XSF Discussion - 2014-03-03

  1. Kev

    What are people's plans for the meeting tomorrow?

  2. Kev

    I assume they mostly involve precis as well.

  3. Kev

    Which I thought was in the same room, but seems not to be.

  4. Lloyd

    Got an announcement regarding transport to the evening meetup going out by email today.

  5. Kev

    I mean the WG.

  6. Kev

    Although cool :)

  7. Lloyd

    (yeah just thought I'd update that bit too)

  8. dwd

    Lloyd, You seem to have mis-spelt "Ubber".

  9. dwd is virtually sitting in sipcore.

  10. fippo


  11. dwd

    I have a horrible feeling our meetings sound this dull to an outsider.

  12. fippo

    oh, go to AVTCORE or AVTEXT (-:

  13. Lloyd

    dwd: As they were providing transport I felt it wouldn't be fair. Florian is coming though so we can refer to it as 'ubber' all we want :)

  14. fippo

    "which lends itself to interoperability and federation thinking . things that are a bit less important these days" -- intraoperability is so much more cool, eh dwd? (guess where that is from)

  15. dwd

    Intra-operability is like masturbation for networked systems.

  16. Kev

    No-one has any plans for meeting prior to precis, then?

  17. ralphm

    fippo: link?

  18. dwd

    ralphm, That's from Tsahi's blog.

  19. ralphm

    oh man, does that ever stop?

  20. SM

    Did people give up on the federation angle?

  21. Tobias

    depends who you mean with people? :)

  22. SM

    Well, I do not even see StPeter here. So it would be the rest:)

  23. Tobias

    right..since he's a machine who's 24/7 online

  24. ralphm

    SM: wait what?

  25. SM

    Ralph, I wondered whetehr people (undefined) were still pushing for federation

  26. fippo

    ralphm: when tsahi says "federation" he talks about things like "sip federation" and rcs-e and joyn

  27. fippo

    which is a frequent misunderstand because we use federation for "run your own server and be part of the network. minimum requirements"

  28. ralphm

    SM: within the XSF? Mostly everybody.

  29. SM

    Ralph, the door is still open for doing some PR. It won't last for long

  30. ralphm

    SM: it's not like we can just pull open a can of PR people.

  31. SM

    I understand. Just mentioning it.

  32. ralphm

    SM: it's mostly stating the obvious, no offense. I wish I could find the time to write more, but I have been trying to keep up with Tweets mentioning XMPP and occasionally responding to falsehoods.

  33. ralphm

    Good writeups would be great.

  34. Ge0rG

    are there XMPP-based services that generate large numbers of outgoing messages?

  35. ralphm


  36. ralphm

    Ge0rG: I can hook you up with julian if you want

  37. Ge0rG

    ralphm: I'm still pondering about xmpp spam prevention using proof-of-work

  38. fippo

    https://www.imperialviolet.org/2014/03/03/triplehandshake.html <-- ugh, this seems like it might affect xmpp, in particular s2s?

  39. Tobias

    " and protocols that depend on channel binding"

  40. fippo

    oh wait, we only use channel binding with scram plus and that is typically not used with client certs?

  41. Ge0rG

    I still wait for people to realize that client cert handshake is leaking big data

  42. fippo

    hah. xmpp beats email again ( @ security mailing list)

  43. Tobias

    what security ml?

  44. fippo


  45. Tobias

    got into spam :(

  46. Ge0rG

    there is a security@ ml? wow!

  47. Tobias

    yeah...low traffic...because XMPP is soooo secure ^^

  48. fippo

    "[discuss-webrtc] How Do I know If Someon is Online To Take A WebRTC Call?" -- i am tempted to reply "use presence, it's the new dialtone"

  49. ralphm

    I hope intosi is reading that list, as he's been looking into dkim issues

  50. ralphm

    in general, though, gmail and others services don't really like independent mail servers sending out, you know, mai; to them

  51. ralphm

    mail even

  52. xnyhps

    fippo: I think TLS resumptions is a requirement for that attack, and (I'd love to be corrected about this) I don't think anyone in the XMPP world uses that.

  53. xnyhps

    Because of StartTLS etc.

  54. dwd

    xnyhps, Actually, it's better than that. You need clients that don't validate certificates and just rely on channel binding.

  55. dwd

    xnyhps, BTW, if you've got a minute at some point, it'd be great to hear how STRINT went. But not now, because I'm old and need my sleep. :-)

  56. fippo

    dwd: I heard that strint was rather boring (-:

  57. xnyhps

    dwd: Ah, I missed that when I read it.

  58. ralphm

    dwd, xnyhps: I think it would be pretty useful to blog this on xmpp.org

  59. xnyhps

    I happen to have a series of blog posts about HTTPS attacks and how they translate to XMPP. (Where the "series" is right now at 1 item)

  60. ralphm


  61. ralphm