XMPP Council - 2020-06-24


  1. jonas’

    1) Roll Call

  2. Zash

    EHLO

  3. Ge0rG

    302 Moved

  4. daniel

    Hi

  5. jonas’

    no dwd?

  6. jonas’

    fun, good thing I can chair

  7. jonas’

    2) Agenda Bashing

  8. jonas’

    nothing? perfect

  9. jonas’

    I’ll still give you a moment, because my MUA is acting up a lot

  10. jonas’

    and I’m trying to open the agenda I sent :)

  11. jonas’

    ok, the MUA does not seem to want to fix itself, so let’s try without

  12. jonas’

    3) Editor’s Update - Calls in progress - LC for XEP-0338 (ends on 2020-06-30)

  13. jonas’

    (where "without" means I’ll be copy-typing from my phone)

  14. jonas’

    4) Items for voting

  15. jonas’

    4a) PR#963: XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails URL: https://github.com/xsf/xeps/pull/963

  16. jonas’

    Concerns were raised to the Mailing list about this opening up a downgrade attack vector, which I didn’t have time to look into yet, so on-list

  17. jonas’

    is anyone still here?

  18. Zash

    Yeeeees

  19. jonas’

    or did muc.xmpp.org fail for everyone except me?

  20. Zash

    I guess that reflects reality, but on-list.

  21. Guus

    You're live.

  22. Ge0rG

    MUC reflection is a thing, isn't it?

  23. jonas’

    Ge0rG, doesn’t help if there’s a very non-equally-distributed s2s failure :)

  24. Ge0rG

    I'm on-list as well, but I'd appreciate input from people who are into server development and into SASL and dialback things.

  25. jonas’

    I expect Zash to cover all that, except maybe being "into" dialback things.

  26. Zash

    > I guess that reflects reality

  27. Zash

    Except Dialback is very rare these days given the success of Let's Encrypt

  28. pep.

    LE doing dialback for us :-°

  29. jonas’

    no comment from daniel?

  30. Zash

    Yeah, Dialback is equivalent ish to the verification LE does, so I don't think it's a downgrade attack

  31. daniel

    Sorry changing trains just no. Will read backlog in a second

  32. jonas’

    if we assume that LE is being used

  33. Ge0rG

    both fail under the assumption that the attacker is on the network path between you and the other party, right?

  34. jonas’

    so this certainly looks odd, because it mandates dialback if and only if the hostname did not match

  35. jonas’

    Ge0rG, though LE uses multiple vantage points to make that harder

  36. daniel

    Or at least they will be?

  37. jonas’

    maybe

  38. daniel

    I'm not sure it has been deployed yet

  39. jonas’

    implementations details of LE are not of concern for the spec anyways

  40. Ge0rG

    We got a dwd

  41. dwd

    Hello, sorry I'm late, got pulled into something last minute.

  42. dwd

    Are we still on 4a)?

  43. Ge0rG

    dwd: yes

  44. dwd

    OK, good.

  45. Ge0rG

    jonas’: I think we need to move that to the list

  46. jonas’

    dwd, no worries

  47. jonas’

    Ge0rG, I tend to agree

  48. Ge0rG

    maybe explicitly ask for input from server developers.

  49. jonas’

    it would be nice if someone else could start a thread right away, because (a) my MUA is a mess right now and (b) I’ll be heading out right after this meeting

  50. Zash

    Wasn't there a thread already?

  51. Zash

    Can continue there

  52. dwd

    So I'm comfortably +1 on this, but really because whether an initiator decides to move onto Dialback (and whether a Receiver accepts it) isn't predicated on whether SASL EXTERNAL failed or not.

  53. dwd

    Also i looked for a thread on this earlier and couldn't spot one - what's the subject line?

  54. jonas’

    I wasn’ta ware of a thread either

  55. Zash

    Subject: Re: [Standards] XMPP Council Agenda 2020-06-24

  56. jonas’

    ah.

  57. jonas’

    well

  58. Zash

    Well. Not a separate thread.

  59. dwd

    Ah-ha.

  60. Ge0rG

    it was just a single mail asking whether that's a downgrade attack

  61. jonas’

    I suppose a separate thread would be more discoverable.

  62. dwd

    It's not a downgrade attack, but I'll explain there in more detail.

  63. jonas’

    do we have a volunteer to start the thread or shall we delegate that to the editors?

  64. Ge0rG

    it would be great if somebody who's both a server developer and in Council could do that.

  65. dwd

    I'll start a thread.

  66. Zash

    dwd: But is it best practice?

  67. jonas’

    dwd, thank you :)

  68. Ge0rG

    dwd: +1

  69. dwd

    Zash, I think whether it's "best" is largely irrelevant.

  70. jonas’

    can we move on?

  71. Zash

    sure

  72. jonas’

    or do you think there’s need to discuss this here?

  73. jonas’

    taking that as a no

  74. dwd

    Let's move on.

  75. jonas’

    5) Outstanding Votes

  76. jonas’

    I incorrectly accused dwd for having one

  77. jonas’

    which I take the full blame for, I misread the doomsheet

  78. Ge0rG

    I've sent a -1 for PR #961

  79. jonas’

    thanks

  80. jonas’

    so we’re clear

  81. jonas’

    6) Date of Next

  82. Ge0rG

    I hope I'm out of old debt now, any only owe a vote for today's 4a

  83. jonas’

    Ge0rG, you are

  84. Ge0rG

    +1W WFM

  85. daniel

    +1w wfm

  86. jonas’

    +1w most-likely wfm, #thankscorona

  87. Zash

    +1

  88. dwd

    +1WFM.

  89. jonas’

    excellent

  90. jonas’

    7) AOB

  91. jonas’

    dwd, any news on the video call? :)

  92. dwd

    Ah, yes. I remember that now.

  93. jonas’

    I’ll take that as a "no" :)

  94. dwd

    I have scribbled.

  95. jonas’

    I can’t properly interpret that verb

  96. dwd

    I have written something down to remind myself I need to arrange a time, URL, etc for a Council video chat.

  97. jonas’

    ah, right

  98. jonas’

    any other AOB?

  99. Zash

    None here.

  100. daniel

    No

  101. Ge0rG

    nope

  102. jonas’

    thanks

  103. jonas’

    8) Ite Meeting Est

  104. jonas’

    thank you everyone

  105. Ge0rG

    thank you jonas’

  106. Ge0rG

    thank you Tedd

  107. Ge0rG

    thank you everyone

  108. Zash

    Thanks all

  109. dwd

    Thanks jonas’ and Tedd.