-
Martin
I think Ge0rg is busy enough these days with the vaxbot load. What's the issue with TLS1.2?
-
Licaon_Kter
Martin: #security
-
jonas’
https://crypto.stackexchange.com/a/81967 FWIW
-
tom
Martin: TLS1.2 is a absolute pain in the ass to maintain
-
tom
It would be a lot simpler and easier to configure not mess up if we could switch over to tlsv1.3
-
tom
I for one would very much like to drop tlsv1.2, and according to my statistics only about 5 or so instances still require it
-
tom
The rest of them are fully 1.3 compliant
-
Licaon_Kter
tom: how do you check? openssl to each s2s ?
-
Licaon_Kter
Clients?
-
tom
Licaon_Kter: log files and also s2s:show_tls(domain) in prosody's shell
-
tom
All my clients are tlsv1.3
-
tom
In prosody you can check via the c2s:show_tls()
-
tom
Command
-
Licaon_Kter
👍
-
tom
For the people using old versions of openssl that don't support tlsv1.3, you also get forward secrecy if you upgrade
-
tom
Which is very important for an IM server
-
Link Mauve
tom, fyi, we still got 15 s2s connections open in TLSv1 and 637 with TLSv1.2, vs. 1404 with TLSv1.3.
-
Link Mauve
None in TLSv1.1 thankfully.
-
tom
Who's using tlsv1?
-
Link Mauve
So your view of the network definitely doesn’t match ours. :)
-
tom
And what ciphersuite
-
Link Mauve
From our s2s, bunin.im ceplovi.cz dolka.fr hotsecure.biz jabber.mk.ua jabber.no-sense.net jabber.pw jabber.tuxfamily.org lcp.cc onex.mandalpipe.com the-compiler.org yukon.to
-
tom
I haven't used tlsv1 since i telneted into a muc with trebuchet
-
Link Mauve
Using AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA.
-
tom
Oh wel, that's not as bad as I thought it was going to be
-
Link Mauve
Prosody probably disallows some worse ones by default.
-
Holger
> Which is very important for an IM server tom, the attack vector is that someone transfers sensitive information without using any form of end-to-end encryption, the attacker sniffs and stores the traffic but has no access to either end of the communication nor to the server, later gets access to one of the server's and therefore the private key, and because the clear-text messages aren't stored in MAM, uses the private key to decrypt the traffic that was sniffed earlier. Right?✎ -
Holger
> Which is very important for an IM server tom, the attack vector is that someone transfers sensitive information without using any form of end-to-end encryption, the attacker sniffs and stores the traffic but has no access to either end of the communication nor to the server, later gets access to the server and therefore the private key, and because the clear-text messages aren't stored in MAM for some reason, uses the private key to decrypt the traffic that was sniffed earlier. Right? ✏
-
tom
Yes
-
tom
If your keys get stoled them being used to decrypt past stored-to-disk coms
-
Holger
Right, but being able to do that only makes a effective difference in highly specific scenarios like the one I outlined above. (People might want to take that into account when judging themselves on the realtive importance of protecting against such attacks vs. interop, for example.)✎ -
Holger
Right, but being able to do that only makes an effective difference in highly specific scenarios like the one I outlined above. (People might want to take that into account when judging themselves on the realtive importance of protecting against such attacks vs. interop, for example.) ✏
-
Holger
Right, but being able to do that only makes an effective difference in highly specific scenarios like the one I outlined above. (People might want to take that into account when judging themselves on the relative importance of protecting against such attacks vs. interop, for example.) ✏
-
croax
Holger: Attack vector is not only cleartext exchanges with MAM disabled, but all meta-data, including E2E exchanges. This is basically SSL stripping for past recorded exchanges.✎ -
croax
Holger: Attack vector is not only cleartext exchanges with MAM disabled, but all meta-data, including ones coming with E2E exchanges. This is basically SSL stripping for past recorded exchanges. ✏
-
Holger
With MAM enabled I see no difference w.r.t. the metadata either.
-
Holger
But yes if we're talking metadata we can ignore E2EE of course.
-
Holger
FWIW I'm not trying to downplay security questions. Quite the opposite, I think that's the one most important topic admins must be able to handle. I just try to insist on properly judging on trade-offs, rather than doing blind MOAH STRICT MOAH BETTA decisions.
-
croax
Holger: you're perfectly right. Make people think and understand what they do. So PFS + MAM is kind of contradiction but not incompatible.
-
Holger
Right. And if there's no significant downside in enforcing PFS then the decision is obvious of course.
-
BaBa
> I also think that with keeping in mind the reality that many governments do in fact record ALL internet traffic to disk.. now you might think that's crazy but egypt actually did that and the utah datacenter and ESPECIALLY google have the ability to do that I, 2nd you. But what the remedy to this shit??
-
Menel
What they wrote.. Encrypt it with a security margin... That it can hold 30 years to come..
-
xorman
MAM can be disabled on the client side
-
Araucaria
What is wrong with tls1.2?
-
croax
xorman: > MAM can be disabled on the client side But you have no control on your correspondants MAM settings, right?
-
moparisthebest
you also don't know if your correspondant is a spy shuffling all your e2e messages directly to the NSA so what's the point? :P
-
croax
moparisthebest: you may at least have the right to have trustful contacts :-)
-
croax
> What is wrong with tls1.2? Not an expert but, security speaking, seems like TLS 1.3 enforces what can be configured in 1.2. So 1.2 MAY be misconfigured. (Eg mandating PFS).
-
BaBa
> you also don't know if your correspondant is a spy shuffling all your e2e messages directly to the NSA so what's the point? :P If encrypted.... What can NSA do with that
-
rob
They wouldn't be encrypted if your contact was sending the messages to them
-
rob
So verify your contacts and their keys
-
BaBa
Oh i c in thts case
-
BaBa
xmpp:privacyandsecurity@conference.nixnet.xyz?join
-
BaBa
Problem with server or something??
-
BaBa
Privacy and security room not working today
-
rob
I don't know about not working, I tried to join and was banned so it's kinda working
-
rob
Is it a private group?
-
Licaon_Kter
Was mentined above that nixnet is down. Can someone ping Amolith ?
-
neox
Licaon_Kter, Amolith server is down, so is his xmpp account too 😉
-
Licaon_Kter
Well, don't you all have Keyoxide and Fedi accounts? :)
-
rob
Keyoxide is great
-
BaBa
> Is it a private group? No. I had joined the group but banned today
-
rob
Weird, wonder what's up
-
Araucaria
BaBa, sometimes when a group is unavailable you can see that banned message, you likely were not actually banned
-
rob
Probably then because the server is down?
-
BaBa
Araucaria: all right. Thank you
-
Menel
Its not the same error message if there is no host at all.. That would be _remote server not found_ but I don't know what this one is.. Maybe its the muc component that's down?
-
Menel
Hm, no my server does get a s2s to that..
-
Menel
Got it now. Its the ejabberd server error, if you want to create a muc and are not allowed to do it from remote.. Prosody would say something like "you are no longer in this muc" So it seems this mic was deleted.✎ -
Menel
Got it now. Its the ejabberd server error, if you want to create a muc and are not allowed to do it from remote.. Prosody would say something like "you are no longer in this muc" So it seems this muc was deleted. ✏
-
qrpnxz
anyone have a regex on hand for JIDs?
-
moparisthebest
famous last words :)
-
Sam
Same as in the other room: there is no such thing. You could use *several* regular expressions to split (but not validate) a JID, but at that point you might as well just do the splitting in the language you're using and skip the regexp part
-
mjk
Sam: are jids non-regular? O_O (I know email addresses are)✎ -
mjk
Sam: are jids not regular? O_O (I know email addresses are) ✏
-
moparisthebest
no, you can't validate email addresses with a regex either
-
Sam
Yah, all those various email regexs are wrong too and will eventually bite you.
-
moparisthebest
at least not without many tears, and then you end up giving up
-
Sam
For JIDs among other things you'd need to split on the last "/" first, so you'd need backtracing which would require fancy Perl style not-regular-regular-expressions (maybe, I assume those could do it but I don't know all the things they support). However if you're doing that I can also create a JID that can lead to near infinite back tracing, so it's just not a good idea.
-
Sam
And that's just to split them into their component parts, you definitely can't do internationalization with a regexp.
-
mjk
Sounds exciting... Thanks guys
-
moparisthebest
the only acceptable "is the email/jid valid?" regex imho is ".*@.*\..*" for a quick smell test
-
mjk
Haha
-
moparisthebest
validate it the proper way further on if you need to be sure
-
moparisthebest
in english that's "has at least one @ and one . after the @"
-
Sam
Nope, that won't work for me@localhost :)
-
Sam
(but I know what you meant)
-
mjk
I guess PEGs should be powerful _and_ effient enough
-
moparisthebest
right but @localhost isn't valid for say, registering for a website or whatever, but yea :)
-
mjk
localhost.localdomain!!111
-
ernst.on.tour
Shouldn't something like [a-z0-9\.\\[0-90-9]+@ fetch the user part ?
-
Licaon_Kter
O hai, match this `@_xmpp_Nick=2fmucname=40conference.domain.tld:matrix.org`
-
mjk
Incoming code review... > `.*@.*\..*` This would match `@.` :p
-
Sam
My best initial guess (just for splitting, but almost certainly still wrong and it's probably easier to just do the splitting algorithm which is really easy to implement) would be `(?:(.*)@)?([^/]*)(?:/(.*))?`
-
mjk
Licaon_Kter: I- is that even a jid? suspicious@fry.jpeg
-
Licaon_Kter
mjk: it's how matrix users mention xmpp members over their broken bridge
-
mjk
Ah, so it's a mention, as I suspected
-
Licaon_Kter
Bad example actually, i dunno how it looks the other way :)
-
Sam
yah, that one is not actually a valid JID, just how matrix does things
-
Sam
oops, my random dumb stab at it is already broken by trivial JIDs. This is why you should just implement the splitting algorithm :)
-
mathieui
https://lab.louiz.org/poezio/slixmpp/-/blob/master/slixmpp/jid.py#L26 FWIW (but you need to validate it anyway, that’s just for splitting somewhat adequately, and you can’t validate it with a regex)
-
mjk
Now this chat has NaN problems
-
Sam
heh, my regexp library limits repeats to a max of 1000 for some reason, so even that wouldn't work
-
mathieui
Sam, so you are ignoring the last 23 bytes of each part??? That is a scandal!
-
Sam
mathieui: yup, can't parse all those 1023 byte localparts now!
-
mathieui
and resources!
-
mathieui
and domainparts!
-
Sam
Actually, even changing that it doesn't work for me, unsure why. I get no matches on even simple JIDs
-
Sam
huh, it's the bounding ^$ breaking it. No idea why though. Oh well.
-
Sam
Okay, I was totally wrong, this should work for splitting at least. I was being dumb, you don't have to match the last /, you obviously have to match the first one which is fine.
-
Sam
But still, don't do it. It's just a bad idea.
-
moparisthebest
A programmer has a problem, they think, I know I'll use a regex! Now they have 2 problems
-
Sam
This ^
-
mjk
Yeah, I mean.. ```lua print(([[A programmer has a problem, they think, I know I'll use a regex! Now they have 2 problems]]):match(' (.+) problems?')) ``` > programmer has a problem, they think, I know I'll use a regex! Now they have 2
-
qrpnxz
xD