jdev - 2020-07-04


  1. debacle has left
  2. Жокир has left
  3. Жокир has joined
  4. Жокир has left
  5. Жокир has joined
  6. Vaulor has left
  7. Жокир has left
  8. Wojtek has left
  9. test2 has joined
  10. test2 has left
  11. test2 has joined
  12. Жокир has joined
  13. Neustradamus has left
  14. Жокир has left
  15. Жокир has joined
  16. Neustradamus has joined
  17. test2 has left
  18. test2 has joined
  19. test2 has left
  20. test2 has joined
  21. Vaulor has joined
  22. SouL has left
  23. SouL has joined
  24. Yagizа has joined
  25. Жокир has left
  26. Жокир has joined
  27. Жокир has left
  28. Жокир has joined
  29. Жокир has left
  30. Жокир has joined
  31. Жокир has left
  32. Жокир has joined
  33. Vaulor has left
  34. paul has joined
  35. Vaulor has joined
  36. lovetox has joined
  37. serge90 has left
  38. serge90 has joined
  39. lovetox has left
  40. martin has joined
  41. asterix has joined
  42. Жокир has left
  43. Жокир has joined
  44. asterix has left
  45. asterix has joined
  46. lovetox has joined
  47. sonny has left
  48. sonny has joined
  49. martin has left
  50. martin has joined
  51. test2 has left
  52. lovetox has left
  53. lovetox has joined
  54. waqas has left
  55. xecks has joined
  56. paul has left
  57. paul has joined
  58. paul has left
  59. paul has joined
  60. debacle has joined
  61. drops has left
  62. drops has joined
  63. drops has left
  64. drops has joined
  65. test2 has joined
  66. adiaholic_ has left
  67. adiaholic_ has joined
  68. Жокир has left
  69. Жокир has joined
  70. Жокир has left
  71. Жокир has joined
  72. eta has left
  73. Жокир has left
  74. eta has joined
  75. Жокир has joined
  76. adiaholic_ has left
  77. adiaholic_ has joined
  78. Alex has left
  79. test2 has left
  80. test2 has joined
  81. debacle has left
  82. Alex has joined
  83. SouL has left
  84. SouL has joined
  85. adiaholic_ has left
  86. adiaholic_ has joined
  87. Martin has left
  88. martin has left
  89. Martin has joined
  90. martin has joined
  91. Yagizа has left
  92. adiaholic_ has left
  93. debacle has joined
  94. martin has left
  95. martin has joined
  96. test2 has left
  97. test2 has joined
  98. pulkomandy has left
  99. pulkomandy has joined
  100. debacle has left
  101. adiaholic_ has joined
  102. lovetox has left
  103. pulkomandy has left
  104. pulkomandy has joined
  105. adrien has left
  106. adrien has joined
  107. Yagizа has joined
  108. paul has left
  109. paul has joined
  110. Yagizа has left
  111. Yagizа has joined
  112. Жокир has left
  113. Жокир has joined
  114. test2 has left
  115. SouL has left
  116. SouL has joined
  117. pulkomandy has left
  118. pulkomandy has joined
  119. debacle has joined
  120. adiaholic_ has left
  121. adiaholic_ has joined
  122. martin has left
  123. xecks has left
  124. Vaulor has left
  125. Seve has left
  126. SouL has left
  127. SouL has joined
  128. Vaulor has joined
  129. xecks has joined
  130. Жокир has left
  131. Жокир has joined
  132. pulkomandy has left
  133. pulkomandy has joined
  134. Жокир has left
  135. Жокир has joined
  136. Жокир has left
  137. Жокир has joined
  138. Жокир has left
  139. Жокир has joined
  140. debacle has left
  141. Жокир has left
  142. Жокир has joined
  143. rion has left
  144. rion has joined
  145. pulkomandy has left
  146. pulkomandy has joined
  147. Жокир has left
  148. Жокир has joined
  149. adiaholic_ has left
  150. adiaholic_ has joined
  151. Жокир has left
  152. Жокир has joined
  153. Жокир has left
  154. Жокир has joined
  155. sonny has left
  156. sonny has joined
  157. Жокир has left
  158. Жокир has joined
  159. pulkomandy has left
  160. pulkomandy has joined
  161. moparisthebest has left
  162. moparisthebest has joined
  163. sonny has left
  164. sonny has joined
  165. Жокир has left
  166. sonny has left
  167. sonny has joined
  168. sonny has left
  169. sonny has joined
  170. sonny has left
  171. sonny has joined
  172. waqas has joined
  173. kikuchiyo has left
  174. kikuchiyo has joined
  175. sonny has left
  176. xecks has left
  177. xecks has joined
  178. pulkomandy has left
  179. pulkomandy has joined
  180. sonny has joined
  181. kikuchiyo has left
  182. kikuchiyo has joined
  183. paul has left
  184. paul has joined
  185. kikuchiyo has left
  186. sonny has left
  187. kikuchiyo has joined
  188. kikuchiyo has left
  189. kikuchiyo has joined
  190. sonny has joined
  191. sonny has left
  192. kikuchiyo has left
  193. kikuchiyo has joined
  194. adiaholic_ has left
  195. adiaholic_ has joined
  196. lovetox has joined
  197. debacle has joined
  198. sonny has joined
  199. sonny has left
  200. sonny has joined
  201. sonny has left
  202. sonny has joined
  203. sonny has left
  204. sonny has joined
  205. sonny has left
  206. sonny has joined
  207. sonny has left
  208. sonny has joined
  209. pulkomandy has left
  210. pulkomandy has joined
  211. sonny has left
  212. sonny has joined
  213. sonny has left
  214. sonny has joined
  215. adiaholic_ has left
  216. adiaholic_ has joined
  217. sonny has left
  218. sonny has joined
  219. sonny has left
  220. sonny has joined
  221. sonny has left
  222. sonny has joined
  223. sonny has left
  224. sonny has joined
  225. sonny has left
  226. test2 has joined
  227. sonny has joined
  228. sonny has left
  229. sonny has joined
  230. test2 has left
  231. sonny has left
  232. sonny has joined
  233. pulkomandy has left
  234. pulkomandy has joined
  235. sonny has left
  236. sonny has joined
  237. test2 has joined
  238. sonny has left
  239. sonny has joined
  240. sonny has left
  241. sonny has joined
  242. test2 has left
  243. test2 has joined
  244. sonny has left
  245. test2 has left
  246. test2 has joined
  247. test2 has left
  248. test2 has joined
  249. lovetox in Gajim you can trust a self signed cert that a server offers
  250. lovetox what Gajim does is, it adds it to a kind of cert store (not the system one)
  251. lovetox and later if it gets UNKNOWN_CA, it just checks the store if the user trusts this cert
  252. lovetox now if someone knows i trust a specific self signed cert, could the creator of that cert impersonate another server?
  253. lovetox i think no, because changing stuff like domain within the cert, would change the fingerprint of the cert, and then the certs are not equal anymore, hence new trust decision
  254. lovetox is this correct?
  255. Zash Is that trust store per account or 'global'?
  256. lovetox global
  257. lovetox basically a server offers a cert, and i get the fingerprint and look if there is a cert with that fingerprint in the trust store
  258. lovetox question is, changing the domain a cert is valid for, changes the fingerprint
  259. lovetox or not?
  260. Zash the fingerprint for the entire cert would cover the entire cert
  261. Zash including all the names
  262. Zash it sounds like it may be possible for such a server to impersonate another server you have an account on, if you connect there somehow?
  263. Zash do you verify the names in self-signed certs tho?
  264. lovetox no, thats just one step in the verify process
  265. lovetox of course i let the ssl lib first verify the cert normally
  266. lovetox afterwards it offers me errors
  267. lovetox like UNKNOWN_CA
  268. lovetox if UNKNOWN_CA is the *only* error on the cert
  269. lovetox i check the trust store
  270. Zash in prosody there are no name checks if the CA is untrusted, I don't know how your code works
  271. pulkomandy has left
  272. lovetox of course if htere are other errors like, BAD_IDENTITY or other stuff
  273. pulkomandy has joined
  274. lovetox this is shown to the user
  275. Yagizа has left
  276. Yagizа has joined
  277. lovetox hence if the someone manipulates the trusted cert, so it links to another domain, to circumvent a BAD_IDENTITY error
  278. lovetox it would change the fingerprint of the cert
  279. lovetox hence Gajim would not find it anymore in the trust store
  280. lovetox and raise UNKNOWN_CA
  281. Zash You know, since this is security related, it might be best to quietly test whether it's exploitable before talking about it in public :)
  282. test2 has left
  283. test2 has joined
  284. lovetox i dont think this is exploitable, and even if, nobody is forced to accept self signed certs
  285. lovetox but i wouldnt know how otherwise i can support self signed certs
  286. lovetox without presenting the user on every connect with a cert error dialog
  287. Zash What happens if the server later switches to a CA-issued cert?
  288. Zash IMO it would make sense to have such trust decisions be saved per account, just to be sure.
  289. lovetox its verified ok and user is not notified about it
  290. lovetox yes Zash thats what i was thining about
  291. lovetox i have no concrete reason, but if feels a bit better
  292. pulkomandy has left
  293. pulkomandy has joined
  294. Zash Some users would probably want a warning if the certificate changed from a self-signed to a CA-issued one.
  295. Zash Depending on why a self-signed cert was in used at all.
  296. Zash If it's just a temporary cert until a CA issued one can be gotten, then it probably doesn't matter.
  297. Zash If it's someone who doesn't trust CAs at all running the server, then it'd be suspicious if it suddenly had a CA-issued one.
  298. Yagizа has left
  299. lovetox yeah probably right
  300. lovetox but i dont care about that one guy that wants that thing
  301. sonny has joined
  302. sonny has left
  303. sonny has joined
  304. sonny has left
  305. sonny has joined
  306. asterix has left
  307. sonny has left
  308. sonny has joined
  309. adiaholic_ has left
  310. adiaholic_ has joined
  311. aj has joined
  312. aj has left
  313. test2 has left
  314. test2 has joined
  315. sonny has left
  316. sonny has joined
  317. adiaholic_ has left
  318. adiaholic_ has joined
  319. lovetox has left
  320. paul has left
  321. sonny has left
  322. sonny has joined
  323. sonny has left
  324. sonny has joined
  325. sonny has left
  326. sonny has joined
  327. martin has joined
  328. sonny has left
  329. sonny has joined
  330. waqas has left
  331. Жокир has joined
  332. martin has left
  333. Vaulor has left