XSF Discussion - 2014-03-04


  1. Ash has left

  2. Ash has joined

  3. Ash has left

  4. Ash has joined

  5. Ash has left

  6. Lance has joined

  7. Santiago26 has left

  8. Santiago26 has joined

  9. Santiago26 has left

  10. Lance has joined

  11. Zash has left

  12. Lance has left

  13. Tobias has left

  14. Lance has joined

  15. Kev has left

  16. Alex has joined

  17. Santiago26 has joined

  18. Santiago26 has left

  19. Santiago26 has joined

  20. jabberjocke has left

  21. jabberjocke has joined

  22. Santiago26 has left

  23. Tobias has left

  24. intosi

    Ralph: I'm on that list.

  25. jabberjocke has left

  26. Zash has joined

  27. emcho has joined

  28. emcho has left

  29. Santiago26 has joined

  30. jabberjocke has joined

  31. xnyhps has left

  32. emcho has joined

  33. jabberjocke has left

  34. emcho has left

  35. Ash has joined

  36. xnyhps has left

  37. Lloyd has joined

  38. Zash has left

  39. Santiago26 has left

  40. Ash has left

  41. Ash has joined

  42. emcho has joined

  43. Lloyd

    This just came up, thought it might be of interest https://secure-resumption.com/

  44. xnyhps

    Lloyd: That was also mentioned here yesterday. My expectation is that nothing on XMPP is vulnerable as nothing uses TLS resumption.

  45. Lloyd

    xnyhps, ahh missed that apologies. Good to hear about the lack of vulnerability though

  46. xnyhps

    (Though I don't have much concrete evidence for that…)

  47. stpeter has joined

  48. Ash has left

  49. emcho has left

  50. emcho has joined

  51. Kev has joined

  52. Kev

    As far as I can tell from the description, this doesn't require the client to not check server certs.

  53. Kev

    dwd: Are you sure this is the case?

  54. Kev

    Or, at least, it doesn't require as sever as 'verify nothing', I think.

  55. Zash has joined

  56. xnyhps

    Kev: The image shows the Attacker replaces the cert with its own cert.

  57. Kev

    I could easily have misread this. But it seemed to me to be saying that the attacker's website wasn't claiming to be the victim's website.

  58. jabberjocke has joined

  59. Kev

    I need to work out how I'm going to grab lunch, if I'm going to be travelling across London at lunchtime.

  60. Kev

    Need to leave the hotel at 11 to get to the Hilton for 12:30, if TFL is to be believed.

  61. Ash has joined

  62. xnyhps

    I stand corrected, jabber.org lets you do TLS resumption.Hm.

  63. Kev

    Although not client strong-auth.

  64. dwd

    Kev, I think that the Attacker would have to pretend to be some site for which the credentials matched, at least.

  65. xnyhps

    Attacker has attacker.com, user visits that and it obtains the client-cert from the user and presents it to goodserver.com?

  66. Kev

    Maybe I should understand the attack, instead of just reading the decription.

  67. Kev

    +s

  68. Kev

    I read it as the attacker presenting their own identity.

  69. Kev

    And then swapping out to a MITMd session to the victim.

  70. xnyhps

    Yeah, I think you're right.

  71. xnyhps

    But of course, when you try to attack the channel-binding part of SCRAM-SHA-1-PLUS, you do need valid credentials of the server.

  72. xnyhps

    Or the client must have used an identical nodepart and password on your server as on the malicious server.

  73. xnyhps

    But if you have that, there's nothing you can win by an attack, you have the password. :)

  74. ralphm

    hah

  75. Kev

    I guess I need to start thinking about heading into town.

  76. Kev

    Right. See folks at precis, I guess.

  77. Kev has left

  78. jabberjocke has left

  79. Zash has joined

  80. dwd

    Ah, Kitten have just started discussing the TLS MITM stuff.

  81. Zash

    Kitten is now?

  82. dwd

    Looks like the consensus might be that resumption is a no-no.

  83. dwd

    This is on the list.

  84. Zash

    ah

  85. dwd

    Kitten is Thursday, 1520-1650.

  86. Zash has left

  87. xnyhps has left

  88. stpeter has left

  89. Lance has joined

  90. Santiago26 has joined

  91. Lloyd has left

  92. Ash has left

  93. Ash has joined

  94. emcho has left

  95. emcho has joined

  96. emcho has left

  97. Santiago26 has left

  98. Santiago26 has joined

  99. intosi has left

  100. emcho has joined

  101. emcho has left

  102. emcho has joined

  103. Kev has joined

  104. Kev

    And that's my first hallway bump-into-someone.

  105. Kev

    Who else is here? :)

  106. emcho has left

  107. Santiago26 has left

  108. Santiago26 has joined

  109. dwd

    I'm just about to hop into the car. I should make the IETF hallway for about 6pm or so if I'm lucky; if not I'll see you at the meetup.

  110. stpeter has joined

  111. Kev

    It's entirely possible I won't be here by 6pm, but we'll see. I'm intending crowd-following once precis/xmpp are done.

  112. Kev

    I have my pretty noob-ribbon on :)

  113. dwd

    If I'd gone properly, I would have qualified for a noob ribbon, plus a WG Chair dot, which I'd have found amusing.

  114. Santiago26 has left

  115. stpeter

    dwd: I don't think you would have been the first

  116. stpeter

    although it is rare

  117. stpeter

    for what WG are you a chair?

  118. dwd

    qresync, now in shutdown-wait.

  119. Kev

    I guess I should try to find precis.

  120. Kev

    Follow the yelllow arrows?

  121. stpeter

    I need to find that, too, but I'm still in another meeting

  122. stpeter

    ah, it's downstairs

  123. stpeter

    3 floors down in the east wing, right off the lobby

  124. stpeter

    this hotel has a strange layout

  125. Kev

    It's a labyrinth.

  126. Kev

    Going hunting, BRB.

  127. Kev has left

  128. dwd has left

  129. stpeter has left

  130. Santiago26 has joined

  131. Zash has joined

  132. stpeter has joined

  133. Kev has joined

  134. Santiago26 has left

  135. Alex has left

  136. Alex has joined

  137. Lance has joined

  138. emcho has joined

  139. emcho has left

  140. emcho has joined

  141. Ash has left

  142. Lance has joined

  143. Zash

    Kev: Did you see the video?

  144. Santiago26 has left

  145. Kev

    I haven't watched it yet.

  146. Kev

    I saw that there was one.

  147. xnyhps has left

  148. Kev has left

  149. Zash has left

  150. Ash has joined

  151. Kev has joined

  152. Santiago26 has left

  153. Santiago26 has joined

  154. Zash has joined

  155. SM has joined

  156. emcho has left

  157. xnyhps has left

  158. Santiago26 has left

  159. Santiago26 has joined

  160. emcho has joined

  161. emcho has left

  162. emcho has joined

  163. emcho has left

  164. emcho has joined

  165. Lance has joined

  166. emcho has left

  167. Lance has joined

  168. emcho has joined

  169. emcho has left

  170. emcho has joined

  171. Santiago26 has left

  172. Zash has joined

  173. xnyhps has left

  174. fippo

    hah, another two tls vulnerabilities. I think the tlswg will have fun

  175. fippo

    even though those were library issues

  176. ralphm

    Zash: was my suggestion clear?

  177. Zash has left

  178. Zash has joined

  179. Kev

    So, I'm currently sat in the TLS WG session, along with assorted other XMPP people, but I note that this goes on until 6:40. ISTR Lloyd suggesting that we should be at Moz at 6:30.

  180. Zash

    Hmm

  181. xnyhps

    I thought 7?

  182. ralphm

    Kev: ubber can't do time travel. Disappointing

  183. Kev

    Upon arrival Surevine will have pizza and beer waiting (around 6:30pm). The latest schedule is posted up on http://lanyrd.com/2014/xmppuk/.

  184. xnyhps

    Oh, meetup had 7.

  185. Tobias has joined

  186. stpeter

    do we need to sign up for Uber in order to catch a ride

  187. xnyhps

    I think you need to give them your credit card number.

  188. Kev

    I would be inclined to just grab the tube, personally, but I have an Oyster card.

  189. Zash

    I wanna see the series of tubes :)

  190. stpeter

    http://wiki.xmpp.org/web/IETF_89 says "We're planning on holding the XMPP meetup at MozSpace at 101 St. Martin's Lane, starting at 7pm."

  191. stpeter

    I'd be happy with the tube

  192. Zash

    ralphm: Your suggestion was?

  193. xnyhps

    I was planning to take the tube, too.

  194. Kev

    It's 20mins by tube, along Bakerloo, I believe.

  195. Kev

    https://www.google.com/maps/dir/Hilton+London+Metropole,+225+Edgware+Rd,+London+W2+1JU,+UK/51%C2%B030'37.4%22N+0%C2%B007'37.4%22W/@51.5201367,-0.1530664,13z/data=!4m12!4m11!1m5!1m1!1s0x48761ab4122b2d83:0xfdfeed0b864cbfb0!2m2!1d-0.1694932!2d51.5191439!1m3!2m2!1d-0.1270556!2d51.5103889!3e3 What a lovely URI.

  196. ralphm

    Zash: webrtc data channels

  197. Zash

    ralphm: Because that's likely to be implemented by clients anyways?

  198. stpeter

    ralphm: XTLS (Dirk Meyer's work) could offer a webrtc data channel as one of the transport options

  199. ralphm

    Zash: yes, that's my thinking

  200. Zash

    stpeter: Which is why it sounded like XTLS to me

  201. stpeter nods to Zash

  202. ralphm

    stpeter: yes, but I want to do away with IBB entirely

  203. Zash

    ralphm: Does XTLS say you have to use IBB?

  204. stpeter

    ralphm: so XTLS but MUST NOT offer IBB?

  205. Zash

    I don't see the need, really. Jingle lets you negotiate transport.

  206. Zash

    But what are the security bits you want to solve?

  207. ralphm

    Zash: well, sure, but my personal opinion is that IBB is horrible and don't want to have people need to implement it

  208. stpeter

    webrtc data channels seem convenient, for sure

  209. ralphm

    Zash: I think having out-of-band XML Streams for e2e are easier to implement

  210. Ge0rG

    I like IBB because it allows to leverage a trusted server for end-to-end file exchange

  211. ralphm

    Ge0rG: I don't see how that is better than negotiating an out-of-band connection with the server, over Jingle.

  212. Ge0rG

    besides, aren't XTLS and WebRTC data channels solving the same problem?

  213. stpeter

    Ge0rG: no

  214. stpeter

    Ge0rG: XTLS is end-to-end encryption - data channels would be one end-to-end transport over which we could negotiate end-to-end TLS

  215. Zash

    ralphm: Having IBB be MTI for E2E does indeed seem problematic. I think someone mentioned that you'd basically have to open a loopback connection to yourself, tunnel it over IBB and then starttls on that

  216. Zash

    Unless there are better tls libs that I've not seen

  217. Ash has left

  218. Ge0rG

    stpeter: but webrtc has dtls for end-to-end encryption, righT?

  219. ralphm

    stpeter: I'm not suggesting using any of webrtc per se, just the same p2p transport for the actual bits, with sctp/rtp/dtls and all that, as you would negotiate webrtc data channels

  220. fippo

    stpeter: we do negotiate end-to-end (d)tls with webrtc data channels. but the exchange of fingerprints is not protected.

  221. xnyhps

    Zash: Wat? Aren't most TLS libraries separated from network libraries?

  222. Zash

    xnyhps: Not really looked further than LuaSec

  223. stpeter

    ralphm: ah, thanks for the clarification

  224. ralphm

    XTLS says:

  225. ralphm

    More complex scenarios are theoretically supported (e.g., encrypted file transfer using SOCKS5 bytestreams and encrypted voice chat using DTLS-SRTP) but have not yet been fully defined. XTLS theoretically can be used to establish a TLS-encrypted streaming transport or a DTLS-encrypted datagram transport, but integration with DTLS [DTLS] has not yet been prototyped so use with streaming transports is the more stable scenario.

  226. ralphm

    So I'm saying we go the next step and actually prototype that thing mentioned, with the same tech as used for webrtc data channels.

  227. ralphm

    I think this makes people's live slightly better and allows us to piggyback on that work.

  228. Ge0rG

    how is dtls security handled in webrtc?

  229. Zash

    Ge0rG: AFAIK, you send a fingerprint through the SDP blob via your whatever server.

  230. fippo

    ge0rg: http://tools.ietf.org/html/rfc4572#section-6

  231. ralphm

    http://tools.ietf.org/html/rfc5764 has a bunch of text on that, too

  232. Ge0rG

    so how is that solving a different problem from xtls?

  233. ralphm

    Zash: I don't think it depends on SDP per se, but we might have to do a jingle equivalent.

  234. ralphm

    Ge0rG: it solves the same problems, but without IBB and with a protocol that people will implement in other places (WebRTC)

  235. ralphm

    like, say, browsers

  236. stpeter

    BTW, XTLS = http://tools.ietf.org/id/draft-meyer-xmpp-e2e-encryption-02.txt

  237. ralphm

    in fact, my feeling is that we should just take the IBB guts out of draft-meyer-xmpp-e2e-encryption and replace it with dtls-rtp

  238. ralphm

    stpeter: ah, thanks for that link, of course

  239. stpeter

    ralphm: I've always rather liked the general approach of XTLS

  240. Zash

    stpeter, +1

  241. stpeter

    it would be fairly straightforward for us to take draft-meyer-xmpp-e2e-encryption-02, change it around, and submit a revised I-D

  242. stpeter

    call it draft-meijer-* instead of draft-meyer-* ;-)

  243. Zash has left

  244. Zash has joined

  245. ralphm

    stpeter: no confusion there, I'm sure

  246. intosi has joined

  247. stpeter

    heh

  248. Zash

    But, do we want something that'll work with Carbons?

  249. fippo

    ralphm: xep 0320 is the jingle equivalent of that. even though it was actually pretty much limited to being an sdp mapping

  250. fippo

    ralphm: i'd like to see what ekr has in mind wrt webrtc + identity providers before going further in any direction

  251. ralphm

    fippo: right

  252. intosi has left

  253. Kev

    Zash: I want something that works with carbons and with MAM.

  254. ralphm

    stpeter: I do want to retain the generic nature of that draft, but without any suggestion of doing ibb

  255. m&m has joined

  256. Kev

    So anything that goes out of band has some unfortunate properties there.

  257. emcho has left

  258. intosi has joined

  259. stpeter

    +1 to Kev on Carbons and MAM

  260. stpeter

    so many requirements :-)

  261. ralphm

    Kev: and how does draft-miller address this?

  262. Kev

    That's what I'm trying to work out right now (reading it at the moment), before chatting with Matt tonight.

  263. stpeter

    http://tools.ietf.org/id/draft-ietf-xmpp-e2e-requirements-01.txt needs to be revisited

  264. ralphm

    Kev: my feeling is that it doesn't, but I might be missing something

  265. m&m

    carbons is supported, but possibly not MAM

  266. intosi

    Hello, Nelsons Column.

  267. m&m is taking notes for tls wg

  268. stpeter notes that WG notes really only need to be action items and I haven't heard many of those here

  269. m&m

    but note that supporting offline makes it hard (maybe impossible) to also support PFS

  270. Zash

    xnyhps, Kev, when do we need to leave?

  271. m&m

    immediately after tls-wg ends (-:

  272. Kev

    Depends if we want to get there for 18:30 or 19:00.

  273. intosi

    At what time can I invade Moz Space?

  274. stpeter

    the offline case makes life so much more complicated

  275. Kev

    If we want to get there at 18:30, when I think it 'opens' (@Edwin), we should leave here at 18:00, give or take.

  276. m&m

    you probably want to leave here @ 18:00 to be there by 18:30

  277. Zash

    My GMT+1 clock makes this very confusing.

  278. Kev

    Above times are Zulu.

  279. ralphm

    m&m: indeed. e2e might be conceptually incompatible with mam

  280. xnyhps

    Zash: If we want to be there on time, we need to leave 54 minutes from now.

  281. ralphm

    carbons is doable with oob, too

  282. Kev

    ralphm: I don't believe that to be true. It simply changes the tradeoffs.

  283. ralphm

    Kev: I think we agree

  284. m&m

    I think the difference is whether carbons is managed by the server, or managed by the client

  285. Kev

    In the simple case, anything gpg-based can be compatible with carbons and MAM, given ubiquitous private keys.

  286. Kev

    (Not that I'm pushing we use gpg as our approach)

  287. stpeter

    so much is possible, given ubiquitous private keys :-)

  288. m&m

    just not PFS d-:

  289. Kev

    Right.

  290. Zash

    To FS or not to FS.

  291. stpeter

    there is no P

  292. Tobias

    maybe we don't need the P :)

  293. stpeter

    heh

  294. Lance has joined

  295. stpeter

    "perfection is not an option"

  296. m&m

    Pretty-good Forward Secrecy (PgFS) d-:

  297. intosi

    Perfection is the opposite of delivered.

  298. Zash

    m&m, :D

  299. m&m

    Permissible Forward Secrecy

  300. xnyhps

    Pretty Good Forward Secrecy?

  301. intosi

    Poorly Guarded Privacy.

  302. Zash

    Hah

  303. m&m

    heh

  304. ralphm

    m&m: sure with xtls you'd need clients to figure out the multiplex

  305. Zash

    Yeah

  306. Zash

    You could also do MAM between your own resources

  307. intosi has left

  308. Kev

    Over 174"

  309. Ash has joined

  310. Kev

    Because moving all of XMPP to the client is our favourite direction.

  311. Zash

    Let's build Skype with angle brackets!

  312. Zash

    We just need a single master authentication server

  313. intosi has joined

  314. fippo

    zash: let's use gmail.com

  315. m&m

    hotmail.com

  316. Zash

    facebook.com!

  317. m&m

    IM is over-rated, we should go back to email!!

  318. m&m

    and use more ASN.1

  319. SM

    m&m, you do use email :-)

  320. m&m

    far too much

  321. stpeter

    :)

  322. fippo

    m&m: let's make ma bell proud by putting more intelligence into the network again!

  323. SM

    You folks will be getting veggie pizzas if you go on

  324. Zash

    MattJ will be pleased

  325. m&m

    XMPP over DTMF

  326. intosi

    One combination is a nibble, not sure what data rate you can achieve.

  327. Kev

    Pizza has bread in it, it can't be veggie.

  328. intosi

    Symbol rate, I mean.

  329. SM

    Kev, I thought that you were in for getting everyone to try that.

  330. Kev

    SM: There is a long-running gag with letting MattJ know that various foods (like bread) are meats.

  331. SM

    Oh:)

  332. m&m

    haha

  333. Zash

    Those poor Bread animals.

  334. intosi

    And veggies are meat anyway, the poor greens just don't know it yet.

  335. Zash

    Carrots are people too!

  336. intosi

    That's Captain Carrot for you.

  337. Ash has left

  338. Santiago26 has joined

  339. emcho has joined

  340. emcho has left

  341. emcho has joined

  342. intosi has left

  343. emcho has left

  344. emcho has joined

  345. SM has left

  346. xnyhps has left

  347. emcho has left

  348. emcho has joined

  349. emcho has left

  350. Kev

    So, yes. We should aim to leave in about 15mins if we want to get to Moz for 18:30Z.

  351. Santiago26 has left

  352. Santiago26 has joined

  353. Kev

    Is anyone intending leaving the session 40mins early to get to Moz, or is everyone staying to the bitter end?

  354. stpeter

    unfortunately m&m needs to stick around because he's taking notes

  355. stpeter

    I'd be game to leave, but I don't want to abandon Matt

  356. Zash

    We do have a backup Matt tho ;)

  357. m&m

    ouch

  358. stpeter

    heh

  359. emcho has joined

  360. Kev

    I don't really want to abandon anyone, but at the same time I'd like to get over to Moz and start bashing MattJ over the head to update MAM :)

  361. Santiago26 has left

  362. Kev

    So I'm inclined to leave now and apologise to m&m later :)

  363. Zash

    I'm hungry.

  364. Santiago26 has joined

  365. Kev

    Zash: So you're leaving?

  366. Zash

    I'm follwing MattJ

  367. Kev

    Matt is following you.

  368. Kev

    You're both useless.

  369. Zash

    xnyhps: Decide who's leading please.

  370. Kev

    I'm going to head to Moz now. Others can leave or not.

  371. Kev has left

  372. Zash

    But then either MattJ or I have to get up...

  373. Zash has left

  374. stpeter

    I hope m&m and I can figure out how to get to MozSpace :-)

  375. intosi

    Just follow the scent of Pizza.

  376. intosi

    And remember the address, that usually helps, too ;)

  377. m&m

    I've got a map cached on my phone (-:

  378. intosi

    Should do the trick.

  379. intosi

    Are you using Ubbers?

  380. m&m

    no, Underground

  381. stpeter

    https://wiki.mozilla.org/London might help

  382. intosi

    When lost, just go to Trafalgar Square and look at one of the maps there.

  383. intosi

    The square is big and kinda hard to miss ;)

  384. Tobias has joined

  385. intosi has left

  386. emcho has left

  387. Ash has joined

  388. stpeter has left

  389. Ash has left

  390. m&m has left

  391. Neustradamus has left

  392. Kev has joined

  393. Tobias has left

  394. Kev has left

  395. Kev has joined

  396. Kev has left

  397. Santiago26 has left

  398. Santiago26 has joined

  399. Zash has joined

  400. Santiago26 has left

  401. Santiago26 has joined

  402. Maranda has joined

  403. Zash has joined

  404. Maranda has left

  405. Maranda has joined

  406. Santiago26 has left

  407. Santiago26 has joined

  408. Tobias has joined

  409. Lance has joined

  410. Lance has joined

  411. Laura has joined

  412. Lance has joined

  413. Laura has left

  414. Alex has left

  415. intosi has left

  416. Tobias has joined

  417. Tobias has joined

  418. Kev has left

  419. Santiago26 has left

  420. Lance has joined

  421. Lance has joined

  422. Lance has joined

  423. Kev has joined

  424. Neustradamus

    I have a problem with http://planet.jabber.org/ same for you?

  425. intosi has joined

  426. ralphm has joined

  427. ralphm has joined

  428. Tobias has left