jdev - 2022-02-24

  1. debacle has left
  2. dezant has left
  3. goffi has left
  4. moparisthebest has left
  5. moparisthebest has joined
  6. thomaslewis has joined
  7. thomaslewis has left
  8. thomaslewis has joined
  9. thomaslewis has left
  10. thomaslewis has joined
  11. thomaslewis has left
  12. larma has left
  13. larma has joined
  14. larma has left
  15. spectrum has joined
  16. thomaslewis has joined
  17. thomaslewis has left
  18. thomaslewis has joined
  19. thomaslewis has left
  20. Millesimus has left
  21. thomaslewis has joined
  22. thomaslewis has left
  23. thomaslewis has joined
  24. Millesimus has joined
  25. thomaslewis has left
  26. thomaslewis has joined
  27. thomaslewis has left
  28. thomaslewis has joined
  29. thomaslewis has left
  30. sonny has left
  31. Millesimus has left
  32. thomaslewis has joined
  33. thomaslewis has left
  34. thomaslewis has joined
  35. thomaslewis has left
  36. thomaslewis has joined
  37. xnamed has joined
  38. thomaslewis has left
  39. thomaslewis has joined
  40. Millesimus has joined
  41. thomaslewis has left
  42. thomaslewis has joined
  43. thomaslewis has left
  44. mac has joined
  45. thomaslewis has joined
  46. thomaslewis has left
  47. thomaslewis has joined
  48. thomaslewis has left
  49. Millesimus has left
  50. al has joined
  51. Millesimus has joined
  52. thomaslewis has joined
  53. thomaslewis has left
  54. thomaslewis has joined
  55. thomaslewis has left
  56. al has left
  57. thomaslewis has joined
  58. thomaslewis has left
  59. thomaslewis has joined
  60. nephele has joined
  61. thomaslewis has left
  62. nephele has left
  63. nephele has joined
  64. SouL has joined
  65. nephele has left
  66. nephele has joined
  67. nephele has left
  68. nephele has joined
  69. nephele has left
  70. nephele has joined
  71. moparisthebest does anyone know of a live server I can find a /.well-known/posh/xmpp-client.json or /.well-known/posh/xmpp-server.json on ?
  72. 9lakes has left
  73. nephele has left
  74. nephele has joined
  75. nephele has left
  76. jubalh has left
  77. antranigv has left
  78. al has joined
  79. Yagizа has joined
  80. thomaslewis has joined
  81. thomaslewis has left
  82. COM8 has joined
  83. COM8 has left
  84. COM8 has joined
  85. COM8 has left
  86. atomicwatch has left
  87. msavoritias has joined
  88. jalal has joined
  89. atomicwatch has joined
  90. Millesimus has left
  91. mirux has joined
  92. Millesimus has joined
  93. marc0s has left
  94. marc0s has joined
  95. me9 has joined
  96. thomaslewis has joined
  97. goffi has joined
  98. 9lakes has joined
  99. xecks has left
  100. selurvedu has joined
  101. me9 has left
  102. selurvedu has left
  103. nephele has joined
  104. nephele has left
  105. nephele has joined
  106. emus has joined
  107. wurstsalat has joined
  108. nephele has left
  109. goffi has left
  110. emus has left
  111. kikuchiyo has joined
  112. emus has joined
  113. marc has joined
  114. SouL has left
  115. SouL has joined
  116. jonas’ moparisthebest, anything hosted by conversations.im, I think
  117. thomaslewis has left
  118. jonas’ though apparently not *anything*
  119. jonas’ but some things
  120. jonas’ the one (private) domain I knew of did not have it
  121. kikuchiyo has left
  122. mac has left
  123. MattJ moparisthebest, https://badxmpp.eu/ to the rescue
  124. MattJ Specifically posh.badxmpp.eu
  125. kikuchiyo has joined
  126. Laura has left
  127. al has left
  128. jalal has left
  129. jalal has joined
  130. nephele has joined
  131. Laura has joined
  132. xnamed has left
  133. kfv has left
  134. kfv has joined
  135. al has joined
  136. sonny has joined
  137. rafasaurus has left
  138. rafasaurus has joined
  139. nephele has left
  140. xecks has joined
  141. pulkomandy has left
  142. Kev has joined
  143. emus has left
  144. xecks has left
  145. Kev has left
  146. Kev has joined
  147. nephele has joined
  148. Kev has left
  149. Kev has joined
  150. nephele has left
  151. xecks has joined
  152. emus has joined
  153. xnamed has joined
  154. abdullah has left
  155. abdullah has joined
  156. al has left
  157. larma has joined
  158. goffi has joined
  159. Millesimus has left
  160. xecks has left
  161. antranigv has joined
  162. mac has joined
  163. spectrum has left
  164. rafasaurus has left
  165. antranigv has left
  166. pasdesushi has joined
  167. jalal has left
  168. debacle has joined
  169. kfv has left
  170. kfv has joined
  171. jubalh has joined
  172. lovetox has left
  173. Laura has left
  174. Wojtek has joined
  175. jalal has joined
  176. Dele Olajide has joined
  177. Laura has joined
  178. Dele Olajide has left
  179. Dele Olajide has joined
  180. mac has left
  181. Wojtek has left
  182. Wojtek has joined
  183. Dele Olajide has left
  184. Dele Olajide has joined
  185. Dele Olajide has left
  186. Kev has left
  187. Kev has joined
  188. Millesimus has joined
  189. jubalh has left
  190. Millesimus has left
  191. inky has left
  192. PapaTutuWawa has joined
  193. lovetox has joined
  194. xecks has joined
  195. Matrix Traveler (bot) has left
  196. homebeach has left
  197. Matrix Traveler (bot) has joined
  198. homebeach has joined
  199. selurvedu has joined
  200. mac has joined
  201. Laura has left
  202. Wojtek has left
  203. Wojtek has joined
  204. Millesimus has joined
  205. Laura has joined
  206. Ingolf has left
  207. Ingolf has joined
  208. jubalh has joined
  209. xecks has left
  210. kikuchiyo has left
  211. jubalh has left
  212. jubalh has joined
  213. kikuchiyo has joined
  214. al has joined
  215. abdullah has left
  216. mac has left
  217. mac has joined
  218. Sam has left
  219. Sam has joined
  220. moparisthebest MattJ: thanks! Praise zash as usual :)
  221. Zash 🙂
  222. moparisthebest jonas’: that was my first stop, but none on conversations.im itself and I don't know anything hosted by it offhand
  223. Wojtek has left
  224. MattJ Also note that you probably won't find xmpp-server.json anywhere in the wild
  225. MattJ We've discussed just using xmpp-client for s2s :)
  226. Wojtek has joined
  227. moparisthebest MattJ: like just combining them both and allowing any match?
  228. MattJ Probably
  229. moparisthebest I honestly can't think of a problem with that
  230. spectrum has joined
  231. antranigv has joined
  232. jgart has left
  233. MattJ I think we should ensure implementations never let POSH override DANE or better mechanisms. In particular, there really ought to be a secure way to opt out of POSH, but I can't think of anything except that
  234. rafasaurus has joined
  235. MattJ e.g. I would rather if my web hosting provider didn't have the ability to compromise my XMPP service with the presence of a file or two
  236. mac has left
  237. al has left
  238. mac has joined
  239. moparisthebest has left
  240. oxtyped has joined
  241. oxtyped has left
  242. oxtyped has joined
  243. PapaTutuWawa has left
  244. PapaTutuWawa has joined
  245. oxtyped has left
  246. moparisthebest has joined
  247. goffi has left
  248. moparisthebest That makes sense, the downside of course is that hardly anyone does DNSSEC
  249. Wojtek has left
  250. moparisthebest MattJ: DANE obviously ranks above all, where does POSH rank against CAs though?
  251. moparisthebest Though... Now that I'm thinking about it, I'm not positive it's more common for people to host their own DNSSEC than HTTPS ?
  252. moparisthebest As in it'd be more likely for your DNS host to compromise your XMPP server than your web hosting provider? Maybe?
  253. Kev POSH is roughly equivalent to CA (if LE) isn't it?
  254. moparisthebest Kev: I can't immediately come up with a convincing argument as to how they are different yea
  255. moparisthebest I guess if your DNS host is compromised it's game over anyway, as they can not only set DANE but also get certificates and host your https and XMPP... So "evil web host" is an additional attack vector on top of that existing one
  256. jalal has left
  257. Kev Ah, you're right. CA is better than POSH even when LE.
  258. moparisthebest Better or the same?
  259. Millesimus has left
  260. moparisthebest Will if you can get a ca cert there's no need to do posh I guess? So posh is an additional attack vector on top of an existing one? *Unless* your web host that hosts posh is protected with Dane??????
  261. moparisthebest My head hurts
  262. Kev If you use POSH there's one extra machine (potentially) that compromising would affect the trust chain.
  263. Kev (And if it's not an extra machine, you may as well not use POSH)
  264. moparisthebest Yea, unless DANE
  265. Kev Even if DANE, no?
  266. moparisthebest Hmm... Need more coffee
  267. Kev Assuming you mean DANE of the POSH host (because if you DANE on XMPP you don't need it on the POSH host).
  268. Kev Because if the POSH host is compromised (host itself, not DNS), it's an extra point that can lie, despite having valid certs.
  269. moparisthebest Thinking about it, if you can do Dane why have POSH
  270. Kev If you can DANE on the XMPP host, yes, POSH doesn't seem to do anything (to me).
  271. moparisthebest A Dane capable client wouldn't check Dane on posh because it would never get there
  272. Wojtek has joined
  273. moparisthebest So absent Dane, you basically have to trust CA *or* POSH
  274. moparisthebest There's no secure way to say "please don't trust POSH" other than DANE
  275. moparisthebest And POSH isn't the only way your https host can compromise your XMPP server, websockets/Bosh can do it too
  276. Kev If you expose those, yes.
  277. Millesimus has joined
  278. moparisthebest No, even if you don't expose them right?
  279. MattJ No, an attacker who has access to your web server can advertise any BOSH/WS URLs and intercept your XMPP traffic using those mechanisms (and that discovery mechanism)
  280. moparisthebest ^
  281. goffi has joined
  282. dormouse has left
  283. jubalh has left
  284. thomaslewis has joined
  285. nephele has joined
  286. thomaslewis has left
  287. Zash DANE > (POSH if some conditions else PKIX) or somesuch
  288. nephele has left
  289. nephele has joined
  290. jubalh has joined
  291. xnamed has left
  292. moparisthebest would any of you care to provide feedback on my very related adding things to xep-156 host-meta proposal in council@ ? :)
  293. Wojtek has left
  294. jubalh has left
  295. syrupthinker has joined
  296. xnamed has joined
  297. xecks has joined
  298. nephele has left
  299. selurvedu has left
  300. selurvedu has joined
  301. jubalh has joined
  302. jubalh has left
  303. dormouse has joined
  304. abdullah has joined
  305. jalal has joined
  306. thomaslewis has joined
  307. thomaslewis has left
  308. jubalh has joined
  309. xnamed has left
  310. syrupthinker has left
  311. goffi has left
  312. larma has left
  313. syrupthinker has joined
  314. larma has joined
  315. larma has left
  316. pulkomandy has joined
  317. nephele has joined
  318. nephele has left
  319. nephele has joined
  320. 9lakes has left
  321. pulkomandy has left
  322. nephele has left
  323. nephele has joined
  324. thomaslewis has joined
  325. thomaslewis has left
  326. PapaTutuWawa has left
  327. nephele has left
  328. TheCoffeMaker has left
  329. TheCoffeMaker has joined
  330. thomaslewis has joined
  331. thomaslewis has left
  332. thomaslewis has joined
  333. thomaslewis has left
  334. nephele has joined
  335. nephele has left
  336. nephele has joined
  337. 9lakes has joined
  338. selurvedu has left
  339. rafasaurus has left
  340. spectrum has left
  341. antranigv has left
  342. nephele has left
  343. pulkomandy has joined
  344. marc has left
  345. PapaTutuWawa has joined
  346. marc has joined
  347. marc has left
  348. marc has joined
  349. moparisthebest actually I'm not sure order really matters, I mean, you can apply the order for outbound connections, but for incoming s2s you basically just have to apply "any of DANE or CA or POSH goes" right ?
  350. 9lakes has left
  351. moparisthebest the end result being your webhost can make outgoing S2S connections on your behalf 100% of the time ?
  352. mac has left
  353. xnamed has joined
  354. Dele Olajide has joined
  355. PapaTutuWawa has left
  356. thomaslewis has joined
  357. nephele has joined
  358. thomaslewis has left
  359. nephele has left
  360. nephele has joined
  361. al has joined
  362. nephele has left
  363. nephele has joined
  364. abdullah has left
  365. abdullah has joined
  366. 9lakes has joined
  367. Dele Olajide has left
  368. nephele has left
  369. Wojtek has joined
  370. Laura has left
  371. nephele has joined
  372. nephele has left
  373. nephele has joined
  374. nephele has left
  375. nephele has joined
  376. al has left
  377. nephele has left
  378. nephele has joined
  379. nephele has left
  380. Laura has joined
  381. xnamed has left
  382. nephele has joined
  383. nephele has left
  384. nephele has joined
  385. emus has left
  386. emus has joined
  387. COM8 has joined
  388. COM8 has left
  389. xnamed has joined
  390. nephele has left
  391. nephele has joined
  392. nephele has left
  393. COM8 has joined
  394. COM8 has left
  395. Dele Olajide has joined
  396. jgart has joined
  397. al has joined
  398. goffi has joined
  399. jgart has left
  400. marc has left
  401. marc has joined
  402. Yagizа has left
  403. jgart has joined
  404. nephele has joined
  405. nephele has left
  406. nephele has joined
  407. nephele has left
  408. nephele has joined
  409. nephele has left
  410. marc has left
  411. marc has joined
  412. nephele has joined
  413. thomaslewis has joined
  414. nephele has left
  415. thomaslewis has left
  416. Wojtek has left
  417. dormouse has left
  418. marc0s has left
  419. marc0s has joined
  420. nephele has joined
  421. nephele has left
  422. nephele has joined
  423. msavoritias has left
  424. msavoritias has joined
  425. msavoritias has left
  426. msavoritias has joined
  427. nephele has left
  428. dormouse has joined
  429. xnamed has left
  430. nephele has joined
  431. nephele has left
  432. PapaTutuWawa has joined
  433. al has left
  434. Kev has left
  435. Dele Olajide has left
  436. Kev has joined
  437. xnamed has joined
  438. al has joined
  439. kfv has left
  440. kfv has joined
  441. marc has left
  442. marc has joined
  443. me9 has joined
  444. Kev has left
  445. Kev has joined
  446. marc has left
  447. marc has joined
  448. mh has left
  449. xnamed has left
  450. atomicwatch has left
  451. xnamed has joined
  452. thomaslewis has joined
  453. Kev has left
  454. Kev has joined
  455. syrupthinker has left
  456. al has left
  457. marc has left
  458. marc has joined
  459. marc has left
  460. marc has joined
  461. msavoritias has left
  462. xnamed has left
  463. xnamed has joined
  464. thomaslewis has left
  465. selurvedu has joined
  466. marc has left
  467. PapaTutuWawa has left
  468. marc has joined
  469. selurvedu has left
  470. me9 has left
  471. Dele Olajide has joined
  472. marc has left
  473. Dele Olajide has left
  474. thomaslewis has joined
  475. thomaslewis has left
  476. Kev has left
  477. Kev has joined
  478. Kev has left
  479. marc0s has left
  480. marc0s has joined
  481. goffi has left
  482. oxtyped has joined
  483. oxtyped has left
  484. selurvedu has joined
  485. marc0s has left
  486. marc0s has joined
  487. thomaslewis has joined
  488. thomaslewis has left
  489. thomaslewis has joined
  490. thomaslewis has left
  491. oxtyped has joined
  492. thomaslewis has joined
  493. thomaslewis has left
  494. oxtyped has left
  495. SouL has left