XSF Discussion - 2019-12-01

  1. DebXWoody

    Maybe xmpp URI Support on Codeberg https://codeberg.org/Codeberg/Community/issues/102 :-)

  2. pep.

    DebXWoody, cool :)

  3. pep.

    You should also link to the RFC to make it easier to find maybe, https://tools.ietf.org/html/rfc5122

  4. DebXWoody

    pep., thanks. Done

  5. pep.

    Are there any companies doing some lobbying to the CA/Browser Forum btw? I was just reminded of that. Guus, you were providing hosted solutions right iirc?

  6. pep.

    Daniel ^

  7. pep.

    To get proper XMPP certs ^

  8. Daniel

    I'm afraid that we don't have the budget for that

  9. pep.

    Maybe lots of small budgets can make for a bigger one :)

  10. Zash

    If you put two small budgets a large distance apart they can function as one large budget! https://www.xkcd.com/1922/

  11. jonas’

    what kind of budget are we talking about?

  12. jonas’

    because this seems like some way to spend XSF funds

  13. Zash bookmarks https://github.com/letsencrypt/boulder/issues/1309

  14. pep.

    yeah that's the well-known one :)

  15. pep.

    That's what I get in my browser now when I start typing "boulder"

  16. Daniel

    In my experience posh works relatively well

  17. Daniel

    I'd just lobby xmpp clients to implemt that

  18. Zash

    But web :(

  19. moparisthebest

    Or public key pinning with DANE

  20. moparisthebest

    Just have to get everyone off the terrible .im TLD that doesn't support DNSSEC

  21. Zash

    Isn't that a different issue?

  22. Ge0rG

    moparisthebest: or shame them into finally implementing that abandoned dead end of crypto specification

  23. moparisthebest

    Zash: no you don't need the cert signed by a CA in that case at all

  24. Zash

    I don't think you really even need a cert. Not sure what the state of raw public keys in TLS is tho.

  25. Zash

    DANE is apparently doing pretty well in the email space tho.