-
jonas’
1) Roll Call
-
Zash
EHLO
-
Ge0rG
302 Moved
-
daniel
Hi
-
jonas’
no dwd?
-
jonas’
fun, good thing I can chair
-
jonas’
2) Agenda Bashing
-
jonas’
nothing? perfect
-
jonas’
I’ll still give you a moment, because my MUA is acting up a lot
-
jonas’
and I’m trying to open the agenda I sent :)
-
jonas’
ok, the MUA does not seem to want to fix itself, so let’s try without
-
jonas’
3) Editor’s Update - Calls in progress - LC for XEP-0338 (ends on 2020-06-30)
-
jonas’
(where "without" means I’ll be copy-typing from my phone)
-
jonas’
4) Items for voting
-
jonas’
4a) PR#963: XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails URL: https://github.com/xsf/xeps/pull/963
-
jonas’
Concerns were raised to the Mailing list about this opening up a downgrade attack vector, which I didn’t have time to look into yet, so on-list
-
jonas’
is anyone still here?
-
Zash
Yeeeees
-
jonas’
or did muc.xmpp.org fail for everyone except me?
-
Zash
I guess that reflects reality, but on-list.
-
Guus
You're live.
-
Ge0rG
MUC reflection is a thing, isn't it?
-
jonas’
Ge0rG, doesn’t help if there’s a very non-equally-distributed s2s failure :)
-
Ge0rG
I'm on-list as well, but I'd appreciate input from people who are into server development and into SASL and dialback things.
-
jonas’
I expect Zash to cover all that, except maybe being "into" dialback things.
-
Zash
> I guess that reflects reality
-
Zash
Except Dialback is very rare these days given the success of Let's Encrypt
-
pep.
LE doing dialback for us :-°
-
jonas’
no comment from daniel?
-
Zash
Yeah, Dialback is equivalent ish to the verification LE does, so I don't think it's a downgrade attack
-
daniel
Sorry changing trains just no. Will read backlog in a second
-
jonas’
if we assume that LE is being used
-
Ge0rG
both fail under the assumption that the attacker is on the network path between you and the other party, right?
-
jonas’
so this certainly looks odd, because it mandates dialback if and only if the hostname did not match
-
jonas’
Ge0rG, though LE uses multiple vantage points to make that harder
-
daniel
Or at least they will be?
-
jonas’
maybe
-
daniel
I'm not sure it has been deployed yet
-
jonas’
implementations details of LE are not of concern for the spec anyways
-
Ge0rG
We got a dwd
-
dwd
Hello, sorry I'm late, got pulled into something last minute.
-
dwd
Are we still on 4a)?
-
Ge0rG
dwd: yes
-
dwd
OK, good.
-
Ge0rG
jonas’: I think we need to move that to the list
-
jonas’
dwd, no worries
-
jonas’
Ge0rG, I tend to agree
-
Ge0rG
maybe explicitly ask for input from server developers.
-
jonas’
it would be nice if someone else could start a thread right away, because (a) my MUA is a mess right now and (b) I’ll be heading out right after this meeting
-
Zash
Wasn't there a thread already?
-
Zash
Can continue there
-
dwd
So I'm comfortably +1 on this, but really because whether an initiator decides to move onto Dialback (and whether a Receiver accepts it) isn't predicated on whether SASL EXTERNAL failed or not.
-
dwd
Also i looked for a thread on this earlier and couldn't spot one - what's the subject line?
-
jonas’
I wasn’ta ware of a thread either
-
Zash
Subject: Re: [Standards] XMPP Council Agenda 2020-06-24
-
jonas’
ah.
-
jonas’
well
-
Zash
Well. Not a separate thread.
-
dwd
Ah-ha.
-
Ge0rG
it was just a single mail asking whether that's a downgrade attack
-
jonas’
I suppose a separate thread would be more discoverable.
-
dwd
It's not a downgrade attack, but I'll explain there in more detail.
-
jonas’
do we have a volunteer to start the thread or shall we delegate that to the editors?
-
Ge0rG
it would be great if somebody who's both a server developer and in Council could do that.
-
dwd
I'll start a thread.
-
Zash
dwd: But is it best practice?
-
jonas’
dwd, thank you :)
-
Ge0rG
dwd: +1
-
dwd
Zash, I think whether it's "best" is largely irrelevant.
-
jonas’
can we move on?
-
Zash
sure
-
jonas’
or do you think there’s need to discuss this here?
-
jonas’
taking that as a no
-
dwd
Let's move on.
-
jonas’
5) Outstanding Votes
-
jonas’
I incorrectly accused dwd for having one
-
jonas’
which I take the full blame for, I misread the doomsheet
-
Ge0rG
I've sent a -1 for PR #961
-
jonas’
thanks
-
jonas’
so we’re clear
-
jonas’
6) Date of Next
-
Ge0rG
I hope I'm out of old debt now, any only owe a vote for today's 4a
-
jonas’
Ge0rG, you are
-
Ge0rG
+1W WFM
-
daniel
+1w wfm
-
jonas’
+1w most-likely wfm, #thankscorona
-
Zash
+1
-
dwd
+1WFM.
-
jonas’
excellent
-
jonas’
7) AOB
-
jonas’
dwd, any news on the video call? :)
-
dwd
Ah, yes. I remember that now.
-
jonas’
I’ll take that as a "no" :)
-
dwd
I have scribbled.
-
jonas’
I can’t properly interpret that verb
-
dwd
I have written something down to remind myself I need to arrange a time, URL, etc for a Council video chat.
-
jonas’
ah, right
-
jonas’
any other AOB?
-
Zash
None here.
-
daniel
No
-
Ge0rG
nope
-
jonas’
thanks
-
jonas’
8) Ite Meeting Est
-
jonas’
thank you everyone
-
Ge0rG
thank you jonas’
-
Ge0rG
thank you Tedd
-
Ge0rG
thank you everyone
-
Zash
Thanks all
-
dwd
Thanks jonas’ and Tedd.