-
jonas’
does someone want to double-check whether I’m right to say "fix your deployment" here: https://github.com/horazont/aioxmpp/issues/324 ?
-
Daniel
Yes
-
Daniel
I mean it would probably also work if he just sets localhost as a hostname
-
Daniel
Not sure if and how aioxmpp supports that
-
jonas’
the setup is weird
-
jonas’
I think it’s truly remote, but still uses 127.0.0.1 as JID domain
-
jonas’
told them before that that’s a bad idea
-
jonas’
we had a very fun thread here already: https://github.com/horazont/aioxmpp/issues/322
-
Daniel
I mean in any case your verifier isn't wrong
-
jonas’
I wanted to say that their certificate isn’t for localhost, but for some real internet name
-
Daniel
Though in Conversations it'll accept the hostname as well when you specify it somewhere
-
Daniel
The important bit is that the user entered it somewhere
-
jonas’
yeah
-
jonas’
I could implement that, and I probably should at some point, but it’s a bit tricky (as outlined in my comment) because the way how you can override the hostname is also the way aioxmpp for example stores the SM recnonection point.
-
jonas’
and that’s where the security implications of trusting the hostnames in that list become slightly more tricky
-
Daniel
Yeah for a library you can also probably just have the user inject their own verifier
-
Daniel
You need that anyway if you want to accept self signed certs
-
jonas’
oh, they could do that, too. but that’s much crazier.
-
jonas’
and easy to get wrong
-
jonas’
so I hesitate to recommend that
-
Daniel
Well given the scope of their crazy deployment...
-
jonas’
hm, the hostname does indeed not resolve
-
jonas’
I mean if it’s purely local, they can just set no_verify=True and call it a day
-
jonas’
FWIW, for self-signed certs we have the Pinning verifier built-in. It allows for a callback to check the certificate; since that’s interactive it’s disabled by default.
-
Daniel
Oh. It's a Cisco thing
-
Daniel
Obviously
-
ralphm
pubsub.127.0.0.1. I like it :-D
-
jonas’
yeah…
-
Ellenor Malik
About the inbox XEP on omemo file upload. They're planning on changing the initialisation vector.
-
jonas’
I don’t know of an inbox XEP on OMEMO file upload
-
vanitasvitae
jonas’: https://github.com/xsf/xeps/blob/master/inbox/omemo-media-sharing.xml
-
vanitasvitae
This one probably?
-
Daniel
Which is not changing the length of the Iv by the way
-
jonas’
which is also irrelevant
-
jonas’
because it was rejected
-
jonas’
(irrelevant standards-wise, either way)
-
Daniel
It's somewhat relevant because tons of people are using it
-
jonas’
yeah
-
Daniel
I mean maybe not for the xsf
-
jonas’
but it’s not changing anything, it hasn’t been touched in a while
-
Daniel
#SuperInbox
-
Ge0rG
Everything is horrible
-
ralphm
Welcome to software!
-
Zash
s/software/humanity/
-
Zash
Errare humanum est.
-
Daniel
It's not though
-
ralphm
,perseverare autem diabolicum.✎ -
ralphm
, perseverare autem diabolicum. ✏
-
Daniel
Is that the new for a new hot sauce?
-
ralphm
It is the continuation of the saying, that translates as "but to persist (in error), is diabolical".
-
ralphm
Make of that what you will.
-
Ellenor Malik
ralphm: isn't there a rule against languages which are not English?
-
ralphm
L.S. I'd make an exception for a bit of Latin now and then. I.e. languages like English, French, Dutch, etc. are full of Latin phrases. E.g. the one above.
-
Ge0rG
There is also a certain kind of people who are full of Latin phrases.
-
Ellenor Malik
medecins
-
ralphm
Ge0rG: I'll use simpler words.
-
jonas’
I need someone to remind me out-of-band that I need to reapply.
-
jonas’
I totally missed the emails on members@, I’m going to set a calendar reminder, but I know I often unintentionally ignore/miss those, too
-
MattJ
Oh, thanks
-
jonas’
Daniel, too
-
Zash
Roadtrip‽
-
pep.
I'd be up for another roadtrip!
-
Ge0rG
jonas’: do you consider xmpp as in band or out of band?