pep.(Hopefully your client doesn't already convert what I just wrote)
alacerhas joined
pep.This "I want to change XHTML-IM" fashion is going really quick and I don't like that
Syndacehas joined
pep.I'm really curious as to what is going to come out of that new markdown-y spec. But I don't expect much
Valerianhas left
Valerianhas joined
Ge0rGhas left
Zashpep.: People will run a random markdown js lib over stuff, and there'll be a high chance that they pick one that defaults to passing html trough and then we're back at square 1
pep.Certainly
pep./popcorn
pep.And we would have lost a few weeks for nothing
pep.Weeks of talking, months of incompatibilities, yeras of ranting
pep.Weeks of talking, months of incompatibilities, years of ranting
pep.Weeks of talking, months of ranting, years of incompatibilities
pep.Or are we ever really done ranting
lskdjfhas joined
Valerianhas left
Ge0rGhas left
Tobiashas joined
Zashpep.: When we die
Syndacehas joined
lskdjfhas joined
lskdjfhas joined
Ge0rGhas left
lovetoxhas left
Guushas left
la|r|mahas left
la|r|mahas joined
danielhas left
Guushas joined
Ge0rGhas left
Guushas left
Guushas joined
Guushas left
Guushas joined
Ge0rGhas left
Guushas left
lumihas left
alacerhas joined
Guushas joined
Guushas left
Guushas joined
stefandxmhas left
alacerhas joined
Ge0rGhas left
nycohas left
nycohas joined
Valerianhas joined
Ge0rGhas left
moparisthebestJust for Zash I'll write a bot with a dead mans switch to rant in here after I die
alacerhas joined
Ge0rGhas left
ralphmhas left
danielhas left
danielhas joined
Guushas left
Guushas joined
danielhas left
alacerhas joined
jerehas left
danielhas joined
Ge0rGhas left
Ge0rGhas left
jerehas joined
tuxhas joined
jjrhhas left
jjrhhas left
Syndacehas left
Syndacehas joined
stefandxmhas joined
Ge0rGhas left
jjrhhas left
jjrhhas left
stefandxmhas left
Ge0rGhas left
jabberatdemohas joined
SamWhitedhas left
jabberatdemohas left
Ge0rGhas left
Ge0rGhas left
danielhas left
uchas joined
danielhas left
Ge0rGhas left
danielhas joined
Ge0rGhas joined
uchas joined
alacerhas joined
stefandxmhas joined
Ge0rGhas left
Ge0rGhas left
Valerianhas left
Valerianhas joined
danielhas left
Guushas left
ThurahThas left
stefandxmhas left
ThurahThas joined
Valerianhas left
Ge0rGhas left
danielhas joined
Valerianhas joined
danielhas left
Ge0rGhas left
Guushas joined
sonnyhas left
Guushas left
Guushas joined
Ge0rGhas left
Ge0rGhas left
Ge0rGhas left
danielhas left
Valerianhas left
waqashas left
zinidhas left
zinidhas joined
Guushas left
Guushas joined
jubalhhas joined
jubalhhas left
Ge0rGhas left
uchas joined
alacerhas left
alacerhas joined
Ge0rGhas left
Ge0rGhas left
stefandxmhas joined
valohas joined
jubalhhas joined
Ge0rGhas left
stefandxmhas left
Ge0rGhas left
jubalhhas left
la|r|mahas left
la|r|mahas joined
Ge0rGhas left
archas joined
danielhas left
archas left
archas joined
Tobiashas joined
archas left
archas joined
Ge0rGhas left
Tobiashas joined
alacerhas joined
Ge0rGhas left
Syndacehas joined
Syndacehas joined
tuxhas joined
SouLhas left
Ge0rGhas left
zinidhas left
emxphas joined
emxphas left
emxphas joined
stefandxmhas joined
lovetoxhas joined
lovetoxhas left
Ge0rGhas left
stefandxmhas left
archas left
ralphmhas left
archas joined
Ge0rGhas left
emxphas left
emxphas joined
uchas joined
ralphmhas joined
archas left
archas joined
jubalhhas joined
tim@boese-ban.dehas left
Ge0rGhas left
archas left
tim@boese-ban.dehas joined
remkohas joined
Ge0rGhas left
jubalhhas left
alacerhas joined
uchas joined
archas joined
Syndacehas joined
Ge0rGhas left
Tobiashas joined
Tobiashas joined
remkohas joined
archas left
remkohas joined
archas joined
lskdjfhas joined
Tobiashas joined
Ge0rGhas left
Tobiashas joined
efrithas joined
archas left
archas joined
stefandxmhas joined
archas left
archas joined
remkohas joined
Ge0rGhas left
archas left
archas joined
alacerhas joined
archas left
archas joined
Ge0rGhas left
Flowhas joined
archas left
archas joined
dwdhas left
Tobiashas joined
archas left
archas joined
dwdhas left
remkohas joined
Ge0rGhas left
Guushas left
alacerhas joined
archas left
archas joined
FlowZash: I'm not sure if that most "markup to HTML" converter libs would pass html trough, but I could be wrong. On the other hand: The whole stackexchange network, and things like discourse, are facing the same situation, and I've never heard that either of them was vulnerable to malicious HTML injection
ZashFlow: Pick the first markdown library you can find and try?
FlowZash: Is that challenging me to do a evaluation of the situation or so that I see the very first lib I pick failing? ;)
ZashSince the original implementation does html passthough, I suspect it to be highly likely that it be the default.
FlowOk, but then what do all the sites displaying HTML generated from CommonMark do?
ZashEven pandoc, the glorious saviour of all markup, defaults to html right through
archas left
FlowIs it probably more a matter of unsafe defaults?
archas joined
efrithas left
ZashDefaults matter.
alacerhas joined
FlowCourse
Flowhttps://github.com/commonmark/cmark#security
remkohas joined
Flowby default we will do the unsafe thing because convenience
pep.Yay
archas left
archas joined
ZashIf we could just invent some sufficiently complicated to get wrong XML format...
alacerhas joined
Ge0rGhas left
archas left
archas joined
jubalhhas joined
Flowdwd: does xep388 <failure/> have a way to tell the client to try it with a different SASL mech again? Or do we even have that in the standard SASL profile? asking because of ISR
dwdFlow, ISR has - hopefully - nothing to do with that. Either you're authenticated or not, and if you're authenticated ISR will either succeed or not.
goffihas joined
nycohas left
nycohas joined
Flowdwd: whut? the idea has always been that ISR is used to authenticate the resumption
archas left
archas joined
dwdFlow, But also, no. I'm not sure what would trigger that. The user exists but authentication failed? That case is normally treated equally to the user not existing for security reasons.
Ge0rGhas left
Flowdwd: caused by the service, for some reason, "forgetting" the isr token, e.g. because of a restart
Flowi.e. a fallback to "full" SASL auth, instead of lightweight ISR auth
dwdFlow, So you're advocating a user enumeration attack? :-)
dwdISR is not, and must not be, authentication. We went through this I don't know how many times.
ZashDoes the token contain the username?
Flowdwd: It's authenticating the stream resumption, I don't know how many times we went through this
FlowZash, no
archas left
dwdFlow, ISR is just '198 resumption but as a '388 extension, right? The authentication happens within a normal SASL mechanism. You've proposed HT-* for this purpose, but one could use anything.
archas joined
dwdFlow, So ISR+SCRAM is valid (just more round-trips). But also ISR+EXTERNAL, which is entirely reasonable.
Flowsure, but ISR alone is also an option
dwdNo, it isn't. I'm very sure we had this argument before. If you make ISR an authentication mechanism in its own right it should not be conducted within the XSF.
Flowalso, I don't see how one could do ISR + another SASL mech, after xep388 moved away from multi SASL mechs to 'tasks'
dwdWell, because ISR isn't a SASL mech to begin with.
Flowbut SASL-HT is
Flowand ISR is based on it
dwdSure. But HT-* is *just* a SASL mechanism that you *could* use with ISR, surely?
Flowso it's SASL-HT+SCRAM what you are suggesting
Flowdwd: no
dwdWell, then, the design is wrong.
FlowI don't think so, but please elaborate
Syndacehas left
dwdFlow, If you can't use resume a session when authenticating using, say, EXTERNAL, the design is clearly wrong.
archas left
dwdSince EXTERNAL is relying on (for example) a TLS certificate or session resumption, and HT-* is weaker, then by *allowing* HT-* you're weakening security.
Flowwell that was possible until you switched xep388 from chained SASL mechs to tasks
dwdNo, that's rubbish.
FlowI'd say tha just HT-* is sufficently secure for some deployments, but if you want to use HT-* with a strong mech, then it should be possible to do this
Ge0rGhas left
archas joined
dwdThat does not make sense. HT-* *is* a SASL mechanism.
dwdSo why would you need to use it *with* anything else?
FlowThe initial idea of our SASL2 was to make it possible to chain multiple SASL mechs
dwdNo it wasn't. I know this because the initial idea was mine.
Flowmaybe your idea was different, but the first versions of SASL2 did make it possible to chain SASL mechs
dwdThe idea was to have an extensible SASL profile that could have secondary authentication includedm like 2FA. I thought (wrongly) these oculd be modelled as SASL mechanisms.
Flowand I still think they should be
Flowbut that's mostly unrelaeted to this discussion I think
dwdWell, I tried it, and they can't.
Flowwell maybe a sample of one is not enough
archas left
jubalhhas joined
archas joined
Flowbut back to the topic: ISR is now based on SASL HT-*, and if xep388 doesn't allow chained SASL mechs (maybe additional to tasks), then it's ISR with HT-*, or standard SM resumption without SASL HT-*
dwdWell, that's rather my point - no it isn't. There's no reason why ISR needs to be tied to HT-*.
Flowthe only other mechanism suitable is probably EXTERNAL
FlowI don't see the point in ISR + SCRAM
Flowbecasue then you could do simply standard SM resumption and SCRAM
dwdSure. But ISR+SCRAM will be substantially fewer round-trips.
dwdJust one more, actually, than ISR+HT-*.
Flowand I doubt if ISR+HT-* is substantially weaker then ISR+EXTERNAL
Flowor any other mech
dwdFlow, You're deluded if you think that's the case.
FlowIf the lifetime of the hashed token is limited?
dwdHT-* is, at its core, just a hash of a plaintext token held on the server in the clear. That immediately means an attacker can obtain that token and use it, potentially.
archas left
archas joined
dwdThat's not a bad thing, because we can mitigate that with limited lifetime etc. But to think it offers the same level of security as a client certificate is really not right at all.
FlowI think everything is off as soon as an attacker is able to obtain things from the service
Zashdwd: an attacker with access to server internals?
Flowof course, you could argue that an attacker possibly has only access to some server internals and so
dwdZash, an attacker with access to the database, probably. Typical breach. And yes, you could handwave over keeping the tokens out of persistent storage etc.
FlowI hope that no one stores the HT-* in a database, should be small enough to hold it in memory
jonaswclustering?
Flowand probably something I should write into the I-D
jonaswsomebody will do that
Flowjonasw, clustering doesn't automatically mean that you have to store the token in a db
Ge0rGhas left
Flowbut of course, somebody will do something unreasonable
jonaswsure, but it may be the convenient choice
Flowdamn you, convenience
dwdFlow, But anyway, the point is that if ISR works with *any* SASL mechanism in principle, then if HT-* is a problem we just use something else.
Flowdwd, sorry didn't get the last part
FlowIf i'm not mistaken nothing in the current ISR ProtoXEP currently limits the mech to HT-*
dwdWell, we need to fix that then.
tuxhas joined
Flowbut of course, it's written with HT-* in mind
Flowdwd, fix what?
FlowI'm currently more worried how much more complex the SASL2-ISR combination is, compared to my initial ISR ProtoXEP…
jonaswhow many round-trips does ISR save if you use any other SASL mechanism?
FlowAltough I believe in Holger to implement any complex beast in ejabberd :)
jonaswi.e. what’s the difference to just resuming in that case?
Flowjonasw, IIRC 1 round-trip
Flowbut I haven't counted recently
Kevhas left
stefandxmhas left
archas left
archas joined
Syndacehas left
remkohas joined
archas left
archas joined
Ge0rGhas left
uchas joined
archas left
archas joined
mimi89999has joined
alacerhas joined
Guushas joined
jubalhhas left
Guushas left
archas left
Guushas joined
archas joined
Ge0rGhas left
Guushas left
Guushas joined
Guushas left
Guushas joined
Flowdwd, I think we talked past each other, for most of the time. Which made us didn't talk about what should happen if HT-* failes because of an experied token (my initial question). In that sense, it is probably different than most SASL mechs, in the sense that you could fallback to another SASL mech
archas left
Tobiashas joined
archas joined
alacerhas joined
tuxhas joined
lumihas joined
stefandxmhas joined
remkohas joined
alacerhas joined
Ge0rGhas left
Flowprably the simplest approach would be "client knows that he just did a HT-* auth that failed, so let's retry (possible on a new connection) e.g. SCRAM"
jerehas left
jerehas joined
Syndacehas left
KevFWIW, I think dwd's right about just about everything above.
Ge0rGhas left
Flowsure, was mostly a misunderstanding what ISR+SASL-MECH means. He was talking about using ISR with SASL-MECH, and I was talking about using ISR with SASL HT-* and SASL-MECH chained
remkohas joined
alacerhas joined
Ge0rGhas left
archas left
archas joined
archas left
alacerhas left
archas joined
Syndacehas joined
Syndacehas joined
archas left
alacerhas joined
archas joined
Syndacehas joined
waqashas joined
Syndacehas joined
ralphmhas left
tuxhas joined
efrithas joined
lovetoxhas joined
Ge0rGhas left
uchas joined
remkohas joined
archas left
archas joined
remkohas joined
la|r|mahas joined
alacerhas left
Guushas left
tuxhas joined
Kevhas left
Kevhas left
la|r|mahas left
la|r|mahas joined
intosihas joined
mimi89999has left
lskdjfhas left
lskdjfhas left
goffihas left
goffihas joined
dwdhas left
dwdhas left
alacerhas joined
ralphmhas joined
Guushas left
Guushas joined
Guushas left
Guushas joined
Guushas left
Guushas joined
Guushas left
Guushas joined
Guushas left
Guushas joined
Guushas left
ralphmhas left
remkohas joined
Valerianhas joined
Guushas joined
Guushas left
remkohas joined
alacerhas joined
SamWhitedhas left
alacerhas joined
danielhas left
Guushas joined
Tobiashas joined
Guushas left
jerehas left
jerehas joined
Guushas joined
archas left
archas joined
Guushas left
Guushas joined
Tobiashas joined
archas left
archas joined
uchas left
valohas joined
remkohas joined
Tobiashas joined
danielhas left
danielhas joined
Tobiashas joined
danielhas left
danielhas joined
Valerianhas left
danielhas left
danielhas joined
lskdjfhas left
lskdjfhas left
alacerhas joined
efrithas left
lskdjfhas left
stefandxmhas left
remkohas joined
efrithas joined
lskdjfhas left
danielhas left
lskdjfhas left
jubalhhas joined
efrithas left
Valerianhas joined
efrithas joined
mimi89999has joined
alacerhas joined
alacerhas left
alacerhas joined
efrithas left
archas left
archas joined
intosihas joined
archas left
archas joined
alacerhas left
Kevhas left
remkohas joined
stefandxmhas joined
lskdjfhas joined
efrithas joined
intosihas left
lskdjfhas left
ralphmhas joined
intosihas joined
lskdjfhas left
Guushas left
jubalhhas left
lskdjfhas left
archas left
archas joined
SamWhitedhas left
remkohas joined
archas left
archas joined
lskdjfhas joined
archas left
archas joined
danielhas joined
lskdjfhas left
archas left
Guushas joined
lskdjfhas left
sezuanhas joined
archas joined
danielhas left
Guushas left
Guushas joined
Guushas left
Guushas joined
danielhas joined
Syndacehas joined
Guushas left
lskdjfhas joined
jubalhhas joined
remkohas joined
danielhas left
lskdjfhas left
Guushas joined
sezuanhas left
lskdjfhas left
Guushas left
Guushas joined
sezuanhas joined
lovetoxhas left
lovetoxhas joined
Valerianhas left
Valerianhas joined
jubalhhas left
danielhas joined
Guushas left
Guushas joined
lskdjfhas joined
Guushas left
waqashas left
Guushas joined
Guushas left
jubalhhas joined
alacerhas joined
Guushas joined
Guushas left
valohas joined
remkohas joined
intosihas joined
dwdhas left
jubalhhas left
Guushas joined
alacerhas joined
archas left
dwdhas left
archas joined
Guushas left
danielhas left
archas left
danielhas joined
archas joined
Tobiashas joined
Guushas joined
archas left
archas joined
archas left
archas joined
Guushas left
remkohas joined
jubalhhas joined
dwdhas left
dwdhas left
dwdhas left
dwdhas left
mimi89999has left
dwdhas left
dwdhas left
intosihas joined
dwdhas left
dwdhas left
efrithas left
remkohas joined
efrithas joined
jubalhhas left
sonnyhas joined
Flowhas left
archas left
archas joined
pep.hmm, I was wondering about Consistent Color Generation. I remember we were talking about XHTML-IM styles/colors the other day, I suppose it's the same issue here? edhelas
pep.(i.e., doesn't fit in the color theme)
intosihas left
Guushas joined
intosihas joined
mark.erdhas joined
remkohas joined
mark.erdhas left
mark.erdhas joined
goffihas left
archas left
archas joined
Guushas left
mark.erdhas left
mark.erdhas joined
archas left
archas joined
intosihas left
mark.erdhas left
archas left
lumihas left
Guushas joined
jjrhhas left
archas joined
Guushas left
Guushas joined
archas left
archas joined
remkohas joined
Guushas left
Guushas joined
archas left
archas joined
ralphmhas left
intosihas joined
tuxhas joined
Syndacehas left
Tobiashas joined
emxphas joined
jjrhhas left
edhelasis there a place where I can find a proper way to detect if a JID is valid or not ?
Guushas left
Guushas joined
mathieuithe RFC? :p
pep.https://tools.ietf.org/html/rfc7564
dwdhas left
pep.I don't know of tools doing that
edhelassure, but is there some nice PRECIS/regex thing that I can reuse ?
pep.I don't think it's a one regex job :x
pep.But I've never ever read it. Maybe implementations have examples
pep.But I've neven ever read it. Maybe implementations have examples
edhelashttps://github.com/movim/movim/issues/492 got that, don't know how to fix it
pep.But I've never even read it. Maybe implementations have examples
Valerianhas left
pep.I think I linked a lib doing PRECIS in php the other day
pep.https://github.com/tom--/precis I don't know how compliant that is though
dwdhas left
dwdhas left
tim@boese-ban.dehas joined
dwdhas left
dwdhas left
sezuanhas left
dwdhas left
Kevhas left
dwdhas left
Valerianhas joined
uchas joined
dwdhas left
edhelashas left
edhelashas joined
dwdhas left
dwdhas left
intosihas left
dwdhas left
debaclehas joined
efrithas left
intosihas joined
intosihas left
efrithas joined
jubalhhas joined
mimi89999has joined
intosihas joined
Guushas left
intosihas left
Guushas joined
Guushas left
Guushas joined
jerehas left
zinidhas left
archas left
archas joined
danielhas left
danielhas joined
Guushas left
Guushas joined
jubalhhas left
Guushas left
jubalhhas joined
lovetoxhas left
Guushas joined
intosihas joined
remkohas joined
sonnyhas left
sonnyhas joined
intosihas left
Guushas left
Guushas joined
Valerianhas left
Valerianhas joined
Steve Killehas left
Guushas left
Steve Killehas left
Guushas joined
dwdhas left
remkohas joined
Guushas left
Guushas joined
Valerianhas left
dwdhas left
tuxhas left
tuxhas joined
Valerianhas joined
archas left
archas joined
archas left
archas joined
dwdhas left
dwdhas left
archas left
danielhas left
danielhas joined
archas joined
dwdhas left
dwdhas left
dwdhas left
lskdjfedhelas, why would a client need to validate jids (perfectly)? the client would only need to forward everything to the server and let the validation be done there. There is the point that it might be convinient to show a user that what they are doing definitly won't work, but that check mainly should not have false negatives - false positives aren't so bad because the server will detect them. so in practice .+@.+ should work fine...
dwdhas left
dwdhas left
dwdhas left
dwdhas left
dwdhas left
remkohas joined
dwdhas left
archas left
archas joined
dwdhas left
Syndacehas joined
dwdhas left
dwdhas left
dwdhas left
Guushas left
Guushas joined
SamWhitededhelas: I've got a validator you can use somewhere if you still need one. I'll seems it your way when I'm next at my desk.