XMPP Service Operators - 2020-08-31

  1. Douglas Terabyte has left

  2. Douglas Terabyte has joined

  3. loopboom has joined

  4. holger has left

  5. loopboom has left

  6. alien has left

  7. alien has joined

  8. tom

    Can we get rid of passwords already and use public key authentication?

  9. seandreas has left

  10. mehdi has left

  11. mehdi has joined

  12. mehdi has left

  13. mehdi has joined

  14. mehdi has left

  15. mehdi has joined

  16. mehdi has left

  17. mehdi has joined

  18. colochon has left

  19. mehdi has left

  20. mehdi has joined

  21. dinosaurdynasty has left

  22. dinosaurdynasty has joined

  23. schorsch has left

  24. schorsch has joined

  25. mehdi has left

  26. mehdi has joined

  27. thndrbvr has joined

  28. mehdi has left

  29. mehdi has joined

  30. mehdi has left

  31. mehdi has joined

  32. diane has joined

  33. mehdi has left

  34. mehdi has joined

  35. mehdi has left

  36. mehdi has joined

  37. raspbeguy has left

  38. jayteeuk has left

  39. jayteeuk has joined

  40. jayteeuk has left

  41. jayteeuk has joined

  42. mehdi has left

  43. mehdi has joined

  44. mehdi has left

  45. mehdi has joined

  46. brilliance has left

  47. mehdi has left

  48. mehdi has joined

  49. karim has left

  50. karim has joined

  51. Mel has left

  52. jayteeuk has left

  53. jayteeuk has joined

  54. jayteeuk has left

  55. jayteeuk has joined

  56. Douglas Terabyte has left

  57. Douglas Terabyte has joined

  58. mehdi has left

  59. mehdi has joined

  60. Mel has joined

  61. brilliance has joined

  62. mehdi has left

  63. mehdi has joined

  64. mehdi has left

  65. mehdi has joined

  66. brilliance has left

  67. jayteeuk has left

  68. jayteeuk has joined

  69. jayteeuk has left

  70. jayteeuk has joined

  71. mehdi has left

  72. mehdi has joined

  73. mehdi has left

  74. mehdi has joined

  75. mehdi has left

  76. mehdi has joined

  77. holger has joined

  78. mehdi has left

  79. mehdi has joined

  80. mehdi has left

  81. mehdi has joined

  82. brilliance has joined

  83. mehdi has left

  84. mehdi has joined

  85. mehdi has left

  86. mehdi has joined

  87. Huxx has joined

  88. ibikk has joined

  89. mehdi has left

  90. mehdi has joined

  91. lorddavidiii has joined

  92. mehdi has left

  93. mehdi has joined

  94. mehdi has left

  95. mehdi has joined

  96. jayteeuk has left

  97. jayteeuk has joined

  98. Mel has left

  99. Mel has joined

  100. mehdi has left

  101. Echo1 has left

  102. mehdi has joined

  103. Echo1 has joined

  104. pod has joined

  105. perflyst has joined

  106. mehdi has left

  107. mehdi has joined

  108. Pingu from Woodquarter has joined

  109. perflyst has left

  110. mehdi has left

  111. mehdi has joined

  112. sonny has left

  113. sonny has joined

  114. raspbeguy has joined

  115. sonny has left

  116. holger has left

  117. sonny has joined

  118. Licaon_Kter has joined

  119. mehdi has left

  120. mehdi has joined

  121. sonny has left

  122. mehdi has left

  123. sonny has joined

  124. mehdi has joined

  125. lorddavidiii has left

  126. sonny has left

  127. mehdi has left

  128. mehdi has joined

  129. lorddavidiii has joined

  130. sonny has joined

  131. sonny has left

  132. jonas’

    I’d be all in, if we hide it from the users :)

  133. sonny has joined

  134. sonny has left

  135. mehdi has left

  136. mehdi has joined

  137. sonny has joined

  138. jayteeuk has left

  139. jayteeuk has joined

  140. jayteeuk has left

  141. jayteeuk has joined

  142. holger has joined

  143. sonny has left

  144. SouL has left

  145. insanity has left

  146. 10rokita has joined

  147. jayteeuk has left

  148. jayteeuk has joined

  149. jayteeuk has left

  150. jayteeuk has joined

  151. mehdi has left

  152. mehdi has joined

  153. sonny has joined

  154. derventio has left

  155. ibikk has left

  156. cuc has left

  157. cuc has joined

  158. abidal3 has joined

  159. sonny has left

  160. schorsch has left

  161. SouL has joined

  162. sonny has joined

  163. jayteeuk has left

  164. jayteeuk has joined

  165. jayteeuk has left

  166. jayteeuk has joined

  167. madmalkav has joined

  168. cuc has left

  169. cuc has joined

  170. lorddavidiii has left

  171. insanity has joined

  172. jayteeuk has left

  173. jayteeuk has joined

  174. jayteeuk has left

  175. jayteeuk has joined

  176. ibikk has joined

  177. marc0s has left

  178. marc0s has joined

  179. lorddavidiii has joined

  180. schorsch has joined

  181. diane has left

  182. kikuchiyo

    Wouldn't that require client devs to integrate authentication agents and users to remember longer passphrases?

  183. cuc has left

  184. cuc has joined

  185. jonas’

    kikuchiyo, no, why? tie the private key to the device.

  186. jonas’

    passphrase optional.

  187. jonas’

    on mobile OSes, that would be reasonably secure, since apps can’t read each other’s storage

  188. jonas’

    (or you can even put it in the OSes secret vault)

  189. jonas’

    breaks down on standard desktop OSes of course, but who uses those anyways.

  190. schorsch has left

  191. schorsch has joined

  192. sonny has left

  193. sonny has joined

  194. kikuchiyo

    Ok, what does this mean for multiple or lost devices?

  195. lorddavidiii has left

  196. jonas’

    different private key for each device, obviously

  197. jonas’

    because of that, you can revoke access for lost devices easly

  198. jonas’

    if you lost all devices, you’ll need an out-of-band recovery mechanism, just as if you lost your password

  199. Beherit has left

  200. tom

    I strongly disagree

  201. tom

    You have strong crypto auth

  202. tom

    And then you add a backdoor

  203. tom

    It's up to the user not to have a backup key hidden somewhere

  204. jonas’

    of course

  205. jonas’

    because user’s are good at that!

  206. tom

    And in worst case they don't, they could go to their hosting provider showing physical ID and having someone who knews them add in a new key

  207. jonas’

    which is *exactly* the kind of out-of-band recovery mechanism I’m talking about?

  208. jonas’

    what’s your problem then?

  209. tom

    I thought you meant automated

  210. tom

    » just as if you lost your password

  211. colochon has joined

  212. jonas’

    of course automated for any non-terrible-UX service

  213. tom

    Strongly disagree

  214. jonas’

    for terrible-UX-but-high-security services you’d not do that automated obviously.

  215. tom

    I'm really tired of having to use software design for morons

  216. jonas’

    sorry to hear

  217. tom

    I know what it means to use unbreakable crypto when i turn it on

  218. tom

    A lot of companies like to assume their users are stupid and add all kinds of backdoors into the crypto

  219. tom

    Calling them recovery

  220. Echo1 has left

  221. tom

    So like you have 2fa, but you can guess someone's pet name or look up their mother's name

  222. tom

    And bypass the security

  223. lorddavidiii has joined

  224. Echo1 has joined

  225. tom

    I can auth to IRC servers with a client certificate

  226. tom

    Shouldn't that be possible with XMPP as well?

  227. tom

    Instead of having to remember passwords

  228. tom

    Keeping a bunch of passwords in a database

  229. Beherit has joined

  230. tom

    Take wireguard for example of doing authentication right and and making simple

  231. tom


  232. jonas’

    wireguard is too simple for some use-cases though

  233. jonas’

    anything road-warrior-corporate-type for example.

  234. tom

    I use it on my laptop

  235. tom

    It's perfectly adequete

  236. kikuchiyo

    > different private key for each device, obviously New devices would need to be cross signed from an already known device, yes?

  237. pep.

    > jonas’> because of that, you can revoke access for lost devices easly Because of that, you can race to revoke access for lost devices easily. FTFY

  238. jonas’


  239. pep.

    Since the lost device would probably have the same authz

  240. jonas’

    kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link

  241. jonas’

    pep., removing devices could require a second factor

  242. pep.

    And you probably just lost it :/

  243. Martin

    Andotp on the lost mobile 😁

  244. pep.

    Revocation is annoying

  245. vu764hd68fxt has left

  246. Viktor Lindberg has left

  247. Viktor Lindberg has joined

  248. vu764hd68fxt has joined

  249. stvn has joined

  250. stvn has left

  251. stvn has joined

  252. jayteeuk has left

  253. jayteeuk has joined

  254. kikuchiyo

    > kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link One-time authentication leads to a race of one-time revokation. How about not revoking a device, but revoking the compromised identity?

  255. Mel has left

  256. Mel has joined

  257. 10rokita has left

  258. pep.

    You don't get rid of the race do you

  259. stvn has left

  260. stvn has joined

  261. Beherit has left

  262. kikuchiyo

    pep.: Since there is no continuity, you would need to reestablish trust for a new one.

  263. pep.

    That also means at any time, somebody (with the right authz, e.g., stolen device) can revoke your perfectly valid identities

  264. pep.

    (and 2FA on the stolen mobile device, because that's how things work nowadays :p)

  265. kikuchiyo

    Which comes down to meeting in real life or using 2fa.

  266. pep.

    meeting in real life with whom?

  267. pep.

    The server operator?

  268. pep.

    (I haven't read the past few days of logs)

  269. lorddavidiii has left

  270. kikuchiyo

    Those to whom you want to communicate with.

  271. pep.

    Assuming you can also still login first

  272. pep.

    Password is unchanged, etc.

  273. lorddavidiii has joined

  274. kikuchiyo

    > Assuming you can also still login first No, assuming that the other party knows you in person and can verify that in real life. The underlying philosophical problem is: _What is identity_ One answer to that could be: A common history.

  275. Beherit has joined

  276. pep.

    I meant, you might not have access to your account anymore

  277. pep.

    In this case surely you can create a new account/identity and get this one acked

  278. pep.

    Unless you manage to convince the operator that it's your account

  279. Vaughan has joined

  280. stvn has left

  281. sonny has left

  282. holger has left

  283. kikuchiyo

    pep.: Yes a comprised account is a compromised virtual identity. So there is nothing left than to refer to a second identity, e.g. the real life identity, to establish new trust.

  284. kikuchiyo

    You just need to make sure that the old identity gets revoked completely.

  285. pep.

    And I'm saying that's the hard part. First if you don't control the account anymore, either you need to regain control of it through the operator, or you need to go through all your contacts and revoke it out-of-band (by meeting IRL)

  286. lorddavidiii has left

  287. pep.

    You don't "just" revoke an identity

  288. Maranda


  289. pep.

    What is it Maranda, your hand smells nice? :P

  290. Beherit has left

  291. stvn has joined

  292. stvn has left

  293. stvn has joined

  294. Maranda

    They smell of disinfectant like everyone's, if they're good childs that is pep.

  295. stvn has left

  296. stvn has joined

  297. kikuchiyo

    pep.: I know this is not the usual way of thinking about revokation. > you need to go through all your contacts and revoke it out-of-band (by meeting IRL) Or by enabling whomever has gained control over the old identity (including yourself) to destroy it and all of the attached keys, but not to initiate a new one without meeting IRL or 2fa.

  298. pep.

    Yes and that person in control of your old identity might have no interest in destroying it :p

  299. ibikk has left

  300. pep.

    (or it might be exactly their goal: DoS)

  301. stvn has left

  302. holger has joined

  303. sonny has joined

  304. Beherit has joined

  305. stvn has joined

  306. sonny has left

  307. sonny has joined

  308. insanity has left

  309. kusoneko has left

  310. kusoneko has joined

  311. kusoneko has left

  312. kusoneko has joined

  313. Marzanna has left

  314. Marzanna has joined

  315. insanity has joined

  316. colochon has left

  317. stvn has left

  318. stvn has joined

  319. stvn has left

  320. lorddavidiii has joined

  321. sonny has left

  322. sonny has joined

  323. sonny has left

  324. stvn has joined

  325. schorsch has left

  326. sonny has joined

  327. schorsch has joined

  328. kikuchiyo

    pep.: One person in control has to be able to hit the kill switch for the identity - that would be you. If the attacker does that he looses control. This is a like a remote mechanism to dye stolen money.

  329. pep.

    Well "Availability" is also part of CIA

  330. Douglas Terabyte has left

  331. schorsch has left

  332. schorsch has joined

  333. Beherit has left

  334. marc0s has left

  335. marc0s has joined

  336. sonny has left

  337. sonny has joined

  338. stvn has left

  339. stvn has joined

  340. stvn has left

  341. insanity has left

  342. stvn has joined

  343. loopboom has joined

  344. Beherit has joined

  345. colochon has joined

  346. insanity has joined

  347. stvn has left

  348. stvn has joined

  349. sonny has left

  350. sonny has joined

  351. sonny has left

  352. sonny has joined

  353. sonny has left

  354. stvn has left

  355. diane has joined

  356. marc0s has left

  357. ibikk has joined

  358. jayteeuk has left

  359. jayteeuk has joined

  360. insanity has left

  361. jayteeuk has left

  362. jayteeuk has joined

  363. sonny has joined

  364. perflyst has joined

  365. marc0s has joined

  366. perflyst has left

  367. perflyst has joined

  368. lorddavidiii has left

  369. stvn has joined

  370. insanity has joined

  371. perflyst has left

  372. abidal3 has left

  373. insanity has left

  374. thndrbvr has left

  375. insanity has joined

  376. lorddavidiii has joined

  377. insanity has left

  378. stvn has left

  379. stvn has joined

  380. drops has left

  381. drops has joined

  382. marc0s has left

  383. marc0s has joined

  384. stvn has left

  385. stvn has joined

  386. schorsch has left

  387. schorsch has joined

  388. lorddavidiii has left

  389. stvn has left

  390. stvn has joined

  391. stvn has left

  392. stvn has joined

  393. insanity has joined

  394. marc0s has left

  395. stvn has left

  396. lorddavidiii has joined

  397. Vaughan has left

  398. jayteeuk has left

  399. jayteeuk has joined

  400. jayteeuk has left

  401. jayteeuk has joined

  402. Vaughan has joined

  403. stvn has joined

  404. Beherit has left

  405. stvn has left

  406. stvn has joined

  407. marc0s has joined

  408. Beherit has joined

  409. stvn has left

  410. stvn has joined

  411. marc0s has left

  412. marc0s has joined

  413. jayteeuk has left

  414. jayteeuk has joined

  415. jayteeuk has left

  416. jayteeuk has joined

  417. stvn has left

  418. stvn has joined

  419. kikuchiyo has left

  420. stvn has left

  421. stvn has joined

  422. jayteeuk has left

  423. jayteeuk has joined

  424. ajeremias has joined

  425. jayteeuk has left

  426. jayteeuk has joined

  427. stvn has left

  428. stvn has joined

  429. testytest has joined

  430. testytest has left

  431. sonny has left

  432. sonny has joined

  433. stvn has left

  434. sonny has left

  435. stvn has joined

  436. sonny has joined

  437. stvn has left

  438. stvn has joined

  439. kikuchiyo has joined

  440. sonny has left

  441. holger has left

  442. stvn has left

  443. stvn has joined

  444. jayteeuk has left

  445. jayteeuk has joined

  446. stvn has left

  447. stvn has joined

  448. Django has left

  449. Django has joined

  450. stvn has left

  451. stvn has joined

  452. stvn has left

  453. stvn has joined

  454. sonny has joined

  455. jayteeuk has left

  456. jayteeuk has joined

  457. colochon has left

  458. stvn has left

  459. jayteeuk has left

  460. jayteeuk has joined

  461. sonny has left

  462. sonny has joined

  463. deuill has joined

  464. deuill has left

  465. stvn has joined

  466. stvn has left

  467. stvn has joined

  468. stvn has left

  469. stvn has joined

  470. stvn has left

  471. ibikk has left

  472. colochon has joined

  473. Bakunin has joined

  474. Bakunin has left

  475. loopboom has left

  476. perflyst has joined

  477. drops has left

  478. perflyst has left

  479. jayteeuk has left

  480. jayteeuk has joined

  481. cuc has left

  482. seandreas has joined

  483. sonny has left

  484. sonny has joined

  485. jayteeuk has left

  486. jayteeuk has joined

  487. ksuxat. has joined

  488. holger has joined

  489. sonny has left

  490. sonny has joined

  491. sonny has left

  492. sonny has joined

  493. abidal3 has joined

  494. cuc has joined

  495. mehdi has left

  496. mehdi has joined

  497. abidal3 has left

  498. drops has joined

  499. cuc has left

  500. lorddavidiii has left

  501. seandreas has left

  502. insanity has left

  503. lorddavidiii has joined

  504. ksuxat. has left

  505. ajeremias has left

  506. insanity has joined

  507. insanity has left

  508. insanity has joined

  509. abidal3 has joined

  510. perflyst has joined

  511. ibikk has joined

  512. Viktor Lindberg has left

  513. Viktor Lindberg has joined

  514. thndrbvr has joined

  515. Beherit has left

  516. perflyst has left

  517. insanity has left

  518. insanity has joined

  519. Viktor Lindberg has left

  520. Viktor Lindberg has joined

  521. sonny has left

  522. sonny has joined

  523. sonny has left

  524. Viktor Lindberg has left

  525. Viktor Lindberg has joined

  526. Beherit has joined

  527. sonny has joined

  528. Viktor Lindberg has left

  529. Viktor Lindberg has joined

  530. marc0s has left

  531. marc0s has joined

  532. Viktor Lindberg has left

  533. Viktor Lindberg has joined

  534. kikuchiyo has left

  535. Viktor Lindberg has left

  536. Viktor Lindberg has joined

  537. Viktor Lindberg has left

  538. Viktor Lindberg has joined

  539. ajeremias has joined

  540. kikuchiyo has joined

  541. kikuchiyo has left

  542. kikuchiyo has joined

  543. kikuchiyo has left

  544. Douglas Terabyte has joined

  545. sonny has left

  546. mehdi has left

  547. mehdi has joined

  548. sonny has joined

  549. kikuchiyo has joined

  550. Viktor Lindberg has left

  551. ajeremias has left

  552. mehdi has left

  553. seandreas has joined

  554. sonny has left

  555. sonny has joined

  556. mehdi has joined

  557. perflyst has joined

  558. Bakunin has joined

  559. Bakunin has left

  560. mehdi has left

  561. sonny has left

  562. sonny has joined

  563. mehdi has joined

  564. mehdi has left

  565. perflyst has left

  566. Vaughan has left

  567. Vaughan has joined

  568. mehdi has joined

  569. schorsch has left

  570. schorsch has joined

  571. Jonny has left

  572. Jonny has joined

  573. sonny has left

  574. jayteeuk has left

  575. jayteeuk has joined

  576. sonny has joined

  577. carlos has left

  578. carlos has joined

  579. Douglas Terabyte has left

  580. Douglas Terabyte has joined

  581. mehdi has left

  582. sonny has left

  583. sonny has joined

  584. mehdi has joined

  585. seandreas has left

  586. schorsch has left

  587. sonny has left

  588. ajeremias has joined

  589. Vaughan has left

  590. sonny has joined

  591. jayteeuk has left

  592. jayteeuk has joined

  593. sonny has left

  594. jayteeuk has left

  595. jayteeuk has joined

  596. cuc has joined

  597. mehdi has left

  598. sonny has joined

  599. abidal3 has left

  600. cuc has left

  601. perflyst has joined

  602. mehdi has joined

  603. Pingu from Woodquarter has left

  604. perflyst has left

  605. perflyst has joined

  606. jayteeuk has left

  607. jayteeuk has joined

  608. jayteeuk has left

  609. jayteeuk has joined

  610. jayteeuk has left

  611. jayteeuk has joined

  612. sonny has left

  613. sonny has joined

  614. mehdi has left

  615. lorddavidiii has left

  616. sonny has left

  617. mehdi has joined

  618. sonny has joined

  619. abidal3 has joined

  620. mehdi has left

  621. seandreas has joined

  622. Vaughan has joined

  623. mehdi has joined

  624. jayteeuk has left

  625. jayteeuk has joined

  626. perflyst has left

  627. colochon has left

  628. colochon has joined

  629. mehdi has left

  630. mehdi has joined

  631. argon3771 has left

  632. argon3771 has joined

  633. sonny has left

  634. Viktor Lindberg has joined

  635. seandreas has left

  636. jayteeuk has left

  637. jayteeuk has joined

  638. calvin has joined

  639. sonny has joined

  640. madmalkav has left

  641. madmalkav has joined

  642. perflyst has joined

  643. 10rokita has joined

  644. Vaughan has left

  645. Vaughan has joined

  646. Mel has left

  647. Maranda has left

  648. Maranda has joined

  649. ajeremias has left

  650. ibikk has left

  651. ibikk has joined

  652. cuc has joined

  653. pod has left

  654. Douglas Terabyte has left

  655. Douglas Terabyte has joined

  656. jayteeuk has left

  657. jayteeuk has joined

  658. Mel has joined

  659. sonny has left

  660. perflyst has left

  661. Bakunin has joined

  662. Bakunin has left

  663. colochon has left

  664. sonny has joined

  665. Vaughan has left

  666. sonny has left

  667. sonny has joined

  668. Vaughan has joined

  669. perflyst has joined

  670. loopboom has joined

  671. Vaughan has left

  672. Vaughan has joined

  673. colochon has joined

  674. ibikk has left

  675. perflyst has left

  676. jayteeuk has left

  677. jayteeuk has joined

  678. thndrbvr has left

  679. Martin

    Anyone from anonym.im here,

  680. thndrbvr has joined

  681. Martin

    Anyone from anonym.im here?

  682. Vaughan has left

  683. Vaughan has joined

  684. brilliance has left

  685. insanity has left

  686. madmalkav has left

  687. insanity has joined

  688. sonny has left

  689. sonny has joined

  690. sonny has left

  691. sonny has joined

  692. argon3771 has left

  693. argon3771 has joined

  694. perflyst has joined

  695. loopboom has left

  696. colochon has left

  697. brilliance has joined

  698. calvin has left

  699. jayteeuk has left

  700. jayteeuk has joined

  701. 10rokita has left

  702. sonny has left

  703. Huxx has left

  704. sonny has joined

  705. perflyst has left

  706. perflyst has joined

  707. seandreas has joined

  708. brilliance has left

  709. derventio has joined

  710. schorsch has joined

  711. brilliance has joined

  712. schorsch has left

  713. schorsch has joined

  714. Mel has left

  715. Mel has joined

  716. Bakunin has joined

  717. jayteeuk has left

  718. jayteeuk has joined

  719. Bakunin has left

  720. kusoneko has left

  721. perflyst has left

  722. jayteeuk has left

  723. jayteeuk has joined

  724. jayteeuk has left

  725. jayteeuk has joined

  726. kusoneko has joined

  727. calvin has joined

  728. calvin has left

  729. derventio has left

  730. seandreas has left

  731. Mel has left

  732. Mel has joined

  733. jayteeuk has left

  734. jayteeuk has joined

  735. jayteeuk has left

  736. jayteeuk has joined

  737. seandreas has joined

  738. stpeter has left

  739. brilliance has left

  740. brilliance has joined