XSF Discussion - 2014-03-03

What are people's plans for the meeting tomorrow?

I assume they mostly involve precis as well.

Which I thought was in the same room, but seems not to be.

Got an announcement regarding transport to the evening meetup going out by email today.

I mean the WG.

Although cool :)

(yeah just thought I'd update that bit too)

Lloyd, You seem to have mis-spelt "Ubber".

ugh

I have a horrible feeling our meetings sound this dull to an outsider.

oh, go to AVTCORE or AVTEXT (-:

dwd: As they were providing transport I felt it wouldn't be fair. Florian is coming though so we can refer to it as 'ubber' all we want :)

"which lends itself to interoperability and federation thinking . things that are a bit less important these days" -- intraoperability is so much more cool, eh dwd? (guess where that is from)

Intra-operability is like masturbation for networked systems.

No-one has any plans for meeting prior to precis, then?

fippo: link?

ralphm, That's from Tsahi's blog.

oh man, does that ever stop?

Did people give up on the federation angle?

depends who you mean with people? :)

Well, I do not even see StPeter here. So it would be the rest:)

right..since he's a machine who's 24/7 online

SM: wait what?

Ralph, I wondered whetehr people (undefined) were still pushing for federation

ralphm: when tsahi says "federation" he talks about things like "sip federation" and rcs-e and joyn

which is a frequent misunderstand because we use federation for "run your own server and be part of the network. minimum requirements"

SM: within the XSF? Mostly everybody.

Ralph, the door is still open for doing some PR. It won't last for long

SM: it's not like we can just pull open a can of PR people.

I understand. Just mentioning it.

SM: it's mostly stating the obvious, no offense. I wish I could find the time to write more, but I have been trying to keep up with Tweets mentioning XMPP and occasionally responding to falsehoods.

Good writeups would be great.

are there XMPP-based services that generate large numbers of outgoing messages?

superfeedr?

Ge0rG: I can hook you up with julian if you want

ralphm: I'm still pondering about xmpp spam prevention using proof-of-work

https://www.imperialviolet.org/2014/03/03/triplehandshake.html <-- ugh, this seems like it might affect xmpp, in particular s2s?

" and protocols that depend on channel binding"

oh wait, we only use channel binding with scram plus and that is typically not used with client certs?

I still wait for people to realize that client cert handshake is leaking big data

hah. xmpp beats email again ( @ security mailing list)

what security ml?

security@xmpp.org

got into spam :(

there is a security@ ml? wow!

yeah...low traffic...because XMPP is soooo secure ^^

"[discuss-webrtc] How Do I know If Someon is Online To Take A WebRTC Call?" -- i am tempted to reply "use presence, it's the new dialtone"

I hope intosi is reading that list, as he's been looking into dkim issues

in general, though, gmail and others services don't really like independent mail servers sending out, you know, mai; to them

mail even

fippo: I think TLS resumptions is a requirement for that attack, and (I'd love to be corrected about this) I don't think anyone in the XMPP world uses that.

Because of StartTLS etc.

xnyhps, Actually, it's better than that. You need clients that don't validate certificates and just rely on channel binding.

xnyhps, BTW, if you've got a minute at some point, it'd be great to hear how STRINT went. But not now, because I'm old and need my sleep. :-)

dwd: I heard that strint was rather boring (-:

dwd: Ah, I missed that when I read it.

dwd, xnyhps: I think it would be pretty useful to blog this on xmpp.org

I happen to have a series of blog posts about HTTPS attacks and how they translate to XMPP. (Where the "series" is right now at 1 item)

heh

\-