XMPP Council - 2016-05-17

  1. Flow

    SamWhited: Shouldn't that be 2016 instead 2015 in xep45?

  2. Tobias

    https://github.com/tfar/xeps/commit/7be5da2654d55d453e1020f5c45ef92a550db222 opinions on it before i send it to the editor?

  3. ralphm

    Tobias: you should use &tobias; ?

  4. Tobias

    however that entity uses my private contact data :)

  5. ralphm

    (and probably update xep.ent)

  6. Dave Cridland

    Tobias, I don't really think we should be introducing new algorithms even at SHOULD, let alone MUST.

  7. Tobias

    MUST could be a bit extreme yeah...but MAY would be too light I think

  8. ralphm

    I also expected some new text at the descriptions of MD5 and SHA1 to reflect the changes in that table.

  9. Dave Cridland

    Introducing a new MUST declares every implementation non-conformant. Introducing a new SHOULD means every implementation is not strictly conformant. MAY is "entirely optional", but we can - relatively easily - introduce at MAY and note that this is expected to increase to a HSOULD or MUST in a review in 6 months.

  10. Tobias

    ralphm, ok..will add those

  11. Dave Cridland

    Or even a SHOULD.

  12. Kev

    I would SHOULD, I think, if this is the right direction.

  13. Kev

    MUST seems inappropriate in the absense of a blazing fire.

  14. Tobias

    well..we sure want to encourage people to support SHA-2 and SHA-3

  15. ralphm

    Tobias: but what about http://xmpp.org/extensions/xep-0300.html#existing ?

  16. ralphm

    Don't we need to update each of these first?

  17. ralphm

    It seems to me that making SHA-1 a 'MAY' isn't reflecting reality

  18. Tobias

    if we update these first we'll never update xep-0300

  19. ralphm

    Good point

  20. ralphm

    Tobias: I'll wait for your edits in the prose first them

  21. ralphm

    then

  22. Tobias

    "Microsoft,[7] Google[8] and Mozilla[9][10][11] have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017." so we might aswell advise people to slowly move away from it

  23. Tobias

    and yeah...the related XEPs probably will require updates too, but I think they should depend on XEP-0300 and not the other way around

  24. Tobias

    while they rarely actually use XEP-0300 but use a dedicated XML representation

  25. ralphm

    But the prose on SHA-1 already says you shouldn't use it for signing

  26. ralphm

    hashing should still(?) be fine?

  27. Tobias

    https://en.wikipedia.org/wiki/SHA-1#The_SHAppening

  28. ralphm

    I know about this. My question is, again, does that practically impact the use of SHA-1 as is done in our existing extension?

  29. ralphm

    That you want to discourage it for new protocols seems obvious

  30. Tobias

    that's why i suggested MAY for SHA-1 and not SHOULD NOT or MUST NOT

  31. ralphm

    Tobias: we agree here, I am curious about the other protocols referenced in section 8

  32. Tobias

    in the end the XEP is a recommendation anyway...it totally depends on the implementation if, let's say a entity caps implementation based on SHA-256 takes off, or if clients doing jingle ft provide stronger hashes

  33. ralphm

    I get this, but Section 8 provides an analysis about the use of SHA-1 in existing applications and my question is: should that section be updated to reflect the findings of the SHAppening

  34. Tobias

    probably, can't hurt :)

  35. Tobias

    will also add that lataer

  36. Tobias

    will also add that later

  37. ralphm

    I am also curious if anyone is working on an updated CAPS

  38. Tobias

    i don't have it currently on my plate...mostly just 300, a jingle URI and an asynchronous file sharing XEP

  39. ralphm

    jingle ft should be changed to replace the references to sha-1 before making it to draft, probably?

  40. Dave Cridland

    As far as I know, SHA-1 is looking shakey for collisions, but not preimage. MD5 is still immune to preimage too, but it's sufficiently fast that brute forcing is an option in many cases - SHA-1 is headed that way. Interestingly, HMAC used to provide some protection for collisions, but this is also now broken.

  41. ralphm

    Dave Cridland: right. But Jingle FT is still experimental, if we think that SHA-1 will be completely broken soonish, maybe we should start fixing the examples with a different hash function.