jdev - 2023-10-21

  1. moparisthebest

    DANE all the things

  2. moparisthebest

    Drop .im domains entirely 🙈🙉

  3. agh

    Yes! DANE all things!

  4. opal

    dane wouldnt be necessary if dnssec + caa records became the norm

  5. agh

    Ahh, wow this CAA stuff looks interesting: https://support.dnsimple.com/articles/caa-record/

  6. opal

    either you know which company youre paying to trust, or you know youre using letsencrypt with an account key

  7. opal

    and in either case the subject for your cert *is your domain name* so thats where to have this fixed, in dns

  8. opal

    email made a mistake

  9. opal

    dnssec is the certificate authority of dns

  10. MattJ

    I'm working on some documentation for channel binding in XMPP. It would be helpful if client devs could let me know whether their client supports channel binding (i.e. SCRAM-*-PLUS) and in what version, and whether it supports tls-exporter (for compatibility with TLS 1.3).

  11. Zash

    Was there a thing that could query DOAP?

  12. Zash

    If you implement the TLS 1.3 tls-exporter channel binding, consider adding `<implements rdf:resource="https://www.rfc-editor.org/info/rfc9266"/>` to your DOAP for some sort of discoverability :)

  13. pulkomandy

    Yes that's what I did for Renga (but not yet released, I should do that soon!)

  14. pulkomandy

    I sent a patch for rfc9266 to gloox but it is not merged there yet

  15. Zash

    Prosody doesn't have it in a release yet either, sadly

  16. lissine

    prosody release coming soon? :-)

  17. Zash

    Mmmmmmmmmmmmaybe.