XSF Discussion - 2014-03-04

  1. intosi

    Ralph: I'm on that list.

  2. Lloyd

    This just came up, thought it might be of interest https://secure-resumption.com/

  3. xnyhps

    Lloyd: That was also mentioned here yesterday. My expectation is that nothing on XMPP is vulnerable as nothing uses TLS resumption.

  4. Lloyd

    xnyhps, ahh missed that apologies. Good to hear about the lack of vulnerability though

  5. xnyhps

    (Though I don't have much concrete evidence for that…)

  6. Kev

    As far as I can tell from the description, this doesn't require the client to not check server certs.

  7. Kev

    dwd: Are you sure this is the case?

  8. Kev

    Or, at least, it doesn't require as sever as 'verify nothing', I think.

  9. xnyhps

    Kev: The image shows the Attacker replaces the cert with its own cert.

  10. Kev

    I could easily have misread this. But it seemed to me to be saying that the attacker's website wasn't claiming to be the victim's website.

  11. Kev

    I need to work out how I'm going to grab lunch, if I'm going to be travelling across London at lunchtime.

  12. Kev

    Need to leave the hotel at 11 to get to the Hilton for 12:30, if TFL is to be believed.

  13. xnyhps

    I stand corrected, jabber.org lets you do TLS resumption.Hm.

  14. Kev

    Although not client strong-auth.

  15. dwd

    Kev, I think that the Attacker would have to pretend to be some site for which the credentials matched, at least.

  16. xnyhps

    Attacker has attacker.com, user visits that and it obtains the client-cert from the user and presents it to goodserver.com?

  17. Kev

    Maybe I should understand the attack, instead of just reading the decription.

  18. Kev


  19. Kev

    I read it as the attacker presenting their own identity.

  20. Kev

    And then swapping out to a MITMd session to the victim.

  21. xnyhps

    Yeah, I think you're right.

  22. xnyhps

    But of course, when you try to attack the channel-binding part of SCRAM-SHA-1-PLUS, you do need valid credentials of the server.

  23. xnyhps

    Or the client must have used an identical nodepart and password on your server as on the malicious server.

  24. xnyhps

    But if you have that, there's nothing you can win by an attack, you have the password. :)

  25. ralphm


  26. Kev

    I guess I need to start thinking about heading into town.

  27. Kev

    Right. See folks at precis, I guess.

  28. dwd

    Ah, Kitten have just started discussing the TLS MITM stuff.

  29. Zash

    Kitten is now?

  30. dwd

    Looks like the consensus might be that resumption is a no-no.

  31. dwd

    This is on the list.

  32. Zash


  33. dwd

    Kitten is Thursday, 1520-1650.

  34. Kev

    And that's my first hallway bump-into-someone.

  35. Kev

    Who else is here? :)

  36. dwd

    I'm just about to hop into the car. I should make the IETF hallway for about 6pm or so if I'm lucky; if not I'll see you at the meetup.

  37. Kev

    It's entirely possible I won't be here by 6pm, but we'll see. I'm intending crowd-following once precis/xmpp are done.

  38. Kev

    I have my pretty noob-ribbon on :)

  39. dwd

    If I'd gone properly, I would have qualified for a noob ribbon, plus a WG Chair dot, which I'd have found amusing.

  40. stpeter

    dwd: I don't think you would have been the first

  41. stpeter

    although it is rare

  42. stpeter

    for what WG are you a chair?

  43. dwd

    qresync, now in shutdown-wait.

  44. Kev

    I guess I should try to find precis.

  45. Kev

    Follow the yelllow arrows?

  46. stpeter

    I need to find that, too, but I'm still in another meeting

  47. stpeter

    ah, it's downstairs

  48. stpeter

    3 floors down in the east wing, right off the lobby

  49. stpeter

    this hotel has a strange layout

  50. Kev

    It's a labyrinth.

  51. Kev

    Going hunting, BRB.

  52. Zash

    Kev: Did you see the video?

  53. Kev

    I haven't watched it yet.

  54. Kev

    I saw that there was one.

  55. fippo

    hah, another two tls vulnerabilities. I think the tlswg will have fun

  56. fippo

    even though those were library issues

  57. ralphm

    Zash: was my suggestion clear?

  58. Kev

    So, I'm currently sat in the TLS WG session, along with assorted other XMPP people, but I note that this goes on until 6:40. ISTR Lloyd suggesting that we should be at Moz at 6:30.

  59. Zash


  60. xnyhps

    I thought 7?

  61. ralphm

    Kev: ubber can't do time travel. Disappointing

  62. Kev

    Upon arrival Surevine will have pizza and beer waiting (around 6:30pm). The latest schedule is posted up on http://lanyrd.com/2014/xmppuk/.

  63. xnyhps

    Oh, meetup had 7.

  64. stpeter

    do we need to sign up for Uber in order to catch a ride

  65. xnyhps

    I think you need to give them your credit card number.

  66. Kev

    I would be inclined to just grab the tube, personally, but I have an Oyster card.

  67. Zash

    I wanna see the series of tubes :)

  68. stpeter

    http://wiki.xmpp.org/web/IETF_89 says "We're planning on holding the XMPP meetup at MozSpace at 101 St. Martin's Lane, starting at 7pm."

  69. stpeter

    I'd be happy with the tube

  70. Zash

    ralphm: Your suggestion was?

  71. xnyhps

    I was planning to take the tube, too.

  72. Kev

    It's 20mins by tube, along Bakerloo, I believe.

  73. Kev

    https://www.google.com/maps/dir/Hilton+London+Metropole,+225+Edgware+Rd,+London+W2+1JU,+UK/51%C2%B030'37.4%22N+0%C2%B007'37.4%22W/@51.5201367,-0.1530664,13z/data=!4m12!4m11!1m5!1m1!1s0x48761ab4122b2d83:0xfdfeed0b864cbfb0!2m2!1d-0.1694932!2d51.5191439!1m3!2m2!1d-0.1270556!2d51.5103889!3e3 What a lovely URI.

  74. ralphm

    Zash: webrtc data channels

  75. Zash

    ralphm: Because that's likely to be implemented by clients anyways?

  76. stpeter

    ralphm: XTLS (Dirk Meyer's work) could offer a webrtc data channel as one of the transport options

  77. ralphm

    Zash: yes, that's my thinking

  78. Zash

    stpeter: Which is why it sounded like XTLS to me

  79. stpeter nods to Zash

  80. ralphm

    stpeter: yes, but I want to do away with IBB entirely

  81. Zash

    ralphm: Does XTLS say you have to use IBB?

  82. stpeter

    ralphm: so XTLS but MUST NOT offer IBB?

  83. Zash

    I don't see the need, really. Jingle lets you negotiate transport.

  84. Zash

    But what are the security bits you want to solve?

  85. ralphm

    Zash: well, sure, but my personal opinion is that IBB is horrible and don't want to have people need to implement it

  86. stpeter

    webrtc data channels seem convenient, for sure

  87. ralphm

    Zash: I think having out-of-band XML Streams for e2e are easier to implement

  88. Ge0rG

    I like IBB because it allows to leverage a trusted server for end-to-end file exchange

  89. ralphm

    Ge0rG: I don't see how that is better than negotiating an out-of-band connection with the server, over Jingle.

  90. Ge0rG

    besides, aren't XTLS and WebRTC data channels solving the same problem?

  91. stpeter

    Ge0rG: no

  92. stpeter

    Ge0rG: XTLS is end-to-end encryption - data channels would be one end-to-end transport over which we could negotiate end-to-end TLS

  93. Zash

    ralphm: Having IBB be MTI for E2E does indeed seem problematic. I think someone mentioned that you'd basically have to open a loopback connection to yourself, tunnel it over IBB and then starttls on that

  94. Zash

    Unless there are better tls libs that I've not seen

  95. Ge0rG

    stpeter: but webrtc has dtls for end-to-end encryption, righT?

  96. ralphm

    stpeter: I'm not suggesting using any of webrtc per se, just the same p2p transport for the actual bits, with sctp/rtp/dtls and all that, as you would negotiate webrtc data channels

  97. fippo

    stpeter: we do negotiate end-to-end (d)tls with webrtc data channels. but the exchange of fingerprints is not protected.

  98. xnyhps

    Zash: Wat? Aren't most TLS libraries separated from network libraries?

  99. Zash

    xnyhps: Not really looked further than LuaSec

  100. stpeter

    ralphm: ah, thanks for the clarification

  101. ralphm

    XTLS says:

  102. ralphm

    More complex scenarios are theoretically supported (e.g., encrypted file transfer using SOCKS5 bytestreams and encrypted voice chat using DTLS-SRTP) but have not yet been fully defined. XTLS theoretically can be used to establish a TLS-encrypted streaming transport or a DTLS-encrypted datagram transport, but integration with DTLS [DTLS] has not yet been prototyped so use with streaming transports is the more stable scenario.

  103. ralphm

    So I'm saying we go the next step and actually prototype that thing mentioned, with the same tech as used for webrtc data channels.

  104. ralphm

    I think this makes people's live slightly better and allows us to piggyback on that work.

  105. Ge0rG

    how is dtls security handled in webrtc?

  106. Zash

    Ge0rG: AFAIK, you send a fingerprint through the SDP blob via your whatever server.

  107. fippo

    ge0rg: http://tools.ietf.org/html/rfc4572#section-6

  108. ralphm

    http://tools.ietf.org/html/rfc5764 has a bunch of text on that, too

  109. Ge0rG

    so how is that solving a different problem from xtls?

  110. ralphm

    Zash: I don't think it depends on SDP per se, but we might have to do a jingle equivalent.

  111. ralphm

    Ge0rG: it solves the same problems, but without IBB and with a protocol that people will implement in other places (WebRTC)

  112. ralphm

    like, say, browsers

  113. stpeter

    BTW, XTLS = http://tools.ietf.org/id/draft-meyer-xmpp-e2e-encryption-02.txt

  114. ralphm

    in fact, my feeling is that we should just take the IBB guts out of draft-meyer-xmpp-e2e-encryption and replace it with dtls-rtp

  115. ralphm

    stpeter: ah, thanks for that link, of course

  116. stpeter

    ralphm: I've always rather liked the general approach of XTLS

  117. Zash

    stpeter, +1

  118. stpeter

    it would be fairly straightforward for us to take draft-meyer-xmpp-e2e-encryption-02, change it around, and submit a revised I-D

  119. stpeter

    call it draft-meijer-* instead of draft-meyer-* ;-)

  120. ralphm

    stpeter: no confusion there, I'm sure

  121. stpeter


  122. Zash

    But, do we want something that'll work with Carbons?

  123. fippo

    ralphm: xep 0320 is the jingle equivalent of that. even though it was actually pretty much limited to being an sdp mapping

  124. fippo

    ralphm: i'd like to see what ekr has in mind wrt webrtc + identity providers before going further in any direction

  125. ralphm

    fippo: right

  126. Kev

    Zash: I want something that works with carbons and with MAM.

  127. ralphm

    stpeter: I do want to retain the generic nature of that draft, but without any suggestion of doing ibb

  128. Kev

    So anything that goes out of band has some unfortunate properties there.

  129. stpeter

    +1 to Kev on Carbons and MAM

  130. stpeter

    so many requirements :-)

  131. ralphm

    Kev: and how does draft-miller address this?

  132. Kev

    That's what I'm trying to work out right now (reading it at the moment), before chatting with Matt tonight.

  133. stpeter

    http://tools.ietf.org/id/draft-ietf-xmpp-e2e-requirements-01.txt needs to be revisited

  134. ralphm

    Kev: my feeling is that it doesn't, but I might be missing something

  135. m&m

    carbons is supported, but possibly not MAM

  136. intosi

    Hello, Nelsons Column.

  137. m&m is taking notes for tls wg

  138. stpeter notes that WG notes really only need to be action items and I haven't heard many of those here

  139. m&m

    but note that supporting offline makes it hard (maybe impossible) to also support PFS

  140. Zash

    xnyhps, Kev, when do we need to leave?

  141. m&m

    immediately after tls-wg ends (-:

  142. Kev

    Depends if we want to get there for 18:30 or 19:00.

  143. intosi

    At what time can I invade Moz Space?

  144. stpeter

    the offline case makes life so much more complicated

  145. Kev

    If we want to get there at 18:30, when I think it 'opens' (@Edwin), we should leave here at 18:00, give or take.

  146. m&m

    you probably want to leave here @ 18:00 to be there by 18:30

  147. Zash

    My GMT+1 clock makes this very confusing.

  148. Kev

    Above times are Zulu.

  149. ralphm

    m&m: indeed. e2e might be conceptually incompatible with mam

  150. xnyhps

    Zash: If we want to be there on time, we need to leave 54 minutes from now.

  151. ralphm

    carbons is doable with oob, too

  152. Kev

    ralphm: I don't believe that to be true. It simply changes the tradeoffs.

  153. ralphm

    Kev: I think we agree

  154. m&m

    I think the difference is whether carbons is managed by the server, or managed by the client

  155. Kev

    In the simple case, anything gpg-based can be compatible with carbons and MAM, given ubiquitous private keys.

  156. Kev

    (Not that I'm pushing we use gpg as our approach)

  157. stpeter

    so much is possible, given ubiquitous private keys :-)

  158. m&m

    just not PFS d-:

  159. Kev


  160. Zash

    To FS or not to FS.

  161. stpeter

    there is no P

  162. Tobias

    maybe we don't need the P :)

  163. stpeter


  164. stpeter

    "perfection is not an option"

  165. m&m

    Pretty-good Forward Secrecy (PgFS) d-:

  166. intosi

    Perfection is the opposite of delivered.

  167. Zash

    m&m, :D

  168. m&m

    Permissible Forward Secrecy

  169. xnyhps

    Pretty Good Forward Secrecy?

  170. intosi

    Poorly Guarded Privacy.

  171. Zash


  172. m&m


  173. ralphm

    m&m: sure with xtls you'd need clients to figure out the multiplex

  174. Zash


  175. Zash

    You could also do MAM between your own resources

  176. Kev

    Over 174"

  177. Kev

    Because moving all of XMPP to the client is our favourite direction.

  178. Zash

    Let's build Skype with angle brackets!

  179. Zash

    We just need a single master authentication server

  180. fippo

    zash: let's use gmail.com

  181. m&m


  182. Zash


  183. m&m

    IM is over-rated, we should go back to email!!

  184. m&m

    and use more ASN.1

  185. SM

    m&m, you do use email :-)

  186. m&m

    far too much

  187. stpeter


  188. fippo

    m&m: let's make ma bell proud by putting more intelligence into the network again!

  189. SM

    You folks will be getting veggie pizzas if you go on

  190. Zash

    MattJ will be pleased

  191. m&m

    XMPP over DTMF

  192. intosi

    One combination is a nibble, not sure what data rate you can achieve.

  193. Kev

    Pizza has bread in it, it can't be veggie.

  194. intosi

    Symbol rate, I mean.

  195. SM

    Kev, I thought that you were in for getting everyone to try that.

  196. Kev

    SM: There is a long-running gag with letting MattJ know that various foods (like bread) are meats.

  197. SM


  198. m&m


  199. Zash

    Those poor Bread animals.

  200. intosi

    And veggies are meat anyway, the poor greens just don't know it yet.

  201. Zash

    Carrots are people too!

  202. intosi

    That's Captain Carrot for you.

  203. Kev

    So, yes. We should aim to leave in about 15mins if we want to get to Moz for 18:30Z.

  204. Kev

    Is anyone intending leaving the session 40mins early to get to Moz, or is everyone staying to the bitter end?

  205. stpeter

    unfortunately m&m needs to stick around because he's taking notes

  206. stpeter

    I'd be game to leave, but I don't want to abandon Matt

  207. Zash

    We do have a backup Matt tho ;)

  208. m&m


  209. stpeter


  210. Kev

    I don't really want to abandon anyone, but at the same time I'd like to get over to Moz and start bashing MattJ over the head to update MAM :)

  211. Kev

    So I'm inclined to leave now and apologise to m&m later :)

  212. Zash

    I'm hungry.

  213. Kev

    Zash: So you're leaving?

  214. Zash

    I'm follwing MattJ

  215. Kev

    Matt is following you.

  216. Kev

    You're both useless.

  217. Zash

    xnyhps: Decide who's leading please.

  218. Kev

    I'm going to head to Moz now. Others can leave or not.

  219. Zash

    But then either MattJ or I have to get up...

  220. stpeter

    I hope m&m and I can figure out how to get to MozSpace :-)

  221. intosi

    Just follow the scent of Pizza.

  222. intosi

    And remember the address, that usually helps, too ;)

  223. m&m

    I've got a map cached on my phone (-:

  224. intosi

    Should do the trick.

  225. intosi

    Are you using Ubbers?

  226. m&m

    no, Underground

  227. stpeter

    https://wiki.mozilla.org/London might help

  228. intosi

    When lost, just go to Trafalgar Square and look at one of the maps there.

  229. intosi

    The square is big and kinda hard to miss ;)

  230. Neustradamus

    I have a problem with http://planet.jabber.org/ same for you?