KanchilZash: http://logs.xmpp.org/council/130911/#19:47:26:
Chatroom logs for council@muc.xmpp.org (Wednesday, September 11, 2013)
Dave CridlandZash, Certificate pinning via TACK?
Dave CridlandZash, Seems like a substantial amount of work for little gain. You can get the same general protection from DANE - that is, protection from third-party CAs issuing bad certs - with a lot more, for less effort.
ZashDave Cridland: But TACK seems to have a bigger marketing budget!
ZashSo it'll win!
Zash:(
Dave CridlandThe advantage of TACK is that is handles this particular pinning case without infrastructure support. That's certainly useful, of course.
Zashralphm: Why is Thijs "xnyhps" not on planet jabber yet? :)
Tobiasbut TACK doesn't seem to be implemented in the foreseeable future, or is it?
ZashDNSSEC deployment isn't that fast either
Dave CridlandTobias, TLSlite implements it I think. I assume so anyway.
Dave CridlandZash, That *seems* faster to me.
TobiasTLSlite, what's that? the python tls implementation
ZashSomething like HSTS for XMPP should be fairly simple ...
Tobiasis HSTS really needed? TLS is the default in the XMPP world, unlike the HTTP world
Dave CridlandThe intent is to protect against future downgrade attacks.
ZashRight.
ralphmZash: because I'm slow
TobiasDave Cridland, downgrade from TLS to non-TLS?
ralphmZash: and had a funeral yesterday
ZashTobias: Strip the starttls advertisment.
Zashralphm: Oh, sorry. No hurry.
Dave Cridlandie, I connect to my server, and get my connection policy blob. Next day, I connect to my server, and it has no TLS, but my connection policy blob says my server always offers TLS, so I ditch the connection.
Tobiasright
Tobiasbut shouldn't clients complain anyway if TLS is not available?
ZashWe could just never allow non-TLS if TLS succeeded once.
TobiasZash, right..or that
ZashAnd never allow invalid certs if the cert was valid once
Zashetc
Dave CridlandZash, There are operational issues there, I suspect.
Tobiascould completely life in the implementations
Tobiaswithout need of standard
ZashYeah
ZashSomething like HSTS would be an explicit approval of doing that.
ZashI'm not sure we really need it
Dave CridlandZash, More importantly, that's a hand-waving exercise - there's no way to know if your clients support that, and there's enough kinks and choices that a pathway through to some kind of downgrade might be important.
Dave CridlandFor real entertainment, we could have a XMLSec signed document with the connection security policy in it, and then be able to access that via a number of methods. But hey.
Keviq:get after authentication.
KevI win.
Tobiasaren't you supposed to be holidaying? ;)
ZashHaving DANE records published also implies that tls should be supported.
Dave CridlandI was thinking in terms of iq:get from other servers and such.
Dave CridlandZash, Yes, this is certainly true.
KevTobias: Never reveal in public when someone's not at home.
KevTobias: And yes, although I'm back home now.
TobiasKev, ah.oops.right..sry
Dave CridlandTobias, It's OK, I'm sure Kanchil keeps an eye on the place.
TobiasDave Cridland, sure
waqashas joined
Tobiascool...drag and drop invite worked for waqas :)
waqasHello
Tobiaswaqas, we're just discussing security improvements to XMPP
waqashas strong opinions on that...
Tobiaswaqas, which are?
waqasWell, there are multiple separate aspects of the XMPP network that are weak. Bad clients (cert verification issues, cipher suites, etc), bad server deployments (SSLv2, bad cipher suites, PLAIN over unencrypted), server software defaults, etc
waqasThen we have the separate class of security missing entirely from XMPP: encrypted jingle, e2e encryption, etc
waqasSome of this requires activism, while some requires standards work
Tobiasbad ciphers and so probably falls into the activism area
waqasSomething like a validation service might help the server deployment side of things a lot
KevI think an Informational XEP here might be in order.
waqasI'm +1 to that
Tobiasalso i'd interesting to have some kind of MITM protection, i.e. if your usual cert is suddenly replaced by some other strange cert (i know it sounds vague)
waqasIt would also be nice if support for that XEP was required to get on the xmpp.net server list :)
Tobiaswaqas, the xmpp.net list is a whole other topic...it doesn't seem to really scale
KevTobias: I think an Informational for that is interesting too.
waqasA validation service would help it scale to some degree. For better or worse, a lot of public XMPP deployments want to be on that. If the XSF can use that to upgrade the security of the XMPP network, that's a good thing IMO.
ralphmanother thing is that server implementations generally don't alert admins about bad certs
TobiasKev, what would be the rough gist of it?
KevTobias: Sounds too much like work for a holiday :p
Dave CridlandYou've seen PSA's new I-D on XMPP and TLS?
KevOnly that it exists.
TobiasKev :P
KevThat covers cyphers, but not pinning stuffs, I think?
Dave CridlandRight, it addresses much of waqas's easily addressable concerns.
KevI'll read it at some point :)
waqasIt seems like a good start
Dave Cridlandwaqas, But yes, we should require claims of conformance to various specifications to be listed, I think.
waqasDoes anyone know how bad compatibility issues are with dropping SSLv3? Is most everything supporting TLS1.0 these days?
Dave Cridlandwaqas, Most of the figures I've seen relate to browsers. I don't know about XMPP, I suspect we're generally TLSv1.0 and up.
ralphmI also want to note that SSLv3 is entirely not supported, spec-wise.
ralphmand never has been for XMPP 1.0
waqasI assume most of you have read xnyhps's (Adium dev) recent posts regarding client cipher suites?
waqasThe three "State of XMPP TLS" posts: https://blog.thijsalkema.de/
waqasHe has been gathering data on what cipher suites, etc different actual clients support
waqasThis sort of information can feed directly into client+server software configuration defaults, and given most deployments don't bother changing defaults, would help improve security
waqasIt also gives data required for pestering software vendors to fix their stuff
waqasAlso, jabber.org might be able to do a whole lot in getting deployments updated. If jabber.org disabled certain bad things, e.g., SSLv3 or export ciphers or required TLS crypto for everyone except Google (can the software pull that off?) or Google went away, etc, other deployments of both servers and clients would simply be forced to follow.
waqasFew compatibility concerns in XMPP land has been as strong as the desire to stay compatible with jabber.org, and this is a fact which can be used to force change
waqas*have
Dave Cridlandwaqas, I think M-Link's manuals are publi, and as such, I think I can safely say that TLS options in M-Link are global, and not tied to peer controls - TLS requirement and certificate pinning are at the peer level, though.
ralphmwaqas: the problem with whitelisting GTalk is that you have to do it based on the resolved host, because there are so many domains there.
Tobiasright...or delegating new user registrations to servers which have decent security
ralphmI think even Prosody doesn't support it in that way.
waqasYep, which is bad, but such a thing would be strictly better than what we currently have
Dave Cridlandralphm, Ah, good point. So jabber.org couldn't simply whitelist Google; it does these things by name.
waqasAnd I freely admit it's a bit of wishful thinking, which while possible, isn't implemented anywhere
Zashralphm: Plugin could do that ;)
Dave CridlandOf course, this is one thing we all thought we could do with Google dropping S2S, except they kind of haven't.
waqasAnd I suspect they might not for a long time
waqasHeck they might decide to never drop it, and we'll have this insecure s2s situation forever
ralphmZash: of course, but the existing config support for that only works on domains
jabberjockehas joined
waqasI notice mention of HSTS in the room history. That's a nice-to-have thing. We don't have a spec like that, but a client notifying me when it connects to a server and has stuff changed (different cert, but more importantly: weaker security), would be useful to me at least
waqasI'm not entirely clear on what this discussion is. Part of the council meeting? Just random discussion after it? :)
Zashwaqas: Do you think we need a HSTS-ish spec?
Zashspec/protocol
Dave Cridlandwaqas, Random discussion because we'd not left since yesterday.
waqasCould the current HTTP-ish HSTS spec be used in some way? I don't recall what it looked like. Was it just an HTTP header? If so, a stream feature would be all the spec work required?
Zashwaqas: Header saying don't accept plain connections for N time
ralphmso, everyone here, if you are planning on going to the XMPP Summit in Portland, and haven't signed up in the wiki yet: WHY NOT!
Zashralphm: Expensive and far away.
Dave CridlandAnd if you're not coming, I think the six of us who are will find a really good bar and whole up for the evening.
Dave CridlandHole up, even.
waqasDave Cridland: MattJ and I don't drink… we'll just be staring at you the whole time
Tobiaswaqas, +1 on that
ralphmZash: to be sure, I wasn't asking why people were not planning to come.
ralphmZash: it appears that we have a bunch of people that are going to, but we don't know about them
TobiasZash, was fosdem acceptable regarding the costs?
Dave Cridlandwaqas, You're coming?
waqasDave Cridland: Well, I'm in the US, and have a realtimeconf ticket, so: probably
ZashTobias: I think so. But I skimped on accomodation costs by staying with friends.
Tobiaswaqas, US must have a nice visa process ^^
Dave CridlandTobias, Yeah, but he has to get through TSA with that name...
waqasTobias: Surprisingly easier than Belgium. It was a lot more well-defined.
TobiasDave Cridland, he could just put a turban on and would be fine
waqasAnd the TSA was being weird both times I arrived. The security seemed to be missing entirely at JFK.
Dave CridlandJFK can be hit and miss. It's usually horribly crowded for me, though hey seem to be rebuilding it.
ralphmI never went there
waqasNo scanners, no questioning, no baggage checks (I literally could have walked out with anyone's luggage both times), I saw no real evidence of the TSA
ralphmAMS->PDX FTW
TobiasPDX?
ralphmTobias: Portland, OR
Tobiasahh
Dave Cridlandralphm, I'll be CWL->AMS->???->DCA, and DCA->PDX, then PDX->AMS->CWL.
m&moy
ralphmDave Cridland: AMS->PDX->SFO->AMS for me
ralphmm&m: hi
m&mwaves
ralphmwaqas: go sign up at http://wiki.xmpp.org/web/Summit_14
Dave Cridlandralphm, Right; I can't fly into DCA from outside the US, and refuse to fly into Dulles, so...
Kanchilralphm: http://wiki.xmpp.org/web/Summit_14:
Summit 14 - XMPP Wiki
waqasWell, I need to check out of this hotel, was just about to leave when Tobias invited me here, so I'll be on a train for an hour. Hopefully my input was useful in some way :)
Dave Cridlandwaqas, Sign up first.
waqasDone
ralphmwaqas: what Dave Cridland said, because we can then maybe still do a hotel package deal
waqasAh good, I was wondering about what to do about a hotel
Dave CridlandThat's now 6 awesome people. And me.
Dave Cridlandwaits for someone else to tell him he's awesome too.
KevI won't be able to make it.
waqasI'm running off now folks
waqaswaves
KevBibi.
waqashas left
ralphmKev: good save regarding Dave's ponderance
Dave CridlandYeah, thanks guys.
ZashDave Cridland: You're awesome.
ralphmFor what it is worth, I did include you in my oob assertion.
m&mI'm going to be missing out myself
m&mwould have been good to hang out with such awesome people