XMPP Service Operators - 2023-10-22

  1. 鲨鱼酱小号

    Hi everyone, I'm new here, say hi.

  2. Trung

    hello you

  3. sagaracharya

    MattJ: We need to have just the moderators and and admins to comment on what's on topic, off topic, etc.

  4. sagaracharya

    I cannot have every Tom, Dick and Harry preaching.

  5. Licaon_Kter

    sagaracharya: stop trolling then

  6. sagaracharya

    Guus: should do his gu at his home

  7. sagaracharya

    Exactly this clown here.

  8. sagaracharya

    Licaon_Kter: shhhhhh

  9. 华南网友

    >> raver, I’m curious how you check this > I've checked the supported mechanisms here: https://connect.xmpp.net/ 👍🏻

  10. 华南网友

    The STARTTLS protocol is still in use, isn't it less secure than TLS? ...

  11. 华南网友

    The STARTTLS protocol is still in use, isn't it less secure than TLS? ...……

  12. raver

    华南网友: I'm not sure but I don't think so

  13. 华南网友

    XMPP As a communication protocol, the speed of iterative updating is too slow in the face of new situations. XMPP for QUIC, DOH, DOT support, has been unable to keep up with the demand.

  14. Licaon_Kter

    华南网友: DOH DOT is the responsability of the OS mostly QUIC yeah, maybe, but it's pretty fast already

  15. MSavoritias (fae,ve)

    well democracy and consensus are tricky arent they? i always prefer them to the alternatives anyway

  16. Menel

    Somehow it is still the fastest instant messaging, can't be soo slow... Also starttls is equally secure as any other.

  17. Lightning Bjornsson

    assuming no downgrade

  18. Menel

    Yeah, don't use clients last updated 2010

  19. Menel

    Or wait. My server also requires encryption

  20. Menel

    Not only the clients

  21. Lightning Bjornsson

    that can be faked

  22. 华南网友

    Is there any proof that STARTTLS is better than TLS or DOH? STARTTLS for XMPP is a thing of the past. Email configurations enforce TLS.

  23. Menel

    You must ask is there proof it is worse then direct tls? I wouldn't know that proof. Especially because it is likely implementation dependent 华南网友

  24. Menel

    It is unbroken. In security, long time unbroken is something good, better then something fancy new, as far as I know.

  25. Menel

    (im not against direct tls and also think it's godz and actually many severs now use direct tls everywhere, just talking against people saying it is somehow bad jsut because it's older)

  26. Menel

    Also I don't know why you mention DOH, that is totally unrelated to xmpp or other software using tls for whatever

  27. Guus

    Assuming that this channel is crawling with new-found experts on CAA DNS records: can someone do a quick query on igniterealtime.org to see if its CAA record looks somewhat sane?

  28. oxpa

    Guus: better use dns-01, but it looks ok to me

  29. oxpa

    there are online services to check and parse CAA

  30. Guus

    sadly, dns-01 isn't an option for us

  31. Guus


  32. octagon

    Guus, you should add the iodef line so you get emails if a CA tries but stops to issue a ca for it iodef "mailto:caa@igniterealtime.org"

  33. octagon

    you might also want to move validationsmethods before accounturi and put space after each ;

  34. Guus

    certbot is having a problem with my config

  35. moparisthebest

    华南网友: starttls isn't less secure than direct TLS as long as servers and clients enforce TLS, which all do today, it's important to note this attack man-in-the-middled TLS so that doesn't actually matter That said, most XMPP software today supports direct TLS, and a few even support XMPP over QUIC (again this wouldn't have stopped this attack though)

  36. Licaon_Kter

    I feel like you 华南网友 threw all the related buzzwords in a post and call it "modern" as that would "fix everything". While last days incidents was more about yesterdays boring solutions and a couple of DNS entries.

  37. Web-4-WAP