jdev - 2020-09-11


  1. edhelas

    hello :)

  2. edhelas

    do you know where I can find some servers to test Direct TLS, I'd like to have cases where the DNS returns the "." SRV

  3. Ge0rG

    maybe somebody has a test instance, I wouldn't expect anybody using that setup in prod

  4. lovetox

    i guess you need a server that has setup that special dns entry

  5. lovetox

    because almost all servers support direct tls

  6. lovetox

    or lets say, many

  7. Guus

    edhelas: IgniteRealtime.org has, but I suspect that the s2s direct TLS implementation is broken

  8. lovetox

    oh you mean s2s

  9. Guus

    C2S is also enabled there

  10. Guus

    (with direct TLS on port 5223)

  11. Guus

    (should have the DNS srv records?

  12. Guus

    (should have the DNS srv records)

  13. pep.

    lovetox, many implementations support it, that doesn't say anything about deployments

  14. pep.

    Well, whatever default there is would probably be a majority

  15. pep.

    I don't remember prosody nor ejabberd enabling that by default

  16. Guus

    They don't? Curious, what's the downside?

  17. Martin

    What are you talking about? Xmpps srv records for direct tls?

  18. pep.

    Martin, yes

  19. pep.

    Guus, maybe it's just a matter of not doing it "yet", maybe it isn't. Personally I don't have that setup on my own server and I'm still alive and well

  20. Guus

    Ah, for just s2s that makes sense, yes

  21. pep.

    I'm talking about c2s mostly

  22. Guus

    Doesn't direct TLS outdate StartTLS?

  23. lovetox

    pep., alsmost all servers that i see offer direct tls

  24. lovetox

    conversations.im, jabber.fr are the most obvious

  25. Zash

    Outdate? Where'd you get that from?

  26. Guus

    I mean outdate as in "is older than". I based that on nothing but the order in which both were implemented in Openfire (where direct TLS was referenced to as the legacy way of doing things)

  27. lovetox

    yes funny in old gajim code direct tls was also named legacy

  28. lovetox

    would it be sensible for a server to remove all pending sub requests when i block a user

  29. Zash

    Yes

  30. lovetox

    i think ejabberd doesnt do this

  31. Zash

    Oh right it doesn't say this in https://xmpp.org/extensions/xep-0191.html#impl

  32. Zash

    Just that it MAY cancel existing subscriptions, which I don't think is a good idea

  33. lovetox

    im not even talking about subscriptions

  34. lovetox

    im talking about requests

  35. Zash

    I know

  36. lovetox

    ejabberd just sends me peridocally the requests again and again

  37. Zash

    Can you deny it after blocking?

  38. lovetox

    no

  39. lovetox

    actually i do deny it before blocking

  40. lovetox

    why the hell is ejabberd still sending me this

  41. Zash

    In prosody the denying would get blocked, which is why we delete pending subscription requests. Something of an implementation detail tho.

  42. Zash

    Letting you deny it yourself would also have worked.

  43. Zash

    As someone mentioned yesterday however, it might be a good idea to tell the user/client that the sub request was retracted

  44. Zash

    Prosody doesn't currently, it just silently deletes

  45. Zash

    lovetox: This kind of stuff ought to go into that Implementation Notes section

  46. lovetox

    yeah

  47. Zash

    You probably don't want to reject the sub request before blocking, IIRC this notifies the sender that your account exists which is probably not desirable.

  48. pep.

    If a user provides a custom host I don't do SRV right? Just A/AAAA if the thing is resolvable even (might be an IP?)

  49. Zash

    Yes

  50. lovetox

    yes pep.

  51. pep.

    I'm tried really hard coming up with examples of when sombody would need SRV with a custom host, and I got one, probably not worth handling just yet (until somebody comes grumping, then, maybe.)

  52. pep.

    An admin could server a domain foo.bar that doesn't point to their server baz.qxx, which server has a specific DNS setup that needs SRV resolution :x

  53. pep.

    An admin could serve a domain foo.bar that doesn't point to their server baz.qxx, which server has a specific DNS setup that needs SRV resolution :x

  54. pep.

    At this point I'd probably just tell them "use a different custom domain", or PRs welcome

  55. lovetox

    custom host means, connect to that host, not do srv and connect to another host

  56. lovetox

    because then you could just put that host in there

  57. pep.

    in where

  58. lovetox

    in the custom host field

  59. pep.

    yeah so what I said

  60. lovetox

    custom host is probably only used if you are to lazy or in a situation where you dont want to setup the dns

  61. Zash

    Or some cases where you can't access DNS properly, like with Tor

  62. lovetox

    if tor is activated, i just pass domain.org:5222 to TOR

  63. lovetox

    if that fails to connect, there is nothing you can do and need to abort

  64. pep.

    How do you know it's tor? Is that not handled by proxychains or similar?