XMPP Service Operators - 2021-05-03

  1. patasca has left

  2. schäfchen726 has left

  3. Licaon_Kter has left

  4. Licaon_Kter has joined

  5. x187x has left

  6. Ge0rG has left

  7. Ge0rG has joined

  8. Douglas Terabyte has joined

  9. patasca has joined

  10. x187x has joined

  11. adrian@kiess.onl has left

  12. adrian@kiess.onl has joined

  13. x187x has left

  14. Sander has left

  15. fantoski has left

  16. balabol.im has left

  17. dinosaurdynasty has left

  18. patasca has left

  19. kryptos has left

  20. ru_maniac has left

  21. Mel has left

  22. dinosaurdynasty has joined

  23. Bjarkan has joined

  24. Mel has joined

  25. Bjarkan has left

  26. Jonny has left

  27. patasca has joined

  28. patasca has left

  29. Steven Roose has left

  30. patasca has joined

  31. patasca has left

  32. x187x has joined

  33. [czar] has left

  34. Jonny has joined

  35. wladmis has left

  36. Mel has left

  37. Mel has joined

  38. Jonny has left

  39. patasca has joined

  40. patasca has left

  41. patasca has joined

  42. patasca has left

  43. patasca has joined

  44. wladmis has joined

  45. patasca has left

  46. patasca has joined

  47. wladmis has left

  48. wladmis has joined

  49. wladmis has left

  50. wladmis has joined

  51. patasca has left

  52. x187x has left

  53. wladmis has left

  54. Samir Allioui has left

  55. Samir Allioui has joined

  56. patasca has joined

  57. Ivan A. has left

  58. Ivan A. has joined

  59. wladmis has joined

  60. x187x has joined

  61. lorddavidiii has joined

  62. Mel has left

  63. neox has joined

  64. ernst.on.tour has left

  65. ernst.on.tour has joined

  66. DebXWoody has joined

  67. patasca has left

  68. Mel has joined

  69. iramaro has left

  70. Steven Roose has joined

  71. ibikk has joined

  72. pod has joined

  73. patasca has joined

  74. patasca has left

  75. patasca has joined

  76. patasca has left

  77. patasca has joined

  78. Menel has joined

  79. abidal3 has joined

  80. alberto has joined

  81. Marzanna has left

  82. abidal3 has left

  83. abidal3 has joined

  84. Marzanna has joined

  85. Jonny has joined

  86. abidal3 has left

  87. abidal3 has joined

  88. patasca has left

  89. Huxx has joined

  90. abidal3 has left

  91. abidal3 has joined

  92. octagon has left

  93. octagon has joined

  94. octagon has left

  95. octagon has joined

  96. derventio has joined

  97. SouL has left

  98. SouL has joined

  99. patasca has joined

  100. ru_maniac has joined

  101. karme has joined

  102. alberto has left

  103. mehdi has joined

  104. patasca has left

  105. patasca has joined

  106. patasca has left

  107. patasca has joined

  108. patasca has left

  109. patasca has joined

  110. alberto has joined

  111. patasca has left

  112. patasca has joined

  113. Licaon_Kter has left

  114. ricky has left

  115. Licaon_Kter has joined

  116. octagon has left

  117. octagon has joined

  118. Marzanna has left

  119. Marzanna has joined

  120. Menel has left

  121. tom

    I'm going to switch of cipher block chaining on my server

  122. abidal3 has left

  123. tom

    Nobody has actually used that mode in quite a long time (more than any of my logs indicate)

  124. tom

    I already switched off tls1.0 and 1.1

  125. tom

    I suggest others to do the same

  126. tom

    Had no problems

  127. tom

    Nobody was actually still using that

  128. tom

    Including s2s side

  129. christian

    If you offer tls1.2 nobody will be able to use 1.1

  130. schäfchen726 has joined

  131. octagon has left

  132. derventio has left

  133. tom

    Yeah

  134. tom

    I offer tls 1.2 and 1.3

  135. Menel has joined

  136. Samir Allioui has left

  137. ernst.on.tour has left

  138. ernst.on.tour has joined

  139. patasca has left

  140. alberto has left

  141. neox has left

  142. Menel has left

  143. madmalkav has joined

  144. chillmanwppqpuwo has joined

  145. marc has joined

  146. chillmanwppqpuwo has left

  147. patasca has joined

  148. neox has joined

  149. Samir Allioui has joined

  150. Mel has left

  151. christian

    And soon 1.4 and 1.66

  152. octagon has joined

  153. Mel has joined

  154. Licaon_Kter has left

  155. Licaon_Kter has joined

  156. madmalkav has left

  157. balabol.im has joined

  158. belove has left

  159. belove has joined

  160. ricky has joined

  161. Ge0rG has left

  162. Ge0rG has joined

  163. koalillo has joined

  164. madmalkav has joined

  165. kikuchiyo has joined

  166. octagon has left

  167. balabol.im has left

  168. koalillo has left

  169. patasca has left

  170. tom

    Ugh

  171. xorman has left

  172. tom

    This is surely redundent but openssl is a bitch and doesn't actually disable block chaining modes when you !AESCCM

  173. tom

    This is the ciphersuite you'll need

  174. tom

    Let me know if I made any mistakes

  175. tom

    HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL:!ECDHE-RSA-AES256-SHA384:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA:!SRP-DSS-AES-256-CBC-SHA:!SRP-RSA-AES-256-CBC-SHA:!SRP-AES-256-CBC-SHA:!RSA-PSK-AES256-CBC-SHA384:!DHE-PSK-AES256-CBC-SHA384:!DHE-PSK-AES256-CBC-SHA:!ECDHE-PSK-CAMELLIA256-SHA384:!RSA-PSK-CAMELLIA256-SHA384:!DHE-PSK-CAMELLIA256-SHA384:!PSK-AES256-CBC-SHA384:!PSK-CAMELLIA256-SHA384:!DHE-RSA-AES256-SHA256:!DHE-DSS-AES256-SHA256:!DH-RSA-AES256-SHA256:!DH-DSS-AES256-SHA256:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!DH-RSA-AES256-SHA:!DH-DSS-AES256-SHA:!ECDHE-RSA-CAMELLIA256-SHA384:!ECDHE-ECDSA-CAMELLIA256-SHA384:!DHE-RSA-CAMELLIA256-SHA256:!DHE-DSS-CAMELLIA256-SHA256:!DH-RSA-CAMELLIA256-SHA256:!DH-DSS-CAMELLIA256-SHA256:!DHE-RSA-CAMELLIA256-SHA:!DHE-DSS-CAMELLIA256-SHA:!DH-RSA-CAMELLIA256-SHA:!DH-DSS-CAMELLIA256-SHA:!AECDH-AES256-SHA:!ADH-AES256-SHA256:!ADH-AES256-SHA:!ADH-CAMELLIA256-SHA256:!ADH-CAMELLIA256-SHA:!ECDH-RSA-AES256-SHA384:!ECDH-ECDSA-AES256-SHA384:!ECDH-RSA-AES256-SHA:!ECDH-ECDSA-AES256-SHA:!ECDH-RSA-CAMELLIA256-SHA384:!ECDH-ECDSA-CAMELLIA256-SHA384:!AES256-SHA256:!AES256-SHA:!CAMELLIA256-SHA256:!ECDHE-PSK-AES256-CBC-SHA384:!ECDHE-PSK-AES256-CBC-SHA:!CAMELLIA256-SHA:!RSA-PSK-AES256-CBC-SHA:!PSK-AES256-CBC-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-RSA-AES128-SHA:!ECDHE-ECDSA-AES128-SHA:!SRP-DSS-AES-128-CBC-SHA:!SRP-RSA-AES-128-CBC-SHA:!SRP-AES-128-CBC-SHA:!DHE-RSA-AES128-SHA256:!DHE-DSS-AES128-SHA256:!DH-RSA-AES128-SHA256:!DH-DSS-AES128-SHA256:!DHE-RSA-AES128-SHA:!DHE-DSS-AES128-SHA:!DH-RSA-AES128-SHA:!DH-DSS-AES128-SHA:!ECDHE-RSA-CAMELLIA128-SHA256:!ECDHE-ECDSA-CAMELLIA128-SHA256:!DHE-RSA-CAMELLIA128-SHA256:!DHE-DSS-CAMELLIA128-SHA256:!DH-RSA-CAMELLIA128-SHA256:!DH-DSS-CAMELLIA128-SHA256:!DHE-RSA-SEED-SHA:!DHE-DSS-SEED-SHA:!DH-RSA-SEED-SHA:!DH-DSS-SEED-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-DSS-CAMELLIA128-SHA:!DH-RSA-CAMELLIA128-SHA:!DH-DSS-CAMELLIA128-SHA:!AECDH-AES128-SHA:!ADH-AES128-SHA256:!ADH-AES128-SHA:!ADH-CAMELLIA128-SHA256:!ADH-SEED-SHA:!ADH-CAMELLIA128-SHA:!ECDH-RSA-AES128-SHA256:!ECDH-ECDSA-AES128-SHA256:!ECDH-RSA-AES128-SHA:!ECDH-ECDSA-AES128-SHA:!ECDH-RSA-CAMELLIA128-SHA256:!ECDH-ECDSA-CAMELLIA128-SHA256:!AES128-SHA256:!AES128-SHA:!CAMELLIA128-SHA256:!ECDHE-PSK-AES128-CBC-SHA256:!ECDHE-PSK-AES128-CBC-SHA:!RSA-PSK-AES128-CBC-SHA256:!DHE-PSK-AES128-CBC-SHA256:!DHE-PSK-AES128-CBC-SHA:!SEED-SHA:!CAMELLIA128-SHA:!ECDHE-PSK-CAMELLIA128-SHA256:!RSA-PSK-CAMELLIA128-SHA256:!DHE-PSK-CAMELLIA128-SHA256:!PSK-AES128-CBC-SHA256:!PSK-CAMELLIA128-SHA256:!IDEA-CBC-SHA:!RSA-PSK-AES128-CBC-SHA:!PSK-AES128-CBC-SHA:!KRB5-IDEA-CBC-SHA:!KRB5-IDEA-CBC-MD5:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!SRP-DSS-3DES-EDE-CBC-SHA:!SRP-RSA-3DES-EDE-CBC-SHA:!SRP-3DES-EDE-CBC-SHA:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DH-RSA-DES-CBC3-SHA:!DH-DSS-DES-CBC3-SHA:!AECDH-DES-CBC3-SHA:!ADH-DES-CBC3-SHA:!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:!DES-CBC3-SHA:!RSA-PSK-3DES-EDE-CBC-SHA:!PSK-3DES-EDE-CBC-SHA:!KRB5-DES-CBC3-SHA:!KRB5-DES-CBC3-MD5:!ECDHE-PSK-3DES-EDE-CBC-SHA:!DHE-PSK-3DES-EDE-CBC-SHA:!EXP1024-DHE-DSS-DES-CBC-SHA:!EDH-RSA-DES-CBC-SHA:!EDH-DSS-DES-CBC-SHA:!DH-RSA-DES-CBC-SHA:!DH-DSS-DES-CBC-SHA:!ADH-DES-CBC-SHA:!EXP1024-DES-CBC-SHA:!DES-CBC-SHA:!KRB5-DES-CBC-SHA:!KRB5-DES-CBC-MD5:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-EDH-DSS-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-KRB5-RC2-CBC-SHA:!EXP-KRB5-DES-CBC-SHA:!EXP-KRB5-RC2-CBC-MD5:!EXP-KRB5-DES-CBC-MD5:!EXP-DH-DSS-DES-CBC-SHA:!EXP-DH-RSA-DES-CBC-SHA

  176. tom

    Hopefully in the future openssl adds a better way to do this

  177. balabol.im has joined

  178. tom

    Maybe I could submit a patch

  179. Licaon_Kter

    tom: wtf...

  180. tom

    Wtfw Licaon_Kter?

  181. Licaon_Kter

    Why paste that here, use a bin, gist, snip

  182. tom

    Why would i do that

  183. tom

    That's like a whole nother place and application to open

  184. tom

    This isn't IRC we have multiple lines do stuff

  185. Licaon_Kter

    Yes, but that's spammy

  186. jl4 has joined

  187. octagon has joined

  188. patasca has joined

  189. Licaon_Kter has left

  190. Licaon_Kter has joined

  191. alberto has joined

  192. mjk has joined

  193. octagon has left

  194. chillmanwppqpuwo has joined

  195. alberto has left

  196. abidal3 has joined

  197. mimi89999

    tom, that ciphersuite is way to long. What do you want to achieve?

  198. chillmanwppqpuwo has left

  199. mimi89999

    https://ssl-config.mozilla.org/

  200. tom

    mimi89999: too long for what? It's accepted by prosody. Disabling cipher block chaining

  201. abidal3 has left

  202. mimi89999

    so would `ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

  203. Holger

    😳️

  204. mimi89999

    You have combinations inside it

  205. patasca has left

  206. tom

    I'm aware there aare some duplicates inside it

  207. tom

    I was generally trying to avoid an allowlist, because new ciphersuits will come along

  208. tom

    also

  209. steven has joined

  210. mimi89999

    `!AESCBC`?

  211. tom

    chacha20 and xchacha

  212. tom

    mimi89999: there is no AESCBC in openssl 1.1.1d. man openssl-ciphers

  213. mimi89999

    `ssl_ciphers HIGH+kEECDH:HIGH+kEDH:!CAMELLIA:!PSK:!SRP:!3DES:!aNULL:!AESCCM:!AESCCM8:!ARIAGCM;`

  214. mimi89999

    That's what I have

  215. tom

    there's AESCCM but it doesn't quite do the same thing

  216. tom

    and CCM can be considered secure

  217. mimi89999

    CCM is different

  218. tom

    mimi89999: you don't need to have !AESCCM:!AESCCM8. !AESCCM encompasses !AESCCM8:

  219. ricky has left

  220. mimi89999

    `!AES`?

  221. mimi89999

    Maybe

  222. tom

    also why are you disabling CAMELLIA?

  223. tom

    no definitely not. I want AES

  224. tom

    that would break a lot of shit

  225. mimi89999

    Isn't AES only AESCBC?

  226. tom

    no

  227. tom

    you can have Galois counter mode

  228. patasca has joined

  229. mimi89999

    ``` michel@debian:~$ openssl ciphers HIGH:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:ARIA256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-ARIA256-GCM-SHA384:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:ARIA128-GCM-SHA256:PSK-ARIA128-GCM-SHA256:CAMELLIA256-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:CAMELLIA256-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:CAMELLIA128-SHA:PSK-CAMELLIA128-SHA256 ```

  230. mimi89999

    Only disables CBC

  231. mimi89999

    ``` michel@debian:~$ openssl ciphers HIGH+kEECDH:HIGH+kEDH:\!CAMELLIA:\!PSK:\!SRP:\!3DES:\!aNULL:\!AESCCM:\!AESCCM8:\!ARIAGCM:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 ```

  232. tom

    hold on

  233. tom

    you have !AES in your cipher string but TLS_AES_256_GCM_SHA384 is a supported cipher?

  234. tom

    why?

  235. tom

    isn't TLS_AES_256_GCM_SHA384 AES? It says so right there in the suite

  236. tom

    TLS_>AES_<256_GCM_SHA384

  237. mimi89999

    ``` michel@debian:~$ openssl ciphers HIGH+kEECDH:HIGH+kEDH:\!CAMELLIA:\!PSK:\!SRP:\!3DES:\!aNULL:\!AESCCM:\!ARIAGCM:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 ```

  238. mimi89999

    tom, AES is AESCBC. AESGCM is AESGCM

  239. mimi89999

    ``` michel@debian:~$ openssl ciphers AESGCM TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ADH-AES128-GCM-SHA256:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256 ```

  240. tom

    mimi89999: » $ openssl ciphers -v 'AES' | grep GCM » TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD » TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD » ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD » ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD » DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD » DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD » ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD » ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD » ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD » DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD » DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD » ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD » RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD » DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD » AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD » PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD » RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD » DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD » AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD » PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD » are you sure about that?

  241. tom

    this command seems to show conflicting information

  242. mimi89999

    Hmm

  243. tom

    what version are you using?

  244. mimi89999

    But

  245. mimi89999

    ``` michel@debian:~$ openssl ciphers HIGH\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:ARIA256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-ARIA256-GCM-SHA384:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:ARIA128-GCM-SHA256:PSK-ARIA128-GCM-SHA256:CAMELLIA256-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:CAMELLIA256-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:CAMELLIA128-SHA:PSK-CAMELLIA128-SHA256 ```

  246. mimi89999

    `OpenSSL 1.1.1k 25 Mar 2021`

  247. mimi89999

    `openssl ciphers -v 'AES' | grep GCM` gives me the same

  248. ernst.on.tour has left

  249. mimi89999

    tom, I recommend you stay with the defaults. If you have an old version and defaults are unsafe, I recommend you update.

  250. tom

    AES keyboard also doesn't seem to be listed in the man page

  251. tom

    mimi89999: I'm not using an old version i'm on Devuan beowulf's stable

  252. tom

    i'm concerned about oracle padding attacks

  253. tom

    and openssl's HIGH doesn't protect against them

  254. mimi89999

    So your defaults should be safe

  255. mimi89999

    Really

  256. mimi89999

    > i'm concerned about oracle padding attacks Depends on implementation. OpenSSL was once vulnerable, but that was patched long time ago.

  257. Holger

    At the very least I would not hard-code specific ciphers.

  258. mimi89999

    Or just go with TLSv1.3 only

  259. tom

    I can't

  260. mimi89999

    Why?

  261. tom

    a lot of servers are still connecting with tls1.2

  262. tom

    maybe i could for c2s

  263. Holger

    You'll forget to update your superdupersecure cipher list once OpenSSL supports newer ones.

  264. jonas’

    chances are that your OS already has a security level defined which suits your purposes

  265. jonas’

    and also takes care of things like DH size

  266. Holger

    And maybe you're superman and won't forget. But if I was superman I would, at the very least, not post such lists in public. Because others might think "wow tom is superman, I'll copy paste his super-duper-secure cipher list", and then fail to maintain it.

  267. jonas’

    word.

  268. jonas’

    I still need to age out the formerly great applied crypto hardening lists of all my automation because they were never updated

  269. Holger

    I just do something like this usually: `"HIGH:!aNULL:!3DES:@STRENGTH"` If my users are hacked because that's too unsecure, I'll send them to tom next time.

  270. tom

    well

  271. tom

    that's not appropriate for an XMPP server

  272. Holger

    On servers with super-duper-secure co-admins who insist on PFS, I do this: `"ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM:@STRENGTH"`

  273. mimi89999

    Defaults were once unsafe. That's why setting custom ciphersuites became popular. Now they are good.

  274. kousu has left

  275. Holger

    I think posting explicit cipher lists in public isnt't appropriate and I explained why. Presumably my first list will support way cooler ciphers than yours a few years from now. (Yes the second is already a bit problemativ in that it insists on DH.)

  276. tom

    for one, PSK and SRP suites are completely pointless for an XMPP connection. Secondly they aren't good. Their backwards compat opens it up to padding oracle attacks

  277. kousu has joined

  278. tom

    now

  279. mimi89999

    Unless you really know what you are doing, stay with the defaults

  280. tom

    I don't need THAT much backwards compat, other than running safe ciphers through tls 1.2

  281. mimi89999

    Or somebody decided what ciphers are allowed and what are not in the org, then you must apply 😕️

  282. tom

    that big bloated list i sent first does do that job of excluding known bad suites vulnerable to padding oracle attacks, however the biggest problem is that it's ugly as hell (cosmetic) and that it's redundant eg, i'm already dissallowing preshared key and 3DES suites

  283. tom

    i Could clean it up a bit

  284. tom

    but i'm wonder if this may be a thing to send as a patch to upstream openssl in order to have a !CBC group actually work

  285. Holger

    tom, I'd call suggesting others to hard-code cipher lists a security issue, not a cosmetic issue.

  286. patasca has left

  287. tom

    Holger: it's not hardcoding cipher lists

  288. tom

    it's blacklisting known bad ones

  289. tom

    notice the :!

  290. mimi89999

    AES CBC is not considered insecure

  291. Holger

    Ah `HIGH+kEDH:HIGH+kEECDH:HIGH:`, I missed the final `:HIGH:`, sorry.

  292. mimi89999

    Yes, they were not accepted in TLSv1.3, but there is nor reason to force disable them.

  293. Holger

    Ignore me then. Then it's just stupid but probably won't hurt except maybe interop, and I don't care 😛

  294. tom

    » <mimi89999> AES CBC is not considered insecure http://www.isg.rhul.ac.uk/tls/Lucky13.html seems to contradict that

  295. Holger

    A working exploit would contradict such things quite convincingly.

  296. Holger

    (But I'll shut up now sorry.)

  297. mimi89999

    > Unable to select database

  298. tom

    your not able to view the webpage?

  299. mjk has left

  300. loopboom has joined

  301. mimi89999

    Yes

  302. mimi89999

    But there is archive

  303. mimi89999

    Anyway, that was patched

  304. Bjarkan has joined

  305. mimi89999

    OpenSSL should not be vulnerable now

  306. tom

    oh, would you happen to have any information on that? I'd rather read a paper than take your word. no offense

  307. tom

    it says it's a problem with the spec itself, not an implementation

  308. mimi89999

    tom, https://security-tracker.debian.org/tracker/CVE-2013-0169

  309. tom

    thankyou

  310. ernst.on.tour has joined

  311. xi has left

  312. xi has joined

  313. [czar] has joined

  314. alberto has joined

  315. octagon has joined

  316. perflyst has joined

  317. tom

    is there a way to print all current c2s+s2s connection in prosody + their current ciphersuite in use?

  318. balabol.im has left

  319. jl4 has left

  320. balabol.im has joined

  321. millesimus

    Does xmpp.net test need the tested server to be available via IPv4?

  322. patasca has joined

  323. Ian Macdonald has left

  324. Ian Macdonald has joined

  325. Ian Macdonald has left

  326. Ian Macdonald has joined

  327. Ian Macdonald has left

  328. Ian Macdonald has joined

  329. Ian Macdonald has left

  330. Ian Macdonald has joined

  331. Ian Macdonald has left

  332. Ian Macdonald has joined

  333. Ian Macdonald has left

  334. Ian Macdonald has joined

  335. Ian Macdonald has left

  336. Ian Macdonald has joined

  337. Ian Macdonald has left

  338. Ian Macdonald has joined

  339. Ian Macdonald has left

  340. Ian Macdonald has joined

  341. Ian Macdonald has left

  342. Ian Macdonald has joined

  343. octagon has left

  344. Ian Macdonald has left

  345. Ian Macdonald has joined

  346. Ian Macdonald has left

  347. Ian Macdonald has joined

  348. Ian Macdonald has left

  349. Ian Macdonald has joined

  350. Ian Macdonald has left

  351. Ian Macdonald has joined

  352. Ian Macdonald has left

  353. Ian Macdonald has joined

  354. Ian Macdonald has left

  355. Ian Macdonald has joined

  356. Ian Macdonald has left

  357. Ian Macdonald has joined

  358. Ian Macdonald has left

  359. Ian Macdonald has joined

  360. Ian Macdonald has left

  361. Ian Macdonald has joined

  362. Ian Macdonald has left

  363. Ian Macdonald has joined

  364. Ian Macdonald has left

  365. Ian Macdonald has joined

  366. Ian Macdonald has left

  367. Ian Macdonald has joined

  368. Ian Macdonald has left

  369. Ian Macdonald has joined

  370. Ian Macdonald has left

  371. Ian Macdonald has joined

  372. Ian Macdonald has left

  373. Ian Macdonald has joined

  374. Ian Macdonald has left

  375. Ian Macdonald has joined

  376. Ian Macdonald has left

  377. Ian Macdonald has joined

  378. Ian Macdonald has left

  379. ricky has joined

  380. Ian Macdonald has joined

  381. Ian Macdonald has left

  382. Ian Macdonald has joined

  383. Ian Macdonald has left

  384. Ian Macdonald has joined

  385. Ian Macdonald has left

  386. Ian Macdonald has joined

  387. Ian Macdonald has left

  388. Ian Macdonald has joined

  389. Ian Macdonald has left

  390. Ian Macdonald has joined

  391. Ian Macdonald has left

  392. jonas’

    yes

  393. Ian Macdonald has joined

  394. Ian Macdonald has left

  395. Ian Macdonald has joined

  396. Ian Macdonald has left

  397. Ian Macdonald has joined

  398. Ian Macdonald has left

  399. Ian Macdonald has joined

  400. Ian Macdonald has left

  401. Ian Macdonald has joined

  402. Ian Macdonald has left

  403. Ian Macdonald has joined

  404. Ian Macdonald has left

  405. Ian Macdonald has joined

  406. Ian Macdonald has left

  407. Ian Macdonald has joined

  408. millesimus

    Ok, thanks jonas’

  409. perflyst has left

  410. jonas’

    we wish to change that eventually but that's not likely to happen before the whole thing is rewritten

  411. perflyst has joined

  412. tom

    nvm

  413. Holger

    Dual-stack is always great fun, even more so with monitoring.

  414. Holger

    "v4 status: critical (send e-mail + SMS notifications), v6 status: recovered from non-critical problem (send e-mail)". SIGSEGV.

  415. tom

    qaz

  416. Holger

    Plus other services depending on this one being fine.

  417. x51 has joined

  418. tom

    it helps if the only thing with v4 addresses is your reverse proxy and nat

  419. Holger

    if (v6_status != v4_status) just_do_nothing(); // It would be wrong anyway.

  420. patasca has left

  421. Holger

    Yeah, dealing with dual-stack by avoiding it helps 🙂

  422. balabol.im has left

  423. Ian Macdonald has left

  424. balabol.im has joined

  425. Ian Macdonald has joined

  426. perflyst has left

  427. Ian Macdonald has left

  428. jl4 has joined

  429. Ian Macdonald has joined

  430. Martin has left

  431. loopboom has left

  432. Martin has joined

  433. tom

    Well the way i see it Holger is ipv4 is legacy crap that should have been deprecated in the 80s were it not have been for the dotcom boom

  434. tom

    So i try to keep it outside my network

  435. tom

    And only via a nat (because i don't want to pay extra for allocations as well)

  436. tom

    For services that need legacy-compat

  437. belove has left

  438. Ivan A. has left

  439. Martin has left

  440. Ian Macdonald has left

  441. tom

    Why does conversations.im only support tls1.2? Aren't they supposed to be modern im?

  442. Martin has joined

  443. Holger

    tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug.

  444. tom

    What about the s2s connection though?

  445. Holger

    True, we could offer 1.3 there, just didn't bother so far.

  446. tom

    It's so very unfortunate that so many regional ISP monopolies in the USA have still to this day refused to implement ipv6

  447. Holger

    > What about the s2s connection though? Should work now.

  448. tom

    At this point, the lack of v6 connectivity is a serious hurdle in the way for new isps and companies to spring up as there's simply no more v4 address space left to sell

  449. tom

    I think the government should step in and mandate v6 deployment

  450. tom

    Make it a requirement for calling a service 'broadband' or something

  451. tom

    Thanks Holger

  452. Ian Macdonald has joined

  453. Ian Macdonald has left

  454. Ian Macdonald has joined

  455. Ian Macdonald has left

  456. Menel has joined

  457. balabol.im has left

  458. balabol.im has joined

  459. ross has left

  460. ross has joined

  461. mimi89999

    > tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug. Let's force them to update!

  462. tom

    mimi89999: I really have no preference or opinion about how other sites managed their c2s settings

  463. tom

    or what clients people want to use. I do however think the s2s side should have secure crypto

  464. tom

    especially with widespread and pervasive government and corporate surveillance

  465. croax

    > I think the government should step in and mandate v6 deployment tom: agree. I guess they just don't care. For sure lobbyist would also get benefit of this situation by selling NAT, consultancy and speculate on ipv4 exhaustion.

  466. Martin

    > tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug. How old?

  467. tom

    https://tools.ietf.org/html/rfc7258 https://tools.ietf.org/html/rfc7624

  468. Martin

    Anyone managed to reach the tiagese guys?

  469. tom

    I also think that with keeping in mind the reality that many governments do in fact record ALL internet traffic to disk.. now you might think that's crazy but egypt actually did that and the utah datacenter and ESPECIALLY google have the ability to do that

  470. alien has left

  471. tom

    that we shouldn't be just enabling the absolute minimum in terms of security and crypto

  472. mike

    What's up with Tigase? Their Masto account posted just a few minutes ago so someone's around.

  473. Martin

    Can't join their chat as their cert is invalid again.

  474. Martin

    Establishing a secure connection from mdosch.de to muc.tigase.org failed. Certificate hash: 6309c033094e3d8fb71d4dea59197ac81bd38240a4c03a68c10fee75fc09ac47. Error with certificate 0: certificate has expired.

  475. mike

    I just sent them a DM with that info.

  476. Martin

    Thanks

  477. [czar] has left

  478. [czar] has joined

  479. jl4 has left

  480. alien has joined

  481. octagon has joined

  482. Ge0rG has left

  483. Ge0rG has joined

  484. jl4 has joined

  485. Ian Macdonald has joined

  486. jl4 has left

  487. abidal3 has joined

  488. Ian Macdonald has left

  489. alacer has left

  490. alacer has joined

  491. Ian Macdonald has joined

  492. Ian Macdonald has left

  493. Ian Macdonald has joined

  494. Ian Macdonald has left

  495. Ian Macdonald has joined

  496. Ian Macdonald has left

  497. southerntofu has joined

  498. Ian Macdonald has joined

  499. Ian Macdonald has left

  500. chillmanwppqpuwo has joined

  501. Ian Macdonald has joined

  502. Ian Macdonald has left

  503. Ian Macdonald has joined

  504. kousu has left

  505. Ian Macdonald has left

  506. Ian Macdonald has joined

  507. chillmanwppqpuwo has left

  508. chillmanwppqpuwo has joined

  509. Ian Macdonald has left

  510. chillmanwppqpuwo has left

  511. Ian Macdonald has joined

  512. kousu has joined

  513. Ian Macdonald has left

  514. Ian Macdonald has joined

  515. Ian Macdonald has left

  516. Ian Macdonald has joined

  517. Ian Macdonald has left

  518. chillmanwppqpuwo has joined

  519. patasca has joined

  520. Ian Macdonald has joined

  521. Ian Macdonald has left

  522. Ian Macdonald has joined

  523. chillmanwppqpuwo has left

  524. Ian Macdonald has left

  525. abidal3 has left

  526. abidal3 has joined

  527. Ian Macdonald has joined

  528. Ian Macdonald has left

  529. octagon has left

  530. Ian Macdonald has joined

  531. chillmanwppqpuwo has joined

  532. Ian Macdonald has left

  533. Ian Macdonald has joined

  534. chillmanwppqpuwo has left

  535. chillmanwppqpuwo has joined

  536. chillmanwppqpuwo has left

  537. chillmanwppqpuwo has joined

  538. chillmanwppqpuwo has left

  539. patasca has left

  540. chillmanwppqpuwo has joined

  541. chillmanwppqpuwo has left

  542. chillmanwppqpuwo has joined

  543. chillmanwppqpuwo has left

  544. balabol.im has left

  545. Menel has left

  546. balabol.im has joined

  547. undefined has left

  548. Ian Macdonald has left

  549. Ian Macdonald has joined

  550. Ian Macdonald has left

  551. Ian Macdonald has joined

  552. Ian Macdonald has left

  553. Ian Macdonald has joined

  554. Ian Macdonald has left

  555. Ian Macdonald has joined

  556. Ian Macdonald has left

  557. Ian Macdonald has joined

  558. Ian Macdonald has left

  559. Ian Macdonald has joined

  560. Ian Macdonald has left

  561. undefined has joined

  562. Ian Macdonald has joined

  563. Ian Macdonald has left

  564. Ian Macdonald has joined

  565. Ian Macdonald has left

  566. Ian Macdonald has joined

  567. guus.der.kinderen has joined

  568. Ian Macdonald has left

  569. Ian Macdonald has joined

  570. Ge0rG has left

  571. ross has left

  572. ross has joined

  573. Ge0rG has joined

  574. 404.city has joined

  575. abidal3 has left

  576. Ian Macdonald has left

  577. Ian Macdonald has joined

  578. Ian Macdonald has left

  579. Ian Macdonald has joined

  580. Menel has joined

  581. Ian Macdonald has left

  582. chillmanwppqpuwo has joined

  583. Ian Macdonald has joined

  584. Ian Macdonald has left

  585. Ian Macdonald has joined

  586. Ian Macdonald has left

  587. Ian Macdonald has joined

  588. chillmanwppqpuwo has left

  589. Ian Macdonald has left

  590. Ian Macdonald has joined

  591. Ian Macdonald has left

  592. patasca has joined

  593. Ian Macdonald has joined

  594. Ian Macdonald has left

  595. Ian Macdonald has joined

  596. Ian Macdonald has left

  597. Ian Macdonald has joined

  598. Ian Macdonald has left

  599. Ian Macdonald has joined

  600. Ian Macdonald has left

  601. Ian Macdonald has joined

  602. Ian Macdonald has left

  603. Ian Macdonald has joined

  604. Ian Macdonald has left

  605. Ian Macdonald has joined

  606. Ian Macdonald has left

  607. Ian Macdonald has joined

  608. chillmanwppqpuwo has joined

  609. chillmanwppqpuwo has left

  610. Ian Macdonald has left

  611. patasca has left

  612. patasca has joined

  613. chillmanwppqpuwo has joined

  614. Ian Macdonald has joined

  615. chillmanwppqpuwo has left

  616. undefined has left

  617. Ian Macdonald has left

  618. chillmanwppqpuwo has joined

  619. Ian Macdonald has joined

  620. undefined has joined

  621. chillmanwppqpuwo has left

  622. Ian Macdonald has left

  623. Ian Macdonald has joined

  624. Ian Macdonald has left

  625. Ian Macdonald has joined

  626. Ian Macdonald has left

  627. patasca has left

  628. patasca has joined

  629. patasca has left

  630. patasca has joined

  631. Ian Macdonald has joined

  632. Ian Macdonald has left

  633. chillmanwppqpuwo has joined

  634. Ian Macdonald has joined

  635. Ian Macdonald has left

  636. chillmanwppqpuwo has left

  637. Ian Macdonald has joined

  638. Ian Macdonald has left

  639. Ian Macdonald has joined

  640. Ian Macdonald has left

  641. Ian Macdonald has joined

  642. Ian Macdonald has left

  643. Ian Macdonald has joined

  644. Ian Macdonald has left

  645. Ian Macdonald has joined

  646. Ian Macdonald has left

  647. Ian Macdonald has joined

  648. octagon has joined

  649. Ian Macdonald has left

  650. Ian Macdonald has joined

  651. Ian Macdonald has left

  652. Ian Macdonald has joined

  653. Ian Macdonald has left

  654. Ian Macdonald has joined

  655. Ian Macdonald has left

  656. Ian Macdonald has joined

  657. Ian Macdonald has left

  658. Ian Macdonald has joined

  659. Ian Macdonald has left

  660. Ian Macdonald has joined

  661. xorman has joined

  662. Ian Macdonald has left

  663. Ian Macdonald has joined

  664. Ian Macdonald has left

  665. Ian Macdonald has joined

  666. Ian Macdonald has left

  667. Ian Macdonald has joined

  668. Ge0rG has left

  669. Ge0rG has joined

  670. henrik has left

  671. Ian Macdonald has left

  672. Calvin has joined

  673. patasca has left

  674. Ian Macdonald has joined

  675. Ian Macdonald has left

  676. Ian Macdonald has joined

  677. Ian Macdonald has left

  678. Ian Macdonald has joined

  679. Ian Macdonald has left

  680. Ian Macdonald has joined

  681. Ian Macdonald has left

  682. Ian Macdonald has joined

  683. Ian Macdonald has left

  684. Ian Macdonald has joined

  685. 404.city has left

  686. Ian Macdonald has left

  687. Ian Macdonald has joined

  688. Ian Macdonald has left

  689. Ian Macdonald has joined

  690. kryptos has joined

  691. 404.city has joined

  692. Ian Macdonald has left

  693. Ian Macdonald has joined

  694. 404.city

    tom, you are talking about the security of ciphers, but most servers accept self-signed certificates and are harassing those who want to change. It looks like a security theater. https://github.com/E-404/Manifestos/blob/master/1.md

  695. octagon has left

  696. chillmanwppqpuwo has joined

  697. moparisthebest

    404.city, "s2s_secure_auth = false" doesn't mean "allow self signed certificates" right ?

  698. patasca has joined

  699. Calvin has left

  700. Calvin has joined

  701. Menel

    Who is harassing? I wouldn't care for those servers that still don't use a valid cert.

  702. moparisthebest

    dialback is fine and perfectly secure as long as good+valid certificates is required right 404.city ?

  703. 404.city

    I can consider this manifesto a failure, because some administrators who signed it do not comply with it, and some administrators began to actively oppose the manifest, fearing to lose some of the users connected to insecure servers

  704. karme has left

  705. moparisthebest

    I'd consider it a failure because the basic premise is a misunderstanding

  706. henrik has joined

  707. chillmanwppqpuwo has left

  708. moparisthebest

    404.city, I can't speak to ejabberd, but prosody's default config includes `s2s_secure_auth = false` but DOES NOT allow self-signed certs, and in fact requires valid certs for all s2s communication

  709. kryptos has left

  710. kryptos has joined

  711. ross has left

  712. ross has joined

  713. patasca has left

  714. patasca has joined

  715. ross has left

  716. carlos has left

  717. ross has joined

  718. carlos has joined

  719. patasca has left

  720. patasca has joined

  721. 404.city

    >moparisthebest‎: dialback is fine and perfectly secure How are you going to validate the dialback (s2s) when the interlocutor connects to a other server with a self-signed certificate (c2s)?

  722. moparisthebest

    dialback should also involve proper validation of certificate

  723. croax

    LetsEncrypt provides certificates using DNS and IP address source and destination. Dialback with self-signed certificates offers same service. Why would it be less secure?

  724. moparisthebest

    croax, I can answer that one, letsencrypt checks DNS from multiple geographically seperate endpoints, not just 1

  725. croax

    moparisthebest: Oh thanks for your expertise :-)

  726. chillmanwppqpuwo has joined

  727. 404.city

    >Dialback with self-signed certificates offers same service. Why would it be less secure? Your interlocutor checks manually self signed certificates for his server. Many people ignore security and accept any self-signed certificates. Security is a "set of measures", and not only everything is "fine here".

  728. karme has joined

  729. raghavgururajan has left

  730. chillmanwppqpuwo has left

  731. patasca has left

  732. x187x has left

  733. croax

    404.city: I was just speaking about s2s. Dialback is a way to validate self signed certificates. It's not just accepting. c2s is a particular context, under the scope of the server policy. Out of scope of federation.

  734. qrpnxz

    speaking of ipv6, noticed i'm missing a AAAA record for my website 😬 I'm sorry World.

  735. steven has left

  736. octagon has joined

  737. octagon has left

  738. octagon has joined

  739. 404.city has left

  740. 404.city has joined

  741. joerg has left

  742. joerg has joined

  743. octagon has left

  744. octagon has joined

  745. steven has joined

  746. 404.city

    Many security standards are developed based on security incidents. Yes, dialback does not protect against untrusted Wi-Fi, your interlocutor, and therefore, in general, the connection cannot be considered secure. dialback was made at a time when certificates were "paid" and completely fulfilled its purpose. This is now an obsolete standard. We recommend everyone who wants to use self-signed certificates to use PGP, inside clients

  747. joerg has left

  748. joerg has joined

  749. Maranda has left

  750. Maranda has joined

  751. Wiktor

    404.city: by "use pgp" you mean use pgp for e2ee not for cert verification? Then why pgp and not omemo?

  752. croax

    404.city: That's unlikely that a dialback connection will go through Wifi. I agree that valid certificate is better but Dialback seems not so bad. Do you think a central authority issuing 90% (just random figure) of certificate is less subject to security agency abuses? Response might be yes though.

  753. chillmanwppqpuwo has joined

  754. 404.city

    >Wiktor‎: 404.city: by "use pgp" you mean use pgp for e2ee not for cert verification? Then why pgp and not omemo? Yes, e2e encryption is a more precise definition

  755. patasca has joined

  756. patasca has left

  757. patasca has joined

  758. kryptos has left

  759. maxwell has left

  760. 404.city

    "Use PGP" is special for % croax % as it serves their purpose. Who wants to use a self-signed certificate on the server as client PGP encryption.

  761. octagon

    re ciphers: fedora and centos 8 has: update-crypto-policies --set NEXT # or FUTURE

  762. moparisthebest

    if we are going to push for better s2s authentication why not go with the real solution? DANE :)

  763. raghavgururajan has joined

  764. Bjarkan has left

  765. moparisthebest

    that means anyone with an .im TLD has to get rid of it, but otherwise should be great

  766. 404.city

    > That's unlikely that a dialback connection will go through Wifi. The most frequent case: c2s connection through your interlocutor, through an unsafe connection

  767. croax

    404.city, I don't get it, Dialback occurs on s2s

  768. balabol.im has left

  769. croax

    moparisthebest: yeah DANE! Why ICANN not pushing DNSSEC? Same than IPv6..

  770. moparisthebest

    they kind of are pushing DNSSEC, all new gTLDs must support it for instance

  771. 404.city

    croax‎: 🙂 If the XMPP server has insecure s2s, the server also has insecure c2s)

  772. mjk has joined

  773. croax

    404.city: might be the case but not necessary. That's a big shortcut.

  774. croax

    CAs may be context-dependent. And they're alternatives like DANE, posh, ...

  775. moparisthebest

    my server has always supported DANE, unsure if others do, it's the same story with email really, I only know of me and debian.org with support

  776. croax

    CAs may be context-dependent. And they're alternatives like DANE, POSH, ...

  777. balabol.im has joined

  778. ricky has left

  779. Bjarkan has joined

  780. mimi89999

    Please. Don't go with the CAs bad

  781. mimi89999

    We have CT now

  782. mimi89999

    And DANE won't make it possible to detect temporary interception unlike CT logs.

  783. patasca has left

  784. Bjarkan has left

  785. abslimit has left

  786. xorman has left

  787. mjk has left

  788. 404.city

    https://xmpp.404.city:5280/usershare/6d33720a4a94189f7b96d206ee5f6128196decf2/jIwjrFEUVCIj6HI2WtRJLQbJ2XsvGyeHJapQ02Pb/Schrodingers_cat.svg.png

  789. 404.city

    >croax‎: 404.city: might be the case but not necessary. That's a big shortcut. There are only rare exceptions to this rule. Security systems should work automatically and not allow "it may or may not be". "Schrödinger's cat". Imagine that the lock from the safe, which contains the "Top Secret Documents", will be closed, or maybe not closed. This is counterintuitive and unexpected security behavior.

  790. kryptos has joined

  791. Bjarkan has joined

  792. balabol.im has left

  793. patasca has joined

  794. p55s has joined

  795. octagon has left

  796. patasca has left

  797. patasca has joined

  798. 404.city has left

  799. balabol.im has joined

  800. croax

    404.city: Don't following. There's no unique worldwide CA store. One's not suppose to trust any widely used CA. One can issue context specific CA, like organizational ones. This is all matter of security vs interoperability. And all is context dependent.

  801. mjk has joined

  802. moparisthebest

    mimi89999, any servers or clients check CT? CT is a nice addition to CA stuff but not nearly as good of a replacement for DANE

  803. croax

    Moreover making any assumption of link between s2s (concerning federation) and c2s (server scope) is wrong.

  804. Bjarkan has left

  805. karme has left

  806. Bjarkan has joined

  807. 404.city has joined

  808. Bjarkan has left

  809. mimi89999

    Poor kitty

  810. Ge0rG has left

  811. Ge0rG has joined

  812. mimi89999

    How can one do such a cruel thing?

  813. mimi89999

    moparisthebest, no, but on Android you can use https://github.com/appmattus/certificatetransparency

  814. mimi89999

    How is DANE support?

  815. patasca has left

  816. abslimit has joined

  817. xorman has joined

  818. 404.city

    ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient.

  819. karme has joined

  820. Bjarkan has joined

  821. 404.city

    PGP (e2e) does all the necessary tasks without involving additional entities, and TLS has no security task at the level you suggest. Using TLS encryption like e2e is like hammering nails with a microscope.

  822. abidal3 has joined

  823. Wiktor

    > ‎just use PGP. It's easier, safer and more convenient. First time I saw "PGP" used in the same paragraph with "easier and safer"

  824. 404.city

    >First time I saw "PGP" used in the same paragraph with "easier and safer" In context with TLS

  825. moparisthebest

    TLS protects an entirely different set of things and serves entirely different purposes than e2e, they can't be compared

  826. moparisthebest

    current-PGP (xep-27) in XMPP provides far fewer guarantees than a normal person expects out of e2e these days, for instance

  827. mimi89999

    I opened https://github.com/iNPUTmice/Conversations/issues/4068

  828. croax

    Exactly. You could leak all meta-data compromising you by connecting on a wrong server, still encrypting e2e.

  829. moparisthebest

    it provides no authentication or replay-proofing at all

  830. moparisthebest

    and it protects message body only, nothing else, and no meta-data

  831. moparisthebest

    it's absolutely not a replacement for TLS

  832. octagon has joined

  833. 404.city

    Wiktor I am not a supporter of saying which e2e encryption is better or worse. Many famous people used different e2e encryption systems, and I think their competence in these matters is higher. Stolman - PGP, Snowden - OMEMO / OTR, assange julian - OTR

  834. croax

    Ex of meta-data: correspondant JID, message time, ...

  835. karme has left

  836. moparisthebest

    there is no "better" or "worse" but there are ENTIRELY DIFFERENT GUARANTEES provided by each type that need understood by people who want to use them

  837. abidal3 has left

  838. croax

    Eg. of meta-data: correspondant JID, message time, ...

  839. patasca has joined

  840. moparisthebest

    there is absolutely "better" or "worse" e2e for a specific person with a specific threat model though

  841. moparisthebest

    hence the need to understand 1) your threat model 2) the guarantees provided by each

  842. croax

    > ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient. Non, just saying there's dialback. And asking to blacklist this mecanism is nonsense.

  843. croax

    > ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient. No, just saying there's dialback. And asking to blacklist this mecanism is nonsense.

  844. 404.city

    > ‎moparisthebest‎: it's absolutely not a replacement for TLS I think there are some difficulties with translation. I do not mean abandoning TLS, I mean not using self-signet TLS "as" E2E encryption(PGP). The best option is valid TLS + E2E

  845. moparisthebest

    yes

  846. 404.city

    >No, just saying there's dialback. And asking to blacklist this mecanism is nonsense. croax How should a person who has not issued a self-signed certificate verify a self-signed certificate? We are not talking about dialback at the moment. dialback not used with c2s.

  847. karme has joined

  848. Bjarkan has left

  849. Bjarkan has joined

  850. perflyst has joined

  851. croax

    404.city: From the link you posted > delete support self-signed certificates "mod_s2s_dialback

  852. mjk has left

  853. patasca has left

  854. croax

    404.city: c2s is server scope specific. No need to ask anything for better federation.

  855. 404.city

    >‎croax‎: 404.city: From the link you posted I will explain to you the reason why this setting is used. I'm not talking specifically about protecting s2s connections even. Self-signed certificates reduce security without any useful application.

  856. mjk has joined

  857. Bjarkan has left

  858. perflyst has left

  859. schäfchen726 has left

  860. Bjarkan has joined

  861. abslimit has left

  862. schäfchen726 has joined

  863. 404.city has left

  864. 404.city has joined

  865. 404.city has left

  866. Bjarkan has left

  867. moparisthebest

    404.city: that's not technically true either, self signed provides protection against passive surveillance, just not active attacks

  868. ricky has joined

  869. kousu has left

  870. kousu has joined

  871. xorman has left

  872. patasca has joined

  873. Bjarkan has joined

  874. maxwell has joined

  875. kryptos has left

  876. xorman has joined

  877. Bjarkan has left

  878. kryptos has joined

  879. Ge0rG has left

  880. Ge0rG has joined

  881. Bjarkan has joined

  882. abslimit has joined

  883. Bjarkan has left

  884. abslimit has left

  885. octagon has left

  886. patasca has left

  887. patasca has joined

  888. octagon has joined

  889. abslimit has joined

  890. rom1dep has joined

  891. patasca has left

  892. patasca has joined

  893. mjk has left

  894. alberto has left

  895. abslimit has left

  896. Bjarkan has joined

  897. jl4 has joined

  898. Bjarkan has left

  899. abslimit has joined

  900. alberto has joined

  901. patasca has left

  902. patasca has joined

  903. ross has left

  904. ross has joined

  905. ross has left

  906. ross has joined

  907. patasca has left

  908. patasca has joined

  909. mjk has joined

  910. Ian Macdonald has left

  911. Ian Macdonald has joined

  912. Ian Macdonald has left

  913. Ian Macdonald has joined

  914. Ian Macdonald has left

  915. Menel has left

  916. Menel has joined

  917. Ian Macdonald has joined

  918. Ian Macdonald has left

  919. Ian Macdonald has joined

  920. Ian Macdonald has left

  921. Menel has left

  922. Menel has joined

  923. Ian Macdonald has joined

  924. Ian Macdonald has left

  925. Ian Macdonald has joined

  926. Ian Macdonald has left

  927. Ian Macdonald has joined

  928. Ian Macdonald has left

  929. Ian Macdonald has joined

  930. Ian Macdonald has left

  931. Ian Macdonald has joined

  932. Ian Macdonald has left

  933. Ian Macdonald has joined

  934. Ian Macdonald has left

  935. Ian Macdonald has joined

  936. Ian Macdonald has left

  937. Ian Macdonald has joined

  938. Ian Macdonald has left

  939. alberto has left

  940. ru_maniac has left

  941. Ian Macdonald has joined

  942. Ian Macdonald has left

  943. Ge0rG has left

  944. Ge0rG has joined

  945. Ian Macdonald has joined

  946. Ian Macdonald has left

  947. Ian Macdonald has joined

  948. Ian Macdonald has left

  949. Ian Macdonald has joined

  950. Ian Macdonald has left

  951. Ian Macdonald has joined

  952. Ian Macdonald has left

  953. Ian Macdonald has joined

  954. Ian Macdonald has left

  955. Ian Macdonald has joined

  956. Ian Macdonald has left

  957. Bjarkan has joined

  958. Ian Macdonald has joined

  959. Ian Macdonald has left

  960. Ian Macdonald has joined

  961. Ian Macdonald has left

  962. Ian Macdonald has joined

  963. Ian Macdonald has left

  964. Ian Macdonald has joined

  965. Ian Macdonald has left

  966. Calvin has left

  967. Ian Macdonald has joined

  968. Ian Macdonald has left

  969. Ian Macdonald has joined

  970. Ian Macdonald has left

  971. Ian Macdonald has joined

  972. Ian Macdonald has left

  973. Ian Macdonald has joined

  974. alberto has joined

  975. Ian Macdonald has left

  976. Ian Macdonald has joined

  977. Ian Macdonald has left

  978. abidal3 has joined

  979. Ian Macdonald has joined

  980. Ian Macdonald has left

  981. Ian Macdonald has joined

  982. Ian Macdonald has left

  983. Ian Macdonald has joined

  984. Ian Macdonald has left

  985. ru_maniac has joined

  986. Ian Macdonald has joined

  987. Ian Macdonald has left

  988. Ian Macdonald has joined

  989. Ian Macdonald has left

  990. jl4 has left

  991. ernst.on.tour has left

  992. 404.city has joined

  993. ernst.on.tour has joined

  994. Ian Macdonald has joined

  995. Ian Macdonald has left

  996. Ian Macdonald has joined

  997. Ian Macdonald has left

  998. Bjarkan has left

  999. Ian Macdonald has joined

  1000. Ian Macdonald has left

  1001. derventio has joined

  1002. Ian Macdonald has joined

  1003. Ian Macdonald has left

  1004. patasca has left

  1005. patasca has joined

  1006. patasca has left

  1007. patasca has joined

  1008. christian has left

  1009. Ian Macdonald has joined

  1010. Ian Macdonald has left

  1011. Ian Macdonald has joined

  1012. Ian Macdonald has left

  1013. christian has joined

  1014. Ian Macdonald has joined

  1015. Ian Macdonald has left

  1016. Ian Macdonald has joined

  1017. Ian Macdonald has left

  1018. Ian Macdonald has joined

  1019. Ian Macdonald has left

  1020. Ian Macdonald has joined

  1021. Ian Macdonald has left

  1022. Ian Macdonald has joined

  1023. Ian Macdonald has left

  1024. Ian Macdonald has joined

  1025. Ian Macdonald has left

  1026. abslimit has left

  1027. Ian Macdonald has joined

  1028. Ian Macdonald has left

  1029. ernst.on.tour has left

  1030. ernst.on.tour has joined

  1031. Ian Macdonald has joined

  1032. Ian Macdonald has left

  1033. Ian Macdonald has joined

  1034. Ian Macdonald has left

  1035. Ian Macdonald has joined

  1036. Ian Macdonald has left

  1037. Ian Macdonald has joined

  1038. Ian Macdonald has left

  1039. Ian Macdonald has joined

  1040. Ian Macdonald has left

  1041. Ian Macdonald has joined

  1042. Ian Macdonald has left

  1043. Ian Macdonald has joined

  1044. Ian Macdonald has left

  1045. Ian Macdonald has joined

  1046. Ian Macdonald has left

  1047. patasca has left

  1048. abslimit has joined

  1049. Ian Macdonald has joined

  1050. Ian Macdonald has left

  1051. Ian Macdonald has joined

  1052. Ian Macdonald has left

  1053. Ian Macdonald has joined

  1054. Ian Macdonald has left

  1055. Bjarkan has joined

  1056. Ian Macdonald has joined

  1057. Ian Macdonald has left

  1058. mjk has left

  1059. insanity has left

  1060. Ian Macdonald has joined

  1061. Ian Macdonald has left

  1062. Ian Macdonald has joined

  1063. Ian Macdonald has left

  1064. mjk has joined

  1065. patasca has joined

  1066. patasca has left

  1067. patasca has joined

  1068. patasca has left

  1069. patasca has joined

  1070. Ian Macdonald has joined

  1071. Ian Macdonald has left

  1072. Ian Macdonald has joined

  1073. Ian Macdonald has left

  1074. schäfchen726 has left

  1075. schäfchen726 has joined

  1076. Ian Macdonald has joined

  1077. Ian Macdonald has left

  1078. Ian Macdonald has joined

  1079. Ian Macdonald has left

  1080. Ian Macdonald has joined

  1081. Ian Macdonald has left

  1082. Ian Macdonald has joined

  1083. Ian Macdonald has left

  1084. lorddavidiii has left

  1085. patasca has left

  1086. Ian Macdonald has joined

  1087. Ian Macdonald has left

  1088. Ian Macdonald has joined

  1089. Ian Macdonald has left

  1090. octagon has left

  1091. mjk has left

  1092. Ian Macdonald has joined

  1093. Ian Macdonald has left

  1094. Ian Macdonald has joined

  1095. Ian Macdonald has left

  1096. Ian Macdonald has joined

  1097. Ian Macdonald has left

  1098. Ian Macdonald has joined

  1099. Ian Macdonald has left

  1100. Ian Macdonald has joined

  1101. Ian Macdonald has left

  1102. Ian Macdonald has joined

  1103. Ian Macdonald has left

  1104. Ian Macdonald has joined

  1105. Ian Macdonald has left

  1106. octagon has joined

  1107. 404.city has left

  1108. Ian Macdonald has joined

  1109. Ian Macdonald has left

  1110. 404.city has joined

  1111. patasca has joined

  1112. Ian Macdonald has joined

  1113. Ian Macdonald has left

  1114. ross has left

  1115. mjk has joined

  1116. ross has joined

  1117. patasca has left

  1118. patasca has joined

  1119. Ian Macdonald has joined

  1120. Ian Macdonald has left

  1121. x187x has joined

  1122. Ian Macdonald has joined

  1123. Ian Macdonald has left

  1124. Ian Macdonald has joined

  1125. 404.city has left

  1126. Ian Macdonald has left

  1127. Ian Macdonald has joined

  1128. Ian Macdonald has left

  1129. Ian Macdonald has joined

  1130. Ian Macdonald has left

  1131. Ian Macdonald has joined

  1132. Ian Macdonald has left

  1133. Ian Macdonald has joined

  1134. Ian Macdonald has left

  1135. Ian Macdonald has joined

  1136. Ian Macdonald has left

  1137. Ian Macdonald has joined

  1138. Ian Macdonald has left

  1139. Ian Macdonald has joined

  1140. Ian Macdonald has left

  1141. Ian Macdonald has joined

  1142. Ian Macdonald has left

  1143. Ian Macdonald has joined

  1144. Ian Macdonald has left

  1145. Ian Macdonald has joined

  1146. Ian Macdonald has left

  1147. Ian Macdonald has joined

  1148. Ian Macdonald has left

  1149. Ian Macdonald has joined

  1150. Ian Macdonald has left

  1151. Ian Macdonald has joined

  1152. Ian Macdonald has left

  1153. Calvin has joined

  1154. Ian Macdonald has joined

  1155. Ian Macdonald has left

  1156. Ian Macdonald has joined

  1157. Ian Macdonald has left

  1158. Bjarkan has left

  1159. jl4 has joined

  1160. Bjarkan has joined

  1161. patasca has left

  1162. patasca has joined

  1163. Ian Macdonald has joined

  1164. Ian Macdonald has left

  1165. Ian Macdonald has joined

  1166. Ian Macdonald has left

  1167. Ian Macdonald has joined

  1168. Ian Macdonald has left

  1169. Ian Macdonald has joined

  1170. Ian Macdonald has left

  1171. Ian Macdonald has joined

  1172. Ian Macdonald has left

  1173. Ian Macdonald has joined

  1174. Ian Macdonald has left

  1175. DebXWoody has left

  1176. Calvin has left

  1177. Ian Macdonald has joined

  1178. Ian Macdonald has left

  1179. Ian Macdonald has joined

  1180. Ian Macdonald has left

  1181. kryptos has left

  1182. Ian Macdonald has joined

  1183. Ian Macdonald has left

  1184. Ian Macdonald has joined

  1185. Ian Macdonald has left

  1186. Ian Macdonald has joined

  1187. Ian Macdonald has left

  1188. Ian Macdonald has joined

  1189. Ian Macdonald has left

  1190. Ian Macdonald has joined

  1191. Ian Macdonald has left

  1192. Ian Macdonald has joined

  1193. Ian Macdonald has left

  1194. Ian Macdonald has joined

  1195. Ian Macdonald has left

  1196. Ian Macdonald has joined

  1197. Ian Macdonald has left

  1198. Ian Macdonald has joined

  1199. Ian Macdonald has left

  1200. Ian Macdonald has joined

  1201. Ian Macdonald has left

  1202. Ian Macdonald has joined

  1203. Ian Macdonald has left

  1204. Ian Macdonald has joined

  1205. Ian Macdonald has left

  1206. Ian Macdonald has joined

  1207. Ian Macdonald has left

  1208. xorman has left

  1209. Ian Macdonald has joined

  1210. Ian Macdonald has left

  1211. Ian Macdonald has joined

  1212. Ian Macdonald has left

  1213. Ian Macdonald has joined

  1214. Ian Macdonald has left

  1215. patasca has left

  1216. Ian Macdonald has joined

  1217. Ian Macdonald has left

  1218. Ian Macdonald has joined

  1219. Ian Macdonald has left

  1220. Ian Macdonald has joined

  1221. Ian Macdonald has left

  1222. Bjarkan has left

  1223. Ian Macdonald has joined

  1224. Ian Macdonald has left

  1225. Ian Macdonald has joined

  1226. Ian Macdonald has left

  1227. Ian Macdonald has joined

  1228. Ian Macdonald has left

  1229. Ian Macdonald has joined

  1230. Ian Macdonald has left

  1231. Ian Macdonald has joined

  1232. Ian Macdonald has left

  1233. Ian Macdonald has joined

  1234. Ian Macdonald has left

  1235. Ian Macdonald has joined

  1236. Ian Macdonald has left

  1237. Ian Macdonald has joined

  1238. Ian Macdonald has left

  1239. Ian Macdonald has joined

  1240. Ian Macdonald has left

  1241. Ian Macdonald has joined

  1242. Ian Macdonald has left

  1243. Ian Macdonald has joined

  1244. Ian Macdonald has left

  1245. Ian Macdonald has joined

  1246. Ian Macdonald has left

  1247. mjk has left

  1248. Ian Macdonald has joined

  1249. Ian Macdonald has left

  1250. Bjarkan has joined

  1251. Ian Macdonald has joined

  1252. Ian Macdonald has left

  1253. xorman has joined

  1254. jl4 has left

  1255. Ian Macdonald has joined

  1256. Ian Macdonald has left

  1257. Ian Macdonald has joined

  1258. Ian Macdonald has left

  1259. kryptos has joined

  1260. Ian Macdonald has joined

  1261. Ian Macdonald has left

  1262. Ian Macdonald has joined

  1263. Ian Macdonald has left

  1264. ross has left

  1265. Ian Macdonald has joined

  1266. Ian Macdonald has left

  1267. Ian Macdonald has joined

  1268. Ian Macdonald has left

  1269. mjk has joined

  1270. ross has joined

  1271. Ian Macdonald has joined

  1272. Ian Macdonald has left

  1273. patasca has joined

  1274. Ian Macdonald has joined

  1275. Ian Macdonald has left

  1276. Ian Macdonald has joined

  1277. Ian Macdonald has left

  1278. Ian Macdonald has joined

  1279. Ian Macdonald has left

  1280. Ian Macdonald has joined

  1281. Ian Macdonald has left

  1282. Ian Macdonald has joined

  1283. Ian Macdonald has left

  1284. Ian Macdonald has joined

  1285. Ian Macdonald has left

  1286. Ian Macdonald has joined

  1287. Ian Macdonald has left

  1288. Ian Macdonald has joined

  1289. Ian Macdonald has left

  1290. Ian Macdonald has joined

  1291. Ian Macdonald has left

  1292. Ian Macdonald has joined

  1293. Ian Macdonald has left

  1294. Ian Macdonald has joined

  1295. Ian Macdonald has left

  1296. Ian Macdonald has joined

  1297. Ian Macdonald has left

  1298. Ian Macdonald has joined

  1299. Ian Macdonald has left

  1300. Ian Macdonald has joined

  1301. Ian Macdonald has left

  1302. Ian Macdonald has joined

  1303. Ian Macdonald has left

  1304. Ian Macdonald has joined

  1305. Ian Macdonald has left

  1306. Ian Macdonald has joined

  1307. Ian Macdonald has left

  1308. Ian Macdonald has joined

  1309. Ian Macdonald has left

  1310. Ian Macdonald has joined

  1311. Ian Macdonald has left

  1312. Ian Macdonald has joined

  1313. Ian Macdonald has left

  1314. patasca has left

  1315. patasca has joined

  1316. Ian Macdonald has joined

  1317. Ian Macdonald has left

  1318. Ian Macdonald has joined

  1319. Ian Macdonald has left

  1320. Ian Macdonald has joined

  1321. Ian Macdonald has left

  1322. insanity has joined

  1323. Ian Macdonald has joined

  1324. Ian Macdonald has left

  1325. insanity has left

  1326. Ian Macdonald has joined

  1327. Ian Macdonald has left

  1328. Ian Macdonald has joined

  1329. Ian Macdonald has left

  1330. Ian Macdonald has joined

  1331. Ian Macdonald has left

  1332. Ian Macdonald has joined

  1333. Ian Macdonald has left

  1334. Ian Macdonald has joined

  1335. Ian Macdonald has left

  1336. Ian Macdonald has joined

  1337. Ian Macdonald has left

  1338. Ian Macdonald has joined

  1339. Ian Macdonald has left

  1340. derventio has left

  1341. Ian Macdonald has joined

  1342. Ian Macdonald has left

  1343. insanity has joined

  1344. Ian Macdonald has joined

  1345. Ian Macdonald has left

  1346. Ian Macdonald has joined

  1347. Ian Macdonald has left

  1348. Ian Macdonald has joined

  1349. Ian Macdonald has left

  1350. Ian Macdonald has joined

  1351. insanity has left

  1352. Ian Macdonald has left

  1353. Ian Macdonald has joined

  1354. Ian Macdonald has left

  1355. Ian Macdonald has joined

  1356. Ian Macdonald has left

  1357. steven has left

  1358. insanity has joined

  1359. Ian Macdonald has joined

  1360. Ian Macdonald has left

  1361. insanity has left

  1362. Ian Macdonald has joined

  1363. Ian Macdonald has left

  1364. Huxx has left

  1365. Ian Macdonald has joined

  1366. Ian Macdonald has left

  1367. Ian Macdonald has joined

  1368. Ian Macdonald has left

  1369. Ian Macdonald has joined

  1370. Ian Macdonald has left

  1371. Ian Macdonald has joined

  1372. Ian Macdonald has left

  1373. Ian Macdonald has joined

  1374. Ian Macdonald has left

  1375. insanity has joined

  1376. Ian Macdonald has joined

  1377. Ian Macdonald has left

  1378. Ian Macdonald has joined

  1379. Ian Macdonald has left

  1380. Ian Macdonald has joined

  1381. Ian Macdonald has left

  1382. Ian Macdonald has joined

  1383. Ian Macdonald has left

  1384. Ian Macdonald has joined

  1385. Ian Macdonald has left

  1386. Ian Macdonald has joined

  1387. Ian Macdonald has left

  1388. jl4 has joined

  1389. Ian Macdonald has joined

  1390. Ian Macdonald has left

  1391. Ian Macdonald has joined

  1392. Ian Macdonald has left

  1393. xorman has left

  1394. Ian Macdonald has joined

  1395. Ian Macdonald has left

  1396. jl4 has left

  1397. Ian Macdonald has joined

  1398. jl4 has joined

  1399. Ian Macdonald has left

  1400. Ian Macdonald has joined

  1401. Ian Macdonald has left

  1402. Ian Macdonald has joined

  1403. Ian Macdonald has left

  1404. Ian Macdonald has joined

  1405. Ian Macdonald has left

  1406. Ian Macdonald has joined

  1407. Ian Macdonald has left

  1408. Ian Macdonald has joined

  1409. Ian Macdonald has left

  1410. Ian Macdonald has joined

  1411. Ian Macdonald has left

  1412. Ian Macdonald has joined

  1413. Ian Macdonald has left

  1414. Ian Macdonald has joined

  1415. Ian Macdonald has left

  1416. Ian Macdonald has joined

  1417. Ian Macdonald has left

  1418. Ian Macdonald has joined

  1419. Ian Macdonald has left

  1420. Ian Macdonald has joined

  1421. Ian Macdonald has left

  1422. Ian Macdonald has joined

  1423. Ian Macdonald has left

  1424. Ian Macdonald has joined

  1425. Ian Macdonald has left

  1426. Ian Macdonald has joined

  1427. Ian Macdonald has left

  1428. Ian Macdonald has joined

  1429. Ian Macdonald has left

  1430. Ian Macdonald has joined

  1431. Ian Macdonald has left

  1432. Bjarkan has left

  1433. Ian Macdonald has joined

  1434. Ian Macdonald has left

  1435. Ian Macdonald has joined

  1436. Ian Macdonald has left

  1437. Ian Macdonald has joined

  1438. Ian Macdonald has left

  1439. Ian Macdonald has joined

  1440. Ian Macdonald has left

  1441. Ian Macdonald has joined

  1442. Ian Macdonald has left

  1443. Ian Macdonald has joined

  1444. Ian Macdonald has left

  1445. patasca has left

  1446. Ian Macdonald has joined

  1447. Ian Macdonald has left

  1448. Ian Macdonald has joined

  1449. Ian Macdonald has left

  1450. Ian Macdonald has joined

  1451. Ian Macdonald has left

  1452. Ian Macdonald has joined

  1453. Ian Macdonald has left

  1454. Ian Macdonald has joined

  1455. Ian Macdonald has left

  1456. Ian Macdonald has joined

  1457. Ian Macdonald has left

  1458. Ian Macdonald has joined

  1459. Ian Macdonald has left

  1460. Ian Macdonald has joined

  1461. Ian Macdonald has left

  1462. Ian Macdonald has joined

  1463. Ian Macdonald has left

  1464. Ian Macdonald has joined

  1465. Ian Macdonald has left

  1466. Ian Macdonald has joined

  1467. Ian Macdonald has left

  1468. Ian Macdonald has joined

  1469. Ian Macdonald has left

  1470. Ian Macdonald has joined

  1471. Ian Macdonald has left

  1472. Ian Macdonald has joined

  1473. Ian Macdonald has left

  1474. Ian Macdonald has joined

  1475. Ian Macdonald has left

  1476. Ian Macdonald has joined

  1477. Ian Macdonald has left

  1478. Ian Macdonald has joined

  1479. Ian Macdonald has left

  1480. Ian Macdonald has joined

  1481. Ian Macdonald has left

  1482. Ian Macdonald has joined

  1483. Ian Macdonald has left

  1484. jl4 has left

  1485. jl4 has joined

  1486. Ian Macdonald has joined

  1487. Ian Macdonald has left

  1488. Ian Macdonald has joined

  1489. Ian Macdonald has left

  1490. Ian Macdonald has joined

  1491. Ian Macdonald has left

  1492. Ian Macdonald has joined

  1493. Ian Macdonald has left

  1494. Bjarkan has joined

  1495. Ian Macdonald has joined

  1496. Ian Macdonald has left

  1497. Ian Macdonald has joined

  1498. Ian Macdonald has left

  1499. Ian Macdonald has joined

  1500. Ian Macdonald has left

  1501. argon3771 has left

  1502. Ian Macdonald has joined

  1503. Ian Macdonald has left

  1504. Ian Macdonald has joined

  1505. Ian Macdonald has left

  1506. xorman has joined

  1507. Ian Macdonald has joined

  1508. Ian Macdonald has left

  1509. Ian Macdonald has joined

  1510. Ian Macdonald has left

  1511. Bjarkan has left

  1512. Ian Macdonald has joined

  1513. Ian Macdonald has left

  1514. Ian Macdonald has joined

  1515. Ian Macdonald has left

  1516. Ian Macdonald has joined

  1517. Ian Macdonald has left

  1518. Ian Macdonald has joined

  1519. Ian Macdonald has left

  1520. Ian Macdonald has joined

  1521. Ian Macdonald has left

  1522. Ian Macdonald has joined

  1523. Ian Macdonald has left

  1524. Ian Macdonald has joined

  1525. Ian Macdonald has left

  1526. Ian Macdonald has joined

  1527. Ian Macdonald has left

  1528. Ian Macdonald has joined

  1529. Ian Macdonald has left

  1530. Bjarkan has joined

  1531. argon3771 has joined

  1532. Ian Macdonald has joined

  1533. Ian Macdonald has left

  1534. Ian Macdonald has joined

  1535. Ian Macdonald has left

  1536. Ian Macdonald has joined

  1537. Ian Macdonald has left

  1538. Ian Macdonald has joined

  1539. Ian Macdonald has left

  1540. Ian Macdonald has joined

  1541. Ian Macdonald has left

  1542. Ian Macdonald has joined

  1543. Ian Macdonald has left

  1544. patasca has joined

  1545. Ian Macdonald has joined

  1546. Ian Macdonald has left

  1547. patasca has left

  1548. patasca has joined

  1549. Ian Macdonald has joined

  1550. Bjarkan has left

  1551. Ian Macdonald has left

  1552. Menel has left

  1553. Menel has joined

  1554. kikuchiyo has left

  1555. Ian Macdonald has joined

  1556. Ian Macdonald has left

  1557. Ian Macdonald has joined

  1558. Ian Macdonald has left

  1559. Ian Macdonald has joined

  1560. Ian Macdonald has left

  1561. Menel has left

  1562. Menel has joined

  1563. Ian Macdonald has joined

  1564. Ian Macdonald has left

  1565. Menel has left

  1566. karme has left

  1567. Menel has joined

  1568. Ian Macdonald has joined

  1569. Ian Macdonald has left

  1570. Menel has left

  1571. Menel has joined

  1572. Ian Macdonald has joined

  1573. Ian Macdonald has left

  1574. Ian Macdonald has joined

  1575. Ian Macdonald has left

  1576. Bjarkan has joined

  1577. Ian Macdonald has joined

  1578. Ian Macdonald has left

  1579. Ian Macdonald has joined

  1580. Ian Macdonald has left

  1581. Ian Macdonald has joined

  1582. Ian Macdonald has left

  1583. Ian Macdonald has joined

  1584. Ian Macdonald has left

  1585. Ian Macdonald has joined

  1586. Ian Macdonald has left

  1587. Ian Macdonald has joined

  1588. Ian Macdonald has left

  1589. Ian Macdonald has joined

  1590. Ian Macdonald has left

  1591. Ian Macdonald has joined

  1592. Ian Macdonald has left

  1593. Ian Macdonald has joined

  1594. Ian Macdonald has left

  1595. octagon has left

  1596. Ian Macdonald has joined

  1597. Ian Macdonald has left

  1598. Ian Macdonald has joined

  1599. Ian Macdonald has left

  1600. Ian Macdonald has joined

  1601. Ian Macdonald has left

  1602. Ian Macdonald has joined

  1603. Ian Macdonald has left

  1604. Ian Macdonald has joined

  1605. Ian Macdonald has left

  1606. Ian Macdonald has joined

  1607. Ian Macdonald has left

  1608. Ian Macdonald has joined

  1609. Ian Macdonald has left

  1610. Ian Macdonald has joined

  1611. Ian Macdonald has left

  1612. Ian Macdonald has joined

  1613. Ian Macdonald has left

  1614. jl4 has left

  1615. jl4 has joined

  1616. Ian Macdonald has joined

  1617. Ian Macdonald has left

  1618. Ian Macdonald has joined

  1619. Ian Macdonald has left

  1620. Bjarkan has left

  1621. Ian Macdonald has joined

  1622. Ian Macdonald has left

  1623. Ian Macdonald has joined

  1624. Ian Macdonald has left

  1625. Ian Macdonald has joined

  1626. Ian Macdonald has left

  1627. Ian Macdonald has joined

  1628. Ian Macdonald has left

  1629. Bjarkan has joined

  1630. Ian Macdonald has joined

  1631. Ian Macdonald has left

  1632. Ian Macdonald has joined

  1633. Ian Macdonald has left

  1634. Menel has left

  1635. Ian Macdonald has joined

  1636. Ian Macdonald has left

  1637. Ian Macdonald has joined

  1638. Ian Macdonald has left

  1639. Ian Macdonald has joined

  1640. Ian Macdonald has left

  1641. Ian Macdonald has joined

  1642. Ian Macdonald has left

  1643. Ian Macdonald has joined

  1644. Ian Macdonald has left

  1645. Ian Macdonald has joined

  1646. Ian Macdonald has left

  1647. Ian Macdonald has joined

  1648. Ian Macdonald has left

  1649. Ian Macdonald has joined

  1650. Ian Macdonald has left

  1651. Ian Macdonald has joined

  1652. Ian Macdonald has left

  1653. Ian Macdonald has joined

  1654. Ian Macdonald has left

  1655. Sam has left

  1656. Sam has joined

  1657. Ian Macdonald has joined

  1658. Ian Macdonald has left

  1659. Ian Macdonald has joined

  1660. Ian Macdonald has left

  1661. Ian Macdonald has joined

  1662. Ian Macdonald has left

  1663. Ian Macdonald has joined

  1664. Ian Macdonald has left

  1665. Ian Macdonald has joined

  1666. Ian Macdonald has left

  1667. octagon has joined

  1668. Ian Macdonald has joined

  1669. Ian Macdonald has left

  1670. Ian Macdonald has joined

  1671. Ian Macdonald has left

  1672. madmalkav has left

  1673. Ian Macdonald has joined

  1674. Ian Macdonald has left

  1675. Ian Macdonald has joined

  1676. Ian Macdonald has left

  1677. Ian Macdonald has joined

  1678. Ian Macdonald has left

  1679. kryptos has left

  1680. Ian Macdonald has joined

  1681. Ian Macdonald has left

  1682. Ian Macdonald has joined

  1683. Ian Macdonald has left

  1684. Ian Macdonald has joined

  1685. Ian Macdonald has left

  1686. Ian Macdonald has joined

  1687. Ian Macdonald has left

  1688. Ian Macdonald has joined

  1689. Ian Macdonald has left

  1690. Ian Macdonald has joined

  1691. Ian Macdonald has left

  1692. alberto has left

  1693. Ian Macdonald has joined

  1694. Ian Macdonald has left

  1695. Ian Macdonald has joined

  1696. Ian Macdonald has left

  1697. Ian Macdonald has joined

  1698. Ian Macdonald has left

  1699. Ian Macdonald has joined

  1700. Ian Macdonald has left

  1701. Ian Macdonald has joined

  1702. Ian Macdonald has left

  1703. Ian Macdonald has joined

  1704. Ian Macdonald has left

  1705. Ian Macdonald has joined

  1706. Ian Macdonald has left

  1707. Ian Macdonald has joined

  1708. Ian Macdonald has left

  1709. Ian Macdonald has joined

  1710. Ian Macdonald has left

  1711. Ian Macdonald has joined

  1712. Ian Macdonald has left

  1713. Ian Macdonald has joined

  1714. Ian Macdonald has left

  1715. Ian Macdonald has joined

  1716. Ian Macdonald has left

  1717. Ian Macdonald has joined

  1718. Ian Macdonald has left

  1719. Ian Macdonald has joined

  1720. Ian Macdonald has left

  1721. Ian Macdonald has joined

  1722. Ian Macdonald has left

  1723. Ian Macdonald has joined

  1724. Ian Macdonald has left

  1725. patasca has left

  1726. patasca has joined

  1727. Ian Macdonald has joined

  1728. Ian Macdonald has left

  1729. Ian Macdonald has joined

  1730. Ian Macdonald has left

  1731. Ian Macdonald has joined

  1732. Ian Macdonald has left

  1733. Ian Macdonald has joined

  1734. Ian Macdonald has left

  1735. Ian Macdonald has joined

  1736. Ian Macdonald has left

  1737. Ian Macdonald has joined

  1738. Ian Macdonald has left

  1739. Ian Macdonald has joined

  1740. Ian Macdonald has left

  1741. Ian Macdonald has joined

  1742. Ian Macdonald has left

  1743. Ian Macdonald has joined

  1744. Ian Macdonald has left

  1745. Ian Macdonald has joined

  1746. Ian Macdonald has left

  1747. Ian Macdonald has joined

  1748. Ian Macdonald has left

  1749. Ian Macdonald has joined

  1750. Ian Macdonald has left

  1751. Ian Macdonald has joined

  1752. Ian Macdonald has left

  1753. rom1dep has left

  1754. Ian Macdonald has joined

  1755. Ian Macdonald has left

  1756. Ian Macdonald has joined

  1757. Ian Macdonald has left

  1758. Ian Macdonald has joined

  1759. Ian Macdonald has left

  1760. Ian Macdonald has joined

  1761. Ian Macdonald has left

  1762. Ian Macdonald has joined

  1763. Ian Macdonald has left

  1764. Ian Macdonald has joined

  1765. Ian Macdonald has left

  1766. x187x has left

  1767. jl4 has left

  1768. Ian Macdonald has joined

  1769. Ian Macdonald has left

  1770. Ian Macdonald has joined

  1771. Ian Macdonald has left

  1772. Ian Macdonald has joined

  1773. Ian Macdonald has left

  1774. Ian Macdonald has joined

  1775. Ian Macdonald has left

  1776. Ian Macdonald has joined

  1777. Ian Macdonald has left

  1778. Bjarkan has left

  1779. Ian Macdonald has joined

  1780. Ian Macdonald has left

  1781. Ian Macdonald has joined

  1782. Ian Macdonald has left

  1783. Ian Macdonald has joined

  1784. Ian Macdonald has left

  1785. Ian Macdonald has joined

  1786. Ian Macdonald has left

  1787. Ian Macdonald has joined

  1788. Ian Macdonald has left

  1789. schäfchen726 has left

  1790. schäfchen726 has joined

  1791. Ian Macdonald has joined

  1792. Ian Macdonald has left

  1793. Ian Macdonald has joined

  1794. Ian Macdonald has left

  1795. x187x has joined

  1796. Ian Macdonald has joined

  1797. Ian Macdonald has left

  1798. Bjarkan has joined

  1799. Ian Macdonald has joined

  1800. Ian Macdonald has left

  1801. Ian Macdonald has joined

  1802. Ian Macdonald has left

  1803. Ian Macdonald has joined

  1804. Ian Macdonald has left

  1805. Ian Macdonald has joined

  1806. Ian Macdonald has left

  1807. Ian Macdonald has joined

  1808. Ian Macdonald has left

  1809. abidal3 has left

  1810. Ian Macdonald has joined

  1811. Ian Macdonald has left

  1812. Ian Macdonald has joined

  1813. Ian Macdonald has left

  1814. Ian Macdonald has joined

  1815. Ian Macdonald has left

  1816. Ian Macdonald has joined

  1817. Ian Macdonald has left

  1818. Ian Macdonald has joined

  1819. Ian Macdonald has left

  1820. patasca has left

  1821. Mel has left

  1822. Ian Macdonald has joined

  1823. Ian Macdonald has left

  1824. neox has left

  1825. Ian Macdonald has joined

  1826. Ian Macdonald has left

  1827. Ian Macdonald has joined

  1828. Ian Macdonald has left

  1829. Ian Macdonald has joined

  1830. Ian Macdonald has left

  1831. Ian Macdonald has joined

  1832. Ian Macdonald has left

  1833. ross has left

  1834. Ian Macdonald has joined

  1835. ross has joined

  1836. Ian Macdonald has left

  1837. Ian Macdonald has joined

  1838. Ian Macdonald has left

  1839. Ian Macdonald has joined

  1840. Ian Macdonald has left

  1841. Ian Macdonald has joined

  1842. Ian Macdonald has left

  1843. Ian Macdonald has joined

  1844. Ian Macdonald has left

  1845. Ian Macdonald has joined

  1846. Ian Macdonald has left

  1847. Ian Macdonald has joined

  1848. Ian Macdonald has left

  1849. Ian Macdonald has joined

  1850. Ian Macdonald has left

  1851. Ian Macdonald has joined

  1852. Ian Macdonald has left

  1853. Ian Macdonald has joined

  1854. Ian Macdonald has left

  1855. Ian Macdonald has joined

  1856. Ian Macdonald has left

  1857. Maranda has left

  1858. Maranda has joined

  1859. Ge0rG has left

  1860. Ge0rG has joined

  1861. Ian Macdonald has joined

  1862. Ian Macdonald has left

  1863. Ian Macdonald has joined

  1864. Ian Macdonald has left

  1865. Mel has joined

  1866. Ian Macdonald has joined

  1867. Ian Macdonald has left

  1868. Ian Macdonald has joined

  1869. Ian Macdonald has left

  1870. Ian Macdonald has joined

  1871. Ian Macdonald has left

  1872. Ian Macdonald has joined

  1873. Ian Macdonald has left

  1874. marc has left

  1875. Ian Macdonald has joined

  1876. Ian Macdonald has left

  1877. Ian Macdonald has joined

  1878. Ian Macdonald has left

  1879. Ian Macdonald has joined

  1880. Ian Macdonald has left

  1881. Ian Macdonald has joined

  1882. Ian Macdonald has left

  1883. Ian Macdonald has joined

  1884. Ian Macdonald has left

  1885. Ian Macdonald has joined

  1886. Ian Macdonald has left

  1887. Ian Macdonald has joined

  1888. Ian Macdonald has left

  1889. Ian Macdonald has joined

  1890. Ian Macdonald has left

  1891. bauruine has left

  1892. bauruine has joined

  1893. Licaon_Kter has left

  1894. Ian Macdonald has joined

  1895. Ian Macdonald has left

  1896. Ian Macdonald has joined

  1897. Ian Macdonald has left

  1898. Ian Macdonald has joined

  1899. Ian Macdonald has left

  1900. Ian Macdonald has joined

  1901. Ian Macdonald has left

  1902. Ian Macdonald has joined

  1903. Ian Macdonald has left

  1904. Ian Macdonald has joined

  1905. Ian Macdonald has left

  1906. Ian Macdonald has joined

  1907. Ian Macdonald has left

  1908. millesimus has left

  1909. Ian Macdonald has joined

  1910. Ian Macdonald has left

  1911. Ian Macdonald has joined

  1912. Ian Macdonald has left

  1913. millesimus has joined

  1914. Ian Macdonald has joined

  1915. Ian Macdonald has left

  1916. undefined has left

  1917. Ian Macdonald has joined

  1918. Ian Macdonald has left

  1919. Ian Macdonald has joined

  1920. Ian Macdonald has left

  1921. schäfchen726 has left

  1922. Ian Macdonald has joined

  1923. Ian Macdonald has left

  1924. Ian Macdonald has joined

  1925. Ian Macdonald has left

  1926. mjk has left

  1927. Ian Macdonald has joined

  1928. Ian Macdonald has left

  1929. Ian Macdonald has joined

  1930. Ian Macdonald has left

  1931. Ian Macdonald has joined

  1932. Ian Macdonald has left

  1933. Ian Macdonald has joined

  1934. Ian Macdonald has left

  1935. Ian Macdonald has joined

  1936. Ian Macdonald has left

  1937. Ian Macdonald has joined

  1938. Ian Macdonald has left

  1939. Ian Macdonald has joined

  1940. Ian Macdonald has left

  1941. Ian Macdonald has joined

  1942. Ian Macdonald has left

  1943. Ian Macdonald has joined

  1944. Ian Macdonald has left

  1945. Ian Macdonald has joined

  1946. Ian Macdonald has left

  1947. Ian Macdonald has joined

  1948. Ian Macdonald has left

  1949. Ian Macdonald has joined

  1950. Ian Macdonald has left

  1951. Ian Macdonald has joined

  1952. Ian Macdonald has left

  1953. patasca has joined

  1954. kryptos has joined

  1955. Ian Macdonald has joined

  1956. Ian Macdonald has left

  1957. ricky has left

  1958. Ian Macdonald has joined

  1959. Ian Macdonald has left

  1960. Ian Macdonald has joined

  1961. Ian Macdonald has left

  1962. Ian Macdonald has joined

  1963. Ian Macdonald has left

  1964. Bjarkan has left

  1965. Ian Macdonald has joined

  1966. Ian Macdonald has left

  1967. patasca has left

  1968. Ian Macdonald has joined

  1969. Ian Macdonald has left

  1970. patasca has joined

  1971. Ian Macdonald has joined

  1972. Ian Macdonald has left

  1973. Ian Macdonald has joined

  1974. Ian Macdonald has left

  1975. Ian Macdonald has joined

  1976. Ian Macdonald has left

  1977. Ian Macdonald has joined

  1978. Ian Macdonald has left

  1979. Ian Macdonald has joined

  1980. Ian Macdonald has left

  1981. Ian Macdonald has joined

  1982. Ian Macdonald has left

  1983. Samir Allioui has left

  1984. Samir Allioui has joined

  1985. Ian Macdonald has joined

  1986. Ian Macdonald has left

  1987. Ian Macdonald has joined

  1988. Ian Macdonald has left

  1989. Ian Macdonald has joined

  1990. Ian Macdonald has left

  1991. patasca has left

  1992. patasca has joined

  1993. Ian Macdonald has joined

  1994. Ian Macdonald has left

  1995. Ian Macdonald has joined

  1996. Ian Macdonald has left

  1997. Ian Macdonald has joined

  1998. Ian Macdonald has left

  1999. Ian Macdonald has joined

  2000. Ian Macdonald has left

  2001. Ian Macdonald has joined

  2002. Ian Macdonald has left

  2003. Ian Macdonald has joined

  2004. Ian Macdonald has left

  2005. Ian Macdonald has joined

  2006. Ian Macdonald has left

  2007. Ian Macdonald has joined

  2008. Ian Macdonald has left

  2009. Ian Macdonald has joined

  2010. Ian Macdonald has left

  2011. Ian Macdonald has joined

  2012. Ian Macdonald has left

  2013. Ian Macdonald has joined

  2014. Ian Macdonald has left

  2015. Ian Macdonald has joined

  2016. Ian Macdonald has left

  2017. Ian Macdonald has joined

  2018. Ian Macdonald has left

  2019. ross has left

  2020. ross has joined

  2021. Ian Macdonald has joined

  2022. Ian Macdonald has left

  2023. Ian Macdonald has joined

  2024. Ian Macdonald has left

  2025. Ian Macdonald has joined

  2026. Ian Macdonald has left

  2027. Ian Macdonald has joined

  2028. Ian Macdonald has left

  2029. Ian Macdonald has joined

  2030. Ian Macdonald has left

  2031. Ian Macdonald has joined

  2032. Ian Macdonald has left

  2033. Ian Macdonald has joined

  2034. Ian Macdonald has left

  2035. Ian Macdonald has joined

  2036. Ian Macdonald has left

  2037. Ian Macdonald has joined

  2038. Ian Macdonald has left

  2039. Ian Macdonald has joined

  2040. Ian Macdonald has left

  2041. Ian Macdonald has joined

  2042. Ian Macdonald has left

  2043. Ian Macdonald has joined

  2044. Ian Macdonald has left

  2045. Bjarkan has joined

  2046. Ian Macdonald has joined

  2047. Ian Macdonald has left

  2048. Ian Macdonald has joined

  2049. Ian Macdonald has left

  2050. Ian Macdonald has joined

  2051. Ian Macdonald has left

  2052. Ian Macdonald has joined

  2053. Ian Macdonald has left

  2054. Ian Macdonald has joined

  2055. Ian Macdonald has left

  2056. Ian Macdonald has joined

  2057. Ian Macdonald has left

  2058. Ian Macdonald has joined

  2059. Ian Macdonald has left

  2060. Ian Macdonald has joined

  2061. Ian Macdonald has left

  2062. Ian Macdonald has joined

  2063. Ian Macdonald has left

  2064. Ian Macdonald has joined

  2065. Ian Macdonald has left

  2066. Ian Macdonald has joined

  2067. Ian Macdonald has left

  2068. Ian Macdonald has joined

  2069. Ian Macdonald has left

  2070. Ian Macdonald has joined

  2071. Ian Macdonald has left

  2072. Ian Macdonald has joined

  2073. Ian Macdonald has left

  2074. patasca has left