XMPP Service Operators - 2019-08-19


  1. Allo has left

  2. Allo has joined

  3. Jonny has joined

  4. Jonny has left

  5. Jonny has joined

  6. rom1dep has joined

  7. Jonny has left

  8. Jonny has joined

  9. aj has joined

  10. rom1dep has left

  11. rom1dep has joined

  12. Jonny has left

  13. Jonny has joined

  14. Jonny has left

  15. ThibG has left

  16. tom

    Is there any reason not to allow http plaintext connections to your http_upload server?

  17. Jonny has joined

  18. Jonny has left

  19. Jonny has joined

  20. Jonny has left

  21. ThibG has joined

  22. Jonny has joined

  23. Jonny has left

  24. Jonny has joined

  25. Jonny has left

  26. Jonny has joined

  27. Jonny has left

  28. Pingu from Woodquarter has joined

  29. Licaon_Kter has joined

  30. rom1dep has left

  31. pod has joined

  32. drops has left

  33. drops has joined

  34. volker has joined

  35. xsteadfastx has joined

  36. Jonny has joined

  37. Jonny has left

  38. Holger

    tom: I'd ask about the Gajim stuff in the Gajim room.

  39. Jonny has joined

  40. Holger

    tom: > Is there any reason not to allow http plaintext connections to your http_upload server? Sure, you might not want to allow the man in the middle to intercept your users' uploads.

  41. tom

    but is there any reason to make https mandatory instead of optional?

  42. tom

    having https as an option metigates that, but as a cdn, Is it not good to allow plaintext access as well?

  43. Holger

    The upload extension doesn't support offering more than a single URL.

  44. Holger

    So you can't offer the client to choose between HTTP and HTTPS.

  45. drops has left

  46. drops has joined

  47. tom

    true, but clients (not uploaders) downloading static content can overide the https to do http

  48. ThibG has left

  49. volker has left

  50. holger has joined

  51. volker has joined

  52. volker has left

  53. volker has joined

  54. drops has left

  55. drops has joined

  56. volker has left

  57. volker has joined

  58. Jonny has left

  59. volker has left

  60. volker has joined

  61. Jonny has joined

  62. drops has left

  63. drops has joined

  64. ElDuderino has joined

  65. Holger

    Just blindly try HTTP and retry via TLS if that fails?

  66. Holger

    If people wanted this behavior it would make more sense to extend the spec accordingly. But I doubt you'll convince people in these HTTPS-everywhere times.

  67. Licaon_Kter

    tom: what's the usecase for non-httpS ?

  68. tom

    well, for static content that's not confidential

  69. tom

    for private conversations OMEMO would encrypt anyways

  70. tom

    http is less overhead and can be easily cached my client-side proxies like squid or polipo

  71. tom

    *by

  72. tom

    also, when I do TLS I set it up right. so that means blacklisting all insecure cihpersuites

  73. tom

    which realisticly only allows chacha20 and AESG

  74. tom

    the worst thing I want to do is provide a false sense of security. where if you turn on https and I want to be secure, but if you use http on purpose you don't have the illusion of security

  75. tom

    *AESGCM

  76. ThibG has joined

  77. tom

    older clients may not be able to speak TLSv1.2: ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384

  78. Holger

    All other ciphersuites are "insecure", sure.

  79. drops has left

  80. drops has joined

  81. Jonny has left

  82. drops has left

  83. drops has joined

  84. Jonny has joined

  85. Jonny has left

  86. bowlofeggs has left

  87. WebPigeon has left

  88. Jonny has joined

  89. WebPigeon has joined

  90. perflyst has joined

  91. perflyst has left

  92. perflyst has joined

  93. kmq has joined

  94. UsL has left

  95. ThibG has left

  96. ThibG has joined

  97. Maranda has left

  98. Maranda has joined

  99. volker has left

  100. volker has joined

  101. madmalkav has joined

  102. UsL has joined

  103. drops has left

  104. volker has left

  105. volker has joined

  106. perflyst has left

  107. perflyst has joined

  108. marc0s has joined

  109. perflyst has left

  110. Jonny has left

  111. Jonny has joined

  112. Jonny has left

  113. Jonny has joined

  114. morgan has joined

  115. sezuan has joined

  116. tom

    give or take a few cipher modulo and hash length 128/256/384

  117. WebPigeon has left

  118. morgan has left

  119. morgan has joined

  120. marc0s has left

  121. jonas’

    that’s not even TLSv1.3

  122. ThibG has left

  123. ThibG has joined

  124. marc0s has joined

  125. Holger

    I'm convinced it makes sense to break interop (i.e. better don't get the cat pic at all than to take the risk) by not offering ciphers such as, say, AES-128-CBC-SHA one someone shows how exactly to break it.

  126. tom

    what about tls 1.3?

  127. Holger

    I'm convinced it makes sense to break interop (i.e. better don't get the cat pic at all than to take the risk) by not offering ciphers such as, say, AES-128-CBC-SHA once someone shows how exactly to break it.

  128. tom

    nevermind

  129. tom

    I'm not asking about my cipherlist

  130. morgan has left

  131. Holger

    tom: Sure, you're just making the point that you need HTTP for interop because you can't offer HTTPS except with a super-restrictive cipherlist because anything else would impose a false sense of security 🙂

  132. tom

    well not exactly. I don't /need/ plaintext access I'm just wondering if there should be any plaintext access

  133. tom

    no clients have problems with my restrictive cipherlist that I know of

  134. pep.

    Let's just use http everywhere because TLS is not perfect anyway and it provides a false sense of security :)

  135. jonas’

    that’s the usual symptom of restrictive cipher lists

  136. Holger

    tom: Well many have. But whatever. I do see your points about overhead and proxies. I just doubt you'll convince people.

  137. jonas’

    I didn’t notice that I lost connectivity to jabber.ru until someone pointed it out out-of-band *shrug*

  138. jonas’

    I didn’t notice that I lost connectivity to jabber.ru until someone pointed it out out-of-band

  139. jonas’

    I didn’t notice that I lost connectivity to jabber.ru due to TLS foo until someone pointed it out out-of-band

  140. pep.

    Also tom it'd be great if you stopped taking over this channel for every single topic you want to talk about. Please

  141. jonas’

    it *is* operations, pep.

  142. jonas’

    it *is* related to operations, pep.

  143. tom

    > I do see your points about overhead and proxies. I just doubt you'll convince people. I'm not worried about convincing people, I'm just wondering if there is any other scenario besides the proxy example

  144. pep.

    jonas’: it started with gajim and jingle

  145. jonas’

    I didn’t scroll up that far

  146. tom

    >pep.‎: Also tom it'd be great if you stopped taking over this channel for every single topic you want to talk about. Please this channel is idle 90% of the time. If anybody else has a topic they'd like to talk about nothing's stopping them from bringing it up

  147. pep.

    It's idle 90% of the time so what. Let's all have a single channel with every xmpp users so that it's not idle at all?

  148. Holger

    tom: That's the usual response of people being asked to stay on topic. The problem is not everybody joined here is interested in having his phone beeping when it's about Jingle for Gajim. I'm not, for one.

  149. tom

    maybe the gajim conversation was a bit offtopic

  150. Holger

    (Personally I *am* somewhat interested in Gajim and Jingle, but I joined this room with the phone to be notified of actual operators stuff quickly; while I'm joined to the Gajim room only on my desktop. Just to give an example.)

  151. holger has left

  152. holger has joined

  153. tom

    sure

  154. holger has left

  155. holger has joined

  156. pep.

    tom: fwiw, join the gajim room and talk about what you want to do re UI, and the codebase in there. The current maintainer has done a huge amount of work cleaning it up, there are probably parts you can merge in your potential 0.16 fork if it happens

  157. pep.

    Ah you have joined, cool :)

  158. andrey.utkin has joined

  159. drops has joined

  160. sol has joined

  161. morgan has joined

  162. morgan has left

  163. drops has left

  164. aj has left

  165. morgan has joined

  166. morgan has left

  167. Jonny has left

  168. Jonny has joined

  169. WebPigeon has joined

  170. morgan has joined

  171. aj has joined

  172. marc0s has left

  173. morgan has left

  174. morgan has joined

  175. marc0s has joined

  176. WebPigeon has left

  177. morgan has left

  178. volker has left

  179. volker has joined

  180. reset has left

  181. reset has joined

  182. drops has joined

  183. volker has left

  184. volker has joined

  185. drops has left

  186. volker has left

  187. volker has joined

  188. marc0s has left

  189. volker has left

  190. volker has joined

  191. marc0s has joined

  192. volker has left

  193. volker has joined

  194. mimi89999 has joined

  195. morgan has joined

  196. volker has left

  197. volker has joined

  198. reset has left

  199. Jonny has left

  200. morgan has left

  201. volker has left

  202. volker has joined

  203. Jonny has joined

  204. rom1dep has joined

  205. volker has left

  206. volker has joined

  207. volker has left

  208. volker has joined

  209. volker has left

  210. volker has joined

  211. Maranda has left

  212. Maranda has joined

  213. ibikk has left

  214. reset has joined

  215. morgan has joined

  216. morgan has left

  217. holger has left

  218. holger has joined

  219. madmalkav has left

  220. madmalkav has joined

  221. dinosaurdynasty has left

  222. dinosaurdynasty has joined

  223. Chobbes has joined

  224. sol has left

  225. bowlofeggs has joined

  226. morgan has joined

  227. morgan has left

  228. morgan has joined

  229. kmq has left

  230. ibikk has joined

  231. Maranda has left

  232. morgan has left

  233. morgan has joined

  234. aj has left

  235. volker has left

  236. volker has joined

  237. dinosaurdynasty has left

  238. morgan has left

  239. dinosaurdynasty has joined

  240. dinosaurdynasty has left

  241. dinosaurdynasty has joined

  242. ibikk has left

  243. morgan has joined

  244. ibikk has joined

  245. curen has joined

  246. morgan has left

  247. drops has joined

  248. volker has left

  249. morgan has joined

  250. morgan has left

  251. Allo has left

  252. morgan has joined

  253. drops has left

  254. morgan has left

  255. marc0s has left

  256. marc0s has joined

  257. drops has joined

  258. morgan has joined

  259. sezuan has left

  260. morgan has left

  261. Jonny has left

  262. ThibG has left

  263. ThibG has joined

  264. volker has joined

  265. morgan has joined

  266. Licaon_Kter has left

  267. Licaon_Kter has joined

  268. drops has left

  269. drops has joined

  270. morgan has left

  271. Licaon_Kter has left

  272. Licaon_Kter has joined

  273. Licaon_Kter has left

  274. Licaon_Kter has joined

  275. morgan has joined

  276. volker has left

  277. volker has joined

  278. volker has left

  279. Jonny has joined

  280. volker has joined

  281. morgan has left

  282. Licaon_Kter has left

  283. morgan has joined

  284. Jonny has left

  285. Jonny has joined

  286. Jonny has left

  287. Jonny has joined

  288. lash has joined

  289. morgan has left

  290. volker has left

  291. volker has joined

  292. morgan has joined

  293. drops has left

  294. Licaon_Kter has joined

  295. curen has left

  296. drops has joined

  297. morgan has left

  298. morgan has joined

  299. marc0s has left

  300. marc0s has joined

  301. perflyst has joined

  302. morgan has left

  303. Jonny has left

  304. Jonny has joined

  305. Jonny has left

  306. Jonny has joined

  307. Jonny has left

  308. Jonny has joined

  309. Jonny has left

  310. Jonny has joined

  311. Jonny has left

  312. Jonny has joined

  313. Jonny has left

  314. perflyst has left

  315. perflyst has joined

  316. drops has left

  317. perflyst has left

  318. perflyst has joined

  319. Jonny has joined

  320. perflyst has left

  321. perflyst has joined

  322. drops has joined

  323. morgan has joined

  324. Chobbes has left

  325. Chobbes has joined

  326. Jonny has left

  327. Jonny has joined

  328. volker has left

  329. volker has joined

  330. madmalkav has left

  331. madmalkav has joined

  332. morgan has left

  333. holger has left

  334. holger has joined

  335. morgan has joined

  336. morgan has left

  337. Jonny has left

  338. Jonny has joined

  339. Jonny has left

  340. morgan has joined

  341. andrey.utkin has left

  342. Jonny has joined

  343. volker has left

  344. volker has joined

  345. morgan has left

  346. Chobbes has left

  347. Chobbes has joined

  348. Chobbes has left

  349. ibikk has left

  350. ibikk has joined

  351. Pingu from Woodquarter has left

  352. morgan has joined

  353. morgan has left

  354. WebPigeon has joined

  355. morgan has joined

  356. Jonny has left

  357. morgan has left

  358. WebPigeon has left

  359. morgan has joined

  360. WebPigeon has joined

  361. Jonny has joined

  362. Chobbes has joined

  363. an has left

  364. an has joined

  365. Jonny has left

  366. kmq has joined

  367. Jonny has joined

  368. Jonny has left

  369. Jonny has joined

  370. drops has left

  371. drops has joined

  372. bowlofeggs has left

  373. bowlofeggs has joined

  374. kmq has left

  375. volker has left

  376. volker has joined

  377. drops has left

  378. an has left

  379. an has joined

  380. drops has joined

  381. morgan has left

  382. drops has left

  383. Jonny has left

  384. Jonny has joined

  385. drops has joined

  386. madmalkav has left

  387. madmalkav has joined

  388. drops has left

  389. marc0s has left

  390. marc0s has joined

  391. morgan has joined

  392. drops has joined

  393. marc0s has left

  394. morgan has left

  395. volker has left

  396. volker has joined

  397. carlos has left

  398. morgan has joined

  399. Chobbes has left

  400. marc0s has joined

  401. madmalkav has left

  402. volker has left

  403. volker has joined

  404. Jonny has left

  405. Jonny has joined

  406. morgan has left

  407. Jonny has left

  408. WebPigeon has left

  409. morgan has joined

  410. morgan has left

  411. morgan has joined

  412. Jonny has joined

  413. Licaon_Kter has left

  414. morgan has left

  415. volker has left

  416. hawar has joined

  417. hawar has left

  418. Jonny has left

  419. Jonny has joined

  420. ElDuderino has left

  421. Allie has left

  422. perflyst has left

  423. Allie has joined

  424. Allo has joined

  425. Jonny has left

  426. Jonny has joined

  427. afrogeek has joined

  428. Jonny has left

  429. Jonny has joined

  430. Jonny has left

  431. Jonny has joined

  432. mathieui has left

  433. mathieui has joined

  434. WebPigeon has joined

  435. debacle has joined

  436. Jonny has left

  437. ThibG has left

  438. ThibG has joined

  439. Jonny has joined

  440. debacle has left

  441. pod has left

  442. marc0s has left

  443. marc0s has joined