XMPP Service Operators - 2024-04-13


  1. karolyi

    shameless self-advertisement: in case you need a TLSA records updater for your BIND and certbot-based certificates: https://gitea.ksol.io/karolyi/daneupdate

  2. moparisthebest

    karolyi: why not just... Not rotate keys?

  3. amarachi

    why not rotate them every so often?

  4. karolyi

    moparisthebest, you can do it that way too, but rotating them gives a bit better opsec

  5. moparisthebest

    How?

  6. Polarian

    how would you _not_ rotate TLS certificates?

  7. karolyi

    if your private key isn't rotated and stolen once, you are compromised forever if your private key is rotated while stolen once, you're compromised for 2 months at most this way

  8. Polarian

    an issued certificate can not be extended, only reissued...

  9. Polarian

    unless im missing something?

  10. moparisthebest

    Polarian: key, not cert

  11. Polarian

    ohhh

  12. Polarian

    right

  13. Polarian idiot

  14. moparisthebest

    karolyi: if your key is stolen you have bigger problems, it's not helpful to do unless your server has been compromised

  15. amarachi

    But aren't actual keys ephemeral?

  16. Polarian

    moparisthebest, same argument applies with GPG keys

  17. Polarian

    amarachi, thats what I thought

  18. amarachi

    So a compromised key would allow mitm but not decryption of past passively recorded connections

  19. karolyi

    amarachi, that too, yes

  20. Polarian

    if distros rotate signing keys, surely rotating a TLS key should be done too?

  21. amarachi

    It should be noted your server wouldn't have to be directly compromised Eg. When zenbleed came out I was able gl acquire private keys from other instances on some cloud providers

  22. karolyi

    moparisthebest: absolute security doesn't exist, but it's better to make efforts to harden your server, and rotating TLS keys is part of that

  23. Polarian

    https://security.stackexchange.com/a/86014

  24. Polarian

    google rotates theirs monthly?

  25. moparisthebest

    https://pages.nist.gov/800-63-3/sp800-63b.html > Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. passwords are way weaker and more likely to leak than private TLS keys

  26. amarachi

    Keys aren't passwords and don't have the same human element

  27. moparisthebest

    > moparisthebest: absolute security doesn't exist, but it's better to make efforts to harden your server, and rotating TLS keys is part of that I hard disagree, it's completely worthless to rotate keys, provides no additional security or "hardening" at all

  28. amarachi

    Please rotate them

  29. moparisthebest

    No, never rotate them

  30. karolyi

    moparisthebest: I guess you disagree with the entire premise of letsencrypt then?

  31. moparisthebest

    Then I can't tell if you rotated them or an attacker made a new key

  32. moparisthebest

    > moparisthebest: I guess you disagree with the entire premise of letsencrypt then? Absolutely not, LE is great, I use them all the time and never rotate keys

  33. karolyi

    but their default way of working is to rotate private keys, and you have to explicitly set it not to, you know that?

  34. karolyi

    besides, the --reuse-key option was only added recently

  35. moparisthebest

    I've been using letsencrypt from day 1 and never rotated a key once

  36. moparisthebest

    I think I started with letsencrypt.sh which is now... Is it dehydrated.sh ? I use acme.sh now though

  37. karolyi

    ah, that's why. certbot is set to rotate keys by default

  38. snikket dot deeeeee

    How often is everyone rotating ssh Keys?

  39. amarachi

    snikket dot deeeeee: every minute

  40. snikket dot deeeeee

    I don't rotate the letsencrypt key, I may do it manually when I feel like it, but not soo often. We're OK with cert rotation every three month. So why not cert key every three years

  41. snikket dot deeeeee

    amarachi: and honestly, never I assume

  42. snikket dot deeeeee

    SSH is rotates when you get a new server, right?

  43. moparisthebest

    The only time I ever rotate keys is when I move services between remote servers I don't control, like VPS's or whatever, I try not to move keys over the internet but if I do I replace them shortly after Otherwise there's no benefit to it

  44. karolyi

    in my case, I used the default certbot functionality that rotates the private keys every 3 months (every 2 months that is, since it renews 30 days before certificate expiration). and I needed the TLSA records rotation, so I wrote this tool that does it successfully

  45. karolyi

    already using it, works nicely

  46. karolyi

    but, each to its own I guess

  47. snikket dot deeeeee

    There is nothing wrong with your setup, why not 👍

  48. snikket dot deeeeee

    It's just not totally insecure, to not rotate it all the time in my opinion.

  49. karolyi

    I never claimed that :)

  50. karolyi

    the whole idea came out of the jabber.ru mitm debacle, though it would be nice for browsers to be able to check on TLSA records as well

  51. moparisthebest

    Rotating keys would have had no effect on the jabber.ru MITM But TLSA would and that's easier and more reliable without rotating keys

  52. amarachi

    The current built in resolvers in Chrome and Firefox don't even support dnssec

  53. Polarian

    has the jabber.ru mitm been found to be anything other than a legal wire tap?

  54. snikket dot deeeeee

    And the Firefox addon doesn't work anymore I think

  55. snikket dot deeeeee

    Nothing has been found Polarian, not in one way or the other

  56. karolyi

    I guess hetzner uses their plausible deniability

  57. Polarian

    If the assumption of a legal wire tap is true... then jabber.ru is an invalid example of poor security

  58. amarachi

    Polarian: how? This tooling didn't exist before that incidenr

  59. moparisthebest

    > If the assumption of a legal wire tap is true... then jabber.ru is an invalid example of poor security That makes no sense but ok...

  60. amarachi

    And even still official conversations doesn't enforce tlsa yet

  61. amarachi

    Which is what most use

  62. moparisthebest

    amarachi: what tooling? I've had TLSA records for over a decade

  63. amarachi

    moparisthebest: yes but what clients actually checked it?

  64. amarachi

    For email and boutique software, yes, for xmpp no

  65. moparisthebest

    Many servers did, I think maybe Conversations did?

  66. amarachi

    moparisthebest: it doesn't today

  67. MattJ

    Channel binding was supported by multiple clients and servers before the incident (well, not over TLS 1.3, but that's been fixed now). But jabber.ru was running an ancient version of ejabberd.

  68. amarachi

    MattJ: supported but not mandated

  69. MattJ

    It is pinned by Conversations

  70. Polarian

    also TLSA relies on DNSSEC, and DNSSEC for any authoritive dns server host I have seen, use their own keys... thus they sign what is "legit", what stops them from modifying the record? Host your own authoritative DNS server? in the cloud? well nothing stops your provider from modifying any record and yanking your keys with it too. Therefore under the case of legal wiretap, unless you self host everything, you are always vulnerable. THAT is why I said jabber.ru would be a bad example IF the assumption was correct

  71. MattJ

    So if it's ever supported, the server can never disable it

  72. karolyi

    I think Cheogram supports TLSA records

  73. karolyi

    ... on android

  74. amarachi

    Is there a matrix for other clients? Gajim? Dino? Profanity?

  75. amarachi

    Libraries like smack?

  76. Polarian

    > Libraries like smack? smack and whack... xD

  77. karolyi

    Polarian, you can use dnscrypt in which you can set to only use dnssec validating servers

  78. amarachi

    karolyi: that doesn't solve that

  79. Polarian

    > Polarian, you can use dnscrypt in which you can set to only use dnssec validating servers You missed my point

  80. Polarian

    you must trust your providers

  81. Polarian

    no matter how much security you stick onto your servers, your provider still has a certain amount of power

  82. karolyi

    there are a whole slew of arguments against dnssec, it can be poisoned at the TLDs and so on, but so far, other than going fully darkweb, it's the most secure solution

  83. amarachi

    Polarian: just connect the 240v to the chassis

  84. Polarian

    > there are a whole slew of arguments against dnssec, it can be poisoned at the TLDs and so on, but so far, other than going fully darkweb, it's the most secure solution I don't use DNSSEC currently because registrars make you pay A LOT for it

  85. Polarian

    and moving to a self hosted authoritative DNS server is low on my priority list

  86. karolyi

    eh, is that so? I use namecheap, it's free to set your DS records for your nameservers there

  87. amarachi

    Polarian: if your registrar charges you for dnssec, find another one

  88. Polarian

    no DNSSEC no TLSA

  89. snikket dot deeeeee

    https://certwatch.xmpp.net/ It's not nessesary for every client to support it. I the jabber.ru case, if jaut some would have noticed, or this service I linked existed. It would've been spotted

  90. Polarian

    > Polarian: if your registrar charges you for dnssec, find another one switching registrars can distrupt service

  91. snikket dot deeeeee

    https://certwatch.xmpp.net/ It's not nessesary for every client to support it. I the jabber.ru case, if just some would have noticed, or this service I linked existed. It would've been spotted

  92. Polarian

    I would have switched because of the outrageous amount of money they are sticking my domain up by

  93. moparisthebest

    Polarian: don't fall into the "if this one thing doesn't prevent all attacks perfectly it's useless" trap, there is no such thing, it's all layers On DNSSEC I own my own keys, it's free with any decent registrar, I'm using porkbun now and recommend it

  94. Polarian

    when I signed on it was £10/yr, its now almost £40/yr

  95. Polarian

    I assume it will be up to £50/yr next year

  96. amarachi

    Polarian: them move!

  97. moparisthebest

    Switching registrars should never impact service...

  98. Polarian

    > Switching registrars should never impact service... should... but some make it difficult

  99. karolyi

    I concur

  100. moparisthebest

    porkbun is great, switch now

  101. Polarian

    I have a better registrar I will move to anyways

  102. Polarian

    just not right now I have better things to do

  103. Polarian

    like passing university 🙂

  104. moparisthebest

    Gandi used to be great but sadly recently got bought out :'(

  105. amarachi

    Is anyone working on a new manifesto? For recommending/mandating many of these security improvements we've seen over the past while?

  106. moparisthebest

    amarachi: do it!

  107. Polarian

    > Gandi used to be great but sadly recently got bought out :'( I heard of them, what made them so good anyways?

  108. karolyi

    just looked at porkbun, .io TLD's aren't that much cheaper to make me move

  109. Polarian

    I still am curious what makes a registrar good or bad

  110. karolyi

    offered services and prices?

  111. Polarian

    My list: - decent pricing - glue record support (some don't let you even change your ns records which is stupid) - API support - DNSSEC

  112. Polarian

    namecheap for example (until recently it seemed) made you pay £50 for use of their API

  113. Polarian

    or at least in my case

  114. Polarian

    "please deposit a further £30 into your wallet to use API"

  115. moparisthebest

    Polarian: correct, all those

  116. Polarian

    but my point is

  117. Polarian

    why say "gandi used to be great"

  118. Polarian

    and then switch to porkbun?

  119. Polarian

    why are the registrar you are shilling better than the rest basically?

  120. moparisthebest

    If you want absolute cheapest, and also DNSSEC (but you can't run your own) then cloudflare

  121. Polarian

    im never paying cloudflare for domains

  122. karolyi

    I used to use cloudflare with namecheap, until I started building my own solution and completely moved away from them. clouflare is a mitm per definition anyway, and I only used their DNS services. now I have a small vps running as a secondary, with dnssec, and mostly use namecheap with the configured NSes and DSes

  123. Polarian

    I looked into becoming a registrar

  124. Polarian

    its not _too_ expensive

  125. moparisthebest

    Polarian: because gandi used to have all those features and now is raising prices, and removing or charging extra for them?

  126. Polarian

    > Polarian: because gandi used to have all those features and now is raising prices, and removing or charging extra for them? ah

  127. Polarian

    but thats all companies these days

  128. moparisthebest

    So I'd rather both save money and financially support a company that isn't doing that, win win

  129. Polarian

    I guess it makes sense

  130. Polarian

    but it always seems like: - Open source community shills a registrar - Everyone moves to said registrar - Said registrar gets rich and starts abusing their power - Repeat

  131. amarachi

    It should be noted many registrars will issue certificates for your domains without being obvious

  132. amarachi

    Please check crt.sh for your domains

  133. amarachi

    And setup CAA

  134. amarachi

    I think porkbun does

  135. karolyi

    > And setup CAA this, but unironically

  136. amarachi

    And cloudflare does too obviously

  137. karolyi

    CAA with the 128 flag, that cloudflare won't allow for in their DNS service... laughable

  138. karolyi

    but then again, in my opinion the CAA won't matter much either when governmental CAs will be mandated

  139. Polarian

    If people go with porkbun right now... are they going to have to move in 3 years because the registrar goals changed?

  140. karolyi

    in that case, I'd say TLSA with 3 0 2

  141. amarachi

    Polarian: that is life

  142. amarachi

    karolyi: your computer already likely trusts dozens of gov CAs

  143. karolyi

    yea

  144. Polarian

    > Polarian: that is life not if you pay more for a registrar whos tried and tested

  145. Polarian

    same with ISPs

  146. Polarian

    older ones tend to be more expensive, but they are tried and tested

  147. karolyi

    this is why TLSA enforcement AND channel binding auth is more and more important, but I don't see clients supporting them much

  148. Polarian

    anyways porkbun.io seems like a typical minecraft hosting company set up by a 16 year old

  149. Polarian

    Anyways im likely going to go with mythic beasts

  150. Polarian

    incorporated in the same country as me, little pricy, but tried and tested (and pop up a lot in the open source community)

  151. amarachi

    Polarian: mythic is pretty good

  152. Polarian

    I'm aware :)

  153. Polarian

    but they are pretty pricy compared to the _cheap_ option

  154. amarachi

    But they are likely co-opted by gchq

  155. Polarian

    > But they are likely co-opted by gchq and this is paranoia

  156. Polarian

    and US companies are in the NSAs pocket

  157. Polarian

    invalid argument, can be used against ANY company

  158. unix.dog

    > CAA with the 128 flag, that cloudflare won't allow for in their DNS service... laughable Cloudflare's DNS input on the website won't let you because it's only a drop down, but you can import a TXT file with the record and it will let you