intosiSorry guys, my bad. Prosody didn't come back up after upgrading to the new openssl.
intosiStartSSL is probably going to make heaps of money from all the revocation requests they will get.
Link Mauvehas joined
Link MauveIt seems there is only two XEPs remaining here: http://xmpp.org/xmpp-protocols/xmpp-extensions/
intosiThat's not many.
intosiIt's only the index that's broken. The actual XEPs seem to work just fine.
intosiThat;s a bit of a relief. Still bad, but not as bad as it could be.
intosiWho generates the xeplist?
intosiIt was regenerated yesterday evening at 21:19 UTC.
KevMatt was doing it last night.
KevHe and I spent quite some time trying to work out what the dependencies of Tobias's script was, and getting it to work.
intosiAh. There might be a slight issue still then.
KevI think on international Internet Is Broken day, probably not our biggest concern.
dwdHow are we all doing with "free" certificates today?
intosiVery sucky, thank you very much.
intosiRaspbian doesn't have an update for openssl yet.
intosiThey must run their buildbots on RPis.
intosiRebooting perseus, see you at the other side of the reboot.
Link Mauvehas joined
intosiI guess the installed version of Prosody on xmpp.org doesn't let us know we're kicked out of the MUC after all.
dwdAMusing thing: RapidSSL refuse emails for revocation requests; they have to be faxes for security.
dwdSO you send your fax using a free online service via email.
Ge0rGintosi: MattJ promised to fix it. I suppose it will be on a Monday
Simonthis whole CA thing is just stupid. So broken. You fix revocations, then break it again by needing to use faxes… Bring on DNSSEC!
Simonsorry - grumpy mood.
intosiSimon: I think we all are a bit grumpy. The people with more than a few StartSSL certs even more so.
dwdI think pretty well any sysadmin or devops is in a shitty mood today.
intosiWell, that was the software side of all ik.nu-related machines.
SimonIt's hard to comprehend the scale of the heartbeat issue! Just effing mindblowing!.
intosiYup. Especially with PHBs who fail to understand the issue, and won't sign off the expenses for key revocations. A friend of mine happens to have this issue.
MattJGe0rG, intosi: What did I promise to fix?
dwdIt's so nasty. Not as if you can even switch CA to avoid the bait-and-switch.
MattJWas afraid of that
intosiMattJ: xeplist only has two items.
Simonanyone done a startssl revocation dance yet?
Ge0rGMattJ: you wanted to fix heartbeat.
MattJMy comment last night was about MUC/s2s on server reboots :)
Ge0rGMattJ: it was worth a try ;)
fippomattj: it seems you're leaking all your precious server code in hearbeat!
intosiSimon, I haven't yet. But they will be rising fast on the list of vendors to be dropped in a heartbeat if it turns out that they will insist on me paying for revocation of all my certs… That's a lot of money that would've bought me certs with vendors that do have a sane revocation policy. It's not like you usually revoke them because you thought it would be the fun thing to do today.
Why do you miss, when my baby kisses me?
dwdTurns out there's loads of songs I never knew about called "Heartbeat". You could build a whole playlist.
Simonintosi: It's easy to bitch about StartSSL. They have also done more than any other CA to get people to start using certs by making the basic certs free.
dwdOh, this fills me with confidence in StartSSL's knowledge and understanding of security:
72.) I made a mistake, can I get my certificate revoked?
Revocations carry a handling fee of currently US$ 24.90. Class 1 subscribers may use a different sub domain in order to create additional certificates without the need to revoke a previously created certificate. Alternatively it's possible to upgrade to Class 2 level which allows to create the same set of certificates once again (besides all the other benefits), because different levels are issued by different issuers, making revocation unnecessary.
dwdPrivate key compromised? Oh, just get a new certificate, then it's all OK.
intosiyeah, it sucks.
intosiI just mailed them (on a personal title) asking them how they would envision handling this.
dwdAlso note that, to my amazement, it's not just free certs they charge for - it's anything below EV.
intosiIf someone has been gathering private keys using this exploit, StartSSL customers are a nice target for identity spoofing.
dwdIf you claim it was spoofed, they'll revoke it for free, and ban you for life.
dwdSo a double win.
Simonxnyphs: do you plan on adding any checks for old certs / compromised certs to xmpp.net?
xnyhpsSimon: Define "compromised"?
dwdSimon, You mean running status checks on them?
xnyhpsCerts past their notAfter date (on the moment of testing) are given an F.
Simonanything older than the heartbeat announcement?
xnyhpsIt doesn't check CRL/OCSP yet.
dwdI noticed a libnss update whizz past on my workstation - am I just being behind, or was that affected?
intosiStrongest would be 'potentially compromised'
intosiYou cannot claim the certs are compromised at all.
MattJintosi, seems someone in prosody@ got an, erm, negative reply from StartSSL
intosiNegative in what sense?
intosi"We will kill your account", or "pay us, we will revoke"?
dwdintosi, The quote was "fuck you stupid", but I'm hoping that's paraphrasing.
intosiWould be quite unprofessional if it wasn't.
Simonare cert revocations still handled as a massive file that clients download? or is there some kind of querying standard?
MattJBest answer: both
dwdSimon, CRLs - signed lists - can be downloaded, and there's also OCSP for querying. In addition, servers can provide a recent OCSP response themselves, via OCSP Stapling, a TLS extension.
intosiI shouldn't have had that last cup of coffee.
Ge0rGis anybody (read: a client implementation) actually using CRLs or OCSP?
dwdGe0rG, Swift may well be. But the TLS implementations don't tend to do this for you - NSS might do, but OpenSSL certainly won;t.
xnyhpsGe0rG: If you enable it system-wide on OSX, then Adium does.
Simonxnyhps - how does one enable it system wide on OSX?
xnyhpsSimon: Open "Keychain Access" -> Preferences -> tab "Certificates"
dwdxnyhps, This isn't on by default?
intosiIt's "Best effort"
xnyhpsI don't remember what the defaults are, but I'm guessing no.
intosiErr, best attempt.
Simondefaults to "best effort"
xnyhpsAh, so it works, except when you need it to work. ;)
intosiYes, because strict checking would lead to a lessened end-user experience, probably ;)
Ge0rGintosi: isn't that true of all security measures?
dwdGe0rG, Failing to do security right does also have a detrimental effect on the user experience, too. :-)
Ge0rGdwd: counter-example: cryptocat
intosidwd: like leaving your door unlocked. In normal use it's more convenient, until someone empties your home :)
dwdRight, leaving your home unlocked means you can get in and out quickly and easily, but may hamper later attempts to watch the telly you no longer have.
Ge0rGhttp://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4817504d069b4c5082161b02a22116ad75f822b1 - Robin Seggelmann broke the Internet. And he also coauthored SCTP-DTLS
Simonanyone know of a hosted XMPP service that lets you upload your cert+key?
fippoge0rg: ah, it's not ekr who is accused this time?
dwdFriend of mine just pointed out it's not just private keys that could be leaked.
fippodwd: user data as well
dwdRight, passwords etc.
intosidwd: pretty much anything in memory of the process, right?
fippofor https also cookies, csrf token etc
MattJThis is what I posted to the Prosody list last night: https://groups.google.com/d/topic/prosody-users/LvbwWkUOGGU/discussion
Kevintosi: And either process.
dwdKev, Oh, if a server requests heartbeats of a client?
MattJYes, it's possible
MattJI was going to say in XMPP that's not too exciting, because the server generally knows everything the client knows
MattJBut not in the case of OTR...
intosiNor in the case of certificate authentication.
dwdOr SRP, or SCRAM.
intosiIt appears that once you think you know the magnitude of the impact of this issue, you're not thinking big enough.
Ge0rGbasically all data stored in the client or server process is screwed.
MattJAlso on the topic of security issues: http://thread.gmane.org/gmane.comp.security.oss.general/12514/focus=12523
dwdAh, CVE politics.
Ge0rGthe bitcoin client is also linked against libssl. sounds like major emoney movement
MattJNo TLS there though, surely?
Zashor hashes and stuff
Kevhttps://twitter.com/warrenguy/status/453510021930680320 It gets better.
Ge0rGat least one less of the horrible things: https://twitter.com/agl__/status/453472368589942785
intosiParaphrasing StartCom: "fuck you"
intosiIt's upon the subscriber to take appropriate action since the certificate authority can't enforce which software to use. The terms of service and related fees will not change due to that.
See also the Subscriber Obligations at https://www.startssl.com/policy.pdf in particular:
• Never share private keys with any third party and use
adequate protection and best security practices to secure
private keys in order prevent losses and compromises thereof.
• Notify StartCom immediately in case of a private key
compromise and request revocation of the affected
Nikolay Duhman, CVO
StartCom Ltd. <http://www.startcom.org/>
intosiI believe StartCom fails to see the scale of this issue.
Ge0rGintosi: yeah, they fail to see it for the many dollar signs in their eyes
Ge0rGintosi: is there a source on that paste?
KevWell, StartCom's model is free certs and paid for revokations if something goes wrong.
Ge0rGKev: sensible if something goes wrong due to admin fail.
Ge0rGI wish I could make dumb people pay more for my time.
intosiGe0rG: what do you mean? This is the answer I got from StartCom when I asked about this issue.
Ge0rGintosi: I mean something like a pastebin URL I could submit to HN for some easy karma points :P
Ge0rGthanks very much :)
KevFWIW, I don't see that this is worth anger at StartCom. The model was clear up front.
KevAnd the openssl vulnerability was hardly their fault.
intosiWhile true, this might hurt the trust in StartCom. This is not an admin-error either.
intosiIn fact, the desire to have better security is one of the reasons many sites upgraded to openssl 1.0.1 in the first place.
Ge0rGit might be good publicity for startcom to open a window of maybe 1 month for free revocations
intosiI will most certainly reconsider my plans to get a Class 2 certification with them. I was about to do that.
SimonKev: totally agree. Startcom is very clear that their basic certs are free and that additional services are payed for.
Ge0rGStartCom is adding a free angle to the whole CA extortion business.
Ge0rGI also like it how they provide an easy way to generate the private keys on their servers.
Simonyes - that took me by surprise too.
Ge0rGOn my paranoid IT-companies-run-by-Mossad list they range right before ICQ
Simonis happy with the free-for-opensource-certs from globalsign. (but wouldn't touch them if I had to pay)
TobiasSimon, why not?
SimonCan't believe we're still putzing around with CAs.
Ge0rGor with TLS
Simon(when IPSEC could solve a lot of this for us)
SimonBring back double-rot-13
Ge0rGthere is even a dedicated opcode on most CPU archs for double-rot13... on x86 it is 0x90
Simonone opcode up from the /dev/null acceleration unit?
dwdintosi, What amazes me is that StartCom charge for revocation on Class 2. I'd not realised that before.
intosiNeither did I until now.
intosiAssumptions, and mothers of something I guess.
dwdIn fairness, I only knew about the revocation charges because I'd stumbled on it before. I disagree that it was "clear up front", I don't think you're warned when you're getting the thing.
KevOK. I assumed it was clear, because you'd warned me.
intosiYou only find out about it if you read the FAQ, which is usually when you want to revoke.
Kev(Which is why I didn't use them in the end)
Kev(That and I felt more trust towards other CAs)
intosiIt's probably buried in the small print somewhere.
dwdI've only seen it in the FAQ, under "I made a mistake, can I get my certificate revoked?"
intosiThere is something in 4.9.1 of the policy.
intosi"Revocations of certificates may carry a handling fee"
KevOK. That's considerably less obvious than I'd assumed.
intosiThat footnote only applies to "The subscriber makes a request for revocation".
intosi"The subscriber’s key is suspected to be compromised;" doesn't have a (*)
ralphmintosi: I did know about this. They have to make money somehow, I suppose.
ralphmintosi: I wonder if they make an exception this time around, though
intosiSure. And for admin-fuckups, I agree.
intosiralphm: I contacted them, and they said no.
ralphmintosi: I am guessing they will back down on this later today
dwdralphm, Why? They'll make more money today than they'll have made the rest of the year.
intosiWhat dwd said.
intosiIt might lose them a few customers, but those will be mostly just the free-loaders.
ralphmdwd: depends. it might result in a PR disaster
intosiAnd perhaps some Class 2 customers who only just found out they are charged for revocation as well.
dwdintosi, Except you can't just walk away if you understand and care about security, so they'll pay the fee anyway.
ralphmsomeone suggested their CA cert should be revoked instead :-)
dwdI'd love to see the handling fee on that.
ralphm7am. I suppose I should get tonwork early today
intosiHave some bacon first.
dwdLast hotel I stayed at had unlimited free bacon thanks to my status.
dwdAs far as I could tell, despite some efforts on my behalf to find one, there was no AUP either.
ralphmThis hotel is pretty good *except* for breakfast. I never seen things so minimal.
dwdralphm, US business hotel?
intosiThey might charge you a revocation fee should you decide not to eat all your bacon.
ralphmdwd: no. I assume no chef and no dishwasher.
intosi(or if the vendor of your utensils found out it compromised the bacon)
ralphmdwd: the breakfast at Aloft is Royal, in comparision
ralphmintosi: the more retweets, the better, maybe
dwdralphm, What, really? That's really almost travelodgian.
ralphmdwd: plastic ware and no cheese or meats, no eggs, no whole fruits, dry croissants
ralphmThey do have a waffel maker, oddly enough
Tobiasintosi, any news on wiki.xmpp.org?
intosiTobias: nothing apart from "works if you allow your browser to remember the cookie for 180 days"
Tobiashow do i tell chrome to allow that :)
intosiWell, see the nifty checkbox on the login page?
intosiCheck that when logging in.
Tobiasyup..that works...thanks :)
intosiStill need to fix the issue though.
intosiBut having a workaround is good.
dwdBTW, Yahoo is apparently leaking passwords via Heartbleed on login.
KevI thought I pasted that in here a while back.
dwdOh, quite possibly.
MattJdwd, my favourite is the comments on the Ars Technica article... they posted it while their site was still vulnerable, and now users are posting comments on the article as each other using dumped session cookies
edhelaswe need to regenerate our XMPP certificates ? https://xmpp.net/ the certificates are still valid for my server
MattJedhelas, they may have been compromised though
MattJi.e. it may have been possible that someone downloaded your key file
Simondoes anyone know if gtalk.com can pass IQ messages?
Simonor am I being hit by some kind of rate limiting?
ralphmSimon: depends. Since May, many things are broken in this respect
ralphmLike that if the recipient has enabled hangouts, you might not even get iq responses
dwdOn reddit, somebody claims that OpenSSL.org was vulnerable two hours ago.
intosiThat's… odd. It's mostly down for me.
intosiAh, no, it's back again.
intosiAnd filippo.io agrees.
dwdintosi, I'm hearing that test is not reliable - it can give false positives.
SimonI recommend using http://possible.lv/tools/hb/
Ge0rGthat test does not retest already tetsted domains
dwdGe0rG, Ah, gotcha.
Ge0rGnot sure if the caching is browser- or server-side
Tobiasi wonder how fast banks are with their patching
dwdI've seen suggestions that some banks have been caught out.
SimonI'm avoiding logging into anything crucial today
Ge0rGlooks like my bank is safe.
dwdintosi, Lloyd: Ta for the re-tweet. Bit cheeky. I wonder if they'll reply.
ralphmdwd: given that they are based in Israel, probably not soon
dwdTrue, they're probably into their evening now.
dwdThe Ars Technica article's comments have a severe misunderstanding of PFS. Sadly, I think you could get at the DH parameters on the server, and that'd make EDH protected sessions pretty weak, wouldn't it?
xnyhpsdwd: I'd hope the server securely erases the EDH private key as soon as the handshake is done.
m&mxnyhps: you presume much
intosiSecurely erasing things costs cycles, while a simple free() is much cheaper.
intosiGuess which of the two many developers will choose?
xnyhpsI got far enough into the OpenSSL code to see that DH_free is doing something called "cleanse". But then I gave up.
KevIt doesn't just cost cycles, it's hard bordering on impossible, depending on platform.
Ge0rGthe other problem with securely erasing memory is: compilers. optimizing compilers. compilers optimizing away your write-before-free!
KevThat's what I alluded to with 'hard'.
Ge0rGoh, you might as well have referenced managed languages with immutable data types, which are impossible to clean up.
KevThat was the 'impossible' bit :)
m&mnevermind virtualized services
Ge0rGAnd what about storage on SSD?
intosiWell, any virtual memory.
Ge0rGintosi: any memory in a modern computer is virtual.
rbarnes has joined
MattJI've seen a couple of people saying that StartSSL have waived revocation fees now
MattJMaybe they're seeing the light
m&mprobably for today only, *IF* it's true
stpetertheir servers are probably overloaded
Kevintosi might appreciate a highlight, then.
rbarnes has left
rbarnes has joined
rbarnes has left
rbarnes has joined
rbarnes has left
dwdJust seen someone over in prosody@ say they've had an "Exceptionally revoked without fee" from them.
ralphmdwd: maybe someone just screwed up
ralphmthat said, how well do browsers even check revocation?
dwdralphm, Looked into this. Most pass-on-fail. Chromium and Chrome both seemed to be set to not check by default.
m&mnot checking is FAST
dwdBy "pass-on-fail", I mean if the OCSP server is down they'll just silently pass.
dwd[21:16:17] tribut: hah. for a second cert i just recieved a request for a paypal transfer. so not always free it seems. @ dwd, ben