XMPP Service Operators - 2020-08-31


  1. Douglas Terabyte has left
  2. Douglas Terabyte has joined
  3. loopboom has joined
  4. holger has left
  5. loopboom has left
  6. alien has left
  7. alien has joined
  8. tom Can we get rid of passwords already and use public key authentication?
  9. seandreas has left
  10. mehdi has left
  11. mehdi has joined
  12. mehdi has left
  13. mehdi has joined
  14. mehdi has left
  15. mehdi has joined
  16. mehdi has left
  17. mehdi has joined
  18. colochon has left
  19. mehdi has left
  20. mehdi has joined
  21. dinosaurdynasty has left
  22. dinosaurdynasty has joined
  23. schorsch has left
  24. schorsch has joined
  25. mehdi has left
  26. mehdi has joined
  27. thndrbvr has joined
  28. mehdi has left
  29. mehdi has joined
  30. mehdi has left
  31. mehdi has joined
  32. diane has joined
  33. mehdi has left
  34. mehdi has joined
  35. mehdi has left
  36. mehdi has joined
  37. raspbeguy has left
  38. jayteeuk has left
  39. jayteeuk has joined
  40. jayteeuk has left
  41. jayteeuk has joined
  42. mehdi has left
  43. mehdi has joined
  44. mehdi has left
  45. mehdi has joined
  46. brilliance has left
  47. mehdi has left
  48. mehdi has joined
  49. karim has left
  50. karim has joined
  51. Mel has left
  52. jayteeuk has left
  53. jayteeuk has joined
  54. jayteeuk has left
  55. jayteeuk has joined
  56. Douglas Terabyte has left
  57. Douglas Terabyte has joined
  58. mehdi has left
  59. mehdi has joined
  60. Mel has joined
  61. brilliance has joined
  62. mehdi has left
  63. mehdi has joined
  64. mehdi has left
  65. mehdi has joined
  66. brilliance has left
  67. jayteeuk has left
  68. jayteeuk has joined
  69. jayteeuk has left
  70. jayteeuk has joined
  71. mehdi has left
  72. mehdi has joined
  73. mehdi has left
  74. mehdi has joined
  75. mehdi has left
  76. mehdi has joined
  77. holger has joined
  78. mehdi has left
  79. mehdi has joined
  80. mehdi has left
  81. mehdi has joined
  82. brilliance has joined
  83. mehdi has left
  84. mehdi has joined
  85. mehdi has left
  86. mehdi has joined
  87. Huxx has joined
  88. ibikk has joined
  89. mehdi has left
  90. mehdi has joined
  91. lorddavidiii has joined
  92. mehdi has left
  93. mehdi has joined
  94. mehdi has left
  95. mehdi has joined
  96. jayteeuk has left
  97. jayteeuk has joined
  98. Mel has left
  99. Mel has joined
  100. mehdi has left
  101. Echo1 has left
  102. mehdi has joined
  103. Echo1 has joined
  104. pod has joined
  105. perflyst has joined
  106. mehdi has left
  107. mehdi has joined
  108. Pingu from Woodquarter has joined
  109. perflyst has left
  110. mehdi has left
  111. mehdi has joined
  112. sonny has left
  113. sonny has joined
  114. raspbeguy has joined
  115. sonny has left
  116. holger has left
  117. sonny has joined
  118. Licaon_Kter has joined
  119. mehdi has left
  120. mehdi has joined
  121. sonny has left
  122. mehdi has left
  123. sonny has joined
  124. mehdi has joined
  125. lorddavidiii has left
  126. sonny has left
  127. mehdi has left
  128. mehdi has joined
  129. lorddavidiii has joined
  130. sonny has joined
  131. sonny has left
  132. jonas’ I’d be all in, if we hide it from the users :)
  133. sonny has joined
  134. sonny has left
  135. mehdi has left
  136. mehdi has joined
  137. sonny has joined
  138. jayteeuk has left
  139. jayteeuk has joined
  140. jayteeuk has left
  141. jayteeuk has joined
  142. holger has joined
  143. sonny has left
  144. SouL has left
  145. insanity has left
  146. 10rokita has joined
  147. jayteeuk has left
  148. jayteeuk has joined
  149. jayteeuk has left
  150. jayteeuk has joined
  151. mehdi has left
  152. mehdi has joined
  153. sonny has joined
  154. derventio has left
  155. ibikk has left
  156. cuc has left
  157. cuc has joined
  158. abidal3 has joined
  159. sonny has left
  160. schorsch has left
  161. SouL has joined
  162. sonny has joined
  163. jayteeuk has left
  164. jayteeuk has joined
  165. jayteeuk has left
  166. jayteeuk has joined
  167. madmalkav has joined
  168. cuc has left
  169. cuc has joined
  170. lorddavidiii has left
  171. insanity has joined
  172. jayteeuk has left
  173. jayteeuk has joined
  174. jayteeuk has left
  175. jayteeuk has joined
  176. ibikk has joined
  177. marc0s has left
  178. marc0s has joined
  179. lorddavidiii has joined
  180. schorsch has joined
  181. diane has left
  182. kikuchiyo Wouldn't that require client devs to integrate authentication agents and users to remember longer passphrases?
  183. cuc has left
  184. cuc has joined
  185. jonas’ kikuchiyo, no, why? tie the private key to the device.
  186. jonas’ passphrase optional.
  187. jonas’ on mobile OSes, that would be reasonably secure, since apps can’t read each other’s storage
  188. jonas’ (or you can even put it in the OSes secret vault)
  189. jonas’ breaks down on standard desktop OSes of course, but who uses those anyways.
  190. schorsch has left
  191. schorsch has joined
  192. sonny has left
  193. sonny has joined
  194. kikuchiyo Ok, what does this mean for multiple or lost devices?
  195. lorddavidiii has left
  196. jonas’ different private key for each device, obviously
  197. jonas’ because of that, you can revoke access for lost devices easly
  198. jonas’ if you lost all devices, you’ll need an out-of-band recovery mechanism, just as if you lost your password
  199. Beherit has left
  200. tom I strongly disagree
  201. tom You have strong crypto auth
  202. tom And then you add a backdoor
  203. tom It's up to the user not to have a backup key hidden somewhere
  204. jonas’ of course
  205. jonas’ because user’s are good at that!
  206. tom And in worst case they don't, they could go to their hosting provider showing physical ID and having someone who knews them add in a new key
  207. jonas’ which is *exactly* the kind of out-of-band recovery mechanism I’m talking about?
  208. jonas’ what’s your problem then?
  209. tom I thought you meant automated
  210. tom » just as if you lost your password
  211. colochon has joined
  212. jonas’ of course automated for any non-terrible-UX service
  213. tom Strongly disagree
  214. jonas’ for terrible-UX-but-high-security services you’d not do that automated obviously.
  215. tom I'm really tired of having to use software design for morons
  216. jonas’ sorry to hear
  217. tom I know what it means to use unbreakable crypto when i turn it on
  218. tom A lot of companies like to assume their users are stupid and add all kinds of backdoors into the crypto
  219. tom Calling them recovery
  220. Echo1 has left
  221. tom So like you have 2fa, but you can guess someone's pet name or look up their mother's name
  222. tom And bypass the security
  223. lorddavidiii has joined
  224. Echo1 has joined
  225. tom I can auth to IRC servers with a client certificate
  226. tom Shouldn't that be possible with XMPP as well?
  227. tom Instead of having to remember passwords
  228. tom Keeping a bunch of passwords in a database
  229. Beherit has joined
  230. tom Take wireguard for example of doing authentication right and and making simple
  231. tom https://www.wireguard.com/
  232. jonas’ wireguard is too simple for some use-cases though
  233. jonas’ anything road-warrior-corporate-type for example.
  234. tom I use it on my laptop
  235. tom It's perfectly adequete
  236. kikuchiyo > different private key for each device, obviously New devices would need to be cross signed from an already known device, yes?
  237. pep. > jonas’> because of that, you can revoke access for lost devices easly Because of that, you can race to revoke access for lost devices easily. FTFY
  238. jonas’ ?
  239. pep. Since the lost device would probably have the same authz
  240. jonas’ kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link
  241. jonas’ pep., removing devices could require a second factor
  242. pep. And you probably just lost it :/
  243. Martin Andotp on the lost mobile 😁
  244. pep. Revocation is annoying
  245. vu764hd68fxt has left
  246. Viktor Lindberg has left
  247. Viktor Lindberg has joined
  248. vu764hd68fxt has joined
  249. stvn has joined
  250. stvn has left
  251. stvn has joined
  252. jayteeuk has left
  253. jayteeuk has joined
  254. kikuchiyo > kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link One-time authentication leads to a race of one-time revokation. How about not revoking a device, but revoking the compromised identity?
  255. Mel has left
  256. Mel has joined
  257. 10rokita has left
  258. pep. You don't get rid of the race do you
  259. stvn has left
  260. stvn has joined
  261. Beherit has left
  262. kikuchiyo pep.: Since there is no continuity, you would need to reestablish trust for a new one.
  263. pep. That also means at any time, somebody (with the right authz, e.g., stolen device) can revoke your perfectly valid identities
  264. pep. (and 2FA on the stolen mobile device, because that's how things work nowadays :p)
  265. kikuchiyo Which comes down to meeting in real life or using 2fa.
  266. pep. meeting in real life with whom?
  267. pep. The server operator?
  268. pep. (I haven't read the past few days of logs)
  269. lorddavidiii has left
  270. kikuchiyo Those to whom you want to communicate with.
  271. pep. Assuming you can also still login first
  272. pep. Password is unchanged, etc.
  273. lorddavidiii has joined
  274. kikuchiyo > Assuming you can also still login first No, assuming that the other party knows you in person and can verify that in real life. The underlying philosophical problem is: _What is identity_ One answer to that could be: A common history.
  275. Beherit has joined
  276. pep. I meant, you might not have access to your account anymore
  277. pep. In this case surely you can create a new account/identity and get this one acked
  278. pep. Unless you manage to convince the operator that it's your account
  279. Vaughan has joined
  280. stvn has left
  281. sonny has left
  282. holger has left
  283. kikuchiyo pep.: Yes a comprised account is a compromised virtual identity. So there is nothing left than to refer to a second identity, e.g. the real life identity, to establish new trust.
  284. kikuchiyo You just need to make sure that the old identity gets revoked completely.
  285. pep. And I'm saying that's the hard part. First if you don't control the account anymore, either you need to regain control of it through the operator, or you need to go through all your contacts and revoke it out-of-band (by meeting IRL)
  286. lorddavidiii has left
  287. pep. You don't "just" revoke an identity
  288. Maranda 🤦🏼‍♂️
  289. pep. What is it Maranda, your hand smells nice? :P
  290. Beherit has left
  291. stvn has joined
  292. stvn has left
  293. stvn has joined
  294. Maranda They smell of disinfectant like everyone's, if they're good childs that is pep.
  295. stvn has left
  296. stvn has joined
  297. kikuchiyo pep.: I know this is not the usual way of thinking about revokation. > you need to go through all your contacts and revoke it out-of-band (by meeting IRL) Or by enabling whomever has gained control over the old identity (including yourself) to destroy it and all of the attached keys, but not to initiate a new one without meeting IRL or 2fa.
  298. pep. Yes and that person in control of your old identity might have no interest in destroying it :p
  299. ibikk has left
  300. pep. (or it might be exactly their goal: DoS)
  301. stvn has left
  302. holger has joined
  303. sonny has joined
  304. Beherit has joined
  305. stvn has joined
  306. sonny has left
  307. sonny has joined
  308. insanity has left
  309. kusoneko has left
  310. kusoneko has joined
  311. kusoneko has left
  312. kusoneko has joined
  313. Marzanna has left
  314. Marzanna has joined
  315. insanity has joined
  316. colochon has left
  317. stvn has left
  318. stvn has joined
  319. stvn has left
  320. lorddavidiii has joined
  321. sonny has left
  322. sonny has joined
  323. sonny has left
  324. stvn has joined
  325. schorsch has left
  326. sonny has joined
  327. schorsch has joined
  328. kikuchiyo pep.: One person in control has to be able to hit the kill switch for the identity - that would be you. If the attacker does that he looses control. This is a like a remote mechanism to dye stolen money.
  329. pep. Well "Availability" is also part of CIA
  330. Douglas Terabyte has left
  331. schorsch has left
  332. schorsch has joined
  333. Beherit has left
  334. marc0s has left
  335. marc0s has joined
  336. sonny has left
  337. sonny has joined
  338. stvn has left
  339. stvn has joined
  340. stvn has left
  341. insanity has left
  342. stvn has joined
  343. loopboom has joined
  344. Beherit has joined
  345. colochon has joined
  346. insanity has joined
  347. stvn has left
  348. stvn has joined
  349. sonny has left
  350. sonny has joined
  351. sonny has left
  352. sonny has joined
  353. sonny has left
  354. stvn has left
  355. diane has joined
  356. marc0s has left
  357. ibikk has joined
  358. jayteeuk has left
  359. jayteeuk has joined
  360. insanity has left
  361. jayteeuk has left
  362. jayteeuk has joined
  363. sonny has joined
  364. perflyst has joined
  365. marc0s has joined
  366. perflyst has left
  367. perflyst has joined
  368. lorddavidiii has left
  369. stvn has joined
  370. insanity has joined
  371. perflyst has left
  372. abidal3 has left
  373. insanity has left
  374. thndrbvr has left
  375. insanity has joined
  376. lorddavidiii has joined
  377. insanity has left
  378. stvn has left
  379. stvn has joined
  380. drops has left
  381. drops has joined
  382. marc0s has left
  383. marc0s has joined
  384. stvn has left
  385. stvn has joined
  386. schorsch has left
  387. schorsch has joined
  388. lorddavidiii has left
  389. stvn has left
  390. stvn has joined
  391. stvn has left
  392. stvn has joined
  393. insanity has joined
  394. marc0s has left
  395. stvn has left
  396. lorddavidiii has joined
  397. Vaughan has left
  398. jayteeuk has left
  399. jayteeuk has joined
  400. jayteeuk has left
  401. jayteeuk has joined
  402. Vaughan has joined
  403. stvn has joined
  404. Beherit has left
  405. stvn has left
  406. stvn has joined
  407. marc0s has joined
  408. Beherit has joined
  409. stvn has left
  410. stvn has joined
  411. marc0s has left
  412. marc0s has joined
  413. jayteeuk has left
  414. jayteeuk has joined
  415. jayteeuk has left
  416. jayteeuk has joined
  417. stvn has left
  418. stvn has joined
  419. kikuchiyo has left
  420. stvn has left
  421. stvn has joined
  422. jayteeuk has left
  423. jayteeuk has joined
  424. ajeremias has joined
  425. jayteeuk has left
  426. jayteeuk has joined
  427. stvn has left
  428. stvn has joined
  429. testytest has joined
  430. testytest has left
  431. sonny has left
  432. sonny has joined
  433. stvn has left
  434. sonny has left
  435. stvn has joined
  436. sonny has joined
  437. stvn has left
  438. stvn has joined
  439. kikuchiyo has joined
  440. sonny has left
  441. holger has left
  442. stvn has left
  443. stvn has joined
  444. jayteeuk has left
  445. jayteeuk has joined
  446. stvn has left
  447. stvn has joined
  448. Django has left
  449. Django has joined
  450. stvn has left
  451. stvn has joined
  452. stvn has left
  453. stvn has joined
  454. sonny has joined
  455. jayteeuk has left
  456. jayteeuk has joined
  457. colochon has left
  458. stvn has left
  459. jayteeuk has left
  460. jayteeuk has joined
  461. sonny has left
  462. sonny has joined
  463. deuill has joined
  464. deuill has left
  465. stvn has joined
  466. stvn has left
  467. stvn has joined
  468. stvn has left
  469. stvn has joined
  470. stvn has left
  471. ibikk has left
  472. colochon has joined
  473. Bakunin has joined
  474. Bakunin has left
  475. loopboom has left
  476. perflyst has joined
  477. drops has left
  478. perflyst has left
  479. jayteeuk has left
  480. jayteeuk has joined
  481. cuc has left
  482. seandreas has joined
  483. sonny has left
  484. sonny has joined
  485. jayteeuk has left
  486. jayteeuk has joined
  487. ksuxat. has joined
  488. holger has joined
  489. sonny has left
  490. sonny has joined
  491. sonny has left
  492. sonny has joined
  493. abidal3 has joined
  494. cuc has joined
  495. mehdi has left
  496. mehdi has joined
  497. abidal3 has left
  498. drops has joined
  499. cuc has left
  500. lorddavidiii has left
  501. seandreas has left
  502. insanity has left
  503. lorddavidiii has joined
  504. ksuxat. has left
  505. ajeremias has left
  506. insanity has joined
  507. insanity has left
  508. insanity has joined
  509. abidal3 has joined
  510. perflyst has joined
  511. ibikk has joined
  512. Viktor Lindberg has left
  513. Viktor Lindberg has joined
  514. thndrbvr has joined
  515. Beherit has left
  516. perflyst has left
  517. insanity has left
  518. insanity has joined
  519. Viktor Lindberg has left
  520. Viktor Lindberg has joined
  521. sonny has left
  522. sonny has joined
  523. sonny has left
  524. Viktor Lindberg has left
  525. Viktor Lindberg has joined
  526. Beherit has joined
  527. sonny has joined
  528. Viktor Lindberg has left
  529. Viktor Lindberg has joined
  530. marc0s has left
  531. marc0s has joined
  532. Viktor Lindberg has left
  533. Viktor Lindberg has joined
  534. kikuchiyo has left
  535. Viktor Lindberg has left
  536. Viktor Lindberg has joined
  537. Viktor Lindberg has left
  538. Viktor Lindberg has joined
  539. ajeremias has joined
  540. kikuchiyo has joined
  541. kikuchiyo has left
  542. kikuchiyo has joined
  543. kikuchiyo has left
  544. Douglas Terabyte has joined
  545. sonny has left
  546. mehdi has left
  547. mehdi has joined
  548. sonny has joined
  549. kikuchiyo has joined
  550. Viktor Lindberg has left
  551. ajeremias has left
  552. mehdi has left
  553. seandreas has joined
  554. sonny has left
  555. sonny has joined
  556. mehdi has joined
  557. perflyst has joined
  558. Bakunin has joined
  559. Bakunin has left
  560. mehdi has left
  561. sonny has left
  562. sonny has joined
  563. mehdi has joined
  564. mehdi has left
  565. perflyst has left
  566. Vaughan has left
  567. Vaughan has joined
  568. mehdi has joined
  569. schorsch has left
  570. schorsch has joined
  571. Jonny has left
  572. Jonny has joined
  573. sonny has left
  574. jayteeuk has left
  575. jayteeuk has joined
  576. sonny has joined
  577. carlos has left
  578. carlos has joined
  579. Douglas Terabyte has left
  580. Douglas Terabyte has joined
  581. mehdi has left
  582. sonny has left
  583. sonny has joined
  584. mehdi has joined
  585. seandreas has left
  586. schorsch has left
  587. sonny has left
  588. ajeremias has joined
  589. Vaughan has left
  590. sonny has joined
  591. jayteeuk has left
  592. jayteeuk has joined
  593. sonny has left
  594. jayteeuk has left
  595. jayteeuk has joined
  596. cuc has joined
  597. mehdi has left
  598. sonny has joined
  599. abidal3 has left
  600. cuc has left
  601. perflyst has joined
  602. mehdi has joined
  603. Pingu from Woodquarter has left
  604. perflyst has left
  605. perflyst has joined
  606. jayteeuk has left
  607. jayteeuk has joined
  608. jayteeuk has left
  609. jayteeuk has joined
  610. jayteeuk has left
  611. jayteeuk has joined
  612. sonny has left
  613. sonny has joined
  614. mehdi has left
  615. lorddavidiii has left
  616. sonny has left
  617. mehdi has joined
  618. sonny has joined
  619. abidal3 has joined
  620. mehdi has left
  621. seandreas has joined
  622. Vaughan has joined
  623. mehdi has joined
  624. jayteeuk has left
  625. jayteeuk has joined
  626. perflyst has left
  627. colochon has left
  628. colochon has joined
  629. mehdi has left
  630. mehdi has joined
  631. argon3771 has left
  632. argon3771 has joined
  633. sonny has left
  634. Viktor Lindberg has joined
  635. seandreas has left
  636. jayteeuk has left
  637. jayteeuk has joined
  638. calvin has joined
  639. sonny has joined
  640. madmalkav has left
  641. madmalkav has joined
  642. perflyst has joined
  643. 10rokita has joined
  644. Vaughan has left
  645. Vaughan has joined
  646. Mel has left
  647. Maranda has left
  648. Maranda has joined
  649. ajeremias has left
  650. ibikk has left
  651. ibikk has joined
  652. cuc has joined
  653. pod has left
  654. Douglas Terabyte has left
  655. Douglas Terabyte has joined
  656. jayteeuk has left
  657. jayteeuk has joined
  658. Mel has joined
  659. sonny has left
  660. perflyst has left
  661. Bakunin has joined
  662. Bakunin has left
  663. colochon has left
  664. sonny has joined
  665. Vaughan has left
  666. sonny has left
  667. sonny has joined
  668. Vaughan has joined
  669. perflyst has joined
  670. loopboom has joined
  671. Vaughan has left
  672. Vaughan has joined
  673. colochon has joined
  674. ibikk has left
  675. perflyst has left
  676. jayteeuk has left
  677. jayteeuk has joined
  678. thndrbvr has left
  679. Martin Anyone from anonym.im here,
  680. thndrbvr has joined
  681. Martin Anyone from anonym.im here?
  682. Vaughan has left
  683. Vaughan has joined
  684. brilliance has left
  685. insanity has left
  686. madmalkav has left
  687. insanity has joined
  688. sonny has left
  689. sonny has joined
  690. sonny has left
  691. sonny has joined
  692. argon3771 has left
  693. argon3771 has joined
  694. perflyst has joined
  695. loopboom has left
  696. colochon has left
  697. brilliance has joined
  698. calvin has left
  699. jayteeuk has left
  700. jayteeuk has joined
  701. 10rokita has left
  702. sonny has left
  703. Huxx has left
  704. sonny has joined
  705. perflyst has left
  706. perflyst has joined
  707. seandreas has joined
  708. brilliance has left
  709. derventio has joined
  710. schorsch has joined
  711. brilliance has joined
  712. schorsch has left
  713. schorsch has joined
  714. Mel has left
  715. Mel has joined
  716. Bakunin has joined
  717. jayteeuk has left
  718. jayteeuk has joined
  719. Bakunin has left
  720. kusoneko has left
  721. perflyst has left
  722. jayteeuk has left
  723. jayteeuk has joined
  724. jayteeuk has left
  725. jayteeuk has joined
  726. kusoneko has joined
  727. calvin has joined
  728. calvin has left
  729. derventio has left
  730. seandreas has left
  731. Mel has left
  732. Mel has joined
  733. jayteeuk has left
  734. jayteeuk has joined
  735. jayteeuk has left
  736. jayteeuk has joined
  737. seandreas has joined
  738. stpeter has left
  739. brilliance has left
  740. brilliance has joined