sonnyhttps://xmpp.org/rfcs/rfc6120.html#streams-error-conditions-see-other-host it's unclear to me, should I attempt direct TLS if the original intention was to connect using direct TLS?
Wojtekhas joined
sonnydirect TLS not being part of RFC 6120 I would say no but it says "the initiating entity MUST apply the same policies it would have applied to the original connection"
MattJI think "policies" means something different here
sonny"(e.g., a policy requiring TLS)" doesn't help 😀
sonnyI mean if the user intentation was to use direct TLS wouldn't that qualify as a policy?
ajhas left
bhaveshsguptahas left
bhaveshsguptahas joined
wurstsalathas left
wurstsalathas joined
bhaveshsguptahas left
bhaveshsguptahas joined
jrmuhas left
jrmuhas joined
jrmuhas left
jrmuhas joined
bhaveshsguptahas left
bhaveshsguptahas joined
bhaveshsguptahas left
tomat least in email everybody uses TCP/587 STARTTLS now and refuses to connect if TLS isn't negotiated successfully
tomTCP/467 is only for legacy reasons
bhaveshsguptahas joined
jonas’you wish
ZashOh submission/-s, not imap/-s. But it'll probably be 443 soon anyways 🙁
tomit is if you try to shoehorn every last god damn thing into a browser
Zashno, for real, everyone's singing high praise for jmap
Zashwhich is json+https, like everything else
KevI'm not opposed to a j-xmpp for the last mile, I think it makes quite a lot of sense. Despite jabs about xmpp over json.
jrmuhas left
jrmuhas joined
jrmuhas left
jrmuhas joined
Wojtekhas left
Wojtekhas joined
jrmuhas left
jrmuhas joined
debaclehas joined
lovetoxhas joined
marc0shas left
marc0shas joined
qqhas joined
jrmuhas left
jrmuhas joined
qqhas left
asterixhas joined
asterixHi Daniel, I'm ready to test conversation <-> Gajim FT
Danielasterix, ok
Danielcan you add me on daniel@gultsch.de
jrmuhas left
jrmuhas joined
jrmuhas left
jrmuhas joined
Wojtekhas left
Wojtekhas joined
jrmuhas left
rionhas left
rionhas joined
jrmuhas joined
Wojtekhas left
bhaveshsguptahas left
bhaveshsguptahas joined
Wojtekhas joined
lovetoxhas left
jrmuhas left
jrmuhas joined
jrmuhas left
jrmuhas joined
jrmuhas left
jrmuhas joined
Egor Leontevhas joined
Egor Leontevhas left
asterixhas left
skyfarhas joined
jrmuhas left
moparisthebesttom: you missed https://tools.ietf.org/html/rfc8314 which brings smtps over TCP port 465 back
tomhuh
moparisthebestAlso IMAP/pop3/managesieve can go over any 443 or TLS port with their registered alpn extensions https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
tomwhat happens when we stop using TLS like we did with SSL?
moparisthebestBasically STARTLS is the deprecated way
moparisthebestWhat do you mean?
tomwith cleartext init when TLS becomes deprecated we just deny STARTTLS and put in a STARTNGE (next generation encryption)
tomIs STARTTLS any less secure than TLS?
moparisthebestQuic ? :)
moparisthebestIt's complicated, but basically yes
tomdoes anybody even use that besides google?
moparisthebestBecause it allows non encrypted and that's not acceptable today
tomlike the failure of webp
moparisthebestYes, everyone
tommoparisthebest no, the server and or client can refuse further coms unless STARTLS is negotiated
wurstsalathas left
tomtechnically TLS is cleartext until KEX happens
moparisthebestIn practice though, it's impossible to try TLS and accidentally communicate in clear text
tomI'm skeptical of QUIC and the security of stream ciphers
moparisthebestNot true with STARTLS
moparisthebestYou better tell someone because like 50% of the web is already using it
tomyeah
tomand people adopted TLS session ticketing and got compromised too
tomand then people adopted the complex HTTP/2 protocol too early before extensive in-practice testing could be finished and become vulnerable to RCEs
moparisthebestI think it'll be great for xmpp too, no more stream management, just proper roaming
tomI'm not saying it's not worh researching, I'm saying that calling STARTTLS or TCP/TLS 'deprecated' in favor of stream ciphers and UDP based transports is premature
tomand I would like to see some practical examples of STARTTLS being less secure than TLS
tom>moparisthebest: You better tell someone because like 50% of the web is already using it
Not on my routers and DPI points
moparisthebestThere are plenty of examples of ISPs stripping starttls and bad clients etc still connecting
moparisthebestI also don't know what you mean by stream ciphers, as I understand it quic *essentially* uses TLS 1.3
moparisthebestLet me ask a different question instead, what advantage does Starttls have over direct TLS? I can't think of one
tomif a client program connects in cleartext despite being configured not to that's a defect with the program not the protocol.
tomyes, look at archived mailing lists from server operators of why we switched to a STARTTLS system in the first place?
tom*.
moparisthebestTo save ports by allowing encrypted and unencrypted on the same port right?
moparisthebestAnd now everyone agrees there should never be unencrypted, so again, what's the point?
tomStream ciphers are ciphers that can tolerate a dropped packets or other parts of the stream and not have to renegotiate
tomthis makes stopping stream tampering more difficult
tomtake AES for example
tomnormally you'd operate it in GCM mode
tomnot CTR mode
tomwe do this because there are all kinds side channels that open up when using it in stream mode
tomlike for example if you happen you run out of entropy, you expose your private key
moparisthebestHas there been major problems with DTLS? Surely it's similar
moparisthebestI'm not a cryptographer but I trust the IETF to get it right
tomcompound this with that popularity of virtualization, embedded computers, and Intel's backdoored hardware RNG blackbox
tomit would be the first time a standards body had a malicious agenda https://en.wikipedia.org/wiki/Dual_EC_DRBG
tomnot saying it's impossible to have an unbreakable sidechannel free stream cipher, just saying it's really hard to get right and historically it's been done wrong a lot of times
debaclehas left
moparisthebestthat was NIST not IETF and many people knew from the start it was backdoored