XSF Discussion - 2017-09-23

  1. Guus

    Ge0rG: sorry to disappoint you. 😉

  2. jonasw

    Ge0rG, I also strongly had the impression that the Opportunistic TLS term is wrong

  3. jonasw

    but then I looked at wikipedia, and following the wikipedia definition it seems to be right

  4. jonasw

    it just isn’t what it is used for everywhere else, from my perception

  5. Kev

    Opportunistic TLS is using TLS whenever it's available, and not caring about authentication.

  6. jonasw

    pretty much, yes

  7. jonasw

    at least that’s my understanding of it

  8. jonasw

    which is why I think that term is massively incorrect and misleading for XMPP.

  9. Guus

    "Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. "

  10. jonasw

    Guus, that’s the wikipedia definition, I don’t think wikipedia is necessarily right in those matters.

  11. jonasw

    I’ve been in the SMTP community for quite some time, and there the term Opportunistic TLS definitely refers to "we just do STARTTLS if available and don’t care about authn"

  12. Guus

    Please fix Wikipedia then. :)

  13. Guus

    on a completely different subject: our domain is having trouble doing s2s to both jabber.org as well as xmpp.org

  14. Guus

    did something chagne there/

  15. Guus

    can someone help me debug on that end what's going on?

  16. Flow

    What Kev said plus that you continue without TLS in case it's not available (at least that's my understanding)

  17. jonasw

    Flow, indeed

  18. Flow

    So a xmpp client library set to "TLS required" performing STARTTLS successfully would not be "Opportunistic TLS"

  19. jonasw

    indeed

  20. Flow

    I don't that's bike shedding, after all, there seems to be some confusion about what it is

  21. jonasw

    I agree

  22. Flow

    jonasw: :)

  23. jonasw

    and given what Opportunistic TLS means in e.g. SMTP context, I think it would be *very* bad to have that tacked on XMPP

  24. Flow

    and somebody should clarify it on wikipedia

  25. jonasw

    agreed

  26. jonasw

    hard to find reliable sources though

  27. Flow

    well psa gave some references to RFCs

  28. Flow

    I'd possibly do some wikipedia editing myself

  29. Flow

    but after i've mowed the lawn

  30. jonasw

    > Most SMTP clients will then send the email and possibly passwords in plain text, often with no notification to the user. In particular, many SMTP connections occur between mail servers, where user notification is not practical.

  31. jonasw

    that sentence from the article is also highly misleading

  32. moparisthebest

    I think we keep calling it STARTLS and just explicitly link to that part of the xmpp rfc

  33. moparisthebest

    That seems like it would prevent any confusion?

  34. moparisthebest

    https://xmpp.org/rfcs/rfc3920.html#tls

  35. moparisthebest

    Any Dev reading xep368 will know that and it uses STARTLS

  36. Flow

    moparisthebest: did you just use the old RFC on purpose?

  37. tux

    Maybe servers should deliver old RFCs only after filling out at least two paragraphs on why the download is necessary. Or a quiz about relevant content of the updating RFC.

  38. moparisthebest

    Flow: no just first search result :)