-
edhelas
that's what my mom told me yes
-
Guus
That CFE that was issued for XEP-0368 got me thinking about multiplexing services, using the ALPN TLS extension.
-
Guus
I'm new to this, so if I'm asking silly questions, feel free to point that out
-
Zash
That's all silly
-
Guus
(please wait until I've actually started questions)
-
Guus
can we multiplex Direct TLS and STARTTLS somehow?
-
Zash
In theory
-
Guus
as the latter doesn't start out as a TLS connection, I'm assuming ALPN isn't usable there?
-
Zash
More like redundant, like SNI
-
zinid
sni is redundant?
-
Guus
I don't get that last statement
-
Zash
I'm somewhat anti all those things. As I see it, all it does is move stuff into the TLS library.
-
Guus
second question: if we'd add BOSH to the multiplexing-mix, would that need a new ALPN protocol ID, or use one of the HTTP-ones? The latter would prevent multiplexing with another (non-XMPP) webservice, right?
-
Zash
XMPP, HTTP, TLS are all fairly easily identifiable from the first few bytes, so they can be multiplexed
-
Guus
third question for Zash: if not use SNI / ALPN, what's the alternative for multiplexing protocols (and hosts) on one port?
-
Guus
with existing tooling?
-
Zash
Prosody does it just fine, except TLS and STARTTLS can't be on the same port.
-
Zash
Duno if there are other tools
-
Holger
TCPMUX on Port 1!
-
Holger
https://en.wikipedia.org/wiki/TCP_Port_Service_Multiplexer
-
Holger
Guus: There's sslh, for example: http://www.rutschle.net/tech/sslh.shtml
-
Zash
Holger: Yeah, now we get TLSMUX on port 443 instead. All this has happened before etc.
-
Ge0rG
History is repeating itself.
-
zinid
you cannot offload TLS efficiently with starttls
-
Zash
Because?
-
zinid
because how?
-
SouL
Has anyone used http://tsung.erlang-projects.org/1/01/about/?
-
zinid
Zash: will you write your own balancer understanding starttls?
-
Zash
Is it really that hard?
-
zinid
Zash: writing haproxy or nginx?
-
Zash
zinid: I did that once, FWIW.
-
zinid
I think yes, it's hard
-
zinid
nobody interested in your handmade toys
-
zinid
SouL: I used tsung a lot of course
-
Zash
Hrrr
-
Zash
Doesn't nginx have starttls for its email things?
-
Zash
And didn't that Fastmail guy add XMPP support to nginx?
-
zinid
so you will use SMTP STARTTLS for XMPP STARTTLS?
-
zinid
if "add support" means writing shitty patch, then yes, he did
-
Zash
I don't think I want to hear this argument agaidn
-
zinid
what do you want to here?
-
zinid
nginx out of the box doesn't support xmpp starttls
-
zinid
also, some guys prefer haproxy
-
zinid
they will not change it only because of xmpp starttls
-
Guus
second question: if we'd add BOSH to the multiplexing-mix, would that need a new ALPN protocol ID, or use one of the HTTP-ones? The latter would prevent multiplexing with another (non-XMPP) webservice, right?
-
Ge0rG
I'd say bosh is http
-
jonasw
Guus, I thnik you’d multiplex based on the requested resource then
-
jonasw
layer 7 routing etc.
-
Guus
that makes sense
-
Zash
Did ALPN allow the client to set multiple types?
-
Guus
I like how you talk in the past tense :)
-
Guus
(and: I don't know)
-
Zash
Looks like it does. > "ProtocolNameList" contains the list of protocols advertised by the > client, in descending order of preference.
-
Zash
So, registering bosh wouldn't be too crazy.
-
stefandxm
is there any "larger" collective of error-messages than the one in xmpp core?
-
stefandxm
i am thinking now we get a lot of extended error codes that could probably be more generic if they were not in core.
-
stefandxm
so then maybe it already exists :)
-
SamWhited
Ge0rG: I was thinking more about tying message attaching to XEP-0359 IDs. I'm not sure that it gets us all that much anymore, because you have to support attaching by origin ID and by IDs set by the server, which feels just as weird as attaching based on the id attribute which may or may not exist.
-
Ge0rG
Yeah, non-mandatory non-unique IDs are what brought us into the trouble
-
SamWhited
I'm not actually a fan of having two different entities that can set IDs either.
-
Ge0rG
Two entities, three kinds of IDs. What could go wrong?
-
Ge0rG
Oh, all of them are optional.
-
jonasw
hm, right, you couldn’t attach something on a message without ID :/
-
jonasw
you can’t use the MAM ID anyways, thinking of it, because other clients don’t know it
-
Ge0rG
maybe it would be useful to enforce origin-id == message-id.
-
jonasw
interesting idea
-
jonasw
bring that up on standards@
-
Ge0rG
There seems to be no discussion of that XEP on standards at all.
-
Ge0rG
oh, nevermind. my filter-fu is bad
-
SamWhited
Why even have origin-id at that point? Clients could just set message-id
-
Ge0rG
because message-ids are not guaranteed to be unique, random or even present
-
SamWhited
I don't follow. If you're going to say in the spec "set both of these to the same thing and make it unique and random" why not just say "set the message-id and make sure it's unique and random"
-
SamWhited
?
-
Ge0rG
SamWhited: because as a receiving entity, you don't know the rules that the sender used to generate the ID
-
SamWhited
Sure you do, they say they support stanza-id in their disco
-
MattJ
Right, that's why it exists
-
SamWhited
Actually, no, I lied
-
MattJ
and yes, it's optional, but I think it's fine for a XEP to fail gracefully on that
-
SamWhited
You're getting stuff from a MAM archive, and the client that sent it originally is online… you don't have the disco info for context.
-
SamWhited
is offline, even.
-
MattJ
You don't need disco, just the element existing or not
-
Ge0rG
MattJ: only if there is an origin-id in the message.
-
SamWhited
MattJ: I was suggesting the element didn't need to exist (if you're going to set it in both places, just use the id attr), but I was confused, that doesn't provide enough context.
-
MattJ
Oh right, yeah, you can't rely on that
-
SamWhited
So yah, I agree, if you're going to support stanza-id forcing the origin-id and the id attr to be the same sounds sensible to me.
-
MattJ
Also some servers think it's ok to modify that whenever they want anyway :)
-
Ge0rG
Yeah.
-
Ge0rG
But then the value of message-id doesn't matter anyway.
-
Ge0rG
And other servers (transports) tend to remove XML payload from MUC messages.
-
SamWhited
It matters for things that don't support stanza-id
-
Ge0rG
So we are fu... doomed anyway.
-
SamWhited
This doesn't "fix" anything, it just makes things slightly more consistent at the cost of a tiny bit of weird useless duplication
-
fippo
has anyone running a public server ever tried to run yahoos open_nsfw image classifier on the avatar data?
-
fippo
(you can probably guess what this classifier does)
-
Ge0rG
Hey that's funny. I've read the "Opportunistic TLS" proposal, then thought the term isn't correct, then thought that would be bike shedding. And now that exact discussion has happened anyway.
-
moparisthebest
Guus: yes I use sslh to multiplex everything