jdev - 2022-02-24

  1. debacle has left

  2. dezant has left

  3. goffi has left

  4. moparisthebest has left

  5. moparisthebest has joined

  6. thomaslewis has joined

  7. thomaslewis has left

  8. thomaslewis has joined

  9. thomaslewis has left

  10. thomaslewis has joined

  11. thomaslewis has left

  12. larma has left

  13. larma has joined

  14. larma has left

  15. spectrum has joined

  16. thomaslewis has joined

  17. thomaslewis has left

  18. thomaslewis has joined

  19. thomaslewis has left

  20. Millesimus has left

  21. thomaslewis has joined

  22. thomaslewis has left

  23. thomaslewis has joined

  24. Millesimus has joined

  25. thomaslewis has left

  26. thomaslewis has joined

  27. thomaslewis has left

  28. thomaslewis has joined

  29. thomaslewis has left

  30. sonny has left

  31. Millesimus has left

  32. thomaslewis has joined

  33. thomaslewis has left

  34. thomaslewis has joined

  35. thomaslewis has left

  36. thomaslewis has joined

  37. xnamed has joined

  38. thomaslewis has left

  39. thomaslewis has joined

  40. Millesimus has joined

  41. thomaslewis has left

  42. thomaslewis has joined

  43. thomaslewis has left

  44. mac has joined

  45. thomaslewis has joined

  46. thomaslewis has left

  47. thomaslewis has joined

  48. thomaslewis has left

  49. Millesimus has left

  50. al has joined

  51. Millesimus has joined

  52. thomaslewis has joined

  53. thomaslewis has left

  54. thomaslewis has joined

  55. thomaslewis has left

  56. al has left

  57. thomaslewis has joined

  58. thomaslewis has left

  59. thomaslewis has joined

  60. nephele has joined

  61. thomaslewis has left

  62. nephele has left

  63. nephele has joined

  64. SouL has joined

  65. nephele has left

  66. nephele has joined

  67. nephele has left

  68. nephele has joined

  69. nephele has left

  70. nephele has joined

  71. moparisthebest

    does anyone know of a live server I can find a /.well-known/posh/xmpp-client.json or /.well-known/posh/xmpp-server.json on ?

  72. 9lakes has left

  73. nephele has left

  74. nephele has joined

  75. nephele has left

  76. jubalh has left

  77. antranigv has left

  78. al has joined

  79. Yagizа has joined

  80. thomaslewis has joined

  81. thomaslewis has left

  82. COM8 has joined

  83. COM8 has left

  84. COM8 has joined

  85. COM8 has left

  86. atomicwatch has left

  87. msavoritias has joined

  88. jalal has joined

  89. atomicwatch has joined

  90. Millesimus has left

  91. mirux has joined

  92. Millesimus has joined

  93. marc0s has left

  94. marc0s has joined

  95. me9 has joined

  96. thomaslewis has joined

  97. goffi has joined

  98. 9lakes has joined

  99. xecks has left

  100. selurvedu has joined

  101. me9 has left

  102. selurvedu has left

  103. nephele has joined

  104. nephele has left

  105. nephele has joined

  106. emus has joined

  107. wurstsalat has joined

  108. nephele has left

  109. goffi has left

  110. emus has left

  111. kikuchiyo has joined

  112. emus has joined

  113. marc has joined

  114. SouL has left

  115. SouL has joined

  116. jonas’

    moparisthebest, anything hosted by conversations.im, I think

  117. thomaslewis has left

  118. jonas’

    though apparently not *anything*

  119. jonas’

    but some things

  120. jonas’

    the one (private) domain I knew of did not have it

  121. kikuchiyo has left

  122. mac has left

  123. MattJ

    moparisthebest, https://badxmpp.eu/ to the rescue

  124. MattJ

    Specifically posh.badxmpp.eu

  125. kikuchiyo has joined

  126. Laura has left

  127. al has left

  128. jalal has left

  129. jalal has joined

  130. nephele has joined

  131. Laura has joined

  132. xnamed has left

  133. kfv has left

  134. kfv has joined

  135. al has joined

  136. sonny has joined

  137. rafasaurus has left

  138. rafasaurus has joined

  139. nephele has left

  140. xecks has joined

  141. pulkomandy has left

  142. Kev has joined

  143. emus has left

  144. xecks has left

  145. Kev has left

  146. Kev has joined

  147. nephele has joined

  148. Kev has left

  149. Kev has joined

  150. nephele has left

  151. xecks has joined

  152. emus has joined

  153. xnamed has joined

  154. abdullah has left

  155. abdullah has joined

  156. al has left

  157. larma has joined

  158. goffi has joined

  159. Millesimus has left

  160. xecks has left

  161. antranigv has joined

  162. mac has joined

  163. spectrum has left

  164. rafasaurus has left

  165. antranigv has left

  166. pasdesushi has joined

  167. jalal has left

  168. debacle has joined

  169. kfv has left

  170. kfv has joined

  171. jubalh has joined

  172. lovetox has left

  173. Laura has left

  174. Wojtek has joined

  175. jalal has joined

  176. Dele Olajide has joined

  177. Laura has joined

  178. Dele Olajide has left

  179. Dele Olajide has joined

  180. mac has left

  181. Wojtek has left

  182. Wojtek has joined

  183. Dele Olajide has left

  184. Dele Olajide has joined

  185. Dele Olajide has left

  186. Kev has left

  187. Kev has joined

  188. Millesimus has joined

  189. jubalh has left

  190. Millesimus has left

  191. inky has left

  192. PapaTutuWawa has joined

  193. lovetox has joined

  194. xecks has joined

  195. Matrix Traveler (bot) has left

  196. homebeach has left

  197. Matrix Traveler (bot) has joined

  198. homebeach has joined

  199. selurvedu has joined

  200. mac has joined

  201. Laura has left

  202. Wojtek has left

  203. Wojtek has joined

  204. Millesimus has joined

  205. Laura has joined

  206. Ingolf has left

  207. Ingolf has joined

  208. jubalh has joined

  209. xecks has left

  210. kikuchiyo has left

  211. jubalh has left

  212. jubalh has joined

  213. kikuchiyo has joined

  214. al has joined

  215. abdullah has left

  216. mac has left

  217. mac has joined

  218. Sam has left

  219. Sam has joined

  220. moparisthebest

    MattJ: thanks! Praise zash as usual :)

  221. Zash


  222. moparisthebest

    jonas’: that was my first stop, but none on conversations.im itself and I don't know anything hosted by it offhand

  223. Wojtek has left

  224. MattJ

    Also note that you probably won't find xmpp-server.json anywhere in the wild

  225. MattJ

    We've discussed just using xmpp-client for s2s :)

  226. Wojtek has joined

  227. moparisthebest

    MattJ: like just combining them both and allowing any match?

  228. MattJ


  229. moparisthebest

    I honestly can't think of a problem with that

  230. spectrum has joined

  231. antranigv has joined

  232. jgart has left

  233. MattJ

    I think we should ensure implementations never let POSH override DANE or better mechanisms. In particular, there really ought to be a secure way to opt out of POSH, but I can't think of anything except that

  234. rafasaurus has joined

  235. MattJ

    e.g. I would rather if my web hosting provider didn't have the ability to compromise my XMPP service with the presence of a file or two

  236. mac has left

  237. al has left

  238. mac has joined

  239. moparisthebest has left

  240. oxtyped has joined

  241. oxtyped has left

  242. oxtyped has joined

  243. PapaTutuWawa has left

  244. PapaTutuWawa has joined

  245. oxtyped has left

  246. moparisthebest has joined

  247. goffi has left

  248. moparisthebest

    That makes sense, the downside of course is that hardly anyone does DNSSEC

  249. Wojtek has left

  250. moparisthebest

    MattJ: DANE obviously ranks above all, where does POSH rank against CAs though?

  251. moparisthebest

    Though... Now that I'm thinking about it, I'm not positive it's more common for people to host their own DNSSEC than HTTPS ?

  252. moparisthebest

    As in it'd be more likely for your DNS host to compromise your XMPP server than your web hosting provider? Maybe?

  253. Kev

    POSH is roughly equivalent to CA (if LE) isn't it?

  254. moparisthebest

    Kev: I can't immediately come up with a convincing argument as to how they are different yea

  255. moparisthebest

    I guess if your DNS host is compromised it's game over anyway, as they can not only set DANE but also get certificates and host your https and XMPP... So "evil web host" is an additional attack vector on top of that existing one

  256. jalal has left

  257. Kev

    Ah, you're right. CA is better than POSH even when LE.

  258. moparisthebest

    Better or the same?

  259. Millesimus has left

  260. moparisthebest

    Will if you can get a ca cert there's no need to do posh I guess? So posh is an additional attack vector on top of an existing one? *Unless* your web host that hosts posh is protected with Dane??????

  261. moparisthebest

    My head hurts

  262. Kev

    If you use POSH there's one extra machine (potentially) that compromising would affect the trust chain.

  263. Kev

    (And if it's not an extra machine, you may as well not use POSH)

  264. moparisthebest

    Yea, unless DANE

  265. Kev

    Even if DANE, no?

  266. moparisthebest

    Hmm... Need more coffee

  267. Kev

    Assuming you mean DANE of the POSH host (because if you DANE on XMPP you don't need it on the POSH host).

  268. Kev

    Because if the POSH host is compromised (host itself, not DNS), it's an extra point that can lie, despite having valid certs.

  269. moparisthebest

    Thinking about it, if you can do Dane why have POSH

  270. Kev

    If you can DANE on the XMPP host, yes, POSH doesn't seem to do anything (to me).

  271. moparisthebest

    A Dane capable client wouldn't check Dane on posh because it would never get there

  272. Wojtek has joined

  273. moparisthebest

    So absent Dane, you basically have to trust CA *or* POSH

  274. moparisthebest

    There's no secure way to say "please don't trust POSH" other than DANE

  275. moparisthebest

    And POSH isn't the only way your https host can compromise your XMPP server, websockets/Bosh can do it too

  276. Kev

    If you expose those, yes.

  277. Millesimus has joined

  278. moparisthebest

    No, even if you don't expose them right?

  279. MattJ

    No, an attacker who has access to your web server can advertise any BOSH/WS URLs and intercept your XMPP traffic using those mechanisms (and that discovery mechanism)

  280. moparisthebest


  281. goffi has joined

  282. dormouse has left

  283. jubalh has left

  284. thomaslewis has joined

  285. nephele has joined

  286. thomaslewis has left

  287. Zash

    DANE > (POSH if some conditions else PKIX) or somesuch

  288. nephele has left

  289. nephele has joined

  290. jubalh has joined

  291. xnamed has left

  292. moparisthebest

    would any of you care to provide feedback on my very related adding things to xep-156 host-meta proposal in council@ ? :)

  293. Wojtek has left

  294. jubalh has left

  295. syrupthinker has joined

  296. xnamed has joined

  297. xecks has joined

  298. nephele has left

  299. selurvedu has left

  300. selurvedu has joined

  301. jubalh has joined

  302. jubalh has left

  303. dormouse has joined

  304. abdullah has joined

  305. jalal has joined

  306. thomaslewis has joined

  307. thomaslewis has left

  308. jubalh has joined

  309. xnamed has left

  310. syrupthinker has left

  311. goffi has left

  312. larma has left

  313. syrupthinker has joined

  314. larma has joined

  315. larma has left

  316. pulkomandy has joined

  317. nephele has joined

  318. nephele has left

  319. nephele has joined

  320. 9lakes has left

  321. pulkomandy has left

  322. nephele has left

  323. nephele has joined

  324. thomaslewis has joined

  325. thomaslewis has left

  326. PapaTutuWawa has left

  327. nephele has left

  328. TheCoffeMaker has left

  329. TheCoffeMaker has joined

  330. thomaslewis has joined

  331. thomaslewis has left

  332. thomaslewis has joined

  333. thomaslewis has left

  334. nephele has joined

  335. nephele has left

  336. nephele has joined

  337. 9lakes has joined

  338. selurvedu has left

  339. rafasaurus has left

  340. spectrum has left

  341. antranigv has left

  342. nephele has left

  343. pulkomandy has joined

  344. marc has left

  345. PapaTutuWawa has joined

  346. marc has joined

  347. marc has left

  348. marc has joined

  349. moparisthebest

    actually I'm not sure order really matters, I mean, you can apply the order for outbound connections, but for incoming s2s you basically just have to apply "any of DANE or CA or POSH goes" right ?

  350. 9lakes has left

  351. moparisthebest

    the end result being your webhost can make outgoing S2S connections on your behalf 100% of the time ?

  352. mac has left

  353. xnamed has joined

  354. Dele Olajide has joined

  355. PapaTutuWawa has left

  356. thomaslewis has joined

  357. nephele has joined

  358. thomaslewis has left

  359. nephele has left

  360. nephele has joined

  361. al has joined

  362. nephele has left

  363. nephele has joined

  364. abdullah has left

  365. abdullah has joined

  366. 9lakes has joined

  367. Dele Olajide has left

  368. nephele has left

  369. Wojtek has joined

  370. Laura has left

  371. nephele has joined

  372. nephele has left

  373. nephele has joined

  374. nephele has left

  375. nephele has joined

  376. al has left

  377. nephele has left

  378. nephele has joined

  379. nephele has left

  380. Laura has joined

  381. xnamed has left

  382. nephele has joined

  383. nephele has left

  384. nephele has joined

  385. emus has left

  386. emus has joined

  387. COM8 has joined

  388. COM8 has left

  389. xnamed has joined

  390. nephele has left

  391. nephele has joined

  392. nephele has left

  393. COM8 has joined

  394. COM8 has left

  395. Dele Olajide has joined

  396. jgart has joined

  397. al has joined

  398. goffi has joined

  399. jgart has left

  400. marc has left

  401. marc has joined

  402. Yagizа has left

  403. jgart has joined

  404. nephele has joined

  405. nephele has left

  406. nephele has joined

  407. nephele has left

  408. nephele has joined

  409. nephele has left

  410. marc has left

  411. marc has joined

  412. nephele has joined

  413. thomaslewis has joined

  414. nephele has left

  415. thomaslewis has left

  416. Wojtek has left

  417. dormouse has left

  418. marc0s has left

  419. marc0s has joined

  420. nephele has joined

  421. nephele has left

  422. nephele has joined

  423. msavoritias has left

  424. msavoritias has joined

  425. msavoritias has left

  426. msavoritias has joined

  427. nephele has left

  428. dormouse has joined

  429. xnamed has left

  430. nephele has joined

  431. nephele has left

  432. PapaTutuWawa has joined

  433. al has left

  434. Kev has left

  435. Dele Olajide has left

  436. Kev has joined

  437. xnamed has joined

  438. al has joined

  439. kfv has left

  440. kfv has joined

  441. marc has left

  442. marc has joined

  443. me9 has joined

  444. Kev has left

  445. Kev has joined

  446. marc has left

  447. marc has joined

  448. mh has left

  449. xnamed has left

  450. atomicwatch has left

  451. xnamed has joined

  452. thomaslewis has joined

  453. Kev has left

  454. Kev has joined

  455. syrupthinker has left

  456. al has left

  457. marc has left

  458. marc has joined

  459. marc has left

  460. marc has joined

  461. msavoritias has left

  462. xnamed has left

  463. xnamed has joined

  464. thomaslewis has left

  465. selurvedu has joined

  466. marc has left

  467. PapaTutuWawa has left

  468. marc has joined

  469. selurvedu has left

  470. me9 has left

  471. Dele Olajide has joined

  472. marc has left

  473. Dele Olajide has left

  474. thomaslewis has joined

  475. thomaslewis has left

  476. Kev has left

  477. Kev has joined

  478. Kev has left

  479. marc0s has left

  480. marc0s has joined

  481. goffi has left

  482. oxtyped has joined

  483. oxtyped has left

  484. selurvedu has joined

  485. marc0s has left

  486. marc0s has joined

  487. thomaslewis has joined

  488. thomaslewis has left

  489. thomaslewis has joined

  490. thomaslewis has left

  491. oxtyped has joined

  492. thomaslewis has joined

  493. thomaslewis has left

  494. oxtyped has left

  495. SouL has left