XMPP Service Operators - 2021-05-03


  1. patasca has left
  2. schäfchen726 has left
  3. Licaon_Kter has left
  4. Licaon_Kter has joined
  5. x187x has left
  6. Ge0rG has left
  7. Ge0rG has joined
  8. Douglas Terabyte has joined
  9. patasca has joined
  10. x187x has joined
  11. adrian@kiess.onl has left
  12. adrian@kiess.onl has joined
  13. x187x has left
  14. Sander has left
  15. fantoski has left
  16. balabol.im has left
  17. dinosaurdynasty has left
  18. patasca has left
  19. kryptos has left
  20. ru_maniac has left
  21. Mel has left
  22. dinosaurdynasty has joined
  23. Bjarkan has joined
  24. Mel has joined
  25. Bjarkan has left
  26. Jonny has left
  27. patasca has joined
  28. patasca has left
  29. Steven Roose has left
  30. patasca has joined
  31. patasca has left
  32. x187x has joined
  33. [czar] has left
  34. Jonny has joined
  35. wladmis has left
  36. Mel has left
  37. Mel has joined
  38. Jonny has left
  39. patasca has joined
  40. patasca has left
  41. patasca has joined
  42. patasca has left
  43. patasca has joined
  44. wladmis has joined
  45. patasca has left
  46. patasca has joined
  47. wladmis has left
  48. wladmis has joined
  49. wladmis has left
  50. wladmis has joined
  51. patasca has left
  52. x187x has left
  53. wladmis has left
  54. Samir Allioui has left
  55. Samir Allioui has joined
  56. patasca has joined
  57. Ivan A. has left
  58. Ivan A. has joined
  59. wladmis has joined
  60. x187x has joined
  61. lorddavidiii has joined
  62. Mel has left
  63. neox has joined
  64. ernst.on.tour has left
  65. ernst.on.tour has joined
  66. DebXWoody has joined
  67. patasca has left
  68. Mel has joined
  69. iramaro has left
  70. Steven Roose has joined
  71. ibikk has joined
  72. pod has joined
  73. patasca has joined
  74. patasca has left
  75. patasca has joined
  76. patasca has left
  77. patasca has joined
  78. Menel has joined
  79. abidal3 has joined
  80. alberto has joined
  81. Marzanna has left
  82. abidal3 has left
  83. abidal3 has joined
  84. Marzanna has joined
  85. Jonny has joined
  86. abidal3 has left
  87. abidal3 has joined
  88. patasca has left
  89. Huxx has joined
  90. abidal3 has left
  91. abidal3 has joined
  92. octagon has left
  93. octagon has joined
  94. octagon has left
  95. octagon has joined
  96. derventio has joined
  97. SouL has left
  98. SouL has joined
  99. patasca has joined
  100. ru_maniac has joined
  101. karme has joined
  102. alberto has left
  103. mehdi has joined
  104. patasca has left
  105. patasca has joined
  106. patasca has left
  107. patasca has joined
  108. patasca has left
  109. patasca has joined
  110. alberto has joined
  111. patasca has left
  112. patasca has joined
  113. Licaon_Kter has left
  114. ricky has left
  115. Licaon_Kter has joined
  116. octagon has left
  117. octagon has joined
  118. Marzanna has left
  119. Marzanna has joined
  120. Menel has left
  121. tom I'm going to switch of cipher block chaining on my server
  122. abidal3 has left
  123. tom Nobody has actually used that mode in quite a long time (more than any of my logs indicate)
  124. tom I already switched off tls1.0 and 1.1
  125. tom I suggest others to do the same
  126. tom Had no problems
  127. tom Nobody was actually still using that
  128. tom Including s2s side
  129. christian If you offer tls1.2 nobody will be able to use 1.1
  130. schäfchen726 has joined
  131. octagon has left
  132. derventio has left
  133. tom Yeah
  134. tom I offer tls 1.2 and 1.3
  135. Menel has joined
  136. Samir Allioui has left
  137. ernst.on.tour has left
  138. ernst.on.tour has joined
  139. patasca has left
  140. alberto has left
  141. neox has left
  142. Menel has left
  143. madmalkav has joined
  144. chillmanwppqpuwo has joined
  145. marc has joined
  146. chillmanwppqpuwo has left
  147. patasca has joined
  148. neox has joined
  149. Samir Allioui has joined
  150. Mel has left
  151. christian And soon 1.4 and 1.66
  152. octagon has joined
  153. Mel has joined
  154. Licaon_Kter has left
  155. Licaon_Kter has joined
  156. madmalkav has left
  157. balabol.im has joined
  158. belove has left
  159. belove has joined
  160. ricky has joined
  161. Ge0rG has left
  162. Ge0rG has joined
  163. koalillo has joined
  164. madmalkav has joined
  165. kikuchiyo has joined
  166. octagon has left
  167. balabol.im has left
  168. koalillo has left
  169. patasca has left
  170. tom Ugh
  171. xorman has left
  172. tom This is surely redundent but openssl is a bitch and doesn't actually disable block chaining modes when you !AESCCM
  173. tom This is the ciphersuite you'll need
  174. tom Let me know if I made any mistakes
  175. tom HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL:!ECDHE-RSA-AES256-SHA384:!ECDHE-ECDSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA:!SRP-DSS-AES-256-CBC-SHA:!SRP-RSA-AES-256-CBC-SHA:!SRP-AES-256-CBC-SHA:!RSA-PSK-AES256-CBC-SHA384:!DHE-PSK-AES256-CBC-SHA384:!DHE-PSK-AES256-CBC-SHA:!ECDHE-PSK-CAMELLIA256-SHA384:!RSA-PSK-CAMELLIA256-SHA384:!DHE-PSK-CAMELLIA256-SHA384:!PSK-AES256-CBC-SHA384:!PSK-CAMELLIA256-SHA384:!DHE-RSA-AES256-SHA256:!DHE-DSS-AES256-SHA256:!DH-RSA-AES256-SHA256:!DH-DSS-AES256-SHA256:!DHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!DH-RSA-AES256-SHA:!DH-DSS-AES256-SHA:!ECDHE-RSA-CAMELLIA256-SHA384:!ECDHE-ECDSA-CAMELLIA256-SHA384:!DHE-RSA-CAMELLIA256-SHA256:!DHE-DSS-CAMELLIA256-SHA256:!DH-RSA-CAMELLIA256-SHA256:!DH-DSS-CAMELLIA256-SHA256:!DHE-RSA-CAMELLIA256-SHA:!DHE-DSS-CAMELLIA256-SHA:!DH-RSA-CAMELLIA256-SHA:!DH-DSS-CAMELLIA256-SHA:!AECDH-AES256-SHA:!ADH-AES256-SHA256:!ADH-AES256-SHA:!ADH-CAMELLIA256-SHA256:!ADH-CAMELLIA256-SHA:!ECDH-RSA-AES256-SHA384:!ECDH-ECDSA-AES256-SHA384:!ECDH-RSA-AES256-SHA:!ECDH-ECDSA-AES256-SHA:!ECDH-RSA-CAMELLIA256-SHA384:!ECDH-ECDSA-CAMELLIA256-SHA384:!AES256-SHA256:!AES256-SHA:!CAMELLIA256-SHA256:!ECDHE-PSK-AES256-CBC-SHA384:!ECDHE-PSK-AES256-CBC-SHA:!CAMELLIA256-SHA:!RSA-PSK-AES256-CBC-SHA:!PSK-AES256-CBC-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-RSA-AES128-SHA:!ECDHE-ECDSA-AES128-SHA:!SRP-DSS-AES-128-CBC-SHA:!SRP-RSA-AES-128-CBC-SHA:!SRP-AES-128-CBC-SHA:!DHE-RSA-AES128-SHA256:!DHE-DSS-AES128-SHA256:!DH-RSA-AES128-SHA256:!DH-DSS-AES128-SHA256:!DHE-RSA-AES128-SHA:!DHE-DSS-AES128-SHA:!DH-RSA-AES128-SHA:!DH-DSS-AES128-SHA:!ECDHE-RSA-CAMELLIA128-SHA256:!ECDHE-ECDSA-CAMELLIA128-SHA256:!DHE-RSA-CAMELLIA128-SHA256:!DHE-DSS-CAMELLIA128-SHA256:!DH-RSA-CAMELLIA128-SHA256:!DH-DSS-CAMELLIA128-SHA256:!DHE-RSA-SEED-SHA:!DHE-DSS-SEED-SHA:!DH-RSA-SEED-SHA:!DH-DSS-SEED-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-DSS-CAMELLIA128-SHA:!DH-RSA-CAMELLIA128-SHA:!DH-DSS-CAMELLIA128-SHA:!AECDH-AES128-SHA:!ADH-AES128-SHA256:!ADH-AES128-SHA:!ADH-CAMELLIA128-SHA256:!ADH-SEED-SHA:!ADH-CAMELLIA128-SHA:!ECDH-RSA-AES128-SHA256:!ECDH-ECDSA-AES128-SHA256:!ECDH-RSA-AES128-SHA:!ECDH-ECDSA-AES128-SHA:!ECDH-RSA-CAMELLIA128-SHA256:!ECDH-ECDSA-CAMELLIA128-SHA256:!AES128-SHA256:!AES128-SHA:!CAMELLIA128-SHA256:!ECDHE-PSK-AES128-CBC-SHA256:!ECDHE-PSK-AES128-CBC-SHA:!RSA-PSK-AES128-CBC-SHA256:!DHE-PSK-AES128-CBC-SHA256:!DHE-PSK-AES128-CBC-SHA:!SEED-SHA:!CAMELLIA128-SHA:!ECDHE-PSK-CAMELLIA128-SHA256:!RSA-PSK-CAMELLIA128-SHA256:!DHE-PSK-CAMELLIA128-SHA256:!PSK-AES128-CBC-SHA256:!PSK-CAMELLIA128-SHA256:!IDEA-CBC-SHA:!RSA-PSK-AES128-CBC-SHA:!PSK-AES128-CBC-SHA:!KRB5-IDEA-CBC-SHA:!KRB5-IDEA-CBC-MD5:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!SRP-DSS-3DES-EDE-CBC-SHA:!SRP-RSA-3DES-EDE-CBC-SHA:!SRP-3DES-EDE-CBC-SHA:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DH-RSA-DES-CBC3-SHA:!DH-DSS-DES-CBC3-SHA:!AECDH-DES-CBC3-SHA:!ADH-DES-CBC3-SHA:!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:!DES-CBC3-SHA:!RSA-PSK-3DES-EDE-CBC-SHA:!PSK-3DES-EDE-CBC-SHA:!KRB5-DES-CBC3-SHA:!KRB5-DES-CBC3-MD5:!ECDHE-PSK-3DES-EDE-CBC-SHA:!DHE-PSK-3DES-EDE-CBC-SHA:!EXP1024-DHE-DSS-DES-CBC-SHA:!EDH-RSA-DES-CBC-SHA:!EDH-DSS-DES-CBC-SHA:!DH-RSA-DES-CBC-SHA:!DH-DSS-DES-CBC-SHA:!ADH-DES-CBC-SHA:!EXP1024-DES-CBC-SHA:!DES-CBC-SHA:!KRB5-DES-CBC-SHA:!KRB5-DES-CBC-MD5:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-EDH-DSS-DES-CBC-SHA:!EXP-ADH-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-KRB5-RC2-CBC-SHA:!EXP-KRB5-DES-CBC-SHA:!EXP-KRB5-RC2-CBC-MD5:!EXP-KRB5-DES-CBC-MD5:!EXP-DH-DSS-DES-CBC-SHA:!EXP-DH-RSA-DES-CBC-SHA
  176. tom Hopefully in the future openssl adds a better way to do this
  177. balabol.im has joined
  178. tom Maybe I could submit a patch
  179. Licaon_Kter tom: wtf...
  180. tom Wtfw Licaon_Kter?
  181. Licaon_Kter Why paste that here, use a bin, gist, snip
  182. tom Why would i do that
  183. tom That's like a whole nother place and application to open
  184. tom This isn't IRC we have multiple lines do stuff
  185. Licaon_Kter Yes, but that's spammy
  186. jl4 has joined
  187. octagon has joined
  188. patasca has joined
  189. Licaon_Kter has left
  190. Licaon_Kter has joined
  191. alberto has joined
  192. mjk has joined
  193. octagon has left
  194. chillmanwppqpuwo has joined
  195. alberto has left
  196. abidal3 has joined
  197. mimi89999 tom, that ciphersuite is way to long. What do you want to achieve?
  198. chillmanwppqpuwo has left
  199. mimi89999 https://ssl-config.mozilla.org/
  200. tom mimi89999: too long for what? It's accepted by prosody. Disabling cipher block chaining
  201. abidal3 has left
  202. mimi89999 so would `ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  203. Holger 😳️
  204. mimi89999 You have combinations inside it
  205. patasca has left
  206. tom I'm aware there aare some duplicates inside it
  207. tom I was generally trying to avoid an allowlist, because new ciphersuits will come along
  208. tom also
  209. steven has joined
  210. mimi89999 `!AESCBC`?
  211. tom chacha20 and xchacha
  212. tom mimi89999: there is no AESCBC in openssl 1.1.1d. man openssl-ciphers
  213. mimi89999 `ssl_ciphers HIGH+kEECDH:HIGH+kEDH:!CAMELLIA:!PSK:!SRP:!3DES:!aNULL:!AESCCM:!AESCCM8:!ARIAGCM;`
  214. mimi89999 That's what I have
  215. tom there's AESCCM but it doesn't quite do the same thing
  216. tom and CCM can be considered secure
  217. mimi89999 CCM is different
  218. tom mimi89999: you don't need to have !AESCCM:!AESCCM8. !AESCCM encompasses !AESCCM8:
  219. ricky has left
  220. mimi89999 `!AES`?
  221. mimi89999 Maybe
  222. tom also why are you disabling CAMELLIA?
  223. tom no definitely not. I want AES
  224. tom that would break a lot of shit
  225. mimi89999 Isn't AES only AESCBC?
  226. tom no
  227. tom you can have Galois counter mode
  228. patasca has joined
  229. mimi89999 ``` michel@debian:~$ openssl ciphers HIGH:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:ARIA256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-ARIA256-GCM-SHA384:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:ARIA128-GCM-SHA256:PSK-ARIA128-GCM-SHA256:CAMELLIA256-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:CAMELLIA256-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:CAMELLIA128-SHA:PSK-CAMELLIA128-SHA256 ```
  230. mimi89999 Only disables CBC
  231. mimi89999 ``` michel@debian:~$ openssl ciphers HIGH+kEECDH:HIGH+kEDH:\!CAMELLIA:\!PSK:\!SRP:\!3DES:\!aNULL:\!AESCCM:\!AESCCM8:\!ARIAGCM:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 ```
  232. tom hold on
  233. tom you have !AES in your cipher string but TLS_AES_256_GCM_SHA384 is a supported cipher?
  234. tom why?
  235. tom isn't TLS_AES_256_GCM_SHA384 AES? It says so right there in the suite
  236. tom TLS_>AES_<256_GCM_SHA384
  237. mimi89999 ``` michel@debian:~$ openssl ciphers HIGH+kEECDH:HIGH+kEDH:\!CAMELLIA:\!PSK:\!SRP:\!3DES:\!aNULL:\!AESCCM:\!ARIAGCM:\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 ```
  238. mimi89999 tom, AES is AESCBC. AESGCM is AESGCM
  239. mimi89999 ``` michel@debian:~$ openssl ciphers AESGCM TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ADH-AES128-GCM-SHA256:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256 ```
  240. tom mimi89999: » $ openssl ciphers -v 'AES' | grep GCM » TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD » TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD » ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD » ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD » DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD » DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD » ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD » ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD » ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD » DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD » DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD » ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD » RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD » DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD » AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD » PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD » RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD » DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD » AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD » PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD » are you sure about that?
  241. tom this command seems to show conflicting information
  242. mimi89999 Hmm
  243. tom what version are you using?
  244. mimi89999 But
  245. mimi89999 ``` michel@debian:~$ openssl ciphers HIGH\!AES TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:ADH-CAMELLIA256-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:ADH-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-CAMELLIA128-SHA:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:ARIA256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-ARIA256-GCM-SHA384:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:ARIA128-GCM-SHA256:PSK-ARIA128-GCM-SHA256:CAMELLIA256-SHA256:CAMELLIA128-SHA256:ECDHE-PSK-CAMELLIA256-SHA384:RSA-PSK-CAMELLIA256-SHA384:DHE-PSK-CAMELLIA256-SHA384:CAMELLIA256-SHA:PSK-CAMELLIA256-SHA384:ECDHE-PSK-CAMELLIA128-SHA256:RSA-PSK-CAMELLIA128-SHA256:DHE-PSK-CAMELLIA128-SHA256:CAMELLIA128-SHA:PSK-CAMELLIA128-SHA256 ```
  246. mimi89999 `OpenSSL 1.1.1k 25 Mar 2021`
  247. mimi89999 `openssl ciphers -v 'AES' | grep GCM` gives me the same
  248. ernst.on.tour has left
  249. mimi89999 tom, I recommend you stay with the defaults. If you have an old version and defaults are unsafe, I recommend you update.
  250. tom AES keyboard also doesn't seem to be listed in the man page
  251. tom mimi89999: I'm not using an old version i'm on Devuan beowulf's stable
  252. tom i'm concerned about oracle padding attacks
  253. tom and openssl's HIGH doesn't protect against them
  254. mimi89999 So your defaults should be safe
  255. mimi89999 Really
  256. mimi89999 > i'm concerned about oracle padding attacks Depends on implementation. OpenSSL was once vulnerable, but that was patched long time ago.
  257. Holger At the very least I would not hard-code specific ciphers.
  258. mimi89999 Or just go with TLSv1.3 only
  259. tom I can't
  260. mimi89999 Why?
  261. tom a lot of servers are still connecting with tls1.2
  262. tom maybe i could for c2s
  263. Holger You'll forget to update your superdupersecure cipher list once OpenSSL supports newer ones.
  264. jonas’ chances are that your OS already has a security level defined which suits your purposes
  265. jonas’ and also takes care of things like DH size
  266. Holger And maybe you're superman and won't forget. But if I was superman I would, at the very least, not post such lists in public. Because others might think "wow tom is superman, I'll copy paste his super-duper-secure cipher list", and then fail to maintain it.
  267. jonas’ word.
  268. jonas’ I still need to age out the formerly great applied crypto hardening lists of all my automation because they were never updated
  269. Holger I just do something like this usually: `"HIGH:!aNULL:!3DES:@STRENGTH"` If my users are hacked because that's too unsecure, I'll send them to tom next time.
  270. tom well
  271. tom that's not appropriate for an XMPP server
  272. Holger On servers with super-duper-secure co-admins who insist on PFS, I do this: `"ECDH:DH:!3DES:!aNULL:!eNULL:!MEDIUM:@STRENGTH"`
  273. mimi89999 Defaults were once unsafe. That's why setting custom ciphersuites became popular. Now they are good.
  274. kousu has left
  275. Holger I think posting explicit cipher lists in public isnt't appropriate and I explained why. Presumably my first list will support way cooler ciphers than yours a few years from now. (Yes the second is already a bit problemativ in that it insists on DH.)
  276. tom for one, PSK and SRP suites are completely pointless for an XMPP connection. Secondly they aren't good. Their backwards compat opens it up to padding oracle attacks
  277. kousu has joined
  278. tom now
  279. mimi89999 Unless you really know what you are doing, stay with the defaults
  280. tom I don't need THAT much backwards compat, other than running safe ciphers through tls 1.2
  281. mimi89999 Or somebody decided what ciphers are allowed and what are not in the org, then you must apply 😕️
  282. tom that big bloated list i sent first does do that job of excluding known bad suites vulnerable to padding oracle attacks, however the biggest problem is that it's ugly as hell (cosmetic) and that it's redundant eg, i'm already dissallowing preshared key and 3DES suites
  283. tom i Could clean it up a bit
  284. tom but i'm wonder if this may be a thing to send as a patch to upstream openssl in order to have a !CBC group actually work
  285. Holger tom, I'd call suggesting others to hard-code cipher lists a security issue, not a cosmetic issue.
  286. patasca has left
  287. tom Holger: it's not hardcoding cipher lists
  288. tom it's blacklisting known bad ones
  289. tom notice the :!
  290. mimi89999 AES CBC is not considered insecure
  291. Holger Ah `HIGH+kEDH:HIGH+kEECDH:HIGH:`, I missed the final `:HIGH:`, sorry.
  292. mimi89999 Yes, they were not accepted in TLSv1.3, but there is nor reason to force disable them.
  293. Holger Ignore me then. Then it's just stupid but probably won't hurt except maybe interop, and I don't care 😛
  294. tom » <mimi89999> AES CBC is not considered insecure http://www.isg.rhul.ac.uk/tls/Lucky13.html seems to contradict that
  295. Holger A working exploit would contradict such things quite convincingly.
  296. Holger (But I'll shut up now sorry.)
  297. mimi89999 > Unable to select database
  298. tom your not able to view the webpage?
  299. mjk has left
  300. loopboom has joined
  301. mimi89999 Yes
  302. mimi89999 But there is archive
  303. mimi89999 Anyway, that was patched
  304. Bjarkan has joined
  305. mimi89999 OpenSSL should not be vulnerable now
  306. tom oh, would you happen to have any information on that? I'd rather read a paper than take your word. no offense
  307. tom it says it's a problem with the spec itself, not an implementation
  308. mimi89999 tom, https://security-tracker.debian.org/tracker/CVE-2013-0169
  309. tom thankyou
  310. ernst.on.tour has joined
  311. xi has left
  312. xi has joined
  313. [czar] has joined
  314. alberto has joined
  315. octagon has joined
  316. perflyst has joined
  317. tom is there a way to print all current c2s+s2s connection in prosody + their current ciphersuite in use?
  318. balabol.im has left
  319. jl4 has left
  320. balabol.im has joined
  321. millesimus Does xmpp.net test need the tested server to be available via IPv4?
  322. patasca has joined
  323. Ian Macdonald has left
  324. Ian Macdonald has joined
  325. Ian Macdonald has left
  326. Ian Macdonald has joined
  327. Ian Macdonald has left
  328. Ian Macdonald has joined
  329. Ian Macdonald has left
  330. Ian Macdonald has joined
  331. Ian Macdonald has left
  332. Ian Macdonald has joined
  333. Ian Macdonald has left
  334. Ian Macdonald has joined
  335. Ian Macdonald has left
  336. Ian Macdonald has joined
  337. Ian Macdonald has left
  338. Ian Macdonald has joined
  339. Ian Macdonald has left
  340. Ian Macdonald has joined
  341. Ian Macdonald has left
  342. Ian Macdonald has joined
  343. octagon has left
  344. Ian Macdonald has left
  345. Ian Macdonald has joined
  346. Ian Macdonald has left
  347. Ian Macdonald has joined
  348. Ian Macdonald has left
  349. Ian Macdonald has joined
  350. Ian Macdonald has left
  351. Ian Macdonald has joined
  352. Ian Macdonald has left
  353. Ian Macdonald has joined
  354. Ian Macdonald has left
  355. Ian Macdonald has joined
  356. Ian Macdonald has left
  357. Ian Macdonald has joined
  358. Ian Macdonald has left
  359. Ian Macdonald has joined
  360. Ian Macdonald has left
  361. Ian Macdonald has joined
  362. Ian Macdonald has left
  363. Ian Macdonald has joined
  364. Ian Macdonald has left
  365. Ian Macdonald has joined
  366. Ian Macdonald has left
  367. Ian Macdonald has joined
  368. Ian Macdonald has left
  369. Ian Macdonald has joined
  370. Ian Macdonald has left
  371. Ian Macdonald has joined
  372. Ian Macdonald has left
  373. Ian Macdonald has joined
  374. Ian Macdonald has left
  375. Ian Macdonald has joined
  376. Ian Macdonald has left
  377. Ian Macdonald has joined
  378. Ian Macdonald has left
  379. ricky has joined
  380. Ian Macdonald has joined
  381. Ian Macdonald has left
  382. Ian Macdonald has joined
  383. Ian Macdonald has left
  384. Ian Macdonald has joined
  385. Ian Macdonald has left
  386. Ian Macdonald has joined
  387. Ian Macdonald has left
  388. Ian Macdonald has joined
  389. Ian Macdonald has left
  390. Ian Macdonald has joined
  391. Ian Macdonald has left
  392. jonas’ yes
  393. Ian Macdonald has joined
  394. Ian Macdonald has left
  395. Ian Macdonald has joined
  396. Ian Macdonald has left
  397. Ian Macdonald has joined
  398. Ian Macdonald has left
  399. Ian Macdonald has joined
  400. Ian Macdonald has left
  401. Ian Macdonald has joined
  402. Ian Macdonald has left
  403. Ian Macdonald has joined
  404. Ian Macdonald has left
  405. Ian Macdonald has joined
  406. Ian Macdonald has left
  407. Ian Macdonald has joined
  408. millesimus Ok, thanks jonas’
  409. perflyst has left
  410. jonas’ we wish to change that eventually but that's not likely to happen before the whole thing is rewritten
  411. perflyst has joined
  412. tom nvm
  413. Holger Dual-stack is always great fun, even more so with monitoring.
  414. Holger "v4 status: critical (send e-mail + SMS notifications), v6 status: recovered from non-critical problem (send e-mail)". SIGSEGV.
  415. tom qaz
  416. Holger Plus other services depending on this one being fine.
  417. x51 has joined
  418. tom it helps if the only thing with v4 addresses is your reverse proxy and nat
  419. Holger if (v6_status != v4_status) just_do_nothing(); // It would be wrong anyway.
  420. patasca has left
  421. Holger Yeah, dealing with dual-stack by avoiding it helps 🙂
  422. balabol.im has left
  423. Ian Macdonald has left
  424. balabol.im has joined
  425. Ian Macdonald has joined
  426. perflyst has left
  427. Ian Macdonald has left
  428. jl4 has joined
  429. Ian Macdonald has joined
  430. Martin has left
  431. loopboom has left
  432. Martin has joined
  433. tom Well the way i see it Holger is ipv4 is legacy crap that should have been deprecated in the 80s were it not have been for the dotcom boom
  434. tom So i try to keep it outside my network
  435. tom And only via a nat (because i don't want to pay extra for allocations as well)
  436. tom For services that need legacy-compat
  437. belove has left
  438. Ivan A. has left
  439. Martin has left
  440. Ian Macdonald has left
  441. tom Why does conversations.im only support tls1.2? Aren't they supposed to be modern im?
  442. Martin has joined
  443. Holger tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug.
  444. tom What about the s2s connection though?
  445. Holger True, we could offer 1.3 there, just didn't bother so far.
  446. tom It's so very unfortunate that so many regional ISP monopolies in the USA have still to this day refused to implement ipv6
  447. Holger > What about the s2s connection though? Should work now.
  448. tom At this point, the lack of v6 connectivity is a serious hurdle in the way for new isps and companies to spring up as there's simply no more v4 address space left to sell
  449. tom I think the government should step in and mandate v6 deployment
  450. tom Make it a requirement for calling a service 'broadband' or something
  451. tom Thanks Holger
  452. Ian Macdonald has joined
  453. Ian Macdonald has left
  454. Ian Macdonald has joined
  455. Ian Macdonald has left
  456. Menel has joined
  457. balabol.im has left
  458. balabol.im has joined
  459. ross has left
  460. ross has joined
  461. mimi89999 > tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug. Let's force them to update!
  462. tom mimi89999: I really have no preference or opinion about how other sites managed their c2s settings
  463. tom or what clients people want to use. I do however think the s2s side should have secure crypto
  464. tom especially with widespread and pervasive government and corporate surveillance
  465. croax > I think the government should step in and mandate v6 deployment tom: agree. I guess they just don't care. For sure lobbyist would also get benefit of this situation by selling NAT, consultancy and speculate on ipv4 exhaustion.
  466. Martin > tom, old versions of the Conversations app will fail to log in if TLSv1.3 is offered, due to a client bug. How old?
  467. tom https://tools.ietf.org/html/rfc7258 https://tools.ietf.org/html/rfc7624
  468. Martin Anyone managed to reach the tiagese guys?
  469. tom I also think that with keeping in mind the reality that many governments do in fact record ALL internet traffic to disk.. now you might think that's crazy but egypt actually did that and the utah datacenter and ESPECIALLY google have the ability to do that
  470. alien has left
  471. tom that we shouldn't be just enabling the absolute minimum in terms of security and crypto
  472. mike What's up with Tigase? Their Masto account posted just a few minutes ago so someone's around.
  473. Martin Can't join their chat as their cert is invalid again.
  474. Martin Establishing a secure connection from mdosch.de to muc.tigase.org failed. Certificate hash: 6309c033094e3d8fb71d4dea59197ac81bd38240a4c03a68c10fee75fc09ac47. Error with certificate 0: certificate has expired.
  475. mike I just sent them a DM with that info.
  476. Martin Thanks
  477. [czar] has left
  478. [czar] has joined
  479. jl4 has left
  480. alien has joined
  481. octagon has joined
  482. Ge0rG has left
  483. Ge0rG has joined
  484. jl4 has joined
  485. Ian Macdonald has joined
  486. jl4 has left
  487. abidal3 has joined
  488. Ian Macdonald has left
  489. alacer has left
  490. alacer has joined
  491. Ian Macdonald has joined
  492. Ian Macdonald has left
  493. Ian Macdonald has joined
  494. Ian Macdonald has left
  495. Ian Macdonald has joined
  496. Ian Macdonald has left
  497. southerntofu has joined
  498. Ian Macdonald has joined
  499. Ian Macdonald has left
  500. chillmanwppqpuwo has joined
  501. Ian Macdonald has joined
  502. Ian Macdonald has left
  503. Ian Macdonald has joined
  504. kousu has left
  505. Ian Macdonald has left
  506. Ian Macdonald has joined
  507. chillmanwppqpuwo has left
  508. chillmanwppqpuwo has joined
  509. Ian Macdonald has left
  510. chillmanwppqpuwo has left
  511. Ian Macdonald has joined
  512. kousu has joined
  513. Ian Macdonald has left
  514. Ian Macdonald has joined
  515. Ian Macdonald has left
  516. Ian Macdonald has joined
  517. Ian Macdonald has left
  518. chillmanwppqpuwo has joined
  519. patasca has joined
  520. Ian Macdonald has joined
  521. Ian Macdonald has left
  522. Ian Macdonald has joined
  523. chillmanwppqpuwo has left
  524. Ian Macdonald has left
  525. abidal3 has left
  526. abidal3 has joined
  527. Ian Macdonald has joined
  528. Ian Macdonald has left
  529. octagon has left
  530. Ian Macdonald has joined
  531. chillmanwppqpuwo has joined
  532. Ian Macdonald has left
  533. Ian Macdonald has joined
  534. chillmanwppqpuwo has left
  535. chillmanwppqpuwo has joined
  536. chillmanwppqpuwo has left
  537. chillmanwppqpuwo has joined
  538. chillmanwppqpuwo has left
  539. patasca has left
  540. chillmanwppqpuwo has joined
  541. chillmanwppqpuwo has left
  542. chillmanwppqpuwo has joined
  543. chillmanwppqpuwo has left
  544. balabol.im has left
  545. Menel has left
  546. balabol.im has joined
  547. undefined has left
  548. Ian Macdonald has left
  549. Ian Macdonald has joined
  550. Ian Macdonald has left
  551. Ian Macdonald has joined
  552. Ian Macdonald has left
  553. Ian Macdonald has joined
  554. Ian Macdonald has left
  555. Ian Macdonald has joined
  556. Ian Macdonald has left
  557. Ian Macdonald has joined
  558. Ian Macdonald has left
  559. Ian Macdonald has joined
  560. Ian Macdonald has left
  561. undefined has joined
  562. Ian Macdonald has joined
  563. Ian Macdonald has left
  564. Ian Macdonald has joined
  565. Ian Macdonald has left
  566. Ian Macdonald has joined
  567. guus.der.kinderen has joined
  568. Ian Macdonald has left
  569. Ian Macdonald has joined
  570. Ge0rG has left
  571. ross has left
  572. ross has joined
  573. Ge0rG has joined
  574. 404.city has joined
  575. abidal3 has left
  576. Ian Macdonald has left
  577. Ian Macdonald has joined
  578. Ian Macdonald has left
  579. Ian Macdonald has joined
  580. Menel has joined
  581. Ian Macdonald has left
  582. chillmanwppqpuwo has joined
  583. Ian Macdonald has joined
  584. Ian Macdonald has left
  585. Ian Macdonald has joined
  586. Ian Macdonald has left
  587. Ian Macdonald has joined
  588. chillmanwppqpuwo has left
  589. Ian Macdonald has left
  590. Ian Macdonald has joined
  591. Ian Macdonald has left
  592. patasca has joined
  593. Ian Macdonald has joined
  594. Ian Macdonald has left
  595. Ian Macdonald has joined
  596. Ian Macdonald has left
  597. Ian Macdonald has joined
  598. Ian Macdonald has left
  599. Ian Macdonald has joined
  600. Ian Macdonald has left
  601. Ian Macdonald has joined
  602. Ian Macdonald has left
  603. Ian Macdonald has joined
  604. Ian Macdonald has left
  605. Ian Macdonald has joined
  606. Ian Macdonald has left
  607. Ian Macdonald has joined
  608. chillmanwppqpuwo has joined
  609. chillmanwppqpuwo has left
  610. Ian Macdonald has left
  611. patasca has left
  612. patasca has joined
  613. chillmanwppqpuwo has joined
  614. Ian Macdonald has joined
  615. chillmanwppqpuwo has left
  616. undefined has left
  617. Ian Macdonald has left
  618. chillmanwppqpuwo has joined
  619. Ian Macdonald has joined
  620. undefined has joined
  621. chillmanwppqpuwo has left
  622. Ian Macdonald has left
  623. Ian Macdonald has joined
  624. Ian Macdonald has left
  625. Ian Macdonald has joined
  626. Ian Macdonald has left
  627. patasca has left
  628. patasca has joined
  629. patasca has left
  630. patasca has joined
  631. Ian Macdonald has joined
  632. Ian Macdonald has left
  633. chillmanwppqpuwo has joined
  634. Ian Macdonald has joined
  635. Ian Macdonald has left
  636. chillmanwppqpuwo has left
  637. Ian Macdonald has joined
  638. Ian Macdonald has left
  639. Ian Macdonald has joined
  640. Ian Macdonald has left
  641. Ian Macdonald has joined
  642. Ian Macdonald has left
  643. Ian Macdonald has joined
  644. Ian Macdonald has left
  645. Ian Macdonald has joined
  646. Ian Macdonald has left
  647. Ian Macdonald has joined
  648. octagon has joined
  649. Ian Macdonald has left
  650. Ian Macdonald has joined
  651. Ian Macdonald has left
  652. Ian Macdonald has joined
  653. Ian Macdonald has left
  654. Ian Macdonald has joined
  655. Ian Macdonald has left
  656. Ian Macdonald has joined
  657. Ian Macdonald has left
  658. Ian Macdonald has joined
  659. Ian Macdonald has left
  660. Ian Macdonald has joined
  661. xorman has joined
  662. Ian Macdonald has left
  663. Ian Macdonald has joined
  664. Ian Macdonald has left
  665. Ian Macdonald has joined
  666. Ian Macdonald has left
  667. Ian Macdonald has joined
  668. Ge0rG has left
  669. Ge0rG has joined
  670. henrik has left
  671. Ian Macdonald has left
  672. Calvin has joined
  673. patasca has left
  674. Ian Macdonald has joined
  675. Ian Macdonald has left
  676. Ian Macdonald has joined
  677. Ian Macdonald has left
  678. Ian Macdonald has joined
  679. Ian Macdonald has left
  680. Ian Macdonald has joined
  681. Ian Macdonald has left
  682. Ian Macdonald has joined
  683. Ian Macdonald has left
  684. Ian Macdonald has joined
  685. 404.city has left
  686. Ian Macdonald has left
  687. Ian Macdonald has joined
  688. Ian Macdonald has left
  689. Ian Macdonald has joined
  690. kryptos has joined
  691. 404.city has joined
  692. Ian Macdonald has left
  693. Ian Macdonald has joined
  694. 404.city tom, you are talking about the security of ciphers, but most servers accept self-signed certificates and are harassing those who want to change. It looks like a security theater. https://github.com/E-404/Manifestos/blob/master/1.md
  695. octagon has left
  696. chillmanwppqpuwo has joined
  697. moparisthebest 404.city, "s2s_secure_auth = false" doesn't mean "allow self signed certificates" right ?
  698. patasca has joined
  699. Calvin has left
  700. Calvin has joined
  701. Menel Who is harassing? I wouldn't care for those servers that still don't use a valid cert.
  702. moparisthebest dialback is fine and perfectly secure as long as good+valid certificates is required right 404.city ?
  703. 404.city I can consider this manifesto a failure, because some administrators who signed it do not comply with it, and some administrators began to actively oppose the manifest, fearing to lose some of the users connected to insecure servers
  704. karme has left
  705. moparisthebest I'd consider it a failure because the basic premise is a misunderstanding
  706. henrik has joined
  707. chillmanwppqpuwo has left
  708. moparisthebest 404.city, I can't speak to ejabberd, but prosody's default config includes `s2s_secure_auth = false` but DOES NOT allow self-signed certs, and in fact requires valid certs for all s2s communication
  709. kryptos has left
  710. kryptos has joined
  711. ross has left
  712. ross has joined
  713. patasca has left
  714. patasca has joined
  715. ross has left
  716. carlos has left
  717. ross has joined
  718. carlos has joined
  719. patasca has left
  720. patasca has joined
  721. 404.city >moparisthebest‎: dialback is fine and perfectly secure How are you going to validate the dialback (s2s) when the interlocutor connects to a other server with a self-signed certificate (c2s)?
  722. moparisthebest dialback should also involve proper validation of certificate
  723. croax LetsEncrypt provides certificates using DNS and IP address source and destination. Dialback with self-signed certificates offers same service. Why would it be less secure?
  724. moparisthebest croax, I can answer that one, letsencrypt checks DNS from multiple geographically seperate endpoints, not just 1
  725. croax moparisthebest: Oh thanks for your expertise :-)
  726. chillmanwppqpuwo has joined
  727. 404.city >Dialback with self-signed certificates offers same service. Why would it be less secure? Your interlocutor checks manually self signed certificates for his server. Many people ignore security and accept any self-signed certificates. Security is a "set of measures", and not only everything is "fine here".
  728. karme has joined
  729. raghavgururajan has left
  730. chillmanwppqpuwo has left
  731. patasca has left
  732. x187x has left
  733. croax 404.city: I was just speaking about s2s. Dialback is a way to validate self signed certificates. It's not just accepting. c2s is a particular context, under the scope of the server policy. Out of scope of federation.
  734. qrpnxz speaking of ipv6, noticed i'm missing a AAAA record for my website 😬 I'm sorry World.
  735. steven has left
  736. octagon has joined
  737. octagon has left
  738. octagon has joined
  739. 404.city has left
  740. 404.city has joined
  741. joerg has left
  742. joerg has joined
  743. octagon has left
  744. octagon has joined
  745. steven has joined
  746. 404.city Many security standards are developed based on security incidents. Yes, dialback does not protect against untrusted Wi-Fi, your interlocutor, and therefore, in general, the connection cannot be considered secure. dialback was made at a time when certificates were "paid" and completely fulfilled its purpose. This is now an obsolete standard. We recommend everyone who wants to use self-signed certificates to use PGP, inside clients
  747. joerg has left
  748. joerg has joined
  749. Maranda has left
  750. Maranda has joined
  751. Wiktor 404.city: by "use pgp" you mean use pgp for e2ee not for cert verification? Then why pgp and not omemo?
  752. croax 404.city: That's unlikely that a dialback connection will go through Wifi. I agree that valid certificate is better but Dialback seems not so bad. Do you think a central authority issuing 90% (just random figure) of certificate is less subject to security agency abuses? Response might be yes though.
  753. chillmanwppqpuwo has joined
  754. 404.city >Wiktor‎: 404.city: by "use pgp" you mean use pgp for e2ee not for cert verification? Then why pgp and not omemo? Yes, e2e encryption is a more precise definition
  755. patasca has joined
  756. patasca has left
  757. patasca has joined
  758. kryptos has left
  759. maxwell has left
  760. 404.city "Use PGP" is special for % croax % as it serves their purpose. Who wants to use a self-signed certificate on the server as client PGP encryption.
  761. octagon re ciphers: fedora and centos 8 has: update-crypto-policies --set NEXT # or FUTURE
  762. moparisthebest if we are going to push for better s2s authentication why not go with the real solution? DANE :)
  763. raghavgururajan has joined
  764. Bjarkan has left
  765. moparisthebest that means anyone with an .im TLD has to get rid of it, but otherwise should be great
  766. 404.city > That's unlikely that a dialback connection will go through Wifi. The most frequent case: c2s connection through your interlocutor, through an unsafe connection
  767. croax 404.city, I don't get it, Dialback occurs on s2s
  768. balabol.im has left
  769. croax moparisthebest: yeah DANE! Why ICANN not pushing DNSSEC? Same than IPv6..
  770. moparisthebest they kind of are pushing DNSSEC, all new gTLDs must support it for instance
  771. 404.city croax‎: 🙂 If the XMPP server has insecure s2s, the server also has insecure c2s)
  772. mjk has joined
  773. croax 404.city: might be the case but not necessary. That's a big shortcut.
  774. croax CAs may be context-dependent. And they're alternatives like DANE, posh, ...
  775. moparisthebest my server has always supported DANE, unsure if others do, it's the same story with email really, I only know of me and debian.org with support
  776. croax CAs may be context-dependent. And they're alternatives like DANE, POSH, ...
  777. balabol.im has joined
  778. ricky has left
  779. Bjarkan has joined
  780. mimi89999 Please. Don't go with the CAs bad
  781. mimi89999 We have CT now
  782. mimi89999 And DANE won't make it possible to detect temporary interception unlike CT logs.
  783. patasca has left
  784. Bjarkan has left
  785. abslimit has left
  786. xorman has left
  787. mjk has left
  788. 404.city https://xmpp.404.city:5280/usershare/6d33720a4a94189f7b96d206ee5f6128196decf2/jIwjrFEUVCIj6HI2WtRJLQbJ2XsvGyeHJapQ02Pb/Schrodingers_cat.svg.png
  789. 404.city >croax‎: 404.city: might be the case but not necessary. That's a big shortcut. There are only rare exceptions to this rule. Security systems should work automatically and not allow "it may or may not be". "Schrödinger's cat". Imagine that the lock from the safe, which contains the "Top Secret Documents", will be closed, or maybe not closed. This is counterintuitive and unexpected security behavior.
  790. kryptos has joined
  791. Bjarkan has joined
  792. balabol.im has left
  793. patasca has joined
  794. p55s has joined
  795. octagon has left
  796. patasca has left
  797. patasca has joined
  798. 404.city has left
  799. balabol.im has joined
  800. croax 404.city: Don't following. There's no unique worldwide CA store. One's not suppose to trust any widely used CA. One can issue context specific CA, like organizational ones. This is all matter of security vs interoperability. And all is context dependent.
  801. mjk has joined
  802. moparisthebest mimi89999, any servers or clients check CT? CT is a nice addition to CA stuff but not nearly as good of a replacement for DANE
  803. croax Moreover making any assumption of link between s2s (concerning federation) and c2s (server scope) is wrong.
  804. Bjarkan has left
  805. karme has left
  806. Bjarkan has joined
  807. 404.city has joined
  808. Bjarkan has left
  809. mimi89999 Poor kitty
  810. Ge0rG has left
  811. Ge0rG has joined
  812. mimi89999 How can one do such a cruel thing?
  813. mimi89999 moparisthebest, no, but on Android you can use https://github.com/appmattus/certificatetransparency
  814. mimi89999 How is DANE support?
  815. patasca has left
  816. abslimit has joined
  817. xorman has joined
  818. 404.city ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient.
  819. karme has joined
  820. Bjarkan has joined
  821. 404.city PGP (e2e) does all the necessary tasks without involving additional entities, and TLS has no security task at the level you suggest. Using TLS encryption like e2e is like hammering nails with a microscope.
  822. abidal3 has joined
  823. Wiktor > ‎just use PGP. It's easier, safer and more convenient. First time I saw "PGP" used in the same paragraph with "easier and safer"
  824. 404.city >First time I saw "PGP" used in the same paragraph with "easier and safer" In context with TLS
  825. moparisthebest TLS protects an entirely different set of things and serves entirely different purposes than e2e, they can't be compared
  826. moparisthebest current-PGP (xep-27) in XMPP provides far fewer guarantees than a normal person expects out of e2e these days, for instance
  827. mimi89999 I opened https://github.com/iNPUTmice/Conversations/issues/4068
  828. croax Exactly. You could leak all meta-data compromising you by connecting on a wrong server, still encrypting e2e.
  829. moparisthebest it provides no authentication or replay-proofing at all
  830. moparisthebest and it protects message body only, nothing else, and no meta-data
  831. moparisthebest it's absolutely not a replacement for TLS
  832. octagon has joined
  833. 404.city Wiktor I am not a supporter of saying which e2e encryption is better or worse. Many famous people used different e2e encryption systems, and I think their competence in these matters is higher. Stolman - PGP, Snowden - OMEMO / OTR, assange julian - OTR
  834. croax Ex of meta-data: correspondant JID, message time, ...
  835. karme has left
  836. moparisthebest there is no "better" or "worse" but there are ENTIRELY DIFFERENT GUARANTEES provided by each type that need understood by people who want to use them
  837. abidal3 has left
  838. croax Eg. of meta-data: correspondant JID, message time, ...
  839. patasca has joined
  840. moparisthebest there is absolutely "better" or "worse" e2e for a specific person with a specific threat model though
  841. moparisthebest hence the need to understand 1) your threat model 2) the guarantees provided by each
  842. croax > ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient. Non, just saying there's dialback. And asking to blacklist this mecanism is nonsense.
  843. croax > ‎croax‎ you propose to remove all CAs (Until you delete all certification authorities, your actions are meaningless) built into the system and instead manually check untrusted connections in some mystical way (carrier pigeons). I think this is not very rational. Please don't come up with your own encryption, just use PGP. It's easier, safer and more convenient. No, just saying there's dialback. And asking to blacklist this mecanism is nonsense.
  844. 404.city > ‎moparisthebest‎: it's absolutely not a replacement for TLS I think there are some difficulties with translation. I do not mean abandoning TLS, I mean not using self-signet TLS "as" E2E encryption(PGP). The best option is valid TLS + E2E
  845. moparisthebest yes
  846. 404.city >No, just saying there's dialback. And asking to blacklist this mecanism is nonsense. croax How should a person who has not issued a self-signed certificate verify a self-signed certificate? We are not talking about dialback at the moment. dialback not used with c2s.
  847. karme has joined
  848. Bjarkan has left
  849. Bjarkan has joined
  850. perflyst has joined
  851. croax 404.city: From the link you posted > delete support self-signed certificates "mod_s2s_dialback
  852. mjk has left
  853. patasca has left
  854. croax 404.city: c2s is server scope specific. No need to ask anything for better federation.
  855. 404.city >‎croax‎: 404.city: From the link you posted I will explain to you the reason why this setting is used. I'm not talking specifically about protecting s2s connections even. Self-signed certificates reduce security without any useful application.
  856. mjk has joined
  857. Bjarkan has left
  858. perflyst has left
  859. schäfchen726 has left
  860. Bjarkan has joined
  861. abslimit has left
  862. schäfchen726 has joined
  863. 404.city has left
  864. 404.city has joined
  865. 404.city has left
  866. Bjarkan has left
  867. moparisthebest 404.city: that's not technically true either, self signed provides protection against passive surveillance, just not active attacks
  868. ricky has joined
  869. kousu has left
  870. kousu has joined
  871. xorman has left
  872. patasca has joined
  873. Bjarkan has joined
  874. maxwell has joined
  875. kryptos has left
  876. xorman has joined
  877. Bjarkan has left
  878. kryptos has joined
  879. Ge0rG has left
  880. Ge0rG has joined
  881. Bjarkan has joined
  882. abslimit has joined
  883. Bjarkan has left
  884. abslimit has left
  885. octagon has left
  886. patasca has left
  887. patasca has joined
  888. octagon has joined
  889. abslimit has joined
  890. rom1dep has joined
  891. patasca has left
  892. patasca has joined
  893. mjk has left
  894. alberto has left
  895. abslimit has left
  896. Bjarkan has joined
  897. jl4 has joined
  898. Bjarkan has left
  899. abslimit has joined
  900. alberto has joined
  901. patasca has left
  902. patasca has joined
  903. ross has left
  904. ross has joined
  905. ross has left
  906. ross has joined
  907. patasca has left
  908. patasca has joined
  909. mjk has joined
  910. Ian Macdonald has left
  911. Ian Macdonald has joined
  912. Ian Macdonald has left
  913. Ian Macdonald has joined
  914. Ian Macdonald has left
  915. Menel has left
  916. Menel has joined
  917. Ian Macdonald has joined
  918. Ian Macdonald has left
  919. Ian Macdonald has joined
  920. Ian Macdonald has left
  921. Menel has left
  922. Menel has joined
  923. Ian Macdonald has joined
  924. Ian Macdonald has left
  925. Ian Macdonald has joined
  926. Ian Macdonald has left
  927. Ian Macdonald has joined
  928. Ian Macdonald has left
  929. Ian Macdonald has joined
  930. Ian Macdonald has left
  931. Ian Macdonald has joined
  932. Ian Macdonald has left
  933. Ian Macdonald has joined
  934. Ian Macdonald has left
  935. Ian Macdonald has joined
  936. Ian Macdonald has left
  937. Ian Macdonald has joined
  938. Ian Macdonald has left
  939. alberto has left
  940. ru_maniac has left
  941. Ian Macdonald has joined
  942. Ian Macdonald has left
  943. Ge0rG has left
  944. Ge0rG has joined
  945. Ian Macdonald has joined
  946. Ian Macdonald has left
  947. Ian Macdonald has joined
  948. Ian Macdonald has left
  949. Ian Macdonald has joined
  950. Ian Macdonald has left
  951. Ian Macdonald has joined
  952. Ian Macdonald has left
  953. Ian Macdonald has joined
  954. Ian Macdonald has left
  955. Ian Macdonald has joined
  956. Ian Macdonald has left
  957. Bjarkan has joined
  958. Ian Macdonald has joined
  959. Ian Macdonald has left
  960. Ian Macdonald has joined
  961. Ian Macdonald has left
  962. Ian Macdonald has joined
  963. Ian Macdonald has left
  964. Ian Macdonald has joined
  965. Ian Macdonald has left
  966. Calvin has left
  967. Ian Macdonald has joined
  968. Ian Macdonald has left
  969. Ian Macdonald has joined
  970. Ian Macdonald has left
  971. Ian Macdonald has joined
  972. Ian Macdonald has left
  973. Ian Macdonald has joined
  974. alberto has joined
  975. Ian Macdonald has left
  976. Ian Macdonald has joined
  977. Ian Macdonald has left
  978. abidal3 has joined
  979. Ian Macdonald has joined
  980. Ian Macdonald has left
  981. Ian Macdonald has joined
  982. Ian Macdonald has left
  983. Ian Macdonald has joined
  984. Ian Macdonald has left
  985. ru_maniac has joined
  986. Ian Macdonald has joined
  987. Ian Macdonald has left
  988. Ian Macdonald has joined
  989. Ian Macdonald has left
  990. jl4 has left
  991. ernst.on.tour has left
  992. 404.city has joined
  993. ernst.on.tour has joined
  994. Ian Macdonald has joined
  995. Ian Macdonald has left
  996. Ian Macdonald has joined
  997. Ian Macdonald has left
  998. Bjarkan has left
  999. Ian Macdonald has joined
  1000. Ian Macdonald has left
  1001. derventio has joined
  1002. Ian Macdonald has joined
  1003. Ian Macdonald has left
  1004. patasca has left
  1005. patasca has joined
  1006. patasca has left
  1007. patasca has joined
  1008. christian has left
  1009. Ian Macdonald has joined
  1010. Ian Macdonald has left
  1011. Ian Macdonald has joined
  1012. Ian Macdonald has left
  1013. christian has joined
  1014. Ian Macdonald has joined
  1015. Ian Macdonald has left
  1016. Ian Macdonald has joined
  1017. Ian Macdonald has left
  1018. Ian Macdonald has joined
  1019. Ian Macdonald has left
  1020. Ian Macdonald has joined
  1021. Ian Macdonald has left
  1022. Ian Macdonald has joined
  1023. Ian Macdonald has left
  1024. Ian Macdonald has joined
  1025. Ian Macdonald has left
  1026. abslimit has left
  1027. Ian Macdonald has joined
  1028. Ian Macdonald has left
  1029. ernst.on.tour has left
  1030. ernst.on.tour has joined
  1031. Ian Macdonald has joined
  1032. Ian Macdonald has left
  1033. Ian Macdonald has joined
  1034. Ian Macdonald has left
  1035. Ian Macdonald has joined
  1036. Ian Macdonald has left
  1037. Ian Macdonald has joined
  1038. Ian Macdonald has left
  1039. Ian Macdonald has joined
  1040. Ian Macdonald has left
  1041. Ian Macdonald has joined
  1042. Ian Macdonald has left
  1043. Ian Macdonald has joined
  1044. Ian Macdonald has left
  1045. Ian Macdonald has joined
  1046. Ian Macdonald has left
  1047. patasca has left
  1048. abslimit has joined
  1049. Ian Macdonald has joined
  1050. Ian Macdonald has left
  1051. Ian Macdonald has joined
  1052. Ian Macdonald has left
  1053. Ian Macdonald has joined
  1054. Ian Macdonald has left
  1055. Bjarkan has joined
  1056. Ian Macdonald has joined
  1057. Ian Macdonald has left
  1058. mjk has left
  1059. insanity has left
  1060. Ian Macdonald has joined
  1061. Ian Macdonald has left
  1062. Ian Macdonald has joined
  1063. Ian Macdonald has left
  1064. mjk has joined
  1065. patasca has joined
  1066. patasca has left
  1067. patasca has joined
  1068. patasca has left
  1069. patasca has joined
  1070. Ian Macdonald has joined
  1071. Ian Macdonald has left
  1072. Ian Macdonald has joined
  1073. Ian Macdonald has left
  1074. schäfchen726 has left
  1075. schäfchen726 has joined
  1076. Ian Macdonald has joined
  1077. Ian Macdonald has left
  1078. Ian Macdonald has joined
  1079. Ian Macdonald has left
  1080. Ian Macdonald has joined
  1081. Ian Macdonald has left
  1082. Ian Macdonald has joined
  1083. Ian Macdonald has left
  1084. lorddavidiii has left
  1085. patasca has left
  1086. Ian Macdonald has joined
  1087. Ian Macdonald has left
  1088. Ian Macdonald has joined
  1089. Ian Macdonald has left
  1090. octagon has left
  1091. mjk has left
  1092. Ian Macdonald has joined
  1093. Ian Macdonald has left
  1094. Ian Macdonald has joined
  1095. Ian Macdonald has left
  1096. Ian Macdonald has joined
  1097. Ian Macdonald has left
  1098. Ian Macdonald has joined
  1099. Ian Macdonald has left
  1100. Ian Macdonald has joined
  1101. Ian Macdonald has left
  1102. Ian Macdonald has joined
  1103. Ian Macdonald has left
  1104. Ian Macdonald has joined
  1105. Ian Macdonald has left
  1106. octagon has joined
  1107. 404.city has left
  1108. Ian Macdonald has joined
  1109. Ian Macdonald has left
  1110. 404.city has joined
  1111. patasca has joined
  1112. Ian Macdonald has joined
  1113. Ian Macdonald has left
  1114. ross has left
  1115. mjk has joined
  1116. ross has joined
  1117. patasca has left
  1118. patasca has joined
  1119. Ian Macdonald has joined
  1120. Ian Macdonald has left
  1121. x187x has joined
  1122. Ian Macdonald has joined
  1123. Ian Macdonald has left
  1124. Ian Macdonald has joined
  1125. 404.city has left
  1126. Ian Macdonald has left
  1127. Ian Macdonald has joined
  1128. Ian Macdonald has left
  1129. Ian Macdonald has joined
  1130. Ian Macdonald has left
  1131. Ian Macdonald has joined
  1132. Ian Macdonald has left
  1133. Ian Macdonald has joined
  1134. Ian Macdonald has left
  1135. Ian Macdonald has joined
  1136. Ian Macdonald has left
  1137. Ian Macdonald has joined
  1138. Ian Macdonald has left
  1139. Ian Macdonald has joined
  1140. Ian Macdonald has left
  1141. Ian Macdonald has joined
  1142. Ian Macdonald has left
  1143. Ian Macdonald has joined
  1144. Ian Macdonald has left
  1145. Ian Macdonald has joined
  1146. Ian Macdonald has left
  1147. Ian Macdonald has joined
  1148. Ian Macdonald has left
  1149. Ian Macdonald has joined
  1150. Ian Macdonald has left
  1151. Ian Macdonald has joined
  1152. Ian Macdonald has left
  1153. Calvin has joined
  1154. Ian Macdonald has joined
  1155. Ian Macdonald has left
  1156. Ian Macdonald has joined
  1157. Ian Macdonald has left
  1158. Bjarkan has left
  1159. jl4 has joined
  1160. Bjarkan has joined
  1161. patasca has left
  1162. patasca has joined
  1163. Ian Macdonald has joined
  1164. Ian Macdonald has left
  1165. Ian Macdonald has joined
  1166. Ian Macdonald has left
  1167. Ian Macdonald has joined
  1168. Ian Macdonald has left
  1169. Ian Macdonald has joined
  1170. Ian Macdonald has left
  1171. Ian Macdonald has joined
  1172. Ian Macdonald has left
  1173. Ian Macdonald has joined
  1174. Ian Macdonald has left
  1175. DebXWoody has left
  1176. Calvin has left
  1177. Ian Macdonald has joined
  1178. Ian Macdonald has left
  1179. Ian Macdonald has joined
  1180. Ian Macdonald has left
  1181. kryptos has left
  1182. Ian Macdonald has joined
  1183. Ian Macdonald has left
  1184. Ian Macdonald has joined
  1185. Ian Macdonald has left
  1186. Ian Macdonald has joined
  1187. Ian Macdonald has left
  1188. Ian Macdonald has joined
  1189. Ian Macdonald has left
  1190. Ian Macdonald has joined
  1191. Ian Macdonald has left
  1192. Ian Macdonald has joined
  1193. Ian Macdonald has left
  1194. Ian Macdonald has joined
  1195. Ian Macdonald has left
  1196. Ian Macdonald has joined
  1197. Ian Macdonald has left
  1198. Ian Macdonald has joined
  1199. Ian Macdonald has left
  1200. Ian Macdonald has joined
  1201. Ian Macdonald has left
  1202. Ian Macdonald has joined
  1203. Ian Macdonald has left
  1204. Ian Macdonald has joined
  1205. Ian Macdonald has left
  1206. Ian Macdonald has joined
  1207. Ian Macdonald has left
  1208. xorman has left
  1209. Ian Macdonald has joined
  1210. Ian Macdonald has left
  1211. Ian Macdonald has joined
  1212. Ian Macdonald has left
  1213. Ian Macdonald has joined
  1214. Ian Macdonald has left
  1215. patasca has left
  1216. Ian Macdonald has joined
  1217. Ian Macdonald has left
  1218. Ian Macdonald has joined
  1219. Ian Macdonald has left
  1220. Ian Macdonald has joined
  1221. Ian Macdonald has left
  1222. Bjarkan has left
  1223. Ian Macdonald has joined
  1224. Ian Macdonald has left
  1225. Ian Macdonald has joined
  1226. Ian Macdonald has left
  1227. Ian Macdonald has joined
  1228. Ian Macdonald has left
  1229. Ian Macdonald has joined
  1230. Ian Macdonald has left
  1231. Ian Macdonald has joined
  1232. Ian Macdonald has left
  1233. Ian Macdonald has joined
  1234. Ian Macdonald has left
  1235. Ian Macdonald has joined
  1236. Ian Macdonald has left
  1237. Ian Macdonald has joined
  1238. Ian Macdonald has left
  1239. Ian Macdonald has joined
  1240. Ian Macdonald has left
  1241. Ian Macdonald has joined
  1242. Ian Macdonald has left
  1243. Ian Macdonald has joined
  1244. Ian Macdonald has left
  1245. Ian Macdonald has joined
  1246. Ian Macdonald has left
  1247. mjk has left
  1248. Ian Macdonald has joined
  1249. Ian Macdonald has left
  1250. Bjarkan has joined
  1251. Ian Macdonald has joined
  1252. Ian Macdonald has left
  1253. xorman has joined
  1254. jl4 has left
  1255. Ian Macdonald has joined
  1256. Ian Macdonald has left
  1257. Ian Macdonald has joined
  1258. Ian Macdonald has left
  1259. kryptos has joined
  1260. Ian Macdonald has joined
  1261. Ian Macdonald has left
  1262. Ian Macdonald has joined
  1263. Ian Macdonald has left
  1264. ross has left
  1265. Ian Macdonald has joined
  1266. Ian Macdonald has left
  1267. Ian Macdonald has joined
  1268. Ian Macdonald has left
  1269. mjk has joined
  1270. ross has joined
  1271. Ian Macdonald has joined
  1272. Ian Macdonald has left
  1273. patasca has joined
  1274. Ian Macdonald has joined
  1275. Ian Macdonald has left
  1276. Ian Macdonald has joined
  1277. Ian Macdonald has left
  1278. Ian Macdonald has joined
  1279. Ian Macdonald has left
  1280. Ian Macdonald has joined
  1281. Ian Macdonald has left
  1282. Ian Macdonald has joined
  1283. Ian Macdonald has left
  1284. Ian Macdonald has joined
  1285. Ian Macdonald has left
  1286. Ian Macdonald has joined
  1287. Ian Macdonald has left
  1288. Ian Macdonald has joined
  1289. Ian Macdonald has left
  1290. Ian Macdonald has joined
  1291. Ian Macdonald has left
  1292. Ian Macdonald has joined
  1293. Ian Macdonald has left
  1294. Ian Macdonald has joined
  1295. Ian Macdonald has left
  1296. Ian Macdonald has joined
  1297. Ian Macdonald has left
  1298. Ian Macdonald has joined
  1299. Ian Macdonald has left
  1300. Ian Macdonald has joined
  1301. Ian Macdonald has left
  1302. Ian Macdonald has joined
  1303. Ian Macdonald has left
  1304. Ian Macdonald has joined
  1305. Ian Macdonald has left
  1306. Ian Macdonald has joined
  1307. Ian Macdonald has left
  1308. Ian Macdonald has joined
  1309. Ian Macdonald has left
  1310. Ian Macdonald has joined
  1311. Ian Macdonald has left
  1312. Ian Macdonald has joined
  1313. Ian Macdonald has left
  1314. patasca has left
  1315. patasca has joined
  1316. Ian Macdonald has joined
  1317. Ian Macdonald has left
  1318. Ian Macdonald has joined
  1319. Ian Macdonald has left
  1320. Ian Macdonald has joined
  1321. Ian Macdonald has left
  1322. insanity has joined
  1323. Ian Macdonald has joined
  1324. Ian Macdonald has left
  1325. insanity has left
  1326. Ian Macdonald has joined
  1327. Ian Macdonald has left
  1328. Ian Macdonald has joined
  1329. Ian Macdonald has left
  1330. Ian Macdonald has joined
  1331. Ian Macdonald has left
  1332. Ian Macdonald has joined
  1333. Ian Macdonald has left
  1334. Ian Macdonald has joined
  1335. Ian Macdonald has left
  1336. Ian Macdonald has joined
  1337. Ian Macdonald has left
  1338. Ian Macdonald has joined
  1339. Ian Macdonald has left
  1340. derventio has left
  1341. Ian Macdonald has joined
  1342. Ian Macdonald has left
  1343. insanity has joined
  1344. Ian Macdonald has joined
  1345. Ian Macdonald has left
  1346. Ian Macdonald has joined
  1347. Ian Macdonald has left
  1348. Ian Macdonald has joined
  1349. Ian Macdonald has left
  1350. Ian Macdonald has joined
  1351. insanity has left
  1352. Ian Macdonald has left
  1353. Ian Macdonald has joined
  1354. Ian Macdonald has left
  1355. Ian Macdonald has joined
  1356. Ian Macdonald has left
  1357. steven has left
  1358. insanity has joined
  1359. Ian Macdonald has joined
  1360. Ian Macdonald has left
  1361. insanity has left
  1362. Ian Macdonald has joined
  1363. Ian Macdonald has left
  1364. Huxx has left
  1365. Ian Macdonald has joined
  1366. Ian Macdonald has left
  1367. Ian Macdonald has joined
  1368. Ian Macdonald has left
  1369. Ian Macdonald has joined
  1370. Ian Macdonald has left
  1371. Ian Macdonald has joined
  1372. Ian Macdonald has left
  1373. Ian Macdonald has joined
  1374. Ian Macdonald has left
  1375. insanity has joined
  1376. Ian Macdonald has joined
  1377. Ian Macdonald has left
  1378. Ian Macdonald has joined
  1379. Ian Macdonald has left
  1380. Ian Macdonald has joined
  1381. Ian Macdonald has left
  1382. Ian Macdonald has joined
  1383. Ian Macdonald has left
  1384. Ian Macdonald has joined
  1385. Ian Macdonald has left
  1386. Ian Macdonald has joined
  1387. Ian Macdonald has left
  1388. jl4 has joined
  1389. Ian Macdonald has joined
  1390. Ian Macdonald has left
  1391. Ian Macdonald has joined
  1392. Ian Macdonald has left
  1393. xorman has left
  1394. Ian Macdonald has joined
  1395. Ian Macdonald has left
  1396. jl4 has left
  1397. Ian Macdonald has joined
  1398. jl4 has joined
  1399. Ian Macdonald has left
  1400. Ian Macdonald has joined
  1401. Ian Macdonald has left
  1402. Ian Macdonald has joined
  1403. Ian Macdonald has left
  1404. Ian Macdonald has joined
  1405. Ian Macdonald has left
  1406. Ian Macdonald has joined
  1407. Ian Macdonald has left
  1408. Ian Macdonald has joined
  1409. Ian Macdonald has left
  1410. Ian Macdonald has joined
  1411. Ian Macdonald has left
  1412. Ian Macdonald has joined
  1413. Ian Macdonald has left
  1414. Ian Macdonald has joined
  1415. Ian Macdonald has left
  1416. Ian Macdonald has joined
  1417. Ian Macdonald has left
  1418. Ian Macdonald has joined
  1419. Ian Macdonald has left
  1420. Ian Macdonald has joined
  1421. Ian Macdonald has left
  1422. Ian Macdonald has joined
  1423. Ian Macdonald has left
  1424. Ian Macdonald has joined
  1425. Ian Macdonald has left
  1426. Ian Macdonald has joined
  1427. Ian Macdonald has left
  1428. Ian Macdonald has joined
  1429. Ian Macdonald has left
  1430. Ian Macdonald has joined
  1431. Ian Macdonald has left
  1432. Bjarkan has left
  1433. Ian Macdonald has joined
  1434. Ian Macdonald has left
  1435. Ian Macdonald has joined
  1436. Ian Macdonald has left
  1437. Ian Macdonald has joined
  1438. Ian Macdonald has left
  1439. Ian Macdonald has joined
  1440. Ian Macdonald has left
  1441. Ian Macdonald has joined
  1442. Ian Macdonald has left
  1443. Ian Macdonald has joined
  1444. Ian Macdonald has left
  1445. patasca has left
  1446. Ian Macdonald has joined
  1447. Ian Macdonald has left
  1448. Ian Macdonald has joined
  1449. Ian Macdonald has left
  1450. Ian Macdonald has joined
  1451. Ian Macdonald has left
  1452. Ian Macdonald has joined
  1453. Ian Macdonald has left
  1454. Ian Macdonald has joined
  1455. Ian Macdonald has left
  1456. Ian Macdonald has joined
  1457. Ian Macdonald has left
  1458. Ian Macdonald has joined
  1459. Ian Macdonald has left
  1460. Ian Macdonald has joined
  1461. Ian Macdonald has left
  1462. Ian Macdonald has joined
  1463. Ian Macdonald has left
  1464. Ian Macdonald has joined
  1465. Ian Macdonald has left
  1466. Ian Macdonald has joined
  1467. Ian Macdonald has left
  1468. Ian Macdonald has joined
  1469. Ian Macdonald has left
  1470. Ian Macdonald has joined
  1471. Ian Macdonald has left
  1472. Ian Macdonald has joined
  1473. Ian Macdonald has left
  1474. Ian Macdonald has joined
  1475. Ian Macdonald has left
  1476. Ian Macdonald has joined
  1477. Ian Macdonald has left
  1478. Ian Macdonald has joined
  1479. Ian Macdonald has left
  1480. Ian Macdonald has joined
  1481. Ian Macdonald has left
  1482. Ian Macdonald has joined
  1483. Ian Macdonald has left
  1484. jl4 has left
  1485. jl4 has joined
  1486. Ian Macdonald has joined
  1487. Ian Macdonald has left
  1488. Ian Macdonald has joined
  1489. Ian Macdonald has left
  1490. Ian Macdonald has joined
  1491. Ian Macdonald has left
  1492. Ian Macdonald has joined
  1493. Ian Macdonald has left
  1494. Bjarkan has joined
  1495. Ian Macdonald has joined
  1496. Ian Macdonald has left
  1497. Ian Macdonald has joined
  1498. Ian Macdonald has left
  1499. Ian Macdonald has joined
  1500. Ian Macdonald has left
  1501. argon3771 has left
  1502. Ian Macdonald has joined
  1503. Ian Macdonald has left
  1504. Ian Macdonald has joined
  1505. Ian Macdonald has left
  1506. xorman has joined
  1507. Ian Macdonald has joined
  1508. Ian Macdonald has left
  1509. Ian Macdonald has joined
  1510. Ian Macdonald has left
  1511. Bjarkan has left
  1512. Ian Macdonald has joined
  1513. Ian Macdonald has left
  1514. Ian Macdonald has joined
  1515. Ian Macdonald has left
  1516. Ian Macdonald has joined
  1517. Ian Macdonald has left
  1518. Ian Macdonald has joined
  1519. Ian Macdonald has left
  1520. Ian Macdonald has joined
  1521. Ian Macdonald has left
  1522. Ian Macdonald has joined
  1523. Ian Macdonald has left
  1524. Ian Macdonald has joined
  1525. Ian Macdonald has left
  1526. Ian Macdonald has joined
  1527. Ian Macdonald has left
  1528. Ian Macdonald has joined
  1529. Ian Macdonald has left
  1530. Bjarkan has joined
  1531. argon3771 has joined
  1532. Ian Macdonald has joined
  1533. Ian Macdonald has left
  1534. Ian Macdonald has joined
  1535. Ian Macdonald has left
  1536. Ian Macdonald has joined
  1537. Ian Macdonald has left
  1538. Ian Macdonald has joined
  1539. Ian Macdonald has left
  1540. Ian Macdonald has joined
  1541. Ian Macdonald has left
  1542. Ian Macdonald has joined
  1543. Ian Macdonald has left
  1544. patasca has joined
  1545. Ian Macdonald has joined
  1546. Ian Macdonald has left
  1547. patasca has left
  1548. patasca has joined
  1549. Ian Macdonald has joined
  1550. Bjarkan has left
  1551. Ian Macdonald has left
  1552. Menel has left
  1553. Menel has joined
  1554. kikuchiyo has left
  1555. Ian Macdonald has joined
  1556. Ian Macdonald has left
  1557. Ian Macdonald has joined
  1558. Ian Macdonald has left
  1559. Ian Macdonald has joined
  1560. Ian Macdonald has left
  1561. Menel has left
  1562. Menel has joined
  1563. Ian Macdonald has joined
  1564. Ian Macdonald has left
  1565. Menel has left
  1566. karme has left
  1567. Menel has joined
  1568. Ian Macdonald has joined
  1569. Ian Macdonald has left
  1570. Menel has left
  1571. Menel has joined
  1572. Ian Macdonald has joined
  1573. Ian Macdonald has left
  1574. Ian Macdonald has joined
  1575. Ian Macdonald has left
  1576. Bjarkan has joined
  1577. Ian Macdonald has joined
  1578. Ian Macdonald has left
  1579. Ian Macdonald has joined
  1580. Ian Macdonald has left
  1581. Ian Macdonald has joined
  1582. Ian Macdonald has left
  1583. Ian Macdonald has joined
  1584. Ian Macdonald has left
  1585. Ian Macdonald has joined
  1586. Ian Macdonald has left
  1587. Ian Macdonald has joined
  1588. Ian Macdonald has left
  1589. Ian Macdonald has joined
  1590. Ian Macdonald has left
  1591. Ian Macdonald has joined
  1592. Ian Macdonald has left
  1593. Ian Macdonald has joined
  1594. Ian Macdonald has left
  1595. octagon has left
  1596. Ian Macdonald has joined
  1597. Ian Macdonald has left
  1598. Ian Macdonald has joined
  1599. Ian Macdonald has left
  1600. Ian Macdonald has joined
  1601. Ian Macdonald has left
  1602. Ian Macdonald has joined
  1603. Ian Macdonald has left
  1604. Ian Macdonald has joined
  1605. Ian Macdonald has left
  1606. Ian Macdonald has joined
  1607. Ian Macdonald has left
  1608. Ian Macdonald has joined
  1609. Ian Macdonald has left
  1610. Ian Macdonald has joined
  1611. Ian Macdonald has left
  1612. Ian Macdonald has joined
  1613. Ian Macdonald has left
  1614. jl4 has left
  1615. jl4 has joined
  1616. Ian Macdonald has joined
  1617. Ian Macdonald has left
  1618. Ian Macdonald has joined
  1619. Ian Macdonald has left
  1620. Bjarkan has left
  1621. Ian Macdonald has joined
  1622. Ian Macdonald has left
  1623. Ian Macdonald has joined
  1624. Ian Macdonald has left
  1625. Ian Macdonald has joined
  1626. Ian Macdonald has left
  1627. Ian Macdonald has joined
  1628. Ian Macdonald has left
  1629. Bjarkan has joined
  1630. Ian Macdonald has joined
  1631. Ian Macdonald has left
  1632. Ian Macdonald has joined
  1633. Ian Macdonald has left
  1634. Menel has left
  1635. Ian Macdonald has joined
  1636. Ian Macdonald has left
  1637. Ian Macdonald has joined
  1638. Ian Macdonald has left
  1639. Ian Macdonald has joined
  1640. Ian Macdonald has left
  1641. Ian Macdonald has joined
  1642. Ian Macdonald has left
  1643. Ian Macdonald has joined
  1644. Ian Macdonald has left
  1645. Ian Macdonald has joined
  1646. Ian Macdonald has left
  1647. Ian Macdonald has joined
  1648. Ian Macdonald has left
  1649. Ian Macdonald has joined
  1650. Ian Macdonald has left
  1651. Ian Macdonald has joined
  1652. Ian Macdonald has left
  1653. Ian Macdonald has joined
  1654. Ian Macdonald has left
  1655. Sam has left
  1656. Sam has joined
  1657. Ian Macdonald has joined
  1658. Ian Macdonald has left
  1659. Ian Macdonald has joined
  1660. Ian Macdonald has left
  1661. Ian Macdonald has joined
  1662. Ian Macdonald has left
  1663. Ian Macdonald has joined
  1664. Ian Macdonald has left
  1665. Ian Macdonald has joined
  1666. Ian Macdonald has left
  1667. octagon has joined
  1668. Ian Macdonald has joined
  1669. Ian Macdonald has left
  1670. Ian Macdonald has joined
  1671. Ian Macdonald has left
  1672. madmalkav has left
  1673. Ian Macdonald has joined
  1674. Ian Macdonald has left
  1675. Ian Macdonald has joined
  1676. Ian Macdonald has left
  1677. Ian Macdonald has joined
  1678. Ian Macdonald has left
  1679. kryptos has left
  1680. Ian Macdonald has joined
  1681. Ian Macdonald has left
  1682. Ian Macdonald has joined
  1683. Ian Macdonald has left
  1684. Ian Macdonald has joined
  1685. Ian Macdonald has left
  1686. Ian Macdonald has joined
  1687. Ian Macdonald has left
  1688. Ian Macdonald has joined
  1689. Ian Macdonald has left
  1690. Ian Macdonald has joined
  1691. Ian Macdonald has left
  1692. alberto has left
  1693. Ian Macdonald has joined
  1694. Ian Macdonald has left
  1695. Ian Macdonald has joined
  1696. Ian Macdonald has left
  1697. Ian Macdonald has joined
  1698. Ian Macdonald has left
  1699. Ian Macdonald has joined
  1700. Ian Macdonald has left
  1701. Ian Macdonald has joined
  1702. Ian Macdonald has left
  1703. Ian Macdonald has joined
  1704. Ian Macdonald has left
  1705. Ian Macdonald has joined
  1706. Ian Macdonald has left
  1707. Ian Macdonald has joined
  1708. Ian Macdonald has left
  1709. Ian Macdonald has joined
  1710. Ian Macdonald has left
  1711. Ian Macdonald has joined
  1712. Ian Macdonald has left
  1713. Ian Macdonald has joined
  1714. Ian Macdonald has left
  1715. Ian Macdonald has joined
  1716. Ian Macdonald has left
  1717. Ian Macdonald has joined
  1718. Ian Macdonald has left
  1719. Ian Macdonald has joined
  1720. Ian Macdonald has left
  1721. Ian Macdonald has joined
  1722. Ian Macdonald has left
  1723. Ian Macdonald has joined
  1724. Ian Macdonald has left
  1725. patasca has left
  1726. patasca has joined
  1727. Ian Macdonald has joined
  1728. Ian Macdonald has left
  1729. Ian Macdonald has joined
  1730. Ian Macdonald has left
  1731. Ian Macdonald has joined
  1732. Ian Macdonald has left
  1733. Ian Macdonald has joined
  1734. Ian Macdonald has left
  1735. Ian Macdonald has joined
  1736. Ian Macdonald has left
  1737. Ian Macdonald has joined
  1738. Ian Macdonald has left
  1739. Ian Macdonald has joined
  1740. Ian Macdonald has left
  1741. Ian Macdonald has joined
  1742. Ian Macdonald has left
  1743. Ian Macdonald has joined
  1744. Ian Macdonald has left
  1745. Ian Macdonald has joined
  1746. Ian Macdonald has left
  1747. Ian Macdonald has joined
  1748. Ian Macdonald has left
  1749. Ian Macdonald has joined
  1750. Ian Macdonald has left
  1751. Ian Macdonald has joined
  1752. Ian Macdonald has left
  1753. rom1dep has left
  1754. Ian Macdonald has joined
  1755. Ian Macdonald has left
  1756. Ian Macdonald has joined
  1757. Ian Macdonald has left
  1758. Ian Macdonald has joined
  1759. Ian Macdonald has left
  1760. Ian Macdonald has joined
  1761. Ian Macdonald has left
  1762. Ian Macdonald has joined
  1763. Ian Macdonald has left
  1764. Ian Macdonald has joined
  1765. Ian Macdonald has left
  1766. x187x has left
  1767. jl4 has left
  1768. Ian Macdonald has joined
  1769. Ian Macdonald has left
  1770. Ian Macdonald has joined
  1771. Ian Macdonald has left
  1772. Ian Macdonald has joined
  1773. Ian Macdonald has left
  1774. Ian Macdonald has joined
  1775. Ian Macdonald has left
  1776. Ian Macdonald has joined
  1777. Ian Macdonald has left
  1778. Bjarkan has left
  1779. Ian Macdonald has joined
  1780. Ian Macdonald has left
  1781. Ian Macdonald has joined
  1782. Ian Macdonald has left
  1783. Ian Macdonald has joined
  1784. Ian Macdonald has left
  1785. Ian Macdonald has joined
  1786. Ian Macdonald has left
  1787. Ian Macdonald has joined
  1788. Ian Macdonald has left
  1789. schäfchen726 has left
  1790. schäfchen726 has joined
  1791. Ian Macdonald has joined
  1792. Ian Macdonald has left
  1793. Ian Macdonald has joined
  1794. Ian Macdonald has left
  1795. x187x has joined
  1796. Ian Macdonald has joined
  1797. Ian Macdonald has left
  1798. Bjarkan has joined
  1799. Ian Macdonald has joined
  1800. Ian Macdonald has left
  1801. Ian Macdonald has joined
  1802. Ian Macdonald has left
  1803. Ian Macdonald has joined
  1804. Ian Macdonald has left
  1805. Ian Macdonald has joined
  1806. Ian Macdonald has left
  1807. Ian Macdonald has joined
  1808. Ian Macdonald has left
  1809. abidal3 has left
  1810. Ian Macdonald has joined
  1811. Ian Macdonald has left
  1812. Ian Macdonald has joined
  1813. Ian Macdonald has left
  1814. Ian Macdonald has joined
  1815. Ian Macdonald has left
  1816. Ian Macdonald has joined
  1817. Ian Macdonald has left
  1818. Ian Macdonald has joined
  1819. Ian Macdonald has left
  1820. patasca has left
  1821. Mel has left
  1822. Ian Macdonald has joined
  1823. Ian Macdonald has left
  1824. neox has left
  1825. Ian Macdonald has joined
  1826. Ian Macdonald has left
  1827. Ian Macdonald has joined
  1828. Ian Macdonald has left
  1829. Ian Macdonald has joined
  1830. Ian Macdonald has left
  1831. Ian Macdonald has joined
  1832. Ian Macdonald has left
  1833. ross has left
  1834. Ian Macdonald has joined
  1835. ross has joined
  1836. Ian Macdonald has left
  1837. Ian Macdonald has joined
  1838. Ian Macdonald has left
  1839. Ian Macdonald has joined
  1840. Ian Macdonald has left
  1841. Ian Macdonald has joined
  1842. Ian Macdonald has left
  1843. Ian Macdonald has joined
  1844. Ian Macdonald has left
  1845. Ian Macdonald has joined
  1846. Ian Macdonald has left
  1847. Ian Macdonald has joined
  1848. Ian Macdonald has left
  1849. Ian Macdonald has joined
  1850. Ian Macdonald has left
  1851. Ian Macdonald has joined
  1852. Ian Macdonald has left
  1853. Ian Macdonald has joined
  1854. Ian Macdonald has left
  1855. Ian Macdonald has joined
  1856. Ian Macdonald has left
  1857. Maranda has left
  1858. Maranda has joined
  1859. Ge0rG has left
  1860. Ge0rG has joined
  1861. Ian Macdonald has joined
  1862. Ian Macdonald has left
  1863. Ian Macdonald has joined
  1864. Ian Macdonald has left
  1865. Mel has joined
  1866. Ian Macdonald has joined
  1867. Ian Macdonald has left
  1868. Ian Macdonald has joined
  1869. Ian Macdonald has left
  1870. Ian Macdonald has joined
  1871. Ian Macdonald has left
  1872. Ian Macdonald has joined
  1873. Ian Macdonald has left
  1874. marc has left
  1875. Ian Macdonald has joined
  1876. Ian Macdonald has left
  1877. Ian Macdonald has joined
  1878. Ian Macdonald has left
  1879. Ian Macdonald has joined
  1880. Ian Macdonald has left
  1881. Ian Macdonald has joined
  1882. Ian Macdonald has left
  1883. Ian Macdonald has joined
  1884. Ian Macdonald has left
  1885. Ian Macdonald has joined
  1886. Ian Macdonald has left
  1887. Ian Macdonald has joined
  1888. Ian Macdonald has left
  1889. Ian Macdonald has joined
  1890. Ian Macdonald has left
  1891. bauruine has left
  1892. bauruine has joined
  1893. Licaon_Kter has left
  1894. Ian Macdonald has joined
  1895. Ian Macdonald has left
  1896. Ian Macdonald has joined
  1897. Ian Macdonald has left
  1898. Ian Macdonald has joined
  1899. Ian Macdonald has left
  1900. Ian Macdonald has joined
  1901. Ian Macdonald has left
  1902. Ian Macdonald has joined
  1903. Ian Macdonald has left
  1904. Ian Macdonald has joined
  1905. Ian Macdonald has left
  1906. Ian Macdonald has joined
  1907. Ian Macdonald has left
  1908. millesimus has left
  1909. Ian Macdonald has joined
  1910. Ian Macdonald has left
  1911. Ian Macdonald has joined
  1912. Ian Macdonald has left
  1913. millesimus has joined
  1914. Ian Macdonald has joined
  1915. Ian Macdonald has left
  1916. undefined has left
  1917. Ian Macdonald has joined
  1918. Ian Macdonald has left
  1919. Ian Macdonald has joined
  1920. Ian Macdonald has left
  1921. schäfchen726 has left
  1922. Ian Macdonald has joined
  1923. Ian Macdonald has left
  1924. Ian Macdonald has joined
  1925. Ian Macdonald has left
  1926. mjk has left
  1927. Ian Macdonald has joined
  1928. Ian Macdonald has left
  1929. Ian Macdonald has joined
  1930. Ian Macdonald has left
  1931. Ian Macdonald has joined
  1932. Ian Macdonald has left
  1933. Ian Macdonald has joined
  1934. Ian Macdonald has left
  1935. Ian Macdonald has joined
  1936. Ian Macdonald has left
  1937. Ian Macdonald has joined
  1938. Ian Macdonald has left
  1939. Ian Macdonald has joined
  1940. Ian Macdonald has left
  1941. Ian Macdonald has joined
  1942. Ian Macdonald has left
  1943. Ian Macdonald has joined
  1944. Ian Macdonald has left
  1945. Ian Macdonald has joined
  1946. Ian Macdonald has left
  1947. Ian Macdonald has joined
  1948. Ian Macdonald has left
  1949. Ian Macdonald has joined
  1950. Ian Macdonald has left
  1951. Ian Macdonald has joined
  1952. Ian Macdonald has left
  1953. patasca has joined
  1954. kryptos has joined
  1955. Ian Macdonald has joined
  1956. Ian Macdonald has left
  1957. ricky has left
  1958. Ian Macdonald has joined
  1959. Ian Macdonald has left
  1960. Ian Macdonald has joined
  1961. Ian Macdonald has left
  1962. Ian Macdonald has joined
  1963. Ian Macdonald has left
  1964. Bjarkan has left
  1965. Ian Macdonald has joined
  1966. Ian Macdonald has left
  1967. patasca has left
  1968. Ian Macdonald has joined
  1969. Ian Macdonald has left
  1970. patasca has joined
  1971. Ian Macdonald has joined
  1972. Ian Macdonald has left
  1973. Ian Macdonald has joined
  1974. Ian Macdonald has left
  1975. Ian Macdonald has joined
  1976. Ian Macdonald has left
  1977. Ian Macdonald has joined
  1978. Ian Macdonald has left
  1979. Ian Macdonald has joined
  1980. Ian Macdonald has left
  1981. Ian Macdonald has joined
  1982. Ian Macdonald has left
  1983. Samir Allioui has left
  1984. Samir Allioui has joined
  1985. Ian Macdonald has joined
  1986. Ian Macdonald has left
  1987. Ian Macdonald has joined
  1988. Ian Macdonald has left
  1989. Ian Macdonald has joined
  1990. Ian Macdonald has left
  1991. patasca has left
  1992. patasca has joined
  1993. Ian Macdonald has joined
  1994. Ian Macdonald has left
  1995. Ian Macdonald has joined
  1996. Ian Macdonald has left
  1997. Ian Macdonald has joined
  1998. Ian Macdonald has left
  1999. Ian Macdonald has joined
  2000. Ian Macdonald has left
  2001. Ian Macdonald has joined
  2002. Ian Macdonald has left
  2003. Ian Macdonald has joined
  2004. Ian Macdonald has left
  2005. Ian Macdonald has joined
  2006. Ian Macdonald has left
  2007. Ian Macdonald has joined
  2008. Ian Macdonald has left
  2009. Ian Macdonald has joined
  2010. Ian Macdonald has left
  2011. Ian Macdonald has joined
  2012. Ian Macdonald has left
  2013. Ian Macdonald has joined
  2014. Ian Macdonald has left
  2015. Ian Macdonald has joined
  2016. Ian Macdonald has left
  2017. Ian Macdonald has joined
  2018. Ian Macdonald has left
  2019. ross has left
  2020. ross has joined
  2021. Ian Macdonald has joined
  2022. Ian Macdonald has left
  2023. Ian Macdonald has joined
  2024. Ian Macdonald has left
  2025. Ian Macdonald has joined
  2026. Ian Macdonald has left
  2027. Ian Macdonald has joined
  2028. Ian Macdonald has left
  2029. Ian Macdonald has joined
  2030. Ian Macdonald has left
  2031. Ian Macdonald has joined
  2032. Ian Macdonald has left
  2033. Ian Macdonald has joined
  2034. Ian Macdonald has left
  2035. Ian Macdonald has joined
  2036. Ian Macdonald has left
  2037. Ian Macdonald has joined
  2038. Ian Macdonald has left
  2039. Ian Macdonald has joined
  2040. Ian Macdonald has left
  2041. Ian Macdonald has joined
  2042. Ian Macdonald has left
  2043. Ian Macdonald has joined
  2044. Ian Macdonald has left
  2045. Bjarkan has joined
  2046. Ian Macdonald has joined
  2047. Ian Macdonald has left
  2048. Ian Macdonald has joined
  2049. Ian Macdonald has left
  2050. Ian Macdonald has joined
  2051. Ian Macdonald has left
  2052. Ian Macdonald has joined
  2053. Ian Macdonald has left
  2054. Ian Macdonald has joined
  2055. Ian Macdonald has left
  2056. Ian Macdonald has joined
  2057. Ian Macdonald has left
  2058. Ian Macdonald has joined
  2059. Ian Macdonald has left
  2060. Ian Macdonald has joined
  2061. Ian Macdonald has left
  2062. Ian Macdonald has joined
  2063. Ian Macdonald has left
  2064. Ian Macdonald has joined
  2065. Ian Macdonald has left
  2066. Ian Macdonald has joined
  2067. Ian Macdonald has left
  2068. Ian Macdonald has joined
  2069. Ian Macdonald has left
  2070. Ian Macdonald has joined
  2071. Ian Macdonald has left
  2072. Ian Macdonald has joined
  2073. Ian Macdonald has left
  2074. patasca has left