover everyone's use case, XEP-xxxx: PLAIN over E2E
-
Maranda
A Rot26 Ge0rG is rather boring and less Tr0eT'ling
-
Ge0rG
edhelas: that's kind of compatible to double rot13
-
pep.
Need another XEP to bridge the two
-
dwd
In entirely unrelated news, I'm attending the MLS BOF next week.
-
Tobias
Enjoy
-
Zash
That time of the 1/3year again?
-
jonasw
which time?
-
Zash
IETF time
-
Zash
3 per year
-
dwd
Also, reading back, double-XOR is 8-bit clean, and has the useful property that it always results in valid UTF-8, if you're looking for a decent encryption algorithm. Just ensure the key is from a suitable random source.
-
dwd
Zash: Yes, from this weekend.
-
Zash
Heh, IETF 101 :D
-
dwd
Zash: If you miss it, the later sessions won't make any sense.
-
Zash
Anyone feel like drafting an XMPP variant of https://tools.ietf.org/html/draft-ietf-acme-email-tls-03 ?
-
Zash
Actually why is that one not SRV-generic?
-
pep.
Zash: that means SRV-ID? :u
-
pep.
Heh
-
dwd
I'd not seen that. And yes, but I don't know if we can persuade Let's Encrypt to support it - but I can put tendrils out next week.
-
Zash
pep.: Highly unlikely, not even email uses that.
-
Zash
dNSNames everywhere and only
-
Ge0rG
> double-XOR is 8-bit clean, and has the useful property that it always results in valid UTF-8 Doesn't that depend on what you XOR with?
-
intosi
Ge0rG: no. If you xor it with 7-bit values, it will still be 8-bit clean :)
-
Zash
If you XOR with the same key twice...
-
intosi
Yup.
-
intosi
Really doesn't matter which bitsize your values are.
-
Ge0rG
I could XOR it with 0x00.
-
Zash
Not sure if *wosh*
-
jonasw
Ge0rG, everybody knows xor with 0x00 is unsafe!
-
Ge0rG
intosi: "Doesn't that depend on what you XOR with?" -- "no. If you xor it with 7-bit values," -- so that actually means "yes"?
-
intosi
No.
-
intosi
Or, "yes, it doesn't depend on"
-
intosi
For varying interpretations of the words "no" and "yes."
-
Ge0rG
Yes. We should stop that now before heads start exploding.
-
Zash
yes xor no
-
intosi
true
-
Ge0rG
Zash: that's boring. The true fun starts at `yes XOR File_Not_Found_Exception`
-
jonasw
XAND!
-
dwd
jonasw: XAND - Like an AND, but if both inputs are true then false?
-
dwd
Zash: Read through that email acme draft. I'll chat with Alexey about it on Saturday, and see if I can persuade him into knocking out an XMPP version.
-
Zash
dwd: Thanks.
-
dwd
FWIW, I think it ought to be doing sRVName in this instance.
-
rion
is here any dino.im user? I'm trying to figure out if it worth it to add dino client detection in Psi.
-
Zash
dwd: I saw mention of SRV-ID in the text
-
Zash
dwd: I do wonder if it would be sensible to factor out some generic SRV verification
-
dwd
Oh, indeed.
-
dwd
And yes, generic sounds awfully good to me, but I suspectit's impossible without immediate/direct TLS in all cases.
-
Zash
"How internet-drafts multiply"
-
dwd
BTW, anyone know what the state of the art client for Mac is?
-
Tobias
Monal, Swift 4.0rc6, …? :)
-
Tobias
Movim maybe, if it has a Mac version. edhelas, does it?
-
Zash
Isn't it a web client?
-
Tobias
i thought it had destkop wrappers :)
-
Tobias
Zash, it has a linux version https://movim.eu/#apps
-
edhelas
yeah but removed some of them recently, wasn't able to package Electron easily for Windows and Mac
-
Tobias
wasn't able to package Electron? I thought that was it's one purose, be able to package easily on desktop platforms✎ -
Tobias
wasn't able to package Electron? I thought that was its one purose, be able to package easily on desktop platforms ✏
-
edhelas
ahah, you fool, you need a sh**load of dependencies and actually run scripts on MacOS (and I don't have a Mac) to package .dmg and stuff like that
-
Tobias
ahh
-
edhelas
I don't have time for that
-
Tobias
I understand
-
edhelas
https://www.npmjs.com/package/electron-packager
-
edhelas
also I have a personnal issue with the JS ecosystem and NPM
-
edhelas
but that's purely personnal
-
goffi
edhelas: you're not the only one
-
Tobias
understandable, who doesn't have an issue with the JS ecosystem
-
Kev
Which JS ecosystem?
-
intosi
Kev: all of them, in varying degrees.
-
Zash
There can be only one!
-
daniel
Are there any Screenshots for swift 4.0?
-
Tobias
I can make one but it's probably not the usual setup for most users
-
Kev
https://www.dropbox.com/s/bn6rpzjqhroebgk/Screenshot%202018-03-14%2010.23.40.png?dl=0
-
Kev
Actually, let me sort out a different one.
-
Kev
https://www.dropbox.com/s/ltp23stece5gd66/Screenshot%202018-03-14%2010.25.14.png?dl=0 That's got the chat window in. Roster is unchanged since 3.0 (on http://swift.im/ ) I think.
-
goffi
nice idea the avatar on the left
-
daniel
Kev: thanks. can I assume the security label stuff is hidden if the server doesn't support it? Because that's pretty confusing for anyone not working for a three letter agency
-
Tobias
yes...it is
-
Tobias
it doesn't show for me at least when logged into my servers account
-
Seve/SouL
I love how you can make a grid in Swift
-
Ge0rG
Swift the IM client?
-
Seve/SouL
Yup
-
Ge0rG
what's a grid, then?
-
Seve/SouL
Ge0rG, you can make a grid with your open tabs/windows. I cannot share a screenshot right now, I hope Kev or Tobias can help.
-
Ge0rG
Ah, interesting. Is that something you need for a huge Cyber Threat Display?
-
jonasw
Ge0rG, go back to work ;-)
-
Steve Kille
Ge0rG: military users like to have lots of tabs, so they can monitor many chats at once, with keyword highlighting to draw attention to things they care about. I have been told of an operator with 64 rooms displayed
-
Seve/SouL
It's a feature I never thought I would see in an XMPP client (it feels super niche) but I love it
-
Seve/SouL
You need a big screen for that :D
-
jonasw
i want a screenshot
-
Steve Kille
I find it helpful. I run with a mere 2x2 grid, but it helps me wathc and participate in a few things at once
-
Seve/SouL
Yes, as I said, I'm all for that feature :)
-
Steve Kille
just installing dropbx to share a screenshot
-
jonasw
why would you need dropbox for that? :-O
-
MattJ
So Swift doesn't do HTTP upload yet? :)
-
jonasw
I nede a script which gives me an upload slot so that I can share it to folks
-
MattJ
Ha
-
jonasw
and a hack into mod_http_upload_external which allows admins to create arbitrary-size slots :)
-
Ge0rG
jonasw: you share HTTP upload slots?
-
Steve Kille
OK - so what is an easy way to share a file. Dropbox is not impressing me
-
jonasw
Ge0rG, not yet :)
-
jonasw
Steve Kille, imgur.com?
-
jonasw
Ge0rG, but I find it an appealing idea in this case here
-
Tobias
yup, imgur.com is pretty straightforward
-
Steve Kille
https://www.dropbox.com/s/lb8f3elyxj1ym86/grid.bmp?dl=0
-
Steve Kille
ignore that
-
goffi
hum, we can split screen in our desktop/android frontend, doesn't sound like same feature, but it's trivial to do 2x2 grid (64 is more tricky :-/)
-
intosi
goffi: buy more, bigger screens.
-
goffi
intosi: it's not the size, it that you split by hand (it's inspired from blender)
-
intosi
Ah.
-
Tobias
goffi, windows desktop don't usually support that
-
Steve Kille
https://www.dropbox.com/s/o0j7krbgtar7y6u/Screenshot%202018-03-14%2012.43.02.png?dl=0
-
Steve Kille
that one works
-
goffi
Tobias: it's built in our client, not a desktop feature
-
Tobias
ah..ok
-
jonasw
neat, Steve Kille
-
Seve/SouL
And it's super easy to set them up too
-
Steve Kille
Yes - Tobias did a great job with the UI
-
Link Mauve
Dave Cridland, what was your RFC for making <session><optional/></session> again?
-
Zash
draft-cridland-something-something-session
-
Zash
https://tools.ietf.org/html/draft-cridland-xmpp-session-01
-
Link Mauve
Thanks. :)
-
Link Mauve
It’s now implemented in slixmpp. :)
-
jjrh
Steve Kille, Grid is kinda nice actually
-
jjrh
Would be a nice feature in gajim actually.
-
jjrh
Haven't used swift but vertical tabs is much easier I find (I wish chrome supported this....)
-
flow
Guus, friendly reminder regarding https://github.com/xsf/xeps/pull/579#issuecomment-367929778
-
flow
Also could you please introduce a stream error specific error conditions so that the stream error receiving entity can disable stream management in subsequent connections, avoiding reconnection loops
-
flow
(I'd assume that openfire would probably benefit from it ;))
-
flow
*condition
-
flow
wait, it's "stream management specific stream error condition"
-
Guus
flow, thanks, I will
-
Guus
(and Openfire already does, I think)