XMPP Service Operators - 2023-04-16

> Establishing a secure connection from diebesban.de to nuegia.net failed. Certificate hash: 33053e5e7f4ee713d208bb963f24ac1c687f5b82b72921a007844211d9fe6dac. This certificate is invalid for nuegia.net.

Martin, i recently removed nuegia.net from the certificate thinking xmpp.nuegia.net would be enough

there's an SRV record

pointing nuegia.net's xmpp server to xmpp.nuegia.net

i originally set this up because some legacy software had a bug and required it

is this still the case?

what server software are you using?

nuegia.net, your certificate must be valid for the XMPP domain, the SRV domain name is irrelevant(*) (* unless DNSSEC is involved in all stages && the software supports this secure delegation, which you cannot rely on) ✏

(and by XMPP domain I mean the part behind the @ in the JIDs)

so it's not like email

indeed

that really sucks

no

ok thanks

it makes a lot of sense from a security perspective

otherwise someone who can spoof the SRV record could take over your domain

a dnssec validating resolver could solve that no?

yes, as I said, if DNSSEC is involved in all stages and the initiating party supports that special case, it would work

is there documentation on how I could set that up?

it's really not ideal for me to use my root dns record to satisfy acme

also Martin it should be fixed now

you cannot really set that up

all entities connecting to your server need to set that up, which you can generally not control

hence it is moot

maybe i should set up a fully dnssec alt root

> Martin, i recently removed nuegia.net from the certificate thinking xmpp.nuegia.net would be enough > > there's an SRV record > > pointing nuegia.net's xmpp server to xmpp.nuegia.net > > i originally set this up because some legacy software had a bug and required it What client requires the xmppd to run on a subdomain? 😳

PSA > trashserver.net will be moved to another phsyical server. There is no action required by you, but note that the service will be interrupted in the upcoming hours.

nuegia.net: XMPP is "not like email" in the sense that XMPP actually requires proper certificates and email does not

Email has 1000 subprotocols to try to guess if a message was actually sent by the domain that claimed to have sent it, vs XMPP where that's guaranteed via certificates

moparisthebest: it depends, you could also configure your Mail servers to require proper certificates ;)

j.r (jugendhacker.de): and not be able to email most of the network, sure :)

> maybe i should set up a fully dnssec alt root OpenNIC was doing that at one point.

Hii

hello

How i do use this app

😊 which app are you using ?

Conversation

This is a playstore app

cool. you are using it to chat in here yes

Ok

How can I talk to him on whatsapp

Please give me some videos

do you have his XMPP address ?

No

you will need the address of whoever it is you want to talk to. It look similar to email: user@domain.net

(↑ that's not a real address just an example)

So where do you get it

Anyone with experience both with metronome and prosody can say smth about ram usage?

hmmm i don't know …… ask him maybe? does he has an xmpp address yet?

Sox: like what? My prosody uses 61mb of ram normally, about 10 users, one joined to probably 100 mucs

My metronome around 800mb about 20 users 2 active mucs

Using yunohost implementation

Wildly guessing here but it probably has the terrible memory leak prosody fixed years ago, which Lua version?

(5.2 and 5.3 are very very bad, 5.1 is ok, 5.4 is best)

I would need to check in a few hours

hacker, this room is for people operating XMPP server so it might confuse you reading stuff in here. You should join this one to get help using Conversations: xmpp:conversations@conference.siacs.eu?join