-
Martin
> Establishing a secure connection from diebesban.de to nuegia.net failed. Certificate hash: 33053e5e7f4ee713d208bb963f24ac1c687f5b82b72921a007844211d9fe6dac. This certificate is invalid for nuegia.net.
-
nuegia.net
Martin, i recently removed nuegia.net from the certificate thinking xmpp.nuegia.net would be enough
-
nuegia.net
there's an SRV record
-
nuegia.net
pointing nuegia.net's xmpp server to xmpp.nuegia.net
-
nuegia.net
i originally set this up because some legacy software had a bug and required it
-
nuegia.net
is this still the case?
-
nuegia.net
what server software are you using?
-
jonas’
nuegia.net, your certificate must be valid for the XMPP domain, the SRV domain name is irrelevant(*) (unless DNSSEC is involved in all stages && the software supports this secure delegation, which you cannot rely on)✎ -
jonas’
nuegia.net, your certificate must be valid for the XMPP domain, the SRV domain name is irrelevant(*) (* unless DNSSEC is involved in all stages && the software supports this secure delegation, which you cannot rely on) ✏
-
jonas’
(and by XMPP domain I mean the part behind the @ in the JIDs)
-
nuegia.net
so it's not like email
-
jonas’
indeed
-
nuegia.net
that really sucks
-
jonas’
no
-
nuegia.net
ok thanks
-
jonas’
it makes a lot of sense from a security perspective
-
jonas’
otherwise someone who can spoof the SRV record could take over your domain
-
nuegia.net
a dnssec validating resolver could solve that no?
-
jonas’
yes, as I said, if DNSSEC is involved in all stages and the initiating party supports that special case, it would work
-
nuegia.net
is there documentation on how I could set that up?
-
nuegia.net
it's really not ideal for me to use my root dns record to satisfy acme
-
nuegia.net
also Martin it should be fixed now
-
jonas’
you cannot really set that up
-
jonas’
all entities connecting to your server need to set that up, which you can generally not control
-
jonas’
hence it is moot
-
Ellenor Bjornsd.
maybe i should set up a fully dnssec alt root
-
Martin
> Martin, i recently removed nuegia.net from the certificate thinking xmpp.nuegia.net would be enough > > there's an SRV record > > pointing nuegia.net's xmpp server to xmpp.nuegia.net > > i originally set this up because some legacy software had a bug and required it What client requires the xmppd to run on a subdomain? 😳
-
Licaon_Kter
PSA > trashserver.net will be moved to another phsyical server. There is no action required by you, but note that the service will be interrupted in the upcoming hours.
-
moparisthebest
nuegia.net: XMPP is "not like email" in the sense that XMPP actually requires proper certificates and email does not
-
moparisthebest
Email has 1000 subprotocols to try to guess if a message was actually sent by the domain that claimed to have sent it, vs XMPP where that's guaranteed via certificates
-
j.r (jugendhacker.de)
moparisthebest: it depends, you could also configure your Mail servers to require proper certificates ;)
-
moparisthebest
j.r (jugendhacker.de): and not be able to email most of the network, sure :)
-
agh
> maybe i should set up a fully dnssec alt root OpenNIC was doing that at one point.
-
hacker
Hii
-
Trung
hello
-
hacker
How i do use this app
-
Trung
😊 which app are you using ?
-
hacker
Conversation
-
hacker
This is a playstore app
-
Trung
cool. you are using it to chat in here yes
-
hacker
Ok
-
hacker
How can I talk to him on whatsapp
-
hacker
Please give me some videos
-
Trung
do you have his XMPP address ?
-
hacker
No
-
Trung
you will need the address of whoever it is you want to talk to. It look similar to email: user@domain.net
-
Trung
(↑ that's not a real address just an example)
-
hacker
So where do you get it
-
Sox
Anyone with experience both with metronome and prosody can say smth about ram usage?
-
Trung
hmmm i don't know …… ask him maybe? does he has an xmpp address yet?
-
moparisthebest
Sox: like what? My prosody uses 61mb of ram normally, about 10 users, one joined to probably 100 mucs
-
Sox
My metronome around 800mb about 20 users 2 active mucs
-
Sox
Using yunohost implementation
-
moparisthebest
Wildly guessing here but it probably has the terrible memory leak prosody fixed years ago, which Lua version?
-
moparisthebest
(5.2 and 5.3 are very very bad, 5.1 is ok, 5.4 is best)
-
Sox
I would need to check in a few hours
-
Trung
hacker, this room is for people operating XMPP server so it might confuse you reading stuff in here. You should join this one to get help using Conversations: xmpp:conversations@conference.siacs.eu?join