XSF Discussion - 2018-09-24


  1. alexis has left
  2. alexis has joined
  3. Dave Cridland has left
  4. alexis has left
  5. jjrh has left
  6. jjrh has left
  7. alexis has joined
  8. alexis has left
  9. alexis has joined
  10. daniel has joined
  11. alexis has left
  12. mrdoctorwho has left
  13. js has left
  14. jjrh has left
  15. jjrh has left
  16. j.r has joined
  17. j.r has joined
  18. jjrh has left
  19. lskdjf has joined
  20. l has joined
  21. Dave Cridland has left
  22. Dave Cridland has left
  23. jjrh has left
  24. jjrh has left
  25. j.r has left
  26. jjrh has left
  27. lskdjf has joined
  28. Dave Cridland has left
  29. daniel has left
  30. daniel has joined
  31. lumi has left
  32. j.r has joined
  33. alexis has joined
  34. alexis has left
  35. alexis has joined
  36. daniel has left
  37. alexis has left
  38. jjrh has left
  39. jjrh has left
  40. daniel has joined
  41. alexis has joined
  42. Dave Cridland has left
  43. equil has left
  44. equil has left
  45. daniel has left
  46. daniel has joined
  47. daniel has left
  48. Dave Cridland has left
  49. jjrh has left
  50. UsL has joined
  51. daniel has joined
  52. mrdoctorwho has joined
  53. alexis has left
  54. daniel has left
  55. jjrh has left
  56. jjrh has left
  57. daniel has joined
  58. daniel has left
  59. jjrh has left
  60. daniel has joined
  61. daniel has left
  62. Dave Cridland has left
  63. jjrh has left
  64. alexis has joined
  65. alexis has left
  66. alexis has joined
  67. daniel has joined
  68. alexis has left
  69. alacer has joined
  70. alexis has joined
  71. alacer has left
  72. alacer has joined
  73. alexis has left
  74. daniel has left
  75. alexis has joined
  76. jjrh has left
  77. jjrh has left
  78. alexis has left
  79. Yagiza has joined
  80. daniel has joined
  81. alexis has joined
  82. jjrh has left
  83. MattJ has joined
  84. alexis has left
  85. alacer has left
  86. alacer has joined
  87. jjrh has left
  88. UsL has joined
  89. jjrh has left
  90. alexis has joined
  91. alexis has left
  92. Neustradamus has left
  93. alexis has joined
  94. alexis has left
  95. alexis has joined
  96. Dave Cridland has left
  97. jjrh has left
  98. jjrh has left
  99. alexis has left
  100. alexis has joined
  101. alexis has left
  102. alexis has joined
  103. alexis has left
  104. alexis has joined
  105. jjrh has left
  106. alexis has left
  107. alexis has joined
  108. jjrh has left
  109. alacer has left
  110. alacer has joined
  111. alexis has left
  112. alexis has joined
  113. alexis has left
  114. alexis has joined
  115. jjrh has left
  116. jjrh has left
  117. alexis has left
  118. alexis has joined
  119. alexis has left
  120. equil has left
  121. UsL has joined
  122. alexis has joined
  123. alexis has left
  124. Dave Cridland has left
  125. alexis has joined
  126. jjrh has left
  127. UsL has joined
  128. jjrh has left
  129. alexis has left
  130. alexis has joined
  131. alexis has left
  132. alexis has joined
  133. Dave Cridland has left
  134. alexis has left
  135. alexis has joined
  136. jjrh has left
  137. alexis has left
  138. alexis has joined
  139. alexis has left
  140. alexis has joined
  141. alexis has left
  142. equil has left
  143. equil has left
  144. jjrh has left
  145. alexis has joined
  146. alexis has left
  147. alexis has joined
  148. alexis has left
  149. alexis has joined
  150. jjrh has left
  151. jjrh has left
  152. alexis has left
  153. Dave Cridland has left
  154. alexis has joined
  155. alexis has left
  156. alexis has joined
  157. alexis has left
  158. alexis has joined
  159. blabla has left
  160. alexis has left
  161. alexis has joined
  162. jjrh has left
  163. alexis has left
  164. alexis has joined
  165. alexis has left
  166. alexis has joined
  167. ta has joined
  168. alexis has left
  169. jjrh has left
  170. jjrh has left
  171. alacer has left
  172. alacer has joined
  173. labdsf has left
  174. labdsf has joined
  175. labdsf has left
  176. labdsf has joined
  177. jjrh has left
  178. Dave Cridland has left
  179. daniel has left
  180. daniel has joined
  181. alexis has joined
  182. SamWhited has left
  183. labdsf has left
  184. labdsf has joined
  185. j.r has joined
  186. jjrh has left
  187. alexis has left
  188. j.r has joined
  189. jjrh has left
  190. ThibG has left
  191. ThibG has joined
  192. j.r has left
  193. j.r has joined
  194. jjrh has left
  195. Dave Cridland has left
  196. mimi89999 has left
  197. mimi89999 has left
  198. mimi89999 has joined
  199. Guus has left
  200. jjrh has left
  201. ta has left
  202. jjrh has left
  203. Guus has joined
  204. alacer has left
  205. moparisthebest has joined
  206. Dave Cridland has left
  207. jjrh has left
  208. lorddavidiii has joined
  209. alexis has joined
  210. alexis has left
  211. jjrh has left
  212. Dave Cridland has left
  213. Dave Cridland has joined
  214. jjrh has left
  215. ta has joined
  216. labdsf has left
  217. labdsf has joined
  218. j.r has joined
  219. karp has left
  220. karp has joined
  221. labdsf has left
  222. lorddavidiii has left
  223. lorddavidiii has joined
  224. jjrh has left
  225. jjrh has left
  226. Neustradamus has left
  227. alacer has joined
  228. alexis has joined
  229. alexis has left
  230. jjrh has left
  231. jjrh has left
  232. alacer has left
  233. Dave Cridland has left
  234. Dave Cridland has joined
  235. Str4tocaster has joined
  236. karp has left
  237. karp has joined
  238. karp has left
  239. karp has joined
  240. karp has left
  241. karp has joined
  242. Str4tocaster has left
  243. alexis has joined
  244. alexis has left
  245. jjrh has left
  246. jjrh has left
  247. alexis has joined
  248. goffi has joined
  249. alexis has left
  250. andy has joined
  251. j.r has joined
  252. Dave Cridland has left
  253. alexis has joined
  254. jjrh has left
  255. ta has left
  256. jjrh has left
  257. alexis has left
  258. alexis has joined
  259. lnj has joined
  260. alexis has left
  261. alexis has joined
  262. jjrh has left
  263. jjrh has left
  264. alexis has left
  265. alexis has joined
  266. Dave Cridland has left
  267. alexis has left
  268. alexis has joined
  269. alexis has left
  270. Nekit has joined
  271. blabla has left
  272. jjrh has left
  273. blabla has joined
  274. alexis has joined
  275. jjrh has left
  276. Guus has left
  277. alexis has left
  278. Guus has joined
  279. alexis has joined
  280. j.r has joined
  281. alexis has left
  282. Ge0rG has left
  283. UsL has left
  284. Dave Cridland has left
  285. Guus has left
  286. jjrh has left
  287. Andrew Nenakhov has left
  288. Andrew Nenakhov has joined
  289. Guus has joined
  290. alexis has joined
  291. alexis has left
  292. alexis has joined
  293. andy has left
  294. andy has joined
  295. alexis has left
  296. Alex has joined
  297. alexis has joined
  298. labdsf has joined
  299. Alex has left
  300. alexis has left
  301. jjrh has left
  302. alexis has joined
  303. jjrh has left
  304. Dave Cridland has left
  305. lorddavidiii has left
  306. Guus has left
  307. Guus has joined
  308. alexis has left
  309. Andrew Nenakhov has left
  310. Andrew Nenakhov has joined
  311. mimi89999 has joined
  312. lorddavidiii has joined
  313. jjrh has left
  314. Zash has left
  315. Guus has left
  316. ta has joined
  317. Valerian has joined
  318. alexis has joined
  319. labdsf has left
  320. Valerian has left
  321. Valerian has joined
  322. alexis has left
  323. jjrh has left
  324. Valerian has left
  325. Valerian has joined
  326. Guus has joined
  327. alacer has joined
  328. Alex has left
  329. alexis has joined
  330. blabla has left
  331. jjrh has left
  332. Guus has left
  333. Guus has joined
  334. waqas has left
  335. Zash has joined
  336. alexis has left
  337. Guus has left
  338. alexis has joined
  339. Dave Cridland has left
  340. alexis has left
  341. alexis has joined
  342. Alex has joined
  343. alexis has left
  344. jjrh has left
  345. jjrh has left
  346. alexis has joined
  347. Guus has joined
  348. alexis has joined
  349. alacer has left
  350. labdsf has joined
  351. alexis has left
  352. alexis has joined
  353. jjrh has left
  354. alexis has left
  355. alexis has joined
  356. jjrh has left
  357. Valerian has left
  358. Valerian has joined
  359. alacer has joined
  360. alexis has left
  361. alexis has joined
  362. Guus has left
  363. Guus has joined
  364. alexis has left
  365. alexis has joined
  366. alexis has left
  367. alexis has joined
  368. jjrh has left
  369. Guus has left
  370. alexis has left
  371. mrdoctorwho has left
  372. j.r has joined
  373. mrdoctorwho has joined
  374. Zash has left
  375. Valerian has left
  376. jjrh has left
  377. jjrh has left
  378. Dave Cridland has left
  379. karp has left
  380. Steve Kille has left
  381. lorddavidiii has left
  382. lorddavidiii has joined
  383. Steve Kille has left
  384. Guus has joined
  385. jjrh has left
  386. jjrh has left
  387. l has joined
  388. pep. has left
  389. Guus has left
  390. Guus has joined
  391. Steve Kille has joined
  392. j.r has joined
  393. jjrh has left
  394. Seve/SouL has joined
  395. alexis has joined
  396. alexis has left
  397. alexis has joined
  398. jjrh has left
  399. jjrh has left
  400. alexis has left
  401. alexis has joined
  402. mrdoctorwho has joined
  403. alexis has left
  404. mrdoctorwho has joined
  405. Seve/SouL has left
  406. jjrh has left
  407. jjrh has left
  408. alexis has joined
  409. alexis has left
  410. jjrh has left
  411. jjrh has left
  412. Zash has left
  413. mrdoctorwho has joined
  414. Dave Cridland has left
  415. mrdoctorwho has joined
  416. Guus has left
  417. Guus has joined
  418. jjrh has left
  419. jjrh has left
  420. karp has joined
  421. jjrh has left
  422. jjrh has left
  423. karp has left
  424. karp has joined
  425. Guus has left
  426. Guus has joined
  427. jjrh has left
  428. Guus has left
  429. Dave Cridland has left
  430. jjrh has left
  431. jjrh has left
  432. Guus has joined
  433. blabla has joined
  434. blabla has joined
  435. Dave Cridland has left
  436. Dave Cridland has left
  437. jjrh has left
  438. Dave Cridland has left
  439. Dave Cridland has left
  440. Andrew Nenakhov has left
  441. Andrew Nenakhov has joined
  442. lskdjf has joined
  443. Guus has left
  444. Guus has joined
  445. Andrew Nenakhov has left
  446. Andrew Nenakhov has joined
  447. Guus has left
  448. js has joined
  449. Dave Cridland has left
  450. js has left
  451. jjrh has left
  452. jjrh has left
  453. Guus has joined
  454. Dave Cridland has left
  455. Guus has left
  456. Guus has joined
  457. jjrh has left
  458. Zash has left
  459. Str4tocaster has joined
  460. alexis has joined
  461. Dave Cridland has left
  462. Zash has left
  463. alexis has left
  464. UsL has joined
  465. jjrh has left
  466. alexis has joined
  467. alexis has left
  468. alexis has joined
  469. Zash has joined
  470. Str4tocaster has left
  471. jjrh has left
  472. jjrh has left
  473. Guus has left
  474. Guus has joined
  475. Guus has left
  476. alexis has left
  477. MattJ has joined
  478. alexis has joined
  479. blabla has left
  480. alexis has left
  481. alexis has joined
  482. alexis has left
  483. Guus has joined
  484. jjrh has left
  485. alexis has joined
  486. blabla has joined
  487. alexis has left
  488. Seve/SouL has left
  489. Dave Cridland has left
  490. alexis has joined
  491. jjrh has left
  492. jjrh has left
  493. ThibG has left
  494. alexis has left
  495. alexis has joined
  496. alexis has left
  497. alexis has joined
  498. Guus has left
  499. Guus has joined
  500. alexis has left
  501. Guus has left
  502. jjrh has left
  503. alexis has joined
  504. alexis has left
  505. Guus has joined
  506. alexis has joined
  507. alexis has left
  508. alexis has joined
  509. alexis has left
  510. jjrh has left
  511. jjrh has left
  512. alexis has joined
  513. Dave Cridland has left
  514. alexis has left
  515. Guus has left
  516. Guus has joined
  517. alexis has joined
  518. alexis has left
  519. Dave Cridland has left
  520. Andrew Nenakhov has left
  521. Andrew Nenakhov has joined
  522. blabla has left
  523. alexis has joined
  524. alexis has left
  525. alexis has joined
  526. jjrh has left
  527. Andrew Nenakhov has left
  528. alexis has left
  529. Andrew Nenakhov has joined
  530. jjrh has left
  531. Guus has left
  532. blabla has left
  533. lorddavidiii has left
  534. lorddavidiii has joined
  535. alexis has joined
  536. Guus has joined
  537. Dave Cridland has left
  538. UsL has left
  539. alexis has left
  540. alexis has joined
  541. blabla has joined
  542. alexis has left
  543. jjrh has left
  544. jjrh has left
  545. alexis has joined
  546. Guus has left
  547. Guus has joined
  548. Guus has left
  549. lnj has left
  550. lnj has joined
  551. Zash has left
  552. lskdjf has joined
  553. lskdjf has joined
  554. Guus has joined
  555. Dave Cridland has left
  556. alexis has left
  557. Zash has left
  558. jjrh has left
  559. jjrh has left
  560. alexis has joined
  561. Alex has left
  562. Zash has left
  563. daniel has left
  564. daniel has joined
  565. jjrh has left
  566. jjrh has left
  567. lumi has joined
  568. Guus has left
  569. Guus has joined
  570. jjrh has left
  571. jjrh has left
  572. Guus has left
  573. Guus has joined
  574. alexis has left
  575. Dave Cridland has left
  576. jjrh has left
  577. Guus has left
  578. Guus has joined
  579. lnj has left
  580. lnj has joined
  581. alacer has left
  582. alacer has joined
  583. jjrh has left
  584. jjrh has left
  585. Guus has left
  586. Guus has joined
  587. lumi has left
  588. lumi has joined
  589. alexis has joined
  590. alexis has left
  591. alacer has left
  592. jjrh has left
  593. jjrh has left
  594. alexis has joined
  595. alacer has joined
  596. Kev has joined
  597. 404.city has joined
  598. Dave Cridland has left
  599. lnj has left
  600. lnj has joined
  601. jjrh has left
  602. Kev has left
  603. lnj has left
  604. lnj has joined
  605. alacer has left
  606. alacer has joined
  607. ta has joined
  608. jjrh has left
  609. jjrh has left
  610. alacer has left
  611. labdsf has left
  612. Andrew Nenakhov has left
  613. Andrew Nenakhov has joined
  614. labdsf has joined
  615. Andrew Nenakhov has left
  616. Andrew Nenakhov has joined
  617. Str4tocaster has joined
  618. jjrh has left
  619. jjrh has left
  620. alacer has joined
  621. lumi has left
  622. Andrew Nenakhov has left
  623. Andrew Nenakhov has joined
  624. Andrew Nenakhov has joined
  625. lumi has joined
  626. Str4tocaster has left
  627. Str4tocaster has joined
  628. ThibG has joined
  629. Dave Cridland has left
  630. jjrh has left
  631. jjrh has left
  632. Str4tocaster has left
  633. Str4tocaster has joined
  634. Str4tocaster has left
  635. Valerian has joined
  636. labdsf has left
  637. labdsf has joined
  638. UsL has joined
  639. lorddavidiii has left
  640. lorddavidiii has joined
  641. Guus has left
  642. Guus has joined
  643. moparisthebest has left
  644. jjrh has left
  645. UsL has left
  646. UsL has joined
  647. jjrh has left
  648. Guus has left
  649. Valerian has left
  650. Valerian has joined
  651. Guus has joined
  652. jjrh has left
  653. jjrh has left
  654. Valerian has left
  655. Valerian has joined
  656. labdsf has left
  657. alexis has joined
  658. alexis has left
  659. alexis has joined
  660. Dave Cridland has left
  661. jjrh has left
  662. alexis has left
  663. alexis has joined
  664. alexis has left
  665. labdsf has joined
  666. Valerian has left
  667. UsL has joined
  668. alexis has joined
  669. Guus has left
  670. Guus has joined
  671. jjrh has left
  672. jjrh has left
  673. lorddavidiii has left
  674. alexis has left
  675. Alex has joined
  676. Guus has left
  677. lorddavidiii has joined
  678. alexis has joined
  679. alexis has left
  680. Alex has left
  681. andy has left
  682. Guus has joined
  683. jjrh has left
  684. jjrh has left
  685. daniel has left
  686. daniel has joined
  687. dos what would be the best approach to implement "carbons", but for the transport contacts? 🤔 (so the message sent directly through the legacy network can show up in the xmpp conversation)
  688. Guus has left
  689. Guus has joined
  690. equil has left
  691. Neustradamus has left
  692. jjrh has left
  693. jjrh has left
  694. alexis has joined
  695. alacer has left
  696. Neustradamus has joined
  697. alacer has joined
  698. alexis has left
  699. alexis has joined
  700. Ge0rG dos: write a new XEP where the transport is allowed to send carbons to a user
  701. alexis has left
  702. Ge0rG dos: there was a thread at https://mail.jabber.org/pipermail/standards/2018-January/034224.html
  703. alexis has joined
  704. Guus has left
  705. Ge0rG f'up at https://mail.jabber.org/pipermail/standards/2018-February/034267.html
  706. alexis has left
  707. alexis has joined
  708. jjrh has left
  709. jjrh has left
  710. alexis has left
  711. Guus has joined
  712. moparisthebest I implemented a, uh, client side transport that way
  713. moparisthebest Kind of, it's a dumb echo component so carbons and mam and such just work for free
  714. jonas’ dos, https://xmpp.org/extensions/xep-0356.html might be interesting in that regard
  715. alacer has left
  716. alacer has joined
  717. jjrh has left
  718. jjrh has left
  719. Guus has left
  720. Guus has joined
  721. alacer has left
  722. alacer has joined
  723. equil has left
  724. goffi dos: what kind of transport are you implementing? Will it be publicly available/libre ?
  725. jjrh has left
  726. alexis has joined
  727. j.r has joined
  728. Guus has left
  729. Dave Cridland has left
  730. alexis has left
  731. alexis has joined
  732. lskdjf has left
  733. alexis has left
  734. labdsf has left
  735. Andrew Nenakhov has left
  736. Andrew Nenakhov has joined
  737. jjrh has left
  738. Andrew Nenakhov has left
  739. Andrew Nenakhov has joined
  740. UsL has joined
  741. alacer has left
  742. alexis has joined
  743. jjrh has left
  744. alexis has left
  745. Guus has joined
  746. Holger has left
  747. jjrh has left
  748. labdsf has joined
  749. Guus has left
  750. Guus has joined
  751. labdsf has left
  752. labdsf has joined
  753. Andrew Nenakhov has left
  754. Andrew Nenakhov has joined
  755. labdsf has left
  756. labdsf has joined
  757. Andrew Nenakhov has left
  758. Andrew Nenakhov has joined
  759. labdsf has left
  760. j.r has joined
  761. Andrew Nenakhov has left
  762. Andrew Nenakhov has joined
  763. vanitasvitae has left
  764. jjrh has left
  765. jjrh has left
  766. labdsf has joined
  767. Guus has left
  768. Dave Cridland has left
  769. alexis has joined
  770. Guus has joined
  771. alexis has left
  772. Andrew Nenakhov has left
  773. Andrew Nenakhov has joined
  774. jjrh has left
  775. alexis has joined
  776. peter has joined
  777. jjrh has left
  778. jjrh has left
  779. lskdjf has left
  780. matlag has left
  781. moparisthebest has left
  782. matlag has joined
  783. lskdjf has left
  784. lskdjf has joined
  785. labdsf has left
  786. tux has joined
  787. jjrh has left
  788. Dave Cridland has left
  789. blabla has left
  790. tux has joined
  791. blabla has joined
  792. Guus has left
  793. Guus has joined
  794. vanitasvitae has left
  795. jjrh has left
  796. Guus has left
  797. lovetox has joined
  798. Guus has joined
  799. lorddavidiii has left
  800. !xsf_martin has joined
  801. !xsf_martin has joined
  802. jjrh has left
  803. jjrh has left
  804. Zash has left
  805. waqas has joined
  806. blabla has joined
  807. lorddavidiii has joined
  808. jjrh has left
  809. jjrh has left
  810. waqas has left
  811. ta has joined
  812. Dave Cridland has left
  813. Guus has left
  814. Guus has joined
  815. jjrh has left
  816. lskdjf has left
  817. jjrh has left
  818. Guus has left
  819. waqas has joined
  820. blabla has joined
  821. Steve Kille has left
  822. Steve Kille has left
  823. vanitasvitae has left
  824. jjrh has left
  825. jjrh has left
  826. daniel has left
  827. daniel has joined
  828. Steve Kille has joined
  829. daniel has left
  830. daniel has joined
  831. Tobias has joined
  832. mimi89999 has left
  833. Tobias has joined
  834. jjrh has left
  835. jjrh has left
  836. blabla has joined
  837. equil has left
  838. equil has joined
  839. ThibG has left
  840. ThibG has joined
  841. Alex has joined
  842. Tobias has joined
  843. Tobias has joined
  844. alacer has joined
  845. Zash has left
  846. jjrh has left
  847. muppeth has left
  848. muppeth has joined
  849. labdsf has joined
  850. j.r has joined
  851. Guus has joined
  852. Andrew Nenakhov has left
  853. blabla has joined
  854. jjrh has left
  855. jjrh has left
  856. Dave Cridland has left
  857. Maranda hm any client doing scram-sha256?
  858. Andrew Nenakhov has left
  859. alexis has joined
  860. SamWhited Maranda: Conversations does, also my dummy test client https://github.com/mellium/communique-tui
  861. Zash has left
  862. Andrew Nenakhov has left
  863. Andrew Nenakhov has joined
  864. jjrh has left
  865. Andrew Nenakhov has joined
  866. jjrh has left
  867. ta has joined
  868. Maranda SamWhited, ok giving it a go then, the code *should* already work with it, I just need to change the hash algorithm.
  869. Maranda SamWhited, ok giving it a go then, the code *should* already work with it, I just need to change the hash algorithm function.
  870. Maranda (and store sha256 keys)
  871. Andrew Nenakhov has left
  872. Andrew Nenakhov has joined
  873. Maranda SamWhited, what Conversations does if one mechanism fails?
  874. Maranda does it try another?
  875. SamWhited Maranda: sort of; it falls back but it's also more complicated than that. If it manages to connect successfully the first time it "pins" the auth mechanism used and will only use one with that or a higher level of security in the future to prevent downgrade attacks
  876. SamWhited So if it uses SCRAM-SHA-1 once it will use SCRAM-SHA-256 if support is added, but if that works and it logs in it won't use SCRAM-SHA-1 anymore.
  877. jjrh has left
  878. jjrh has left
  879. Zash Problem: How do you upgrade the hashes?
  880. Maranda SamWhited, because obviously users will have to change their password to add SHA256 keys
  881. Maranda Zash, you don't
  882. Maranda Zash, I just save keys for both hashing algorithm figured it was much easier that way
  883. SamWhited Zash: do a rolling upgrade when users change passwords?
  884. Maranda Indeed
  885. SamWhited I don't know what's conventional for servers
  886. Maranda SamWhited, but you'll have to save keys for both SHA1 and SHA256
  887. SamWhited Maranda: if you want to support both, yes. Otherwise you can just advertise whichever you have keys for for that particular user.
  888. Zash You don't know which user it is until they try to auth
  889. SamWhited But yah, given that sha-256 isn't wide spread I'd probably keep both
  890. Maranda SamWhited, huhu I'd not try with the "not supporting both"
  891. Zash They have to pick a mechanism first
  892. SamWhited Zash: oh yah, good point, setting "from" isn't required on streams.
  893. SamWhited Storing both for now is probably easy enough though
  894. Maranda For now code just checks if there're keys for one algorithm if not it'll throw a temporary-auth-failure error.
  895. Maranda that's why I asked what Conversations does :P
  896. j.r has joined
  897. Maranda has left
  898. Maranda has left
  899. Maranda has joined
  900. j.r has left
  901. j.r has joined
  902. Dave Cridland has left
  903. ThibG has joined
  904. ThibG has joined
  905. jjrh has left
  906. j.r has left
  907. j.r has joined
  908. Dave Cridland has left
  909. lumi has left
  910. Guus has left
  911. Guus has joined
  912. Guus has left
  913. jjrh has left
  914. jjrh has left
  915. Guus has joined
  916. crowbar.envy has joined
  917. alexis has left
  918. Maranda has left
  919. Maranda has joined
  920. Maranda has left
  921. jjrh has left
  922. Maranda has joined
  923. jjrh has left
  924. Andrew Nenakhov has left
  925. Andrew Nenakhov has joined
  926. derdaniel has left
  927. derdaniel has joined
  928. j.r has left
  929. j.r has joined
  930. j.r has left
  931. j.r has joined
  932. j.r has left
  933. j.r has joined
  934. j.r has left
  935. j.r has joined
  936. Maranda has left
  937. Maranda has joined
  938. jjrh has left
  939. Dave Cridland has left
  940. Zash has left
  941. jjrh has left
  942. Yagiza has left
  943. Maranda has left
  944. Maranda has joined
  945. Maranda has left
  946. j.r has left
  947. j.r has joined
  948. Zash has left
  949. j.r has left
  950. Zash has left
  951. Zash has joined
  952. !xsf_martin has left
  953. !xsf_martin has joined
  954. jjrh has left
  955. jjrh has left
  956. peter has left
  957. jjrh has left
  958. jjrh has left
  959. j.r has joined
  960. equil has left
  961. karp has left
  962. karp has joined
  963. jjrh has left
  964. Yagiza has left
  965. Dave Cridland has left
  966. daniel has left
  967. !xsf_martin has joined
  968. tux has left
  969. Guus has left
  970. Guus has joined
  971. Guus has left
  972. jjrh has left
  973. jjrh has left
  974. !xsf_martin has joined
  975. labdsf has left
  976. Guus has joined
  977. jjrh has left
  978. jjrh has left
  979. labdsf has joined
  980. Andrew Nenakhov has left
  981. Andrew Nenakhov has left
  982. Maranda has joined
  983. Maranda SamWhited, what's that tester code you mentioned again?
  984. Andrew Nenakhov has left
  985. Andrew Nenakhov has left
  986. Maranda (for SCRAM)
  987. labdsf has joined
  988. SamWhited Maranda: https://github.com/mellium/sasl/blob/master/client_test.go
  989. jjrh has left
  990. Dave Cridland has left
  991. SamWhited That reminds me, I still really need to implement the server side of scram in that sasl library
  992. jjrh has left
  993. SamWhited has left
  994. SamWhited has left
  995. labdsf has left
  996. labdsf has joined
  997. Maranda SamWhited, I'm getting some shenanigan with BinaryXOR being performed on ClientSignature and Proof in final message.
  998. Maranda le sigh.
  999. moparisthebest So uh, isn't storing sha1 hash of password server side just as bad as plaintext?
  1000. moparisthebest And basically same deal with sha256 ?
  1001. moparisthebest Seems likely plain auth would be better so you could store it with scrypt or bcrypt?
  1002. SamWhited moparisthebest: it's not a sha1 hash, sha1 is just used for data integrity in an hmac
  1003. moparisthebest So what's the talk about how it's stored?
  1004. Zash PBKDF2
  1005. SamWhited A lot of servers store an intermediate step in the SCRAM process or some other hash.
  1006. pep. moparisthebest, https://stackoverflow.com/questions/4938906/is-sha1-still-secure-for-use-as-hash-function-in-pbkdf2
  1007. Zash To verify bcrypt or scrypt as is, you need the plain text password. SCRAM doesn't require that
  1008. moparisthebest I have to read up on SCRAM
  1009. Zash You do
  1010. jjrh has left
  1011. equil has joined
  1012. Zash It's not comparable with bcrypt. It uses PBKDF2 which does that kind of job, but then there is XOR magic.
  1013. jjrh has left
  1014. Zash has left
  1015. SamWhited moparisthebest: TL;DR when you want to upgrade, for example, a web apps password from bcrypt and salted to something else, say PBKDF2 or argon2, you wait for the user to log in, then you hash the password with bcrypt, compare to make sure it's the right one, then hash it with the new thing and save the new hash. However, with SCRAM you never actually send the password, you send a verifiable proof that you possess the password, but there's no way to upgrade that proof to a proof for a different scheme.
  1016. jonas’ SCRAM is a pretty amazing thing
  1017. jonas’ SamWhited, unless you force the user to change passwords
  1018. jonas’ or downgrade to PLAIN only, which is what I did. (and which Conversations didn’t let me do painlessly)
  1019. jonas’ (which is a good thing imo)
  1020. SamWhited Right, we don't currently have a good way to force upgrades.
  1021. SamWhited It could be done because SCRAM performs mutual authentication, so once the server is authenticated to the client it could send a "please send your password in plain and upgrade to SCRAM-SHA-256" message, but we don't have a way to do that currently.
  1022. pep. IBR doesn't even do SCRAM, which is something I wanted to tackle, but I'll pass the baton to whomever says a word about it :P
  1023. Guus has left
  1024. Maranda has joined
  1025. SamWhited pep. feel free to provide feedback or implementations of https://xmpp.org/extensions/xep-0389.html
  1026. pep. oh
  1027. SamWhited It needs a lot more work, but part of the idea was to let IBR use regular SASL mechanisms
  1028. pep. Thanks, I completely missed it
  1029. jonas’ SamWhited, seems like a thing which SASL2 could do
  1030. jonas’ (the upgrade thing)
  1031. SamWhited yah, it's probably something we should think about.
  1032. Maranda has joined
  1033. jjrh has left
  1034. Maranda has left
  1035. Maranda has joined
  1036. jjrh has left
  1037. crowbar.envy has left
  1038. SamWhited Although, it could probably be backwards compatible by just defining a message the server can send to the client at any time that tells it "clear any pinned auth mechanisms" then the server could force a reconnect and only offer PLAIN the next time.
  1039. pep. That kind of defeats the point of doing SCRAM no?
  1040. SamWhited pep. no, because it would only happen after you've authed the server
  1041. pep. What do you mean
  1042. SamWhited You know you're talking to the correct server, so starting over and using something it can generate hashes from is fine
  1043. pep. But the point of SCRAM for me is that the server doesn't know about your plaintext password. So if you do PLAIN ~
  1044. Guus has joined
  1045. dos jonas’: thanks, haven't though about 356 for that :)
  1046. SamWhited pep. I suppose that's fair
  1047. SamWhited It seems much better to have a way to flexibly and rapidly upgrade auth mechanisms when an attack is discovered than to worry about a server secretly storing your password when it probably got it at some point when you registered anyways
  1048. jjrh has left
  1049. SamWhited It could also just be a "clear your SCRAM-bits cache and don't start from the intermediate step" message too though, I suppose.
  1050. Tobias has left
  1051. Tobias has joined
  1052. pep. You still need to use some protocol to set your password right with SCRAM, does that exist in 389? I haven't read through. TBH I don't mind doing PLAIN with clients that don't support, they should update, that's not my fault. But if possible I want to keep the assumptions the user has with me
  1053. dos goffi: so far I'm just looking at improving spectrum2; my goal is to have proper facebook, hangouts, discord and maybe matrix bridging for use by me and my friends
  1054. SamWhited pep. no, 0398 just provides a way for you to define challenges. It was my intention to define a SASL one.
  1055. pep. ok
  1056. iiro.laiho has joined
  1057. SamWhited But it does add the ability for us to do that
  1058. SamWhited Actually, that one should probably just be one of the mandatory ones that's included in 0398 itself. Right now there's just one for submitting a form like in regular IBR
  1059. Zash has left
  1060. Neustradamus has left
  1061. Neustradamus has joined
  1062. iiro.laiho has left
  1063. jjrh has left
  1064. Kev has joined
  1065. Maranda growls
  1066. Maranda https://pastebin.com/s4usVWMZ
  1067. jjrh has left
  1068. jjrh has left
  1069. labdsf has left
  1070. moparisthebest meh pep. I mean you use a different password with each service anyway, why does it matter if your server has it?
  1071. moparisthebest also lets me support same password for xmpp, email, and http auth easily, and with a strong hash on the server
  1072. pep. moparisthebest, you do, yes
  1073. pep. I am sure 90% of a public service like jabberfr.org doesn't
  1074. moparisthebest my question is, is whatever 'part of scram whatever' that your server stores hard to reverse or not?
  1075. pep. I also do fwiw. It's not me I'm worried about
  1076. Kev has left
  1077. alacer has left
  1078. alacer has joined
  1079. labdsf has joined
  1080. jjrh has left
  1081. jjrh has left
  1082. SamWhited You have to trust the server for the most part anyways, that's part of XMPP's security model and you almost certainly had to send the server your password somehow when you first signed up, so it could have saved it then if it really wanted to
  1083. SamWhited So if you're going to worry about other people reusing passwords and the server saving a plain copy of it, you have a lot more work to do.
  1084. lorddavidiii has left
  1085. pep. SamWhited, yeah, which is why I also want SCRAM/IBR
  1086. lorddavidiii has joined
  1087. pep. step by step
  1088. SamWhited Doesn't seem worth bothering with to me; just send the server your password on occasion. It's not significantly worse from a security standpoint, and might even be significantly better since it allows for more agile password hashing schemes in the event that the one you're using is discovered to be flawed.
  1089. SamWhited But I dunno, I'm just thinking out loud. Maybe there's an easy way to make SCRAM upgrade-able too.
  1090. js has joined
  1091. pep. I wouldn't mind a force password reset fwiw
  1092. peter has joined
  1093. Kev has joined
  1094. Kev has left
  1095. j.r has joined
  1096. pep. I guess we do all that to protect against offline attacks. So when for some reason we want to change hashes, we also don't want to keep $old_hash around, otherwise that defeats the point of why we keep hashes in the first place, which makes us lose the ability to authenticate users at all and certainly require another channel :/
  1097. Zash moparisthebest: The stuff that SCRAM lets you store is hard to reverse, yes.
  1098. moparisthebest but compared to bcrypt/scrypt/?
  1099. jjrh has left
  1100. jjrh has left
  1101. moparisthebest like have cryptographers agreed it is *as* hard to reverse as those
  1102. Zash moparisthebest: It uses a password stretching function called Password Based Key Derivation Function no 2
  1103. Zash I'd put it in the same class of things as bcrypt and scrypt
  1104. Zash I wouldn't consider that part all that important, I'm pretty sure you could switch it out for bcrypt/script/whatever and have the overall SCRAM construct still work
  1105. Zash Thing is, those password stretching functions take a password and some salt and give you a key. SCRAM magic consists of adding two-three layers of hashes on that and some XOR in a way that lets you store the password *everywhere*
  1106. Zash Ie Client can store hashed stuff. Server can store hashed stuff.
  1107. Zash Hashed stuff on the wire.
  1108. Maranda SamWhited, I'm not sure what's wrong here... apparently bxor is broken by some additional x byte in the proof.
  1109. moparisthebest it just sounds very complicated, normally you don't want very complicated in your security proofs
  1110. Zash moparisthebest: It's not all that complicated
  1111. Maranda it's 21 iterations instead of 20, the 21th is truncated and breaks XOR
  1112. Zash moparisthebest: Not sure if you need to understand how it works to understand this description: https://prosody.im/pastebin/6f7b2c8b-8952-458b-a1d2-36d29bacd345
  1113. jjrh has left
  1114. jjrh has left
  1115. SamWhited moparisthebest: PBKDF2 is still considered secure, yes. I beleive OWASP recommends it over scrypt and it's usable if you're looking for FIPS compliance
  1116. moparisthebest yea just wasn't sure if PBKDF2 was what was stored or not
  1117. SamWhited Its weakness is that it can be implemented with very little RAM, scrypt does a better job there
  1118. intosi has left
  1119. intosi has joined
  1120. SamWhited Yah, you can store the salted password after passing it through PBKDF2 or you can take an hmac of the salted password and a server or client KEY and store that (the "scram bits"). This is what I always store (for no particular reason other than it's one less thing to do later)
  1121. j.r has joined
  1122. Zash "StoredKey" is H(HMAC(PBKDF2(password, salt, i), "Client Key"))
  1123. alacer has left
  1124. alacer has joined
  1125. SamWhited ah yah, forgot you re-hash it too
  1126. Zash moparisthebest: https://tools.ietf.org/html/rfc5802#section-3
  1127. ThibG has joined
  1128. SamWhited OWASP recommendations, FWIW: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
  1129. Dave Cridland has left
  1130. SamWhited Hmm, I haven't looked at my SASL implementation in a while, this reminds me that I also need to add some mechanism for caching keys or resuming a calculation so that the user can build a mechanism for caching keys
  1131. SamWhited That's going to be a pain to come up with a good API for
  1132. efrit has joined
  1133. jjrh has left
  1134. jjrh has left
  1135. Maranda has left
  1136. Maranda has joined
  1137. js has left
  1138. Maranda has left
  1139. Maranda has joined
  1140. goffi has left
  1141. jjrh has left
  1142. jjrh has left
  1143. lorddavidiii has left
  1144. Alex has left
  1145. ThibG has left
  1146. ThibG has joined
  1147. tux has joined
  1148. jjrh has left
  1149. jjrh has left
  1150. pep. SamWhited, moparisthebest, fwiw I'd prefer to avoid passwords at all and use client certs I generate. That can leak I don't actually care.
  1151. Maranda has left
  1152. Maranda has joined
  1153. labdsf has left
  1154. labdsf has joined
  1155. Maranda has left
  1156. Maranda has joined
  1157. Dave Cridland has left
  1158. moparisthebest how do you sign in with a new client then?
  1159. moparisthebest if you say password I'm going to ask what the point is :)
  1160. jjrh has left
  1161. jjrh has left
  1162. SamWhited I'd like something like that where when you sign in with a new client it shows a pop-up on your old client and if you hit yes, you're signed in.
  1163. pep. yeah, I was going to say something similar
  1164. pep. Not that I have really researched on the subject
  1165. SamWhited It's hard to get a good UX that way (see OMEMO which is a pain in the ass to use), but I do think it can be done with a lot of work.
  1166. pep. Also you still need another channel for recovery
  1167. SamWhited We should probably get a basic password flow working reasonably well first though.
  1168. SamWhited Yah, recovery is more or less the same no matter what you have. If you want to be able to recover, you need some other channel. Email or what have you.
  1169. Zash What if you have some kind of shared secret that you can remember in your brain?
  1170. pep. Somebody said passwords?
  1171. SamWhited (IBR2 also supports recovery specifically, FWIW)
  1172. lnj has left
  1173. pep. This I really like in 389: A client SHOULD be able to register an account without requiring the user to leave the client. A client MUST be able to use the same mechanism to register an account and to recover a forgotten password (subject to server policy).
  1174. pep. Is there a ordering of XEPs that is not by number btw?
  1175. ThibG has joined
  1176. pep. By category, by..
  1177. pep. Ah there's the page on xmpp.org to filter a bit
  1178. SamWhited That SHOULD should probably be relaxed actually; that really heavily depends on the type of service and probably shouldn't be 2119 language.
  1179. pep. meh, I think that's the most important part for easy-onboarding
  1180. SamWhited Yah, but only if you're doing a purely-XMPP personal server. Specs shouldn't be tailored to those.
  1181. pep. right
  1182. SamWhited purely-XMPP-public-Jabber-network, that is.
  1183. jjrh has left
  1184. jjrh has left
  1185. pep. But then you have to make everything optional in specifications if you want to support every use case
  1186. j.r has left
  1187. j.r has joined
  1188. SamWhited I don't want to support every use case, I just don't want to put stupid hard limits in that serve no purpose that everyone will just ignore anyways
  1189. SamWhited The recommendation is good, but RFC 2119 language isn't really suitable here
  1190. Syndace has left
  1191. Syndace has joined
  1192. SamWhited In other words: we can have a design considerations section, but it shouldn't be normative.
  1193. pep. I was saying that more as a general rule, as in, "it's indentally what happens the more use-case you want to support"
  1194. lskdjf has left
  1195. SamWhited I agree with that, but that's not what's happening here
  1196. pep. k
  1197. SamWhited Even if the spec were deliberately an XMPP-only/public jabber spec for some reason, design considerations that are only tangentially related to the spec probably shouldn't be normative 2119 language
  1198. jjrh has left
  1199. jjrh has left
  1200. SamWhited (I'm not suggesting that entire line should be removed, in case I'm not being clear: just that it should say "should" instead of "SHOULD")
  1201. daniel has left
  1202. pep. I don't think 2119 mandates CAPS does it
  1203. SamWhited pep. it does (or at least, an update does, I forget exactly where it says that)
  1204. pep. "These words are often capitalized"
  1205. pep. So, no
  1206. SamWhited 8174
  1207. pep. oh
  1208. SamWhited I'm saying 2119 out of habit
  1209. pep. hah, I see
  1210. pep. Just for this exact use case :P
  1211. lnj has left
  1212. SamWhited But yah, however it's done I just mean that the language in that sentence should not be normative. I assume lowercase does that, but maybe it would just need to be rephrased.
  1213. js has joined
  1214. js has left
  1215. jjrh has left
  1216. jjrh has left
  1217. moparisthebest has left
  1218. lskdjf has joined
  1219. lskdjf has left
  1220. ThibG has left
  1221. ThibG has joined
  1222. peter My preference as a spec author is to use MUST, SHOULD, MAY etc. only in caps, and to use other words (ought, might, can, etc.) if the normative force is not intended.
  1223. jjrh has left
  1224. daniel has left
  1225. SamWhited Agreed; that's probably a good thing to do to reduce confusion.
  1226. peter Precisely.
  1227. js has joined
  1228. jjrh has left
  1229. lumi has joined
  1230. Zash has left
  1231. blabla has left
  1232. blabla has joined
  1233. peter has left
  1234. Dave Cridland has left
  1235. alexis has joined
  1236. thorsten has left
  1237. daniel has left
  1238. daniel has joined
  1239. waqas has left
  1240. thorsten has joined
  1241. SamWhited has left
  1242. alexis has left
  1243. lovetox has left
  1244. js has left
  1245. jjrh has left
  1246. js has joined
  1247. Maranda Signature 32 bytes, Proof 20 bytes
  1248. Maranda >.>
  1249. Maranda SamWhited, that doesn't look right
  1250. Maranda (what Conversations does)
  1251. alexis has joined
  1252. alexis has left
  1253. Guus has left
  1254. Guus has joined
  1255. Dave Cridland has left
  1256. alexis has joined
  1257. SamWhited I'm not at my desk right now but I did test it against a server impl, it's quite possible something is still wrong though (I'm assuming that's in the scram-sha256 code somewhere?)
  1258. jjrh has left
  1259. alexis has left
  1260. jjrh has left
  1261. alexis has joined
  1262. alexis has left
  1263. alexis has joined
  1264. alexis has left
  1265. alexis has joined
  1266. alexis has left
  1267. jjrh has left
  1268. jjrh has left
  1269. alexis has joined
  1270. waqas has joined
  1271. Dave Cridland has left
  1272. js has left
  1273. moparisthebest has joined
  1274. moparisthebest has joined
  1275. jjrh has left
  1276. 404.city has left
  1277. jjrh has left
  1278. alacer has left
  1279. jjrh has left
  1280. jjrh has left
  1281. Dave Cridland has left
  1282. peter has joined
  1283. alexis has joined
  1284. labdsf has left
  1285. labdsf has joined
  1286. jjrh has left
  1287. jjrh has left
  1288. UsL has joined
  1289. alacer has left
  1290. alacer has joined