jdev - 2022-09-06


  1. krit has joined

  2. thomaslewis has left

  3. Schimon has left

  4. debacle has left

  5. thomaslewis has joined

  6. antranigv has joined

  7. thomaslewis has left

  8. Mx2 has left

  9. SouL has joined

  10. Mx2 has joined

  11. thomaslewis has joined

  12. thomaslewis has left

  13. thomaslewis has joined

  14. techmetx11 has left

  15. techmetx11 has joined

  16. thomaslewis has left

  17. thomaslewis has joined

  18. serge90 has joined

  19. thomaslewis has left

  20. Matrix Traveler (bot) has left

  21. homebeach has left

  22. homebeach has joined

  23. Matrix Traveler (bot) has joined

  24. moparisthebest has left

  25. TheRealkarano has joined

  26. moparisthebest has joined

  27. thomaslewis has joined

  28. thomaslewis has left

  29. thomaslewis has joined

  30. Laura has left

  31. Laura has joined

  32. Sam has left

  33. Sam has joined

  34. SouL has left

  35. SouL has joined

  36. marc0s has left

  37. marc0s has joined

  38. stefan has joined

  39. emus has joined

  40. hearty has left

  41. stefan has left

  42. MSavoritias (fae,ve) has joined

  43. hearty has joined

  44. thomaslewis has left

  45. thomaslewis has joined

  46. Yagizа has joined

  47. thomaslewis has left

  48. mirux has joined

  49. spiral has left

  50. spiral has joined

  51. hearty has left

  52. thomaslewis has joined

  53. hearty has joined

  54. thomaslewis has left

  55. wurstsalat has joined

  56. kikuchiyo has left

  57. marc0s has left

  58. marc0s has joined

  59. kikuchiyo has joined

  60. marc0s has left

  61. marc0s has joined

  62. Mario Sabatino has joined

  63. marc0s has left

  64. marc0s has joined

  65. atomicwatch has left

  66. marc0s has left

  67. marc0s has joined

  68. Schimon has joined

  69. marc0s has left

  70. marc0s has joined

  71. Wojtek has joined

  72. debacle has joined

  73. marc has joined

  74. spiral has left

  75. hosh has joined

  76. Millesimus has left

  77. Wojtek has left

  78. sonny has left

  79. sonny has joined

  80. emus has left

  81. atomicwatch has joined

  82. hearty has left

  83. marc0s has left

  84. marc0s has joined

  85. hearty has joined

  86. stefan has joined

  87. xnamed has joined

  88. marc0s has left

  89. marc0s has joined

  90. larma has joined

  91. spiral has joined

  92. spiral has left

  93. Millesimus has joined

  94. Wojtek has joined

  95. thomaslewis has joined

  96. Millesimus has left

  97. thomaslewis has left

  98. Millesimus has joined

  99. hearty has left

  100. thomaslewis has joined

  101. thomaslewis has left

  102. spiral has joined

  103. antranigv has left

  104. thomaslewis has joined

  105. sonny has left

  106. sonny has joined

  107. thomaslewis has left

  108. thomaslewis has joined

  109. thomaslewis has left

  110. Dele Olajide has joined

  111. adx has joined

  112. Sam has left

  113. Wojtek has left

  114. marc has left

  115. marc has joined

  116. hearty has joined

  117. debacle has left

  118. stuart.j.mackintosh has left

  119. marc has left

  120. debacle has joined

  121. PapaTutuWawa has joined

  122. stuart.j.mackintosh has joined

  123. marc has joined

  124. antranigv has joined

  125. hearty has left

  126. sonny has left

  127. sonny has joined

  128. Wojtek has joined

  129. antranigv has left

  130. hearty has joined

  131. marc has left

  132. marc has joined

  133. sonny has left

  134. sonny has joined

  135. antranigv has joined

  136. antranigv has left

  137. Wojtek has left

  138. Wojtek has joined

  139. spiral has left

  140. Laura has left

  141. atomicwatch has left

  142. atomicwatch has joined

  143. spiral has joined

  144. Sam has joined

  145. stefan has left

  146. emus has joined

  147. antranigv has joined

  148. marc0s has left

  149. marc0s has joined

  150. selurvedu has left

  151. antranigv has left

  152. marc0s has left

  153. marc0s has joined

  154. Dele Olajide has left

  155. marc0s has left

  156. marc0s has joined

  157. Dele Olajide has joined

  158. marc0s has left

  159. marc0s has joined

  160. marc0s has left

  161. marc0s has joined

  162. marc0s has left

  163. marc0s has joined

  164. marc0s has left

  165. marc0s has joined

  166. Dele Olajide has left

  167. adx has left

  168. Dele Olajide has joined

  169. moparisthebest has left

  170. marc0s has left

  171. marc0s has joined

  172. marc0s has left

  173. marc0s has joined

  174. marc0s has left

  175. marc0s has joined

  176. spiral has left

  177. marc0s has left

  178. marc0s has joined

  179. spiral has joined

  180. marc0s has left

  181. marc0s has joined

  182. Zash has left

  183. marc0s has left

  184. marc0s has joined

  185. sonny has left

  186. sonny has joined

  187. marc0s has left

  188. marc0s has joined

  189. marc0s has left

  190. marc0s has joined

  191. marc0s has left

  192. marc0s has joined

  193. gregory has left

  194. marc0s has left

  195. marc0s has joined

  196. marc0s has left

  197. marc0s has joined

  198. stefan has joined

  199. antranigv has joined

  200. moparisthebest has joined

  201. kikuchiyo has left

  202. marc0s has left

  203. marc0s has joined

  204. marc0s has left

  205. marc0s has joined

  206. marc0s has left

  207. marc0s has joined

  208. antranigv has left

  209. marc0s has left

  210. marc0s has joined

  211. adx has joined

  212. marc0s has left

  213. marc0s has joined

  214. marc0s has left

  215. serge90 has left

  216. marc0s has joined

  217. serge90 has joined

  218. kikuchiyo has joined

  219. kikuchiyo has left

  220. marc0s has left

  221. marc0s has joined

  222. kikuchiyo has joined

  223. marc0s has left

  224. marc0s has joined

  225. stefan has left

  226. thomaslewis has joined

  227. iink has left

  228. thomaslewis has left

  229. thomaslewis has joined

  230. raghavgururajan has joined

  231. Zash has joined

  232. thomaslewis has left

  233. PapaTutuWawa has left

  234. thomaslewis has joined

  235. thomaslewis has left

  236. thomaslewis has joined

  237. thomaslewis has left

  238. Wojtek has left

  239. antranigv has joined

  240. thomaslewis has joined

  241. Wojtek has joined

  242. thomaslewis has left

  243. antranigv has left

  244. thomaslewis has joined

  245. antranigv has joined

  246. Laura has joined

  247. thomaslewis has left

  248. marc0s has left

  249. marc0s has joined

  250. iink has joined

  251. marc0s has left

  252. marc0s has joined

  253. PapaTutuWawa has joined

  254. marc0s has left

  255. marc0s has joined

  256. Dele Olajide has left

  257. u has joined

  258. sonny has left

  259. sonny has joined

  260. marc0s has left

  261. marc0s has joined

  262. marc0s has left

  263. marc0s has joined

  264. atomicwatch has left

  265. xnamed has left

  266. marc0s has left

  267. marc0s has joined

  268. xnamed has joined

  269. marc0s has left

  270. marc0s has joined

  271. xnamed has left

  272. marc has left

  273. marc has joined

  274. xnamed has joined

  275. jubalh has left

  276. jubalh has joined

  277. stefan has joined

  278. spiral has left

  279. Wojtek has left

  280. Wojtek has joined

  281. coleman has left

  282. spiral has joined

  283. Dele Olajide has joined

  284. thomaslewis has joined

  285. thomaslewis has left

  286. hearty has left

  287. thomaslewis has joined

  288. hearty has joined

  289. thomaslewis has left

  290. jubalh has left

  291. Matrix Traveler (bot) has left

  292. homebeach has left

  293. homebeach has joined

  294. Matrix Traveler (bot) has joined

  295. techmetx11 has left

  296. techmetx11 has joined

  297. jubalh has joined

  298. thomaslewis has joined

  299. iink has left

  300. iink has joined

  301. hearty has left

  302. hearty has joined

  303. debacle has left

  304. thomaslewis has left

  305. iink has left

  306. iink has joined

  307. marc0s has left

  308. marc0s has joined

  309. jubalh has left

  310. thomaslewis has joined

  311. xnamed has left

  312. xnamed has joined

  313. thomaslewis has left

  314. marc0s has left

  315. marc0s has joined

  316. spiral has left

  317. hearty has left

  318. hearty has joined

  319. spiral has joined

  320. Wojtek has left

  321. SouL has left

  322. SouL has joined

  323. PapaTutuWawa has left

  324. jubalh has joined

  325. marc0s has left

  326. marc0s has joined

  327. iink has left

  328. iink has joined

  329. hearty has left

  330. hearty has joined

  331. spiral has left

  332. spiral has joined

  333. stefan has left

  334. spiral has left

  335. techmetx11 has left

  336. techmetx11 has joined

  337. PapaTutuWawa has joined

  338. techmetx11 has left

  339. spiral has joined

  340. Laura has left

  341. techmetx11 has joined

  342. atomicwatch has joined

  343. moparisthebest has left

  344. mh has left

  345. mh has joined

  346. Yagizа has left

  347. Yagizа has joined

  348. jubalh has left

  349. stefan has joined

  350. thomaslewis has joined

  351. thomaslewis has left

  352. thomaslewis has joined

  353. thomaslewis has left

  354. Dele Olajide has left

  355. thomaslewis has joined

  356. stefan has left

  357. thomaslewis has left

  358. Maranda has left

  359. Mjolnir Archon has left

  360. thomaslewis has joined

  361. jubalh has joined

  362. thomaslewis has left

  363. larma has left

  364. thomaslewis has joined

  365. thomaslewis has left

  366. debacle has joined

  367. spiral has left

  368. Sam has left

  369. antranigv has left

  370. spiral has joined

  371. Sam has joined

  372. Dele Olajide has joined

  373. thomaslewis has joined

  374. stefan has joined

  375. Dele Olajide has left

  376. Dele Olajide has joined

  377. thomaslewis has left

  378. thomaslewis has joined

  379. thomaslewis has left

  380. Mjolnir Archon has joined

  381. Maranda has joined

  382. antranigv has joined

  383. Dele Olajide has left

  384. Dele Olajide has joined

  385. coleman has joined

  386. Dele Olajide has left

  387. xnamed has left

  388. kikuchiyo has left

  389. xnamed has joined

  390. larma has joined

  391. e-snail has left

  392. e-snail has joined

  393. marc has left

  394. kikuchiyo has joined

  395. Laura has joined

  396. Sam has left

  397. Sam has joined

  398. kikuchiyo has left

  399. moparisthebest has joined

  400. antranigv has left

  401. inky has left

  402. thomaslewis has joined

  403. Sam has left

  404. iink has left

  405. iink has joined

  406. thomaslewis has left

  407. Sam has joined

  408. Yagizа has left

  409. thomaslewis has joined

  410. kikuchiyo has joined

  411. Sam has left

  412. thomaslewis has left

  413. techmetx11 has left

  414. Sam has joined

  415. stefan has left

  416. MSavoritias (fae,ve) has left

  417. TheRealkarano has left

  418. thomaslewis has joined

  419. techmetx11 has joined

  420. thomaslewis has left

  421. TheRealkarano has joined

  422. thomaslewis has joined

  423. kikuchiyo has left

  424. xnamed has left

  425. xnamed has joined

  426. thomaslewis has left

  427. techmetx11 has left

  428. TheRealkarano has left

  429. techmetx11 has joined

  430. wurstsalat has left

  431. TheRealkarano has joined

  432. thomaslewis has joined

  433. TheRealkarano has left

  434. TheRealkarano has joined

  435. TheRealkarano has left

  436. TheRealkarano has joined

  437. TheRealkarano has left

  438. TheRealkarano has joined

  439. thomaslewis has left

  440. TheRealkarano has left

  441. TheRealkarano has joined

  442. TheRealkarano has left

  443. TheRealkarano has joined

  444. thomaslewis has joined

  445. iink has left

  446. TheRealkarano has left

  447. TheRealkarano has joined

  448. iink has joined

  449. kikuchiyo has joined

  450. TheRealkarano has left

  451. TheRealkarano has joined

  452. qy has left

  453. TheRealkarano has left

  454. TheRealkarano has joined

  455. thomaslewis has left

  456. TheRealkarano has left

  457. TheRealkarano has joined

  458. qy has joined

  459. TheRealkarano has left

  460. TheRealkarano has joined

  461. TheRealkarano has left

  462. TheRealkarano has joined

  463. lovetox

    does anyone implement that sasl method pinning

  464. inky has joined

  465. lovetox

    sounds to me very risky in an enviroment where inexpierienced people set up home servers

  466. lovetox

    it probably will make the client non-functional for many users because of server misconfigurations

  467. xnamed has left

  468. lovetox

    not sure what the treatmodel is .. to do any shenanigans with sasl someone would need to mitm your tls connection, and then he wants to break scram? why ...

  469. jubalh has left

  470. xnamed has joined

  471. kikuchiyo has left

  472. thomaslewis has joined

  473. kikuchiyo has joined

  474. thomaslewis has left

  475. thomaslewis has joined

  476. Sam

    Channel binding with the -PLUS variant has anti-downgrade preventions built in, IIRC, so mechanism pinning is less useful there. However, if you're not using the -PLUS variants for whatever reason you need some mechanism to ensure that you can't be downgraded to PLAIN, for example. This is where pinning comes in. It probably has other applications that I haven't thought of, but this was the main one IIRC.

  477. Sam

    Generally speaking I feel like it's generally a bad idea to randomly accept that the server is providing lower security mechanisms. The very few inexperienced people who will host their own servers are probably a tiny number of people and aren't worth weakening security for a very unlikely UX problem.

  478. Sam

    Especially when it's an easy thing to provide a helpful error message for, so it's not even really a bad UX.

  479. thomaslewis has left

  480. Zash

    Although you probably need to account for PLUS with tls-unique going away when going from TLS 1.2 to 1.3 until tls-exporter gets widely deployed...

  481. thomaslewis has joined

  482. Matrix Traveler (bot) has left

  483. homebeach has left

  484. homebeach has joined

  485. Matrix Traveler (bot) has joined

  486. xnamed has left

  487. thomaslewis has left

  488. lovetox

    The question was why someone that already has the capabilities of breaking my tls connection, and can read all my traffic, needs to know my password

  489. pulkomandy

    Then it can use your password to connect to the real server and impersonate you?

  490. Sam

    MITM is hard. Getting a password and connecting yourself from anywhere in the world you want makes it easier to repeatedly do whatever it was you were doing later.

  491. lovetox

    downgrade attacke would mean he can inject stanzas into the connection

  492. lovetox

    so he can already impersonate me

  493. lovetox

    so the whole treatmodel is for that is: "It does not really save you from anything bad, but maybe it makes it harder for the attacker to do it more than once" ?

  494. Sam

    Sure, but they can start a new connection whenever if they gave your password. Or log into your email when you reuse passwords.

  495. lovetox

    does not really convince me to annoy users and write hundreds of lines of code that can be buggy and fail

  496. thomaslewis has joined

  497. lovetox

    how can PLUS variant have downgrade prevention?

  498. lovetox

    sounds impossible

  499. Zash

    SCRAM has a flag where the client says whether it thinks the server offers PLUS, if it doesn't match expectations on the server it fails

  500. MattJ

    In SCRAM the client reports whether it supports channel binding, so the server can fail authentication if it offered PLUS but the client didn't use it (e.g. because the attacker removed it from the mechanism list)

  501. MattJ

    That

  502. lovetox

    but this does not prevent the case with PLAIN described above by Sam

  503. debacle has left

  504. MattJ

    Correct

  505. lovetox

    so is this just about PLAIN? i should not downgrade to PLAIN, but everything else doesnt matter

  506. moparisthebest

    Thousands of XMPP developer hours spent on protecting the user password from the server, still no real world use. SCRAM has played us for fools.

  507. MattJ

    I think SCRAM is cool. I think channel binding crosses the line into cryptographic overengineering.

  508. moparisthebest

    It's awesome and absolutely critical in a world where TLS isn't used

  509. thomaslewis has left

  510. moparisthebest

    But for the last decade or so...

  511. Zash

    Detecting TLS MITM is kinda cool tho

  512. MattJ

    Zash: it is, but......

  513. MattJ

    When does TLS MITM happen in reality?

  514. moparisthebest

    If the TLS mitm has a valid cert it's good

  515. Zash

    In the evil reverse proxies!!!11

  516. MattJ

    TLS MITM basically only happens when it's intentional, e.g. corporate networks and such

  517. MattJ

    And people still want their chat apps to work

  518. Zash

    Evil corporate DPI boxes!

  519. MattJ

    But we'll prevent them from connecting and people will blame^Wcheer XMPP from the rooftops

  520. MattJ

    But sure, 0.5% of people would prefer it not to work

  521. MattJ

    So I'm glad channel binding exists for them 🙂

  522. Martin

    > TLS MITM basically only happens when it's intentional, e.g. corporate networks and such > And people still want their chat apps to work I don't think you should install your chat app on the company device.

  523. moparisthebest

    100% what Martin said

  524. MattJ

    Martin: even if it's for work purposes?

  525. moparisthebest

    And presumably if you do, you want it to function

  526. thomaslewis has joined

  527. Martin

    Then the company IT department should assure it's working.

  528. moparisthebest

    And it's a work account so your company already knows the password

  529. MattJ

    This whole discussion is about making sure they can't make it work

  530. Zash

    Weren't XMPP only used for private chat anyway? 🙂

  531. MattJ

    That's what MITM detection does

  532. Zash

    The IT department already deployed Matri^W Slack.

  533. Martin

    Probably worse. Teams.

  534. Zash

    or BOTH

  535. Zash

    all while the IT department uses IRC internally

  536. thomaslewis has left

  537. selurvedu has joined

  538. thomaslewis has joined

  539. pep.

    "MattJ> TLS MITM basically only happens when it's intentional, e.g. corporate networks and such" or states using valid gmail.com certs. (/me looking at France)

  540. moparisthebest

    pep.: What do you mean

  541. pep.

    That was some time ago, and they got spotted quickly I assume, I'm looking for the link. This kind of stuff happens anyway, it's not just corporate networks. CA mafia and all.

  542. Zash

    https://www.rfc-editor.org/rfc/rfc1925.html#section-2 > It Has To Work.

  543. thomaslewis has left

  544. moparisthebest

    DNSSEC is the fix for that

  545. moparisthebest

    Well, and other lesser things, cert transparency log, CAA etc

  546. Zash

    DNSSEC transparency log when?

  547. thomaslewis has joined

  548. pep.

    "Zash> all while the IT department uses IRC internally" redundancy :P

  549. pep.

    If Slack fails they still have something that works

  550. Zash

    We humans sure do love stating the obvious, don't we 🙂

  551. pep.

    I was doing the same with s/IRC/XMPP/

  552. pep.

    ssshhh

  553. moparisthebest

    IRC is for sure the second best group chat after XMPP, everything else is far worse

  554. pep.

    Zash: We humans use weird methods to communicate that don't guarantee the same interpretation :)

  555. Zash

    Sacrebleu!

  556. pep.

    Anybody doing https://xmpp.org/extensions/xep-0225.html btw

  557. pep.

    (I guess not)

  558. Zash

    '114 works Good Enough, so not much demand I guess

  559. pep.

    Not storing credentials on the server for bridges, that's the use-case

  560. larma has left

  561. MattJ

    How does 225 help?

  562. pep.

    You'd be able to store that client-side

  563. pep.

    A client-side component

  564. Zash

    What?

  565. MattJ

    How?

  566. Zash

    Who?

  567. pep.

    Well the thing is that the server still has to have DNS etc. setup :/

  568. pep.

    So yeah it's not perfect

  569. pep.

    Suggestions welcome

  570. MattJ

    Just run over a client connection

  571. MattJ

    If it's about a single user

  572. pep.

    Multiprotocol client?

  573. moparisthebest

    You'd need a way to request a dedicated domain from the server, you could do that pretty easily with wildcards (DNS and cert) but the abuse potential is massive

  574. thomaslewis has left

  575. pep.

    MattJ, "run over a client connection", what does that mean

  576. pep.

    reuse it?

  577. pep.

    Technically the server could spoof the domain, it doesn't need to be declared right

  578. pep.

    If it's just over c2s

  579. MattJ

    Correct

  580. xnamed has joined

  581. Mario Sabatino has left

  582. moparisthebest

    So that's just my echo component thing

  583. pep.

    Except having a client-side component could echo itself (to all clients). A client-only-thing needs the echo thing

  584. xnamed has left

  585. Sam has left

  586. techmetx11 has left

  587. xnamed has joined

  588. selurvedu has left

  589. thomaslewis has joined

  590. selurvedu has joined

  591. Sam has joined

  592. TheRealkarano has left

  593. selurvedu has left

  594. selurvedu has joined

  595. thomaslewis has left

  596. moparisthebest

    Right, but server just needs the echo thing, and any clients can use it for whatever protocol they want

  597. edhelas has left

  598. edhelas has joined

  599. thomaslewis has joined

  600. xecks has left

  601. thomaslewis has left

  602. thomaslewis has joined

  603. Schimon has left

  604. thomaslewis has left

  605. thomaslewis has joined

  606. thomaslewis has left

  607. adx has left

  608. thomaslewis has joined

  609. thomaslewis has left

  610. thomaslewis has joined

  611. serge90 has left

  612. serge90 has joined

  613. PapaTutuWawa has left

  614. thomaslewis has left

  615. thomaslewis has joined

  616. thomaslewis has left

  617. thomaslewis has joined

  618. e-snail has left

  619. norayr has left

  620. e-snail has joined

  621. stefan has joined

  622. stefan has left

  623. SouL has left