MattJ yup. But I'd also like to generalize to pretty much everything we have in XMPP
Guushas left
Guushas left
moparisthebesthas joined
goffi
daniel: just seen that conversations enable OMEMO by default, what happens if the other client doesn't implement it?
jonasw
for those of us who implement/implemented voice calls: http://oaktrust.library.tamu.edu/handle/1969.1/ETD-TAMU-2011-05-9116
Guushas left
mimi89999has joined
fippo
jonasw: how does that compare to opus with CBR? (something the wire folks contributed back to the webrtc.org lib)?
Guushas left
jonasw
fippo, I have no idea
jonasw
someone who may work on jingle voice in jabbercat has researched that stuff
jonasw
kudos to them for even thinking about timing sidechannels
jonasw
(and with research I mean "looked for papers", not "written that paper")
ralphmhas left
ralphmhas joined
Guushas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas left
daniel
> https://gultsch.de/ daniel s/in moving/is moving/
pep.: thanks
ralphmhas joined
Guushas left
Guushas left
Guushas left
j.rhas joined
ralphmhas left
ralphmhas joined
Dave Cridlandhas left
danielhas left
Guushas left
danielhas left
danielhas left
rtq3has joined
ludohas joined
goffi
daniel: ^
daniel
?
goffi
[07:33][goffi] daniel: just seen that conversations enable OMEMO by default, what happens if the other client doesn't implement it?
daniel
it wont be able to decrypt the message
goffi
daniel: conversations won't send it unencrypted then?
daniel
not by default
daniel
you can of course switch to unencrypted manually
goffi
daniel: you have a warning or something obvious so people know how to do it?
Dave Cridlandhas left
daniel
nope
daniel
(unless you don't publish any keys at all)
goffi
looks like you're breaking compatibility
ludohas joined
Zash
And keys are published by ... default ?
rtq3has left
rtq3has joined
SaltyBoneshas left
flow
goffi, i'd say it impedes communication with certain clients, not really a compatiblity issue
Dave Cridlandhas left
flow
I wonder if the situation could be improved a bit if the receiving client informs the sending that he doesn't the support the encryption mechanism, possibly based on EME
flow
Is there a way to send outgoing messages from the bare JID to conceal the resource?
daniel
flow, well detection is not really the issue. downgrade attacks are
flow
daniel, how do you detect it (reliable)?
goffi
flow: OMEMO is experimental, not an official standard yet. It's forcing it's use except if user change default which is not obvious to apparently. So yes it's breaking compatibility. Popular clients like Movim are not implementing it. It sounds like a terrible idea to me.
daniel
or let me repharse; we have mechanism that would allow us to detect under certain conditions; however that doesn't seem like a problem worth solving because downgrades
flow
daniel, I can see how that way is appealing from a pragmatic pratical point of view, i'm mostly interested thinking about potential solutions how a modular/extensible federated network could deal with multiple encryption schemes with minimal interoperability issues
daniel
flow: well because of the +notify thing in the Disco features we do know if a client supports omemo
daniel
If we can access disco
daniel
Speaking from a purely technical perspective
daniel
Assuming the other one is online and has presence subscription
MattJ
I was going to say that still allows a server MITM to strip that feature from disco
MattJ
But then a server may also unpublish keys
flow
MattJ, not if you always unconditional send omemo
Guushas left
flow
not sure what conversation's omemo-by-default does
MattJ
if you've communicated before?
daniel
MattJ, of course. that's why i'm not doing this
ludohas left
la|r|mahas joined
flow
daniel: is there a knob to turn off omemo-by-default?
danielhas left
daniel
not yet. i'm still on the fence whether this is a good idea
SaltyBoneshas joined
flow
daniel, so just to make sure I understand: If there is no such knob, I won't be able to communicate with someone using conversations if I use a client which does not support omemo?
jonasw
(and you have ever published keys)
jonasw
(which conversations does by default)
daniel
oh sorry. currently you can turn it off on a per conversation basis
daniel
the encryption/lock icon doesn't go away
daniel
just omemo is selected as default instead of none
flow
daniel, if the remote has published omemo keys, or always?
daniel
there isn't a app wide button to change the default for all conversations
daniel
flow, always
jonasw
what
Guushas left
rionhas joined
jonasw
so how do you send encrypted messages if the remote hasn’t published keys?
flow
ahh ok, so a common flow would be that converstations send an omemo message, recipient replies "sorry, no can do", conversation user turns off omemo for that conversation
daniel
it will pop up the error dialog that it can't find keys
flow
that flow will always be possible?
jonasw
m(
Fabianhas joined
daniel
> ahh ok, so a common flow would be that converstations send an omemo message, recipient replies "sorry, no can do", conversation user turns off omemo for that conversation
that's how i imagine it. yes
jonasw
I’m really looking forward explaining to family how to that
flow
I think I could life with that
jonasw
that class of family for whom conversations is "ohhhh, you mean that thing on my phone"
goffi
daniel: does use need to do that on each new discussion with the same user ?
goffi
user*
flow
but on the other hand, that also allows for downgrade attacks
goffi
daniel: does user needs to do that on each new discussion with the same recipient ?
daniel
like i said; it's only about changing the defaults
daniel
not about forcing omemo
jonasw
alternatively, I’ll make our MUCs non-members-only
jonasw
that should do the trick too
Guushas left
daniel
goffi, no conversations are persistent across the life span of the app
mrdoctorwhohas left
mrdoctorwhohas left
daniel
there is no such thing as a 'new discussion'
jonasw
my understanding was that omemo would only be enabled when conversations was able to discover keys for all participants, which I could agree to. but this is really, really bad.
goffi
OK, that's better than I imagined
mrdoctorwhohas joined
goffi
but I'm still worried that it's not obvious to change as you said previously. And what if recipient use OX instead? I personnaly prefer OX over OMEMO
daniel
lol
goffi
lol?
daniel
we can think about that when people have implemented ox
flow
true
Guushas left
daniel
I feel like I'm repeating myself. But the change is just about the default. So if previously a lot of people had to tell their contacts to _enable_ omemo for a specific conversation some other people now have to tell their contacts to disable omemo
daniel
And my argument is that outside the xmpp developer bubble a lot less people now have to ask their friends to change that
Guushas left
jonasw
daniel, I don’t see why you would default to enabling omemo if the contact not even has keys published
Andrew Nenakhovhas joined
goffi
The recipient may not even know that there is a message
Guushas left
Dave Cridlandhas left
goffi
then "you have to disable OMEMO" "How?" "I have not idea"
goffi
no*
daniel
wait. you don't implement eme? :-)
goffi
clients not implementing OMEMO may definitely not implement eme indeed (which is not more standard than OMEMO by the way).
daniel
Conversations will add a clear text body if it detects the other party has at least one client online that doesn't support omemo
daniel
i was kidding about the eme
daniel
i'm not a fan of eme
daniel
for exactly that reason
daniel
bad clients don't implement it
daniel
good clients probably have the encryption anyway
goffi
daniel: it's not a question of bad or good, it's a question of priorities, which may differs from yours.
Guushas left
goffi
I have not implemented eme and I'm planning to, but Pubsub and blog stuff are more important to me.
goffi
and we are not all full time devs. Thanks to avoid insulting client developers.
lskdjfhas joined
Guushas left
edhelas
daniel there's no bad or good clients, Pidgin supports OMEMO, it's a good XMPP client for you ?
MattJ
daniel, what is the error dialog like when there are no keys? Does give an option to disable OMEMO for that contact?
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
daniel
MattJ, not yet. but there will be one if you previously haven't successfully send an omemo message
MattJ
That would be great
Ge0rG
OMEMO used to be a little UX nightmare. Now it has become the doom of Conversations :>
MattJ
I'm in favour of increasing security. End-to-end encryption with trivial downgrade attacks from the entity it's protecting against is... well, pointless
Guushas left
edhelas
can't wait for Conversations to support SIMS, to make it a good client again :3
MattJ
But I'm not in favour of making our lives even harder in increasing adoption of XMPP though
daniel
sims was planed for 2.0 - but it is actually a lot harder than I thought
goffi
I'm not against E2E encryption by default either, but I'm worrying about compatibility issues. And OMEMO is not a standard yet.
daniel
so it has to wait for 2.1 or 2.2
Ge0rG
I can not implement E2EE for *ehm* Regulatory Compliance Reasons.
Ge0rG
daniel: which OMEMO namespace is Conversations using currently?
daniel
Ge0rG, the one in the XEP :-) :-)
edhelas
daniel oh, good news :)
Guushas left
Ge0rG
> This specification defines the following XMPP namespaces:
> - eu.siacs.conversations.axolotl
Uhm. 🤦
Guushas left
Guushas left
rtq3has left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
edhelas
Ge0rG all the cool kids in town have their own client name in XMPP namespaces now
Ge0rG
But I want to be a cool kid too! Can I invent my own encryption protocol and have my name in the namespace? Like `pro.lukas.georg.doublerot13`?
jonasw
hah
daniel
probably; if you start the marketing campaign and get people to implement it
Ge0rG
I can start by adding this to all my messages: `<encryption xmlns='urn:xmpp:eme:0' namespace='pro.lukas.georg.doublerot13'/>
Dave Cridlandhas left
Guushas left
jonaswfiles bugreport
jonasw
"rot13 undefined for emoji"
Zash
Let me tell you about my latest invention: ROT1114111
Ge0rG
jonasw: double rot13 WFM
Dave Cridlandhas left
Neustradamushas left
Neustradamushas joined
jonasw
"but I don’t want to break abstraction by special-casing double-rot13!!!"
jubalhhas left
Guushas left
Guushas left
valohas joined
jubalhhas joined
Dave Cridlandhas left
Guushas left
Guushas left
Dave Cridlandhas left
flow
layers!
Guushas left
Guushas left
Ge0rGhas joined
danielhas left
Guushas left
Guushas left
danielhas left
Guushas left
Marandaguesses he'll call someone Tr0eT from now on.
Dave Cridlandhas left
daniel
,oO(not sure thus is how double rot13 works)
Maranda
, oO(who said it's "double")
Maranda
🤣 🤣
edhelas
regarding the multiplication of E2E standards in XMPP I'm proposing a new XEP to cover everyone's use case, XEP-xxxx: PLAIN over E2E
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas joined
Maranda
A Rot26 Ge0rG is rather boring and less Tr0eT'ling
Dave Cridlandhas left
Dave Cridlandhas left
Guushas left
Dave Cridlandhas left
ludohas joined
Dave Cridlandhas left
jubalhhas left
danielhas left
Ge0rG
edhelas: that's kind of compatible to double rot13
Guushas left
danielhas left
jubalhhas joined
jubalhhas left
Guushas left
danielhas left
Guushas left
ludohas left
jubalhhas joined
dwdhas joined
jubalhhas left
pep.
Need another XEP to bridge the two
dwd
In entirely unrelated news, I'm attending the MLS BOF next week.
Tobias
Enjoy
Dave Cridlandhas left
jubalhhas joined
jubalhhas left
Guushas left
Ge0rGhas left
rtq3has joined
mimi89999has joined
mimi89999has joined
Guushas left
rionhas left
rionhas joined
Zash
That time of the 1/3year again?
jonasw
which time?
Zash
IETF time
Zash
3 per year
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Ge0rGhas left
dwd
Also, reading back, double-XOR is 8-bit clean, and has the useful property that it always results in valid UTF-8, if you're looking for a decent encryption algorithm. Just ensure the key is from a suitable random source.
dwd
Zash: Yes, from this weekend.
Guushas left
jubalhhas joined
Zash
Heh, IETF 101 :D
Guushas left
dwd
Zash: If you miss it, the later sessions won't make any sense.
Zash
Anyone feel like drafting an XMPP variant of https://tools.ietf.org/html/draft-ietf-acme-email-tls-03 ?
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Guushas left
blablahas left
Zash
Actually why is that one not SRV-generic?
pep.
Zash: that means SRV-ID? :u
pep.
Heh
dwd
I'd not seen that. And yes, but I don't know if we can persuade Let's Encrypt to support it - but I can put tendrils out next week.
SaltyBoneshas left
rtq3has left
danielhas left
danielhas left
Zash
pep.: Highly unlikely, not even email uses that.
Zash
dNSNames everywhere and only
Dave Cridlandhas left
marmistrzhas joined
marchas left
Guushas left
Kevhas joined
Guushas left
marmistrzhas joined
danielhas left
Dave Cridlandhas left
Ge0rG
> double-XOR is 8-bit clean, and has the useful property that it always results in valid UTF-8
Doesn't that depend on what you XOR with?
intosi
Ge0rG: no. If you xor it with 7-bit values, it will still be 8-bit clean :)
Zash
If you XOR with the same key twice...
intosi
Yup.
intosi
Really doesn't matter which bitsize your values are.
Ge0rG
I could XOR it with 0x00.
Zash
Not sure if *wosh*
jonasw
Ge0rG, everybody knows xor with 0x00 is unsafe!
Ge0rG
intosi: "Doesn't that depend on what you XOR with?" -- "no. If you xor it with 7-bit values," -- so that actually means "yes"?
intosi
No.
Guushas left
jubalhhas left
intosi
Or, "yes, it doesn't depend on"
intosi
For varying interpretations of the words "no" and "yes."
Ge0rG
Yes. We should stop that now before heads start exploding.
Zash
yes xor no
Dave Cridlandhas left
intosi
true
Ge0rG
Zash: that's boring. The true fun starts at `yes XOR File_Not_Found_Exception`
ralphmhas joined
Dave Cridlandhas left
Guushas left
marmistrzhas left
jubalhhas joined
ludohas joined
jubalhhas left
jonasw
XAND!
danielhas left
Dave Cridlandhas left
danielhas left
Guushas left
danielhas left
Guushas left
danielhas left
danielhas left
Alexhas joined
danielhas left
danielhas left
Dave Cridlandhas left
ludohas left
dwd
jonasw: XAND - Like an AND, but if both inputs are true then false?
danielhas left
dwd
Zash: Read through that email acme draft. I'll chat with Alexey about it on Saturday, and see if I can persuade him into knocking out an XMPP version.
Zash
dwd: Thanks.
dwd
FWIW, I think it ought to be doing sRVName in this instance.
rion
is here any dino.im user? I'm trying to figure out if it worth it to add dino client detection in Psi.
Zash
dwd: I saw mention of SRV-ID in the text
Guushas left
Zash
dwd: I do wonder if it would be sensible to factor out some generic SRV verification
dwd
Oh, indeed.
dwd
And yes, generic sounds awfully good to me, but I suspectit's impossible without immediate/direct TLS in all cases.
Zash
"How internet-drafts multiply"
dwd
BTW, anyone know what the state of the art client for Mac is?
Tobias
Monal, Swift 4.0rc6, …? :)
Tobias
Movim maybe, if it has a Mac version. edhelas, does it?
Zash
Isn't it a web client?
Tobias
i thought it had destkop wrappers :)
Tobias
Zash, it has a linux version https://movim.eu/#apps
edhelas
yeah but removed some of them recently, wasn't able to package Electron easily for Windows and Mac
Tobias
wasn't able to package Electron? I thought that was it's one purose, be able to package easily on desktop platforms✎
Tobias
wasn't able to package Electron? I thought that was its one purose, be able to package easily on desktop platforms ✏
edhelas
ahah, you fool, you need a sh**load of dependencies and actually run scripts on MacOS (and I don't have a Mac) to package .dmg and stuff like that
Tobias
ahh
edhelas
I don't have time for that
Tobias
I understand
edhelas
https://www.npmjs.com/package/electron-packager
edhelas
also I have a personnal issue with the JS ecosystem and NPM
edhelas
but that's purely personnal
goffi
edhelas: you're not the only one
Tobias
understandable, who doesn't have an issue with the JS ecosystem
Kev
Which JS ecosystem?
Guushas left
intosi
Kev: all of them, in varying degrees.
Zash
There can be only one!
daniel
Are there any Screenshots for swift 4.0?
Dave Cridlandhas left
Guushas left
Tobias
I can make one but it's probably not the usual setup for most users
https://www.dropbox.com/s/ltp23stece5gd66/Screenshot%202018-03-14%2010.25.14.png?dl=0
That's got the chat window in. Roster is unchanged since 3.0 (on http://swift.im/ ) I think.
Dave Cridlandhas left
goffi
nice idea the avatar on the left
daniel
Kev: thanks. can I assume the security label stuff is hidden if the server doesn't support it? Because that's pretty confusing for anyone not working for a three letter agency
Tobias
yes...it is
Tobias
it doesn't show for me at least when logged into my servers account
Dave Cridlandhas left
dwdhas left
Dave Cridlandhas joined
Ge0rGhas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas joined
Andrew Nenakhovhas left
Dave Cridlandhas left
Andrew Nenakhovhas joined
Dave Cridlandhas left
Guushas left
Guushas left
ludohas joined
Nekithas joined
Dave Cridlandhas left
Syndacehas left
Syndacehas joined
Guushas left
Dave Cridlandhas left
rtq3has joined
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
Dave Cridlandhas left
Dave Cridlandhas joined
rtq3has left
Dave Cridlandhas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
ludohas left
Andrew Nenakhovhas joined
Dave Cridlandhas left
Andrew Nenakhovhas left
Andrew Nenakhovhas joined
Ge0rGhas left
Andrew Nenakhovhas joined
Dave Cridlandhas left
rionhas left
rionhas joined
jubalhhas joined
rtq3has joined
jubalhhas left
Dave Cridlandhas left
jubalhhas joined
Valerianhas joined
jubalhhas left
lumihas joined
jubalhhas joined
jubalhhas left
jubalhhas joined
jubalhhas left
SaltyBoneshas left
Dave Cridlandhas left
rtq3has left
Dave Cridlandhas joined
Dave Cridlandhas left
Alexhas left
rionhas left
rionhas joined
Guushas left
rionhas left
rionhas joined
Guushas left
rionhas left
marmistrzhas left
Guushas left
Guushas left
jubalhhas joined
jubalhhas left
Guushas left
rtq3has joined
jerehas joined
Dave Cridlandhas left
Guushas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas joined
Zashhas left
Zashhas left
Syndacehas left
Syndacehas left
Syndacehas joined
Syndacehas left
Guushas left
Guushas left
jerehas left
jerehas joined
Syndacehas joined
Zashhas left
Guushas left
jubalhhas joined
jubalhhas left
Syndacehas joined
Syndacehas joined
Guushas left
rionhas joined
marmistrzhas joined
Guushas left
danielhas left
danielhas left
Guushas left
Guushas left
Dave Cridlandhas left
Dave Cridlandhas left
jubalhhas joined
Dave Cridlandhas left
jubalhhas left
vanitasvitaehas joined
vanitasvitaehas left
vanitasvitaehas joined
Seve/SouL
I love how you can make a grid in Swift
Ge0rG
Swift the IM client?
Seve/SouL
Yup
Ge0rG
what's a grid, then?
rionhas left
Seve/SouL
Ge0rG, you can make a grid with your open tabs/windows. I cannot share a screenshot right now, I hope Kev or Tobias can help.
Ge0rG
Ah, interesting. Is that something you need for a huge Cyber Threat Display?
jonasw
Ge0rG, go back to work ;-)
Steve Kille
Ge0rG: military users like to have lots of tabs, so they can monitor many chats at once, with keyword highlighting to draw attention to things they care about. I have been told of an operator with 64 rooms displayed
Seve/SouL
It's a feature I never thought I would see in an XMPP client (it feels super niche) but I love it
Seve/SouL
You need a big screen for that :D
jonasw
i want a screenshot
Steve Kille
I find it helpful. I run with a mere 2x2 grid, but it helps me wathc and participate in a few things at once
Seve/SouL
Yes, as I said, I'm all for that feature :)
Steve Kille
just installing dropbx to share a screenshot
jonasw
why would you need dropbox for that? :-O
MattJ
So Swift doesn't do HTTP upload yet? :)
jonasw
I nede a script which gives me an upload slot so that I can share it to folks
MattJ
Ha
jonasw
and a hack into mod_http_upload_external which allows admins to create arbitrary-size slots :)
marmistrzhas joined
Ge0rG
jonasw: you share HTTP upload slots?
Valerianhas left
Steve Kille
OK - so what is an easy way to share a file. Dropbox is not impressing me
jonasw
Ge0rG, not yet :)
jonasw
Steve Kille, imgur.com?
jonasw
Ge0rG, but I find it an appealing idea in this case here
Also could you please introduce a stream error specific error conditions so that the stream error receiving entity can disable stream management in subsequent connections, avoiding reconnection loops
flow
(I'd assume that openfire would probably benefit from it ;))
flow
*condition
flow
wait, it's "stream management specific stream error condition"