jdev - 2022-09-06


  1. krit has joined
  2. thomaslewis has left
  3. Schimon has left
  4. debacle has left
  5. thomaslewis has joined
  6. antranigv has joined
  7. thomaslewis has left
  8. Mx2 has left
  9. SouL has joined
  10. Mx2 has joined
  11. thomaslewis has joined
  12. thomaslewis has left
  13. thomaslewis has joined
  14. techmetx11 has left
  15. techmetx11 has joined
  16. thomaslewis has left
  17. thomaslewis has joined
  18. serge90 has joined
  19. thomaslewis has left
  20. Matrix Traveler (bot) has left
  21. homebeach has left
  22. homebeach has joined
  23. Matrix Traveler (bot) has joined
  24. moparisthebest has left
  25. TheRealkarano has joined
  26. moparisthebest has joined
  27. thomaslewis has joined
  28. thomaslewis has left
  29. thomaslewis has joined
  30. Laura has left
  31. Laura has joined
  32. Sam has left
  33. Sam has joined
  34. SouL has left
  35. SouL has joined
  36. marc0s has left
  37. marc0s has joined
  38. stefan has joined
  39. emus has joined
  40. hearty has left
  41. stefan has left
  42. MSavoritias (fae,ve) has joined
  43. hearty has joined
  44. thomaslewis has left
  45. thomaslewis has joined
  46. Yagizа has joined
  47. thomaslewis has left
  48. mirux has joined
  49. spiral has left
  50. spiral has joined
  51. hearty has left
  52. thomaslewis has joined
  53. hearty has joined
  54. thomaslewis has left
  55. wurstsalat has joined
  56. kikuchiyo has left
  57. marc0s has left
  58. marc0s has joined
  59. kikuchiyo has joined
  60. marc0s has left
  61. marc0s has joined
  62. Mario Sabatino has joined
  63. marc0s has left
  64. marc0s has joined
  65. atomicwatch has left
  66. marc0s has left
  67. marc0s has joined
  68. Schimon has joined
  69. marc0s has left
  70. marc0s has joined
  71. Wojtek has joined
  72. debacle has joined
  73. marc has joined
  74. spiral has left
  75. hosh has joined
  76. Millesimus has left
  77. Wojtek has left
  78. sonny has left
  79. sonny has joined
  80. emus has left
  81. atomicwatch has joined
  82. hearty has left
  83. marc0s has left
  84. marc0s has joined
  85. hearty has joined
  86. stefan has joined
  87. xnamed has joined
  88. marc0s has left
  89. marc0s has joined
  90. larma has joined
  91. spiral has joined
  92. spiral has left
  93. Millesimus has joined
  94. Wojtek has joined
  95. thomaslewis has joined
  96. Millesimus has left
  97. thomaslewis has left
  98. Millesimus has joined
  99. hearty has left
  100. thomaslewis has joined
  101. thomaslewis has left
  102. spiral has joined
  103. antranigv has left
  104. thomaslewis has joined
  105. sonny has left
  106. sonny has joined
  107. thomaslewis has left
  108. thomaslewis has joined
  109. thomaslewis has left
  110. Dele Olajide has joined
  111. adx has joined
  112. Sam has left
  113. Wojtek has left
  114. marc has left
  115. marc has joined
  116. hearty has joined
  117. debacle has left
  118. stuart.j.mackintosh has left
  119. marc has left
  120. debacle has joined
  121. PapaTutuWawa has joined
  122. stuart.j.mackintosh has joined
  123. marc has joined
  124. antranigv has joined
  125. hearty has left
  126. sonny has left
  127. sonny has joined
  128. Wojtek has joined
  129. antranigv has left
  130. hearty has joined
  131. marc has left
  132. marc has joined
  133. sonny has left
  134. sonny has joined
  135. antranigv has joined
  136. antranigv has left
  137. Wojtek has left
  138. Wojtek has joined
  139. spiral has left
  140. Laura has left
  141. atomicwatch has left
  142. atomicwatch has joined
  143. spiral has joined
  144. Sam has joined
  145. stefan has left
  146. emus has joined
  147. antranigv has joined
  148. marc0s has left
  149. marc0s has joined
  150. selurvedu has left
  151. antranigv has left
  152. marc0s has left
  153. marc0s has joined
  154. Dele Olajide has left
  155. marc0s has left
  156. marc0s has joined
  157. Dele Olajide has joined
  158. marc0s has left
  159. marc0s has joined
  160. marc0s has left
  161. marc0s has joined
  162. marc0s has left
  163. marc0s has joined
  164. marc0s has left
  165. marc0s has joined
  166. Dele Olajide has left
  167. adx has left
  168. Dele Olajide has joined
  169. moparisthebest has left
  170. marc0s has left
  171. marc0s has joined
  172. marc0s has left
  173. marc0s has joined
  174. marc0s has left
  175. marc0s has joined
  176. spiral has left
  177. marc0s has left
  178. marc0s has joined
  179. spiral has joined
  180. marc0s has left
  181. marc0s has joined
  182. Zash has left
  183. marc0s has left
  184. marc0s has joined
  185. sonny has left
  186. sonny has joined
  187. marc0s has left
  188. marc0s has joined
  189. marc0s has left
  190. marc0s has joined
  191. marc0s has left
  192. marc0s has joined
  193. gregory has left
  194. marc0s has left
  195. marc0s has joined
  196. marc0s has left
  197. marc0s has joined
  198. stefan has joined
  199. antranigv has joined
  200. moparisthebest has joined
  201. kikuchiyo has left
  202. marc0s has left
  203. marc0s has joined
  204. marc0s has left
  205. marc0s has joined
  206. marc0s has left
  207. marc0s has joined
  208. antranigv has left
  209. marc0s has left
  210. marc0s has joined
  211. adx has joined
  212. marc0s has left
  213. marc0s has joined
  214. marc0s has left
  215. serge90 has left
  216. marc0s has joined
  217. serge90 has joined
  218. kikuchiyo has joined
  219. kikuchiyo has left
  220. marc0s has left
  221. marc0s has joined
  222. kikuchiyo has joined
  223. marc0s has left
  224. marc0s has joined
  225. stefan has left
  226. thomaslewis has joined
  227. iink has left
  228. thomaslewis has left
  229. thomaslewis has joined
  230. raghavgururajan has joined
  231. Zash has joined
  232. thomaslewis has left
  233. PapaTutuWawa has left
  234. thomaslewis has joined
  235. thomaslewis has left
  236. thomaslewis has joined
  237. thomaslewis has left
  238. Wojtek has left
  239. antranigv has joined
  240. thomaslewis has joined
  241. Wojtek has joined
  242. thomaslewis has left
  243. antranigv has left
  244. thomaslewis has joined
  245. antranigv has joined
  246. Laura has joined
  247. thomaslewis has left
  248. marc0s has left
  249. marc0s has joined
  250. iink has joined
  251. marc0s has left
  252. marc0s has joined
  253. PapaTutuWawa has joined
  254. marc0s has left
  255. marc0s has joined
  256. Dele Olajide has left
  257. u has joined
  258. sonny has left
  259. sonny has joined
  260. marc0s has left
  261. marc0s has joined
  262. marc0s has left
  263. marc0s has joined
  264. atomicwatch has left
  265. xnamed has left
  266. marc0s has left
  267. marc0s has joined
  268. xnamed has joined
  269. marc0s has left
  270. marc0s has joined
  271. xnamed has left
  272. marc has left
  273. marc has joined
  274. xnamed has joined
  275. jubalh has left
  276. jubalh has joined
  277. stefan has joined
  278. spiral has left
  279. Wojtek has left
  280. Wojtek has joined
  281. coleman has left
  282. spiral has joined
  283. Dele Olajide has joined
  284. thomaslewis has joined
  285. thomaslewis has left
  286. hearty has left
  287. thomaslewis has joined
  288. hearty has joined
  289. thomaslewis has left
  290. jubalh has left
  291. Matrix Traveler (bot) has left
  292. homebeach has left
  293. homebeach has joined
  294. Matrix Traveler (bot) has joined
  295. techmetx11 has left
  296. techmetx11 has joined
  297. jubalh has joined
  298. thomaslewis has joined
  299. iink has left
  300. iink has joined
  301. hearty has left
  302. hearty has joined
  303. debacle has left
  304. thomaslewis has left
  305. iink has left
  306. iink has joined
  307. marc0s has left
  308. marc0s has joined
  309. jubalh has left
  310. thomaslewis has joined
  311. xnamed has left
  312. xnamed has joined
  313. thomaslewis has left
  314. marc0s has left
  315. marc0s has joined
  316. spiral has left
  317. hearty has left
  318. hearty has joined
  319. spiral has joined
  320. Wojtek has left
  321. SouL has left
  322. SouL has joined
  323. PapaTutuWawa has left
  324. jubalh has joined
  325. marc0s has left
  326. marc0s has joined
  327. iink has left
  328. iink has joined
  329. hearty has left
  330. hearty has joined
  331. spiral has left
  332. spiral has joined
  333. stefan has left
  334. spiral has left
  335. techmetx11 has left
  336. techmetx11 has joined
  337. PapaTutuWawa has joined
  338. techmetx11 has left
  339. spiral has joined
  340. Laura has left
  341. techmetx11 has joined
  342. atomicwatch has joined
  343. moparisthebest has left
  344. mh has left
  345. mh has joined
  346. Yagizа has left
  347. Yagizа has joined
  348. jubalh has left
  349. stefan has joined
  350. thomaslewis has joined
  351. thomaslewis has left
  352. thomaslewis has joined
  353. thomaslewis has left
  354. Dele Olajide has left
  355. thomaslewis has joined
  356. stefan has left
  357. thomaslewis has left
  358. Maranda has left
  359. Mjolnir Archon has left
  360. thomaslewis has joined
  361. jubalh has joined
  362. thomaslewis has left
  363. larma has left
  364. thomaslewis has joined
  365. thomaslewis has left
  366. debacle has joined
  367. spiral has left
  368. Sam has left
  369. antranigv has left
  370. spiral has joined
  371. Sam has joined
  372. Dele Olajide has joined
  373. thomaslewis has joined
  374. stefan has joined
  375. Dele Olajide has left
  376. Dele Olajide has joined
  377. thomaslewis has left
  378. thomaslewis has joined
  379. thomaslewis has left
  380. Mjolnir Archon has joined
  381. Maranda has joined
  382. antranigv has joined
  383. Dele Olajide has left
  384. Dele Olajide has joined
  385. coleman has joined
  386. Dele Olajide has left
  387. xnamed has left
  388. kikuchiyo has left
  389. xnamed has joined
  390. larma has joined
  391. e-snail has left
  392. e-snail has joined
  393. marc has left
  394. kikuchiyo has joined
  395. Laura has joined
  396. Sam has left
  397. Sam has joined
  398. kikuchiyo has left
  399. moparisthebest has joined
  400. antranigv has left
  401. inky has left
  402. thomaslewis has joined
  403. Sam has left
  404. iink has left
  405. iink has joined
  406. thomaslewis has left
  407. Sam has joined
  408. Yagizа has left
  409. thomaslewis has joined
  410. kikuchiyo has joined
  411. Sam has left
  412. thomaslewis has left
  413. techmetx11 has left
  414. Sam has joined
  415. stefan has left
  416. MSavoritias (fae,ve) has left
  417. TheRealkarano has left
  418. thomaslewis has joined
  419. techmetx11 has joined
  420. thomaslewis has left
  421. TheRealkarano has joined
  422. thomaslewis has joined
  423. kikuchiyo has left
  424. xnamed has left
  425. xnamed has joined
  426. thomaslewis has left
  427. techmetx11 has left
  428. TheRealkarano has left
  429. techmetx11 has joined
  430. wurstsalat has left
  431. TheRealkarano has joined
  432. thomaslewis has joined
  433. TheRealkarano has left
  434. TheRealkarano has joined
  435. TheRealkarano has left
  436. TheRealkarano has joined
  437. TheRealkarano has left
  438. TheRealkarano has joined
  439. thomaslewis has left
  440. TheRealkarano has left
  441. TheRealkarano has joined
  442. TheRealkarano has left
  443. TheRealkarano has joined
  444. thomaslewis has joined
  445. iink has left
  446. TheRealkarano has left
  447. TheRealkarano has joined
  448. iink has joined
  449. kikuchiyo has joined
  450. TheRealkarano has left
  451. TheRealkarano has joined
  452. qy has left
  453. TheRealkarano has left
  454. TheRealkarano has joined
  455. thomaslewis has left
  456. TheRealkarano has left
  457. TheRealkarano has joined
  458. qy has joined
  459. TheRealkarano has left
  460. TheRealkarano has joined
  461. TheRealkarano has left
  462. TheRealkarano has joined
  463. lovetox does anyone implement that sasl method pinning
  464. inky has joined
  465. lovetox sounds to me very risky in an enviroment where inexpierienced people set up home servers
  466. lovetox it probably will make the client non-functional for many users because of server misconfigurations
  467. xnamed has left
  468. lovetox not sure what the treatmodel is .. to do any shenanigans with sasl someone would need to mitm your tls connection, and then he wants to break scram? why ...
  469. jubalh has left
  470. xnamed has joined
  471. kikuchiyo has left
  472. thomaslewis has joined
  473. kikuchiyo has joined
  474. thomaslewis has left
  475. thomaslewis has joined
  476. Sam Channel binding with the -PLUS variant has anti-downgrade preventions built in, IIRC, so mechanism pinning is less useful there. However, if you're not using the -PLUS variants for whatever reason you need some mechanism to ensure that you can't be downgraded to PLAIN, for example. This is where pinning comes in. It probably has other applications that I haven't thought of, but this was the main one IIRC.
  477. Sam Generally speaking I feel like it's generally a bad idea to randomly accept that the server is providing lower security mechanisms. The very few inexperienced people who will host their own servers are probably a tiny number of people and aren't worth weakening security for a very unlikely UX problem.
  478. Sam Especially when it's an easy thing to provide a helpful error message for, so it's not even really a bad UX.
  479. thomaslewis has left
  480. Zash Although you probably need to account for PLUS with tls-unique going away when going from TLS 1.2 to 1.3 until tls-exporter gets widely deployed...
  481. thomaslewis has joined
  482. Matrix Traveler (bot) has left
  483. homebeach has left
  484. homebeach has joined
  485. Matrix Traveler (bot) has joined
  486. xnamed has left
  487. thomaslewis has left
  488. lovetox The question was why someone that already has the capabilities of breaking my tls connection, and can read all my traffic, needs to know my password
  489. pulkomandy Then it can use your password to connect to the real server and impersonate you?
  490. Sam MITM is hard. Getting a password and connecting yourself from anywhere in the world you want makes it easier to repeatedly do whatever it was you were doing later.
  491. lovetox downgrade attacke would mean he can inject stanzas into the connection
  492. lovetox so he can already impersonate me
  493. lovetox so the whole treatmodel is for that is: "It does not really save you from anything bad, but maybe it makes it harder for the attacker to do it more than once" ?
  494. Sam Sure, but they can start a new connection whenever if they gave your password. Or log into your email when you reuse passwords.
  495. lovetox does not really convince me to annoy users and write hundreds of lines of code that can be buggy and fail
  496. thomaslewis has joined
  497. lovetox how can PLUS variant have downgrade prevention?
  498. lovetox sounds impossible
  499. Zash SCRAM has a flag where the client says whether it thinks the server offers PLUS, if it doesn't match expectations on the server it fails
  500. MattJ In SCRAM the client reports whether it supports channel binding, so the server can fail authentication if it offered PLUS but the client didn't use it (e.g. because the attacker removed it from the mechanism list)
  501. MattJ That
  502. lovetox but this does not prevent the case with PLAIN described above by Sam
  503. debacle has left
  504. MattJ Correct
  505. lovetox so is this just about PLAIN? i should not downgrade to PLAIN, but everything else doesnt matter
  506. moparisthebest Thousands of XMPP developer hours spent on protecting the user password from the server, still no real world use. SCRAM has played us for fools.
  507. MattJ I think SCRAM is cool. I think channel binding crosses the line into cryptographic overengineering.
  508. moparisthebest It's awesome and absolutely critical in a world where TLS isn't used
  509. thomaslewis has left
  510. moparisthebest But for the last decade or so...
  511. Zash Detecting TLS MITM is kinda cool tho
  512. MattJ Zash: it is, but......
  513. MattJ When does TLS MITM happen in reality?
  514. moparisthebest If the TLS mitm has a valid cert it's good
  515. Zash In the evil reverse proxies!!!11
  516. MattJ TLS MITM basically only happens when it's intentional, e.g. corporate networks and such
  517. MattJ And people still want their chat apps to work
  518. Zash Evil corporate DPI boxes!
  519. MattJ But we'll prevent them from connecting and people will blame^Wcheer XMPP from the rooftops
  520. MattJ But sure, 0.5% of people would prefer it not to work
  521. MattJ So I'm glad channel binding exists for them 🙂
  522. Martin > TLS MITM basically only happens when it's intentional, e.g. corporate networks and such > And people still want their chat apps to work I don't think you should install your chat app on the company device.
  523. moparisthebest 100% what Martin said
  524. MattJ Martin: even if it's for work purposes?
  525. moparisthebest And presumably if you do, you want it to function
  526. thomaslewis has joined
  527. Martin Then the company IT department should assure it's working.
  528. moparisthebest And it's a work account so your company already knows the password
  529. MattJ This whole discussion is about making sure they can't make it work
  530. Zash Weren't XMPP only used for private chat anyway? 🙂
  531. MattJ That's what MITM detection does
  532. Zash The IT department already deployed Matri^W Slack.
  533. Martin Probably worse. Teams.
  534. Zash or BOTH
  535. Zash all while the IT department uses IRC internally
  536. thomaslewis has left
  537. selurvedu has joined
  538. thomaslewis has joined
  539. pep. "MattJ> TLS MITM basically only happens when it's intentional, e.g. corporate networks and such" or states using valid gmail.com certs. (/me looking at France)
  540. moparisthebest pep.: What do you mean
  541. pep. That was some time ago, and they got spotted quickly I assume, I'm looking for the link. This kind of stuff happens anyway, it's not just corporate networks. CA mafia and all.
  542. Zash https://www.rfc-editor.org/rfc/rfc1925.html#section-2 > It Has To Work.
  543. thomaslewis has left
  544. moparisthebest DNSSEC is the fix for that
  545. moparisthebest Well, and other lesser things, cert transparency log, CAA etc
  546. Zash DNSSEC transparency log when?
  547. thomaslewis has joined
  548. pep. "Zash> all while the IT department uses IRC internally" redundancy :P
  549. pep. If Slack fails they still have something that works
  550. Zash We humans sure do love stating the obvious, don't we 🙂
  551. pep. I was doing the same with s/IRC/XMPP/
  552. pep. ssshhh
  553. moparisthebest IRC is for sure the second best group chat after XMPP, everything else is far worse
  554. pep. Zash: We humans use weird methods to communicate that don't guarantee the same interpretation :)
  555. Zash Sacrebleu!
  556. pep. Anybody doing https://xmpp.org/extensions/xep-0225.html btw
  557. pep. (I guess not)
  558. Zash '114 works Good Enough, so not much demand I guess
  559. pep. Not storing credentials on the server for bridges, that's the use-case
  560. larma has left
  561. MattJ How does 225 help?
  562. pep. You'd be able to store that client-side
  563. pep. A client-side component
  564. Zash What?
  565. MattJ How?
  566. Zash Who?
  567. pep. Well the thing is that the server still has to have DNS etc. setup :/
  568. pep. So yeah it's not perfect
  569. pep. Suggestions welcome
  570. MattJ Just run over a client connection
  571. MattJ If it's about a single user
  572. pep. Multiprotocol client?
  573. moparisthebest You'd need a way to request a dedicated domain from the server, you could do that pretty easily with wildcards (DNS and cert) but the abuse potential is massive
  574. thomaslewis has left
  575. pep. MattJ, "run over a client connection", what does that mean
  576. pep. reuse it?
  577. pep. Technically the server could spoof the domain, it doesn't need to be declared right
  578. pep. If it's just over c2s
  579. MattJ Correct
  580. xnamed has joined
  581. Mario Sabatino has left
  582. moparisthebest So that's just my echo component thing
  583. pep. Except having a client-side component could echo itself (to all clients). A client-only-thing needs the echo thing
  584. xnamed has left
  585. Sam has left
  586. techmetx11 has left
  587. xnamed has joined
  588. selurvedu has left
  589. thomaslewis has joined
  590. selurvedu has joined
  591. Sam has joined
  592. TheRealkarano has left
  593. selurvedu has left
  594. selurvedu has joined
  595. thomaslewis has left
  596. moparisthebest Right, but server just needs the echo thing, and any clients can use it for whatever protocol they want
  597. edhelas has left
  598. edhelas has joined
  599. thomaslewis has joined
  600. xecks has left
  601. thomaslewis has left
  602. thomaslewis has joined
  603. Schimon has left
  604. thomaslewis has left
  605. thomaslewis has joined
  606. thomaslewis has left
  607. adx has left
  608. thomaslewis has joined
  609. thomaslewis has left
  610. thomaslewis has joined
  611. serge90 has left
  612. serge90 has joined
  613. PapaTutuWawa has left
  614. thomaslewis has left
  615. thomaslewis has joined
  616. thomaslewis has left
  617. thomaslewis has joined
  618. e-snail has left
  619. norayr has left
  620. e-snail has joined
  621. stefan has joined
  622. stefan has left
  623. SouL has left