XSF Discussion - 2018-05-02


  1. daniel has joined
  2. Chobbes has joined
  3. Neustradamus has left
  4. Neustradamus has joined
  5. Guus has left
  6. j.r has joined
  7. waqas has joined
  8. Guus has left
  9. jjrh has left
  10. ta has left
  11. Guus has left
  12. j.r has joined
  13. Guus has left
  14. j.r has joined
  15. SamWhited has left
  16. SamWhited has joined
  17. daniel has left
  18. Ge0rG has joined
  19. SamWhited has left
  20. SamWhited has joined
  21. moparisthebest has joined
  22. moparisthebest has joined
  23. Guus has left
  24. daniel has joined
  25. jere has joined
  26. SamWhited has left
  27. daniel has left
  28. Chobbes has joined
  29. Dave Cridland has left
  30. Dave Cridland has left
  31. lskdjf has left
  32. j.r has joined
  33. lskdjf has joined
  34. lskdjf has joined
  35. j.r has joined
  36. Zash has left
  37. Zash has left
  38. SamWhited has left
  39. la|r|ma has left
  40. Dave Cridland has left
  41. daniel has joined
  42. daniel has left
  43. SamWhited has left
  44. mrdoctorwho has left
  45. la|r|ma has joined
  46. SamWhited has left
  47. lskdjf has joined
  48. lskdjf has joined
  49. Guus has left
  50. daniel has joined
  51. SamWhited has left
  52. j.r has joined
  53. daniel has left
  54. Guus has left
  55. marc has left
  56. jjrh has left
  57. daniel has joined
  58. alacer has joined
  59. j.r has joined
  60. mrdoctorwho has left
  61. daniel has left
  62. daniel has joined
  63. daniel has left
  64. Dave Cridland has left
  65. alexis has left
  66. daniel has joined
  67. alexis has joined
  68. Dave Cridland has left
  69. j.r has joined
  70. SamWhited has left
  71. ThibG has left
  72. ThibG has joined
  73. Guus has left
  74. Guus has joined
  75. Chobbes has joined
  76. j.r has joined
  77. SamWhited has left
  78. waqas has left
  79. Guus has left
  80. SamWhited has left
  81. alacer has left
  82. alacer has joined
  83. Guus has left
  84. moparisthebest in a xep xml, is there a way to do this:
  85. moparisthebest Reference: [&xep0368;]
  86. moparisthebest for a protoxep ?
  87. moparisthebest like a 'this xep'
  88. j.r has joined
  89. SamWhited has left
  90. Guus has left
  91. Guus has joined
  92. ibikk has joined
  93. alacer has left
  94. jere has left
  95. jere has joined
  96. j.r has joined
  97. ta has left
  98. ta has joined
  99. ta has joined
  100. ta has left
  101. ta has joined
  102. daniel has left
  103. daniel has joined
  104. Dave Cridland has left
  105. Dave Cridland has left
  106. SamWhited has left
  107. alacer has joined
  108. Guus has left
  109. Dave Cridland has left
  110. Dave Cridland has left
  111. Guus has left
  112. Guus has left
  113. Guus has left
  114. alacer has left
  115. Dave Cridland has left
  116. Dave Cridland has left
  117. SamWhited has left
  118. lovetox has left
  119. Ge0rG has left
  120. lovetox has joined
  121. jere has left
  122. jere has joined
  123. j.r has joined
  124. j.r has joined
  125. lovetox has left
  126. goffi has joined
  127. moparisthebest has joined
  128. lnj has joined
  129. daniel has left
  130. SamWhited has left
  131. Ge0rG has left
  132. Guus has left
  133. goffi has left
  134. jjrh has left
  135. j.r has joined
  136. goffi has joined
  137. SamWhited has left
  138. Dave Cridland has left
  139. Guus has left
  140. Dave Cridland has left
  141. SamWhited has left
  142. SamWhited has joined
  143. Ge0rG has left
  144. Nekit has left
  145. Nekit has joined
  146. Guus has left
  147. Guus has left
  148. ta has left
  149. ta has joined
  150. Ge0rG has left
  151. goffi has left
  152. derdaniel has left
  153. derdaniel has left
  154. ta has joined
  155. ta has joined
  156. lnj has left
  157. derdaniel has joined
  158. Dave Cridland has left
  159. Tobias has joined
  160. Chobbes has joined
  161. jubalh has joined
  162. Tobias has joined
  163. Ge0rG has left
  164. Maranda has joined
  165. Steve Kille has joined
  166. Tobias has joined
  167. Holger has left
  168. Guus has left
  169. Ge0rG has left
  170. Dave Cridland has left
  171. Dave Cridland has left
  172. Dave Cridland has left
  173. lovetox has joined
  174. Maranda has joined
  175. daniel has left
  176. Dave Cridland has left
  177. Maranda has left
  178. Maranda has left
  179. Maranda has joined
  180. Maranda has left
  181. Maranda has joined
  182. Maranda has left
  183. Dave Cridland has left
  184. Dave Cridland has left
  185. remko has joined
  186. Ge0rG has left
  187. Guus has left
  188. Dave Cridland has left
  189. derdaniel has left
  190. derdaniel has left
  191. Dave Cridland has left
  192. jubalh has joined
  193. Dave Cridland has left
  194. sezuan has left
  195. sezuan has joined
  196. Guus has left
  197. Dave Cridland has left
  198. Maranda has joined
  199. Ge0rG has left
  200. Dave Cridland has left
  201. Guus has left
  202. Guus has left
  203. jonasw moparisthebest, just write "this xep"?
  204. Chobbes has left
  205. Chobbes has joined
  206. Ge0rG has left
  207. Dave Cridland has left
  208. Dave Cridland has left
  209. Dave Cridland has left
  210. Guus has left
  211. Dave Cridland has left
  212. Dave Cridland has left
  213. la|r|ma has joined
  214. Dave Cridland has left
  215. Dave Cridland has left
  216. Dave Cridland has left
  217. Dave Cridland has left
  218. Dave Cridland has left
  219. Dave Cridland has left
  220. la|r|ma has left
  221. la|r|ma has joined
  222. Dave Cridland has left
  223. Tim has joined
  224. Dave Cridland has left
  225. jubalh has joined
  226. alacer has joined
  227. jubalh has left
  228. Dave Cridland has left
  229. SaltyBones has left
  230. Dave Cridland has left
  231. Dave Cridland has left
  232. lnj has joined
  233. Maranda 😆
  234. Dave Cridland has left
  235. Ge0rG has left
  236. Dave Cridland has left
  237. jonasw moparisthebest, I’ve seen your draft -- are you on a mission to make Zash incredibly sad?
  238. flow moar context pls?
  239. jonasw flow, https://github.com/moparisthebest/xeps/commit/364a577a30e1d42d6fb169e596921befc2c16873
  240. Dave Cridland has left
  241. jubalh has joined
  242. Maranda stopped at "MUST use HTTPS"
  243. jubalh has left
  244. Dave Cridland has left
  245. lovetox has left
  246. SaltyBones has left
  247. Dave Cridland has left
  248. SaltyBones has joined
  249. lnj has left
  250. Valerian has joined
  251. flow quite a dance for an xmpp connectiono
  252. Dave Cridland has left
  253. Dave Cridland has left
  254. daniel has left
  255. Ge0rG has left
  256. marmistrz has left
  257. daniel has joined
  258. jubalh has joined
  259. lovetox has joined
  260. Dave Cridland has left
  261. jubalh has left
  262. lovetox So this is like POSH but with added connection infos
  263. lovetox though what is the use case
  264. lovetox ?
  265. lovetox is there a use case where we cant put these infos into srv entrys?
  266. alacer has left
  267. jonasw lovetox, not sure if one can resolve SRV from within a web client
  268. jubalh has joined
  269. daniel has left
  270. pep. https://www.w3.org/TR/raw-sockets/
  271. daniel has joined
  272. Ge0rG has left
  273. Dave Cridland has left
  274. SaltyBones has left
  275. SaltyBones has joined
  276. Ge0rG has left
  277. Zash has joined
  278. marmistrz has joined
  279. Alex has joined
  280. rtq3 has joined
  281. nyco has left
  282. mimi89999 has left
  283. alexis has left
  284. alexis has joined
  285. alacer has joined
  286. jubalh has left
  287. la|r|ma has joined
  288. la|r|ma has joined
  289. la|r|ma has joined
  290. la|r|ma has joined
  291. la|r|ma has joined
  292. la|r|ma has joined
  293. la|r|ma has joined
  294. jubalh has joined
  295. jubalh has left
  296. jere has left
  297. jere has joined
  298. alacer has left
  299. lovetox has left
  300. Dave Cridland has left
  301. marmistrz has left
  302. Dave Cridland moparisthebest, I'm going to need a crapload of reasons why this proposal isn't duplicating DOH etc.
  303. jonasw DOH?
  304. rtq3 has left
  305. rtq3 has joined
  306. daniel Because nobody supports DNS over http🙄
  307. lovetox has joined
  308. daniel I see your point though
  309. goffi has left
  310. jonasw moparisthebest, have you seen https://xmpp.org/extensions/xep-0156.html#http ?
  311. lovetox has left
  312. Dave Cridland has left
  313. Nekit has left
  314. lovetox has joined
  315. Dave Cridland has left
  316. Wiktor jonasw: for discovering domain name and port an extension to XEP 0156 would be IMHO sufficient, but as far as I can see moparisthebest wants something that could contain info about SNI/ALPN to be used as well as public key pins, etc.
  317. jonasw uh
  318. jonasw that doesn’t make sense to me
  319. jonasw but I bet there’s a rationale
  320. Dave Cridland has left
  321. marmistrz has left
  322. jubalh has joined
  323. Wiktor especially that public key pinning is being withdrawn from browsers...
  324. Andrew Nenakhov has left
  325. Andrew Nenakhov has joined
  326. ralphm Well, yeah. The problem with HPKP *in the browser*, is that if at a point in time, the wrong header was received by the browser, there is no way to undo this, except for waiting until that header's expiry. Besides the actual owner of the website messing up, the other issue is with somebody hijacking your website in some way, if only temporary, and issuing cripling headers.
  327. ralphm Of course, for mobile apps, this is different. There, you still have the option to issue a new version of your app.
  328. Andrew Nenakhov has left
  329. Andrew Nenakhov has joined
  330. Ge0rG apps should just do cert pinning
  331. Wiktor ralphm: yes, but the xeo that moparisthebest is authoring would be more similar to hpkp in the browser (as I guess xmpp clients would not ship with this list and would not update the list as servers change their pins)
  332. ralphm Ge0rG: please explain how you handle cert expiry. Unless you meant public key pinning, in which case I will ask: how do you handle revocation in case your secret key is compromised?
  333. Wiktor Ge0rG: cert pinning can be more dangerous than key pinning, in case someone revokes your cert you're out of options, see https://scotthelme.co.uk/the-power-to-revoke-lies-with-the-ca/
  334. jubalh has left
  335. ralphm Wiktor: I think HPKP definitely has merit, so if you can mitigate the above by having some way to recover from faulty headers, yay!
  336. Ge0rG ralphm: indeed I'm using "cert pinning" as a loosely defined term for pinning either the SPKI, the certificate or the CA cert.
  337. Ge0rG ralphm: which of those should be taken, I'd decide on a case-by-case basis
  338. Wiktor ralphm: well, it's just a very sharp blade, if you take extra care then sure, but I wouldn't recommend it lightly
  339. Ge0rG ralphm: I think it's not too far-fetched to have a long-living self-signed cert for an app and to roll out a new app version in case of compromise.
  340. Wiktor Ge0rG: new app version? that'd tightly couple client to server, for centralized service such as Signal this is OK but for XMPP all clients would need to be upgraded... unless I'm missing something in this design :)
  341. ralphm I agree that rolling out a new app is the easier way, but using HPKP in this particular case makes it more seamless to the user. Having to tell your user to upgrade, is a) painful, b) not trivial if you depended on the certificate/key to deliver a notice to the app.
  342. Ge0rG Wiktor: I'm only talking of apps that are bound to a given service. For other (xmpp-style) apps, I've written https://github.com/ge0rg/MemorizingTrustManager
  343. Ge0rG ralphm: right. with sufficient planning, you can have a fallback pin in the app, too ;)
  344. Wiktor got it
  345. jonasw Ge0rG, I’d have a backup cert in a secure store which the app already trusts. if cert A is comprimised, I roll out cert B on the services. App would distrust cert A once it has seen cert B in the wild.
  346. jonasw then I’ve got some time to roll out an update with cert B as primary and a new cert C as backup.
  347. ralphm jonasw: that is more or less exactly HPKP
  348. Ge0rG There is an easy solution: don't lose your private keys :P
  349. ralphm Ge0rG: thanks for your theoretical insight
  350. Ge0rG ralphm: I'm full of those. Ask me for more any time
  351. jonasw Ge0rG, ah, damn, so simple a plan! pity that *I* didn’t think of that. Maybe make that an RFC, it’s genious :)
  352. ralphm :facepalm:
  353. rtq3 has left
  354. rtq3 has joined
  355. lskdjf has joined
  356. intosi has joined
  357. jubalh has joined
  358. jubalh has left
  359. lumi has joined
  360. daniel has left
  361. daniel has joined
  362. Andrew Nenakhov has left
  363. Andrew Nenakhov has joined
  364. marmistrz has left
  365. Andrew Nenakhov has left
  366. Andrew Nenakhov has joined
  367. Andrew Nenakhov has left
  368. Andrew Nenakhov has joined
  369. Lance has joined
  370. SaltyBones has left
  371. mrdoctorwho has joined
  372. Dave Cridland has left
  373. Andrew Nenakhov has left
  374. Andrew Nenakhov has joined
  375. lskdjf has left
  376. jubalh has joined
  377. Valerian has left
  378. Valerian has joined
  379. SaltyBones has left
  380. Andrew Nenakhov has left
  381. Andrew Nenakhov has joined
  382. Andrew Nenakhov has left
  383. Lance has joined
  384. mimi89999 has left
  385. Andrew Nenakhov has joined
  386. daniel has left
  387. daniel has joined
  388. Andrew Nenakhov has left
  389. Andrew Nenakhov has joined
  390. daniel has left
  391. daniel has joined
  392. Andrew Nenakhov has left
  393. Andrew Nenakhov has joined
  394. la|r|ma has left
  395. Tobias has joined
  396. marmistrz has left
  397. daniel has left
  398. daniel has joined
  399. daniel has left
  400. daniel has joined
  401. lskdjf has joined
  402. lskdjf has joined
  403. Valerian has left
  404. Valerian has joined
  405. Guus has left
  406. Tobias has joined
  407. Lance has joined
  408. Steve Kille has left
  409. Dave Cridland has left
  410. Dave Cridland has left
  411. Andrew Nenakhov has left
  412. Andrew Nenakhov has joined
  413. jubalh has left
  414. daniel has left
  415. daniel has joined
  416. daniel has left
  417. daniel has joined
  418. daniel has left
  419. daniel has joined
  420. ThibG has joined
  421. ThibG has joined
  422. alacer has joined
  423. Guus has left
  424. daniel has left
  425. daniel has joined
  426. alacer has left
  427. rtq3 has left
  428. rtq3 has joined
  429. Guus has left
  430. Guus has left
  431. Dave Cridland has left
  432. alexis has left
  433. alexis has joined
  434. alexis has left
  435. alexis has joined
  436. marmistrz has left
  437. mimi89999 has left
  438. Kev has left
  439. mimi89999 has left
  440. Andrew Nenakhov has left
  441. Guus has left
  442. Andrew Nenakhov has joined
  443. Guus has left
  444. Holger has left
  445. Andrew Nenakhov has left
  446. Andrew Nenakhov has joined
  447. Lance has joined
  448. Andrew Nenakhov has left
  449. Guus has left
  450. Wiktor has joined
  451. Guus has left
  452. Guus has left
  453. Andrew Nenakhov has joined
  454. marmistrz has joined
  455. marmistrz has joined
  456. Guus has left
  457. tux has joined
  458. Zash has left
  459. Andrew Nenakhov has left
  460. Andrew Nenakhov has joined
  461. lnj has joined
  462. Dave Cridland has left
  463. Dave Cridland has left
  464. Zash has left
  465. Andrew Nenakhov has left
  466. Andrew Nenakhov has joined
  467. Andrew Nenakhov has left
  468. Andrew Nenakhov has joined
  469. alexis has left
  470. alexis has joined
  471. alexis has left
  472. alexis has joined
  473. Wiktor has joined
  474. alexis has left
  475. alexis has joined
  476. alexis has left
  477. la|r|ma has joined
  478. alexis has joined
  479. la|r|ma has joined
  480. lnj has left
  481. Holger has left
  482. alexis has left
  483. alexis has joined
  484. alexis has left
  485. alexis has joined
  486. alexis has left
  487. alexis has joined
  488. alexis has left
  489. alexis has joined
  490. xnyhps has joined
  491. daniel has left
  492. jonasw I wonder whether we want a way to signal in-band that an account has been deleted.
  493. daniel has joined
  494. xnyhps has joined
  495. jonasw example use-case: user A registers at foreign biboumi instance B, joins a channel and sets it to persistent. account of user A gets deleted. biboumi will forever be in that channel for no use
  496. jonasw idea: send <presence type="unavailable"><deleted/></presence> in response to presence probes.
  497. MattJ type="error" <gone/>
  498. MattJ Already in the RFC
  499. jonasw MattJ, oh
  500. jonasw did I say something?
  501. mimi89999 has joined
  502. la|r|ma has joined
  503. la|r|ma has joined
  504. Guus has left
  505. la|r|ma has joined
  506. la|r|ma has joined
  507. la|r|ma has joined
  508. la|r|ma has joined
  509. Holger But biboumi won't actively contact the JID and hence not receive that stanza error, right?
  510. la|r|ma has joined
  511. la|r|ma has joined
  512. la|r|ma has joined
  513. la|r|ma has joined
  514. la|r|ma has joined
  515. la|r|ma has joined
  516. la|r|ma has joined
  517. la|r|ma has joined
  518. la|r|ma has joined
  519. Holger Oh "in response to presence probes". biboumi generates presence probes?
  520. Zash Should servers send out that to bookmarked rooms or something?
  521. la|r|ma has joined
  522. la|r|ma has joined
  523. la|r|ma has joined
  524. la|r|ma has joined
  525. Zash Would sorta fit with the move towards account based groupchats
  526. la|r|ma has joined
  527. la|r|ma has joined
  528. pep. has left
  529. la|r|ma has joined
  530. la|r|ma has joined
  531. la|r|ma has joined
  532. jonasw Holger, yeah, biboumi would have to poll or do something similar
  533. la|r|ma has joined
  534. Holger That could also help affiliation list entries and nickname registrations and stuff like that.
  535. la|r|ma has joined
  536. la|r|ma has joined
  537. la|r|ma has joined
  538. la|r|ma has joined
  539. jubalh has joined
  540. jonasw (or require presence subscription)
  541. la|r|ma has joined
  542. jubalh has left
  543. la|r|ma has joined
  544. la|r|ma has joined
  545. la|r|ma has joined
  546. la|r|ma has joined
  547. la|r|ma has joined
  548. la|r|ma has joined
  549. alacer has joined
  550. Valerian has left
  551. Valerian has joined
  552. Valerian has left
  553. Valerian has joined
  554. Valerian has left
  555. rtq3 has left
  556. jubalh has joined
  557. jubalh has left
  558. Lance has joined
  559. mimi89999 has left
  560. Guus has left
  561. Guus has left
  562. Guus has left
  563. lumi has joined
  564. Andrew Nenakhov has left
  565. Andrew Nenakhov has joined
  566. lnj has joined
  567. alacer has left
  568. Lance has joined
  569. Dave Cridland has left
  570. Dave Cridland has left
  571. marmistrz has left
  572. rtq3 has joined
  573. rtq3 has left
  574. rtq3 has joined
  575. Dave Cridland has left
  576. Dave Cridland has left
  577. alacer has joined
  578. tux has left
  579. Dave Cridland has left
  580. alacer has left
  581. alacer has joined
  582. jubalh has joined
  583. Dave Cridland has left
  584. jjrh has left
  585. Valerian has joined
  586. jubalh has left
  587. Dave Cridland has left
  588. moparisthebest has left
  589. moparisthebest Dave Cridland, DOH is only provided by a few providers and is easily blocked, plus SRV records can't contain sni/alpn info
  590. Andrew Nenakhov has left
  591. Andrew Nenakhov has joined
  592. moparisthebest the entire point of this is to be censorship resistant, I haven't gotten down to use cases and such yet
  593. moparisthebest it also supports domain fronting and such
  594. Zash Use Tor?
  595. moparisthebest I hear china is pretty good at blocking tor
  596. jonasw I don’t think this makes a lot of sense in general use-cases.
  597. jonasw china is pretty good at blocking a lot of stuff, even if running via VPN.
  598. Zash You can't crypto your way out of *blocking*
  599. jubalh has joined
  600. moparisthebest you can to a point
  601. Nekit has joined
  602. Zash And is blocking equal to censorship?
  603. moparisthebest yes? it's designed to get around blocking
  604. alacer has left
  605. alexis has left
  606. alexis has joined
  607. moparisthebest and application code should be able to use the exact same logic as for xep-0368 (and kinda-posh) except a single https call instead of DNS queries
  608. moparisthebest it's a total hack that shouldn't exist, you can thank oppressive regimes
  609. lovetox has left
  610. lovetox has joined
  611. Dave Cridland I don't follow why this is more resistent than DOH etc.
  612. moparisthebest Dave Cridland, because each xmpp server runs their own
  613. moparisthebest it's federated
  614. Dave Cridland So you just block the XMPP server IP as a whole?
  615. moparisthebest then the operator spins up another xmpp server someplace else
  616. Zash Calling everything censorship annoys me. :(
  617. moparisthebest also you can use tricks to make it not look like an XMPP server
  618. SaltyBones has left
  619. moparisthebest (you could inspect IP + User-Agent requesting this document and lie to russian govt with a 404)
  620. moparisthebest plus it supports domain fronting (send sni someunrelatedservice.com) and nothing else currently does
  621. alacer has joined
  622. rtq3 has left
  623. Yagiza has joined
  624. Ge0rG Chinese VPN detection is based on traffic patterns, so even if you tunnel through https, they'll throttle you into oblivion
  625. moparisthebest xmpp runs pretty well on slow connections doesn't it?
  626. Zash Sure
  627. MattJ It can do. I'm not entirely certain how many standard implementations handle it
  628. MattJ e.g. I think some clients aggressively ping the server
  629. moparisthebest oh thought of another reason for this, telegram is handing different server blocks to different people based on region to make IP blocking harder
  630. moparisthebest and you can only do that if you can afford to run your own DNS network
  631. moparisthebest unless it's just a page on a web server in which case any tiny xmpp server can do it
  632. marmistrz has left
  633. matlag has left
  634. Ge0rG how many IP blocks does a tiny xmpp server have, typically?
  635. jonasw hah
  636. Maranda 0
  637. jonasw something between 0 and 1 I guess
  638. Maranda as long as you don't take in account ipv6
  639. Ge0rG Maranda: how many non-consecutive IPv6 blocks do you have?
  640. Maranda ipv4 I got like 3 IPs, ipv6 one native, and one /48 tunneled.
  641. Ge0rG Maranda: 3 IPs from different ISPs?
  642. Maranda (on the xmpp server vps, but it does different stuff)
  643. alacer has left
  644. Maranda Nay?
  645. alacer has joined
  646. Ge0rG Maranda: how do you want to get around blocking with that?
  647. Maranda well they're non consecutive though
  648. jonasw "how many blocks with different rwhois do you have?" is probably the most reasonable question in this context ;-)
  649. Maranda the ipv4 addresses are all from different CIDRs
  650. Ge0rG I've got a dozen or so IPs from my core ISP, over two different CIDRs. And I could arrange for traffic redirects on two other ASNs, more if I involve friends.
  651. Maranda Ge0rG, I'm not sure neither I care about blocking I just answered your ip question btw
  652. moparisthebest Ge0rG, well if you could aws and such, a lot
  653. Ge0rG moparisthebest: do the moxie dance?
  654. moparisthebest regardless, way more than if you have to run your own distributed global dns network
  655. moparisthebest Ge0rG, that's the whole point yes
  656. jonasw I don’t see use in that, to be honest
  657. jonasw it will be way too complex for any server or client to implement *with actual benefit*
  658. Maranda gives an eerie stare at XEP-0357
  659. Andrew Nenakhov has joined
  660. j.r has joined
  661. jjrh has left
  662. j.r has joined
  663. moparisthebest jonasw, anything that implements 368 and http upload should be able to implement this with, ~20 lines of code max?
  664. jonasw moparisthebest, but there’s no benefit
  665. jonasw as Ge0rG said, you need quite a bit of resources (both time and money) to do the things which bring the benefit here
  666. moparisthebest jonasw, the benefit is evading blocks
  667. jonasw I am aware
  668. Valerian has left
  669. Valerian has joined
  670. Ge0rG you can't evade blocks if all you have is one IP address.
  671. jonasw yeah
  672. Lance has joined
  673. moparisthebest you can if they don't know it's an xmpp server, and you can for a bit
  674. moparisthebest then you jump to a different xmpp server
  675. jonasw yeah, but, who has the time resources to actually do that
  676. moparisthebest plus right now even big xmpp servers can't do domain fronting etc without custom clients
  677. Dave Cridland has left
  678. moparisthebest this would enable that too
  679. Maranda well I added on lightwitch.org a xep 368 record for direct tls c2s on port 443, I played with port multiplexing a bit.
  680. Maranda :P
  681. jonasw yeah, 368 was simple and such, which is why it gained adoption really fast
  682. Maranda and noticed Conversation is actually using it.
  683. jonasw but this isn’t simple
  684. moparisthebest explain how it's any different?
  685. jonasw and it doesn’t bring any benefit without additional resources (time to hop IPs, and the actual IPs to hop to)
  686. Maranda jonasw, I'm not sure if I should consider implementing direct tls for s2s too...
  687. Kev has left
  688. moparisthebest jonasw, it does, domain fronting
  689. jonasw moparisthebest, where does that still work?
  690. jonasw I heard google and AWS kill you if you do that
  691. moparisthebest if you are a huge service like signal maybe
  692. Dave Cridland has left
  693. moparisthebest just as a future view, this is step 1 to censorship (blocking for Zash) proof xmpp
  694. moparisthebest other stuff we talked about is being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged)
  695. moparisthebest fun stuff
  696. Maranda has left
  697. moparisthebest oh also allowing contact's clients to route messages, the fun possibilities are endless
  698. jonasw that’s mostly stuff you talked about, which I personally find quite unneeded and overkill
  699. jonasw before venturing in that direction XMPP should get it’s basic sh*t together.
  700. jonasw we’re still losing messages (#thanksomemo)
  701. Dave Cridland has left
  702. moparisthebest sure if you don't live in a place that is blocking secure chat apps this is entirely un-needed jonasw
  703. ThibG has joined
  704. jonasw moparisthebest, a place which is blocking secure chat apps will block XMPP too when the time has come
  705. Zash Yeah, can we get all our shit, put it in backpack, so it's together.
  706. moparisthebest not if we make it impossible to block with those changes?
  707. moparisthebest that is after all the entire point
  708. jonasw that won’t make it impossible.
  709. jonasw only harder
  710. moparisthebest you only have to make it hard enough so it's not worth trying
  711. Valerian has left
  712. Valerian has joined
  713. Zash moparisthebest: https://www.schneier.com/books/secrets_and_lies/pref.html this was a good read
  714. moparisthebest it looks like https, anyone can use any server, so as fast as you block them, new ones pop up and you interrupt no one
  715. Dave Cridland has left
  716. Zash I think you need to read it
  717. jonasw moparisthebest, it does not look like HTTPS
  718. jonasw it may look like HTTPS on the byte level
  719. jonasw but the chinese are very godo at blocking based on patterns
  720. jonasw you won’t stop /that/ with your fancy stuff
  721. jonasw (with patterns, I mean packet sizes and timings)
  722. moparisthebest so it looks like any modern interactive html5 app?
  723. jonasw moparisthebest, not quite
  724. jonasw take a look at their research.
  725. j.r has left
  726. jonasw they can detect e.g. Facebook quite certainly even through a VPN.
  727. Holger > being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged) Haha, sure. We fail at fixing avatars.
  728. moparisthebest Zash, I read this one https://www.schneier.com/books/data_and_goliath/
  729. j.r has joined
  730. waqas has joined
  731. jonasw my thoughts exactly, Holger
  732. Dave Cridland has left
  733. moparisthebest that's just client-side changes though, you could make a version of conversations that did that today without anything extra required from servers
  734. moparisthebest it would even be backwards compatible with other clients, though not very friendly UI wise in them
  735. jonasw "just clients"
  736. jonasw because clients aren’t the main problem :)
  737. moparisthebest you specifically mentioned avatars which require all clients and all servers to change
  738. moparisthebest you'd agree changing a single client is easier right?
  739. Holger Well if we're just interested in a single client then the avatar issues become much easier to solve as well.
  740. Holger Whatever. Just implement it if it's so simple?
  741. moparisthebest I plan to
  742. Holger +1
  743. moparisthebest I don't really write specs without implementations
  744. moparisthebest usually the implementations come first, I think that makes me a bad programmer, oh well :)
  745. Zash I think you wanna write specs and implement at roughly the same time
  746. MattJ +1
  747. Zash Maybe think real hard about requirements first.
  748. Zash But all that goes out the window when you start implement anyways
  749. MattJ I don't think I've ever seen a pre-written spec survive an implementation unscathed
  750. Ge0rG > clients would ignore jid and use a cryptographic identifier instead Congratulations, you just combined the drawbacks of XMPP with the drawbacks of p2p systems and the drawbacks of mixnets
  751. jere has joined
  752. Yagiza has left
  753. moparisthebest I looked at it the other way, benefits if p2p systems plus benefits of XMPP
  754. Ge0rG moparisthebest: what's the benefit of XMPP once you replace JID-based routing with crypto identifiers?
  755. Ge0rG Why not XEP-0174 over .onion nodes?
  756. Zash Why not normal xmpp over .onion?
  757. moparisthebest Ge0rG, routing is still jid-based, clients just collapse multiple JIDs using the same crypto identifier under one 'contact'
  758. moparisthebest and the benefit is still all the other things xmpp provides, one of the biggest being it's mobile-battery-friendly
  759. Ge0rG moparisthebest: how do you tell your buddies about your new JID if they also just switched JIDs because of blocking?
  760. jonasw I don’t even want to think how that works with MAM queries
  761. jonasw or MUCs.
  762. jonasw or anything non-trivial really
  763. Ge0rG moparisthebest: you just invented a crypto-overlay network over XMPP.
  764. moparisthebest right that's exactly what it will be
  765. Ge0rG moparisthebest: but WHY?
  766. moparisthebest fun and censorship resistance? :P
  767. jonasw for certain definitions of fun
  768. jonasw not to kinkshame, but I’m not into that I think
  769. Ge0rG moparisthebest: it won't get you censorship resistance.
  770. Ge0rG moparisthebest: because once your server is censored, you have no way to find out the new identity of your friends
  771. moparisthebest I guess that is a problem if you both switch at the same time
  772. moparisthebest DHT over XMPP ?
  773. Ge0rG why use xmpp if you can have QUANTUM BLOCKCHAIN TECHNOLOGY!
  774. MattJ https://wiki.xmpp.org/web/Secure_Distributed_JID_Discovery
  775. MattJ in particular https://wiki.xmpp.org/web/Secure_Distributed_JID_Discovery#DHT_Based_Solution
  776. moparisthebest nice
  777. moparisthebest verification would be solved since the identifier is a cryptographic key anyway
  778. MattJ Discussion at https://mail.jabber.org/pipermail/standards/2013-February/027036.html
  779. Ge0rG Open Problems: 1. How to prevent impersonating other users.
  780. moparisthebest solved by crypto already
  781. debacle has joined
  782. Ge0rG moparisthebest: Zooko called, and he wants his triangle back.
  783. moparisthebest that's a problem *there* because you want to prove a certain jid has a certain phone number
  784. moparisthebest my thing would only want to prove a certain jid has control of a certain cryptographic key, which of course is super easy to prove
  785. Ge0rG for certain values of "super easy"
  786. Ge0rG moparisthebest: my point is: the XMPP model is not suited for what you want.
  787. moparisthebest I don't know why you'd invent something else to give you everything XMPP does when you can just overlay it?
  788. Ge0rG moparisthebest: because you'll end up with a system that combines the drawbacks of xmpp with... we've been here already.
  789. lovetox has left
  790. MattJ I'm on both sides :)
  791. jubalh has left
  792. MattJ If you're going to make such a system, using XMPP as a foundation buys you a lot
  793. MattJ It would of course be quite different to what we have today, I don't think sane interop can be expected
  794. Ge0rG I want to see a list of reasons, not some hand-waving of how great xmpp is.
  795. rtq3 has joined
  796. Lance has joined
  797. Ge0rG Okay, thanks. That's a reasonable response.
  798. MattJ <-- fixing production issues
  799. jonasw tired
  800. marmistrz has joined
  801. derdaniel has joined
  802. jjrh has left
  803. j.r has joined
  804. j.r has joined
  805. Dave Cridland has left
  806. alacer has left
  807. marmistrz has joined
  808. marmistrz has joined
  809. Dave Cridland has left
  810. jere has joined
  811. jere has joined
  812. lumi has joined
  813. marmistrz has left
  814. marmistrz has joined
  815. Lance has joined
  816. jjrh has left
  817. Lance has joined
  818. Dave Cridland has left
  819. marmistrz has joined
  820. marmistrz has joined
  821. matlag has left
  822. Tim has joined
  823. Zash has left
  824. SaltyBones has left
  825. Yagiza has joined
  826. jere has joined
  827. jere has joined
  828. SamWhited has left
  829. alexis has left
  830. alexis has joined
  831. Lance has joined
  832. rtq3 has left
  833. rtq3 has joined
  834. alexis has left
  835. alexis has joined
  836. daniel has left
  837. derdaniel has left
  838. derdaniel has left
  839. Dave Cridland has left
  840. rion has joined
  841. Valerian has left
  842. Valerian has joined
  843. sezuan has left
  844. Dave Cridland has left
  845. Steve Kille has joined
  846. Dave Cridland has left
  847. ibikk has joined
  848. Dave Cridland has left
  849. jjrh has left
  850. jere has joined
  851. Dave Cridland has left
  852. Dave Cridland has left
  853. alacer has joined
  854. Dave Cridland has left
  855. Dave Cridland has left
  856. Wiktor has left
  857. Wiktor has joined
  858. daniel has left
  859. rion has left
  860. Dave Cridland has left
  861. alacer has left
  862. Valerian has left
  863. Valerian has joined
  864. alacer has joined
  865. debacle has left
  866. Wiktor has joined
  867. marmistrz has left
  868. daniel has joined
  869. Valerian has left
  870. Valerian has joined
  871. jubalh has joined
  872. ta has joined
  873. jere has left
  874. jere has joined
  875. Yagiza has left
  876. Valerian has left
  877. Valerian has joined
  878. ibikk has joined
  879. SamWhited has left
  880. SamWhited has left
  881. Andrew Nenakhov has left
  882. lumi has joined
  883. Steve Kille has left
  884. SamWhited has joined
  885. Guus has left
  886. jubalh has left
  887. tux has joined
  888. Guus has left
  889. alexis has left
  890. alexis has joined
  891. Valerian has left
  892. jjrh has left
  893. Valerian has joined
  894. Valerian has left
  895. Valerian has joined
  896. alexis has left
  897. Valerian has left
  898. Chobbes has joined
  899. sezuan has left
  900. sezuan has joined
  901. lovetox has joined
  902. SamWhited has left
  903. Guus has left
  904. Dave Cridland has left
  905. SamWhited has joined
  906. Maranda okay let's see if direct tls for s2s causes a meltdown...
  907. Maranda will need to restart the server anyways.
  908. jubalh has joined
  909. Lance has joined
  910. Guus has left
  911. Guus has left
  912. Valerian has joined
  913. Valerian has left
  914. peter has joined
  915. lskdjf has left
  916. Dave Cridland has left
  917. SamWhited has left
  918. blabla has left
  919. Lance has joined
  920. Maranda has left
  921. Maranda has left
  922. la|r|ma has left
  923. Dave Cridland has left
  924. derdaniel has joined
  925. Dave Cridland has left
  926. SamWhited has left
  927. alexis has joined
  928. vanitasvitae has left
  929. marmistrz has joined
  930. alexis has left
  931. Dave Cridland has left
  932. Valerian has joined
  933. la|r|ma has joined
  934. la|r|ma has joined
  935. la|r|ma has joined
  936. la|r|ma has joined
  937. la|r|ma has joined
  938. la|r|ma has joined
  939. Dave Cridland has left
  940. la|r|ma has joined
  941. la|r|ma has joined
  942. la|r|ma has joined
  943. la|r|ma has joined
  944. la|r|ma has joined
  945. la|r|ma has joined
  946. la|r|ma has joined
  947. la|r|ma has joined
  948. la|r|ma has joined
  949. la|r|ma has joined
  950. la|r|ma has joined
  951. la|r|ma has joined
  952. la|r|ma has joined
  953. la|r|ma has joined
  954. la|r|ma has joined
  955. la|r|ma has joined
  956. la|r|ma has joined
  957. la|r|ma has joined
  958. la|r|ma has joined
  959. la|r|ma has joined
  960. la|r|ma has joined
  961. la|r|ma has joined
  962. la|r|ma has joined
  963. Guus has left
  964. la|r|ma has joined
  965. la|r|ma has joined
  966. la|r|ma has joined
  967. la|r|ma has joined
  968. la|r|ma has joined
  969. la|r|ma has joined
  970. Guus has left
  971. la|r|ma has joined
  972. la|r|ma has joined
  973. la|r|ma has joined
  974. la|r|ma has joined
  975. la|r|ma has joined
  976. la|r|ma has joined
  977. la|r|ma has joined
  978. la|r|ma has joined
  979. la|r|ma has joined
  980. la|r|ma has joined
  981. la|r|ma has joined
  982. la|r|ma has joined
  983. la|r|ma has joined
  984. la|r|ma has joined
  985. la|r|ma has joined
  986. la|r|ma has joined
  987. la|r|ma has joined
  988. la|r|ma has joined
  989. la|r|ma has joined
  990. la|r|ma has joined
  991. la|r|ma has joined
  992. la|r|ma has joined
  993. la|r|ma has joined
  994. la|r|ma has joined
  995. la|r|ma has joined
  996. la|r|ma has joined
  997. la|r|ma has joined
  998. la|r|ma has joined
  999. Guus has left
  1000. Kev has left
  1001. SamWhited has left
  1002. rtq3 has left
  1003. Guus has left
  1004. Guus has left
  1005. rtq3 has joined
  1006. mimi89999 has left
  1007. mimi89999 has left
  1008. Guus has left
  1009. alexis has joined
  1010. waqas has left
  1011. SamWhited has left
  1012. tux has joined
  1013. alexis has left
  1014. rtq3 has left
  1015. rtq3 has joined
  1016. tux has joined
  1017. Nekit has left
  1018. Nekit has joined
  1019. lovetox has left
  1020. lovetox has joined
  1021. waqas has joined
  1022. Nekit has left
  1023. Nekit has joined
  1024. marmistrz has joined
  1025. j.r has joined
  1026. alexis has joined
  1027. marmistrz has left
  1028. j.r has joined
  1029. alexis has left
  1030. SamWhited has left
  1031. jonasw is there any s2s implementation of it?
  1032. SamWhited has left
  1033. SamWhited has joined
  1034. rtq3 has left
  1035. rtq3 has joined
  1036. rtq3 has left
  1037. Andrew Nenakhov has joined
  1038. rtq3 has joined
  1039. moparisthebest jonasw, I think zinid said latest ejabberd supports it
  1040. moparisthebest plus metre
  1041. Andrew Nenakhov has left
  1042. SamWhited has left
  1043. rtq3 has left
  1044. rtq3 has joined
  1045. SamWhited has joined
  1046. Dave Cridland has left
  1047. alexis has joined
  1048. ibikk has joined
  1049. peter has left
  1050. alexis has left
  1051. jjrh has left
  1052. UsL has joined
  1053. UsL has joined
  1054. j.r has left
  1055. j.r has joined
  1056. SamWhited has left
  1057. Steve Kille has joined
  1058. j.r has joined
  1059. j.r has joined
  1060. alacer has left
  1061. Tobias has left
  1062. Tobias has joined
  1063. Lance has joined
  1064. Guus has left
  1065. SamWhited has joined
  1066. Guus has left
  1067. Maranda has joined
  1068. Valerian has left
  1069. Valerian has joined
  1070. Maranda has left
  1071. j.r has left
  1072. Maranda has left
  1073. Maranda has joined
  1074. Dave Cridland has left
  1075. Dave Cridland has left
  1076. Valerian has left
  1077. Valerian has joined
  1078. j.r has joined
  1079. matlag has joined
  1080. matlag has left
  1081. marmistrz has left
  1082. Valerian has left
  1083. alexis has joined
  1084. alexis has left
  1085. ta has left
  1086. ta has joined
  1087. rtq3 has left
  1088. Dave Cridland has left
  1089. jere has left
  1090. jere has joined
  1091. ralphm has left
  1092. Lance has joined
  1093. valo has left
  1094. valo has joined
  1095. rtq3 has joined
  1096. marmistrz has left
  1097. Guus has left
  1098. ThibG has left
  1099. ThibG has joined
  1100. remko has left
  1101. Guus has left
  1102. SaltyBones has left
  1103. nyco has joined
  1104. nyco has left
  1105. rtq3 has left
  1106. matlag has joined
  1107. rtq3 has joined
  1108. rtq3 has left
  1109. Guus has left
  1110. rtq3 has joined
  1111. alexis has joined
  1112. rtq3 has left
  1113. rtq3 has joined
  1114. rtq3 has left
  1115. SamWhited has left
  1116. alexis has left
  1117. jubalh has joined
  1118. Dave Cridland has left
  1119. Dave Cridland has left
  1120. Dave Cridland has left
  1121. Dave Cridland has left
  1122. Dave Cridland has left
  1123. Dave Cridland has left
  1124. Guus has left
  1125. peter has joined
  1126. Guus has left
  1127. SamWhited has left
  1128. lnj has left
  1129. lskdjf has joined
  1130. lskdjf has joined
  1131. jubalh has left
  1132. jubalh has joined
  1133. Guus has left
  1134. lumi has joined
  1135. waqas has left
  1136. la|r|ma has joined
  1137. waqas has joined
  1138. rion has left
  1139. Dave Cridland has left
  1140. Dave Cridland has left
  1141. ibikk has joined
  1142. ibikk has joined
  1143. la|r|ma has joined
  1144. la|r|ma has joined
  1145. Dave Cridland has left
  1146. alexis has joined
  1147. SamWhited has left
  1148. j.r has joined
  1149. alexis has left
  1150. Alex has left
  1151. jubalh has left
  1152. SamWhited has left
  1153. Dave Cridland has left
  1154. Dave Cridland has left
  1155. Dave Cridland has left
  1156. tux has left
  1157. alexis has joined
  1158. SamWhited has left
  1159. Guus has left
  1160. rtq3 has joined
  1161. j.r has joined
  1162. alexis has left
  1163. rtq3 has left
  1164. Guus has left
  1165. rtq3 has joined
  1166. rtq3 has left
  1167. rtq3 has joined
  1168. goffi has left
  1169. rtq3 has left
  1170. rtq3 has joined
  1171. ibikk has left
  1172. moparisthebest has joined
  1173. Guus has left
  1174. alexis has joined
  1175. rtq3 has left
  1176. rtq3 has joined
  1177. SaltyBones has left
  1178. matlag has left
  1179. daniel has left
  1180. SamWhited has left
  1181. alexis has left
  1182. daniel has joined
  1183. j.r has joined
  1184. jjrh has left
  1185. blabla has left
  1186. daniel has left
  1187. Nekit has joined
  1188. j.r has joined
  1189. alexis has joined
  1190. jjrh has left
  1191. jjrh has left
  1192. daniel has joined
  1193. alexis has left
  1194. daniel has left
  1195. SamWhited has left
  1196. daniel has joined
  1197. Dave Cridland has left
  1198. jjrh has left
  1199. Maranda Oh Metre does it?
  1200. SamWhited has left
  1201. Maranda just finished implementing it in Metronome
  1202. Maranda tested it with ejabberd
  1203. Maranda let's see Metre
  1204. Maranda grabs dave.cridland.net :P
  1205. Dave Cridland has left
  1206. peter has left
  1207. moparisthebest Isn't metronome a prosody fork? How hard would it be to patch prosody the same way Maranda ?
  1208. alexis has joined
  1209. Maranda I'm not entirely sure, my knowledge of Prosody's codebase sort of stilled at around 0.9 tbh 🤣
  1210. Maranda But I suppose "not much"
  1211. moparisthebest Do you support SNI and alpn too ? (For outgoing connections?)
  1212. Maranda nay
  1213. moparisthebest Not even SNI? That's a must
  1214. Maranda moparisthebest, nai and luasec 0.5/0.6 which are the most common around don't support SNI anyways
  1215. Zash moparisthebest: No need, the unencrypted stream header has it.
  1216. moparisthebest 2005 called and wants it's TLS extensions implemented
  1217. Zash LuaSec has had SNI a long time FWIW
  1218. Maranda at least I'm sure LuaSec 0.5 doesn't support it
  1219. moparisthebest Just make sure you fall back on cert errors
  1220. Maranda lookies.
  1221. Maranda nope doesn't
  1222. alexis has left
  1223. rtq3 has left
  1224. lovetox has left
  1225. rtq3 has joined
  1226. ta has joined
  1227. rtq3 has left
  1228. rtq3 has joined
  1229. peter has joined
  1230. j.r has joined
  1231. mimi89999 has left
  1232. Maranda has left
  1233. SamWhited has left
  1234. Maranda has left
  1235. Lance has joined
  1236. mimi89999 has left
  1237. daniel has left
  1238. mimi89999 has left
  1239. ta has left
  1240. ta has joined
  1241. daniel has joined
  1242. mimi89999 has left
  1243. peter has left
  1244. jjrh has left
  1245. Lance has joined
  1246. Guus has left
  1247. Zash has left
  1248. marc has joined
  1249. SamWhited has left
  1250. j.r has joined
  1251. Maranda has left
  1252. Guus has left
  1253. Guus has left
  1254. alexis has joined
  1255. lskdjf has left
  1256. Guus has left
  1257. Guus has left
  1258. Guus has left
  1259. peter has joined
  1260. ralphm has joined
  1261. j.r has joined
  1262. lskdjf has joined
  1263. alexis has left
  1264. SamWhited has left
  1265. SamWhited has joined
  1266. Guus has left
  1267. blabla has left
  1268. vanitasvitae has left
  1269. Guus has left
  1270. rtq3 has left
  1271. daniel has left
  1272. daniel has joined
  1273. alexis has joined
  1274. dwd has left
  1275. j.r has joined
  1276. la|r|ma has left
  1277. ta has left
  1278. ta has joined
  1279. alexis has left
  1280. UsL has left
  1281. SamWhited has left
  1282. Guus has left
  1283. Maranda has left
  1284. SamWhited has joined
  1285. Maranda has left
  1286. j.r has joined
  1287. alexis has joined
  1288. Maranda has left
  1289. Maranda has left
  1290. alexis has left
  1291. Maranda has left
  1292. Maranda has left
  1293. Andrew Nenakhov has joined
  1294. Andrew Nenakhov has left
  1295. daniel has left
  1296. j.r has joined
  1297. Guus has left
  1298. la|r|ma has joined
  1299. daniel has joined
  1300. Maranda has left
  1301. lskdjf has joined
  1302. marc has left
  1303. lskdjf has joined
  1304. alexis has joined
  1305. daniel has left