XSF Discussion - 2018-05-02

  1. daniel has joined

  2. Chobbes has joined

  3. Neustradamus has left

  4. Neustradamus has joined

  5. Guus has left

  6. j.r has joined

  7. waqas has joined

  8. Guus has left

  9. jjrh has left

  10. ta has left

  11. Guus has left

  12. j.r has joined

  13. Guus has left

  14. j.r has joined

  15. SamWhited has left

  16. SamWhited has joined

  17. daniel has left

  18. Ge0rG has joined

  19. SamWhited has left

  20. SamWhited has joined

  21. moparisthebest has joined

  22. moparisthebest has joined

  23. Guus has left

  24. daniel has joined

  25. jere has joined

  26. SamWhited has left

  27. daniel has left

  28. Chobbes has joined

  29. Dave Cridland has left

  30. Dave Cridland has left

  31. lskdjf has left

  32. j.r has joined

  33. lskdjf has joined

  34. lskdjf has joined

  35. j.r has joined

  36. Zash has left

  37. Zash has left

  38. SamWhited has left

  39. la|r|ma has left

  40. Dave Cridland has left

  41. daniel has joined

  42. daniel has left

  43. SamWhited has left

  44. mrdoctorwho has left

  45. la|r|ma has joined

  46. SamWhited has left

  47. lskdjf has joined

  48. lskdjf has joined

  49. Guus has left

  50. daniel has joined

  51. SamWhited has left

  52. j.r has joined

  53. daniel has left

  54. Guus has left

  55. marc has left

  56. jjrh has left

  57. daniel has joined

  58. alacer has joined

  59. j.r has joined

  60. mrdoctorwho has left

  61. daniel has left

  62. daniel has joined

  63. daniel has left

  64. Dave Cridland has left

  65. alexis has left

  66. daniel has joined

  67. alexis has joined

  68. Dave Cridland has left

  69. j.r has joined

  70. SamWhited has left

  71. ThibG has left

  72. ThibG has joined

  73. Guus has left

  74. Guus has joined

  75. Chobbes has joined

  76. j.r has joined

  77. SamWhited has left

  78. waqas has left

  79. Guus has left

  80. SamWhited has left

  81. alacer has left

  82. alacer has joined

  83. Guus has left

  84. moparisthebest

    in a xep xml, is there a way to do this:

  85. moparisthebest

    Reference: [&xep0368;]

  86. moparisthebest

    for a protoxep ?

  87. moparisthebest

    like a 'this xep'

  88. j.r has joined

  89. SamWhited has left

  90. Guus has left

  91. Guus has joined

  92. ibikk has joined

  93. alacer has left

  94. jere has left

  95. jere has joined

  96. j.r has joined

  97. ta has left

  98. ta has joined

  99. ta has joined

  100. ta has left

  101. ta has joined

  102. daniel has left

  103. daniel has joined

  104. Dave Cridland has left

  105. Dave Cridland has left

  106. SamWhited has left

  107. alacer has joined

  108. Guus has left

  109. Dave Cridland has left

  110. Dave Cridland has left

  111. Guus has left

  112. Guus has left

  113. Guus has left

  114. alacer has left

  115. Dave Cridland has left

  116. Dave Cridland has left

  117. SamWhited has left

  118. lovetox has left

  119. Ge0rG has left

  120. lovetox has joined

  121. jere has left

  122. jere has joined

  123. j.r has joined

  124. j.r has joined

  125. lovetox has left

  126. goffi has joined

  127. moparisthebest has joined

  128. lnj has joined

  129. daniel has left

  130. SamWhited has left

  131. Ge0rG has left

  132. Guus has left

  133. goffi has left

  134. jjrh has left

  135. j.r has joined

  136. goffi has joined

  137. SamWhited has left

  138. Dave Cridland has left

  139. Guus has left

  140. Dave Cridland has left

  141. SamWhited has left

  142. SamWhited has joined

  143. Ge0rG has left

  144. Nekit has left

  145. Nekit has joined

  146. Guus has left

  147. Guus has left

  148. ta has left

  149. ta has joined

  150. Ge0rG has left

  151. goffi has left

  152. derdaniel has left

  153. derdaniel has left

  154. ta has joined

  155. ta has joined

  156. lnj has left

  157. derdaniel has joined

  158. Dave Cridland has left

  159. Tobias has joined

  160. Chobbes has joined

  161. jubalh has joined

  162. Tobias has joined

  163. Ge0rG has left

  164. Maranda has joined

  165. Steve Kille has joined

  166. Tobias has joined

  167. Holger has left

  168. Guus has left

  169. Ge0rG has left

  170. Dave Cridland has left

  171. Dave Cridland has left

  172. Dave Cridland has left

  173. lovetox has joined

  174. Maranda has joined

  175. daniel has left

  176. Dave Cridland has left

  177. Maranda has left

  178. Maranda has left

  179. Maranda has joined

  180. Maranda has left

  181. Maranda has joined

  182. Maranda has left

  183. Dave Cridland has left

  184. Dave Cridland has left

  185. remko has joined

  186. Ge0rG has left

  187. Guus has left

  188. Dave Cridland has left

  189. derdaniel has left

  190. derdaniel has left

  191. Dave Cridland has left

  192. jubalh has joined

  193. Dave Cridland has left

  194. sezuan has left

  195. sezuan has joined

  196. Guus has left

  197. Dave Cridland has left

  198. Maranda has joined

  199. Ge0rG has left

  200. Dave Cridland has left

  201. Guus has left

  202. Guus has left

  203. jonasw

    moparisthebest, just write "this xep"?

  204. Chobbes has left

  205. Chobbes has joined

  206. Ge0rG has left

  207. Dave Cridland has left

  208. Dave Cridland has left

  209. Dave Cridland has left

  210. Guus has left

  211. Dave Cridland has left

  212. Dave Cridland has left

  213. la|r|ma has joined

  214. Dave Cridland has left

  215. Dave Cridland has left

  216. Dave Cridland has left

  217. Dave Cridland has left

  218. Dave Cridland has left

  219. Dave Cridland has left

  220. la|r|ma has left

  221. la|r|ma has joined

  222. Dave Cridland has left

  223. Tim has joined

  224. Dave Cridland has left

  225. jubalh has joined

  226. alacer has joined

  227. jubalh has left

  228. Dave Cridland has left

  229. SaltyBones has left

  230. Dave Cridland has left

  231. Dave Cridland has left

  232. lnj has joined

  233. Maranda


  234. Dave Cridland has left

  235. Ge0rG has left

  236. Dave Cridland has left

  237. jonasw

    moparisthebest, I’ve seen your draft -- are you on a mission to make Zash incredibly sad?

  238. flow

    moar context pls?

  239. jonasw

    flow, https://github.com/moparisthebest/xeps/commit/364a577a30e1d42d6fb169e596921befc2c16873

  240. Dave Cridland has left

  241. jubalh has joined

  242. Maranda stopped at "MUST use HTTPS"

  243. jubalh has left

  244. Dave Cridland has left

  245. lovetox has left

  246. SaltyBones has left

  247. Dave Cridland has left

  248. SaltyBones has joined

  249. lnj has left

  250. Valerian has joined

  251. flow

    quite a dance for an xmpp connectiono

  252. Dave Cridland has left

  253. Dave Cridland has left

  254. daniel has left

  255. Ge0rG has left

  256. marmistrz has left

  257. daniel has joined

  258. jubalh has joined

  259. lovetox has joined

  260. Dave Cridland has left

  261. jubalh has left

  262. lovetox

    So this is like POSH but with added connection infos

  263. lovetox

    though what is the use case

  264. lovetox


  265. lovetox

    is there a use case where we cant put these infos into srv entrys?

  266. alacer has left

  267. jonasw

    lovetox, not sure if one can resolve SRV from within a web client

  268. jubalh has joined

  269. daniel has left

  270. pep.


  271. daniel has joined

  272. Ge0rG has left

  273. Dave Cridland has left

  274. SaltyBones has left

  275. SaltyBones has joined

  276. Ge0rG has left

  277. Zash has joined

  278. marmistrz has joined

  279. Alex has joined

  280. rtq3 has joined

  281. nyco has left

  282. mimi89999 has left

  283. alexis has left

  284. alexis has joined

  285. alacer has joined

  286. jubalh has left

  287. la|r|ma has joined

  288. la|r|ma has joined

  289. la|r|ma has joined

  290. la|r|ma has joined

  291. la|r|ma has joined

  292. la|r|ma has joined

  293. la|r|ma has joined

  294. jubalh has joined

  295. jubalh has left

  296. jere has left

  297. jere has joined

  298. alacer has left

  299. lovetox has left

  300. Dave Cridland has left

  301. marmistrz has left

  302. Dave Cridland

    moparisthebest, I'm going to need a crapload of reasons why this proposal isn't duplicating DOH etc.

  303. jonasw


  304. rtq3 has left

  305. rtq3 has joined

  306. daniel

    Because nobody supports DNS over http🙄

  307. lovetox has joined

  308. daniel

    I see your point though

  309. goffi has left

  310. jonasw

    moparisthebest, have you seen https://xmpp.org/extensions/xep-0156.html#http ?

  311. lovetox has left

  312. Dave Cridland has left

  313. Nekit has left

  314. lovetox has joined

  315. Dave Cridland has left

  316. Wiktor

    jonasw: for discovering domain name and port an extension to XEP 0156 would be IMHO sufficient, but as far as I can see moparisthebest wants something that could contain info about SNI/ALPN to be used as well as public key pins, etc.

  317. jonasw


  318. jonasw

    that doesn’t make sense to me

  319. jonasw

    but I bet there’s a rationale

  320. Dave Cridland has left

  321. marmistrz has left

  322. jubalh has joined

  323. Wiktor

    especially that public key pinning is being withdrawn from browsers...

  324. Andrew Nenakhov has left

  325. Andrew Nenakhov has joined

  326. ralphm

    Well, yeah. The problem with HPKP *in the browser*, is that if at a point in time, the wrong header was received by the browser, there is no way to undo this, except for waiting until that header's expiry. Besides the actual owner of the website messing up, the other issue is with somebody hijacking your website in some way, if only temporary, and issuing cripling headers.

  327. ralphm

    Of course, for mobile apps, this is different. There, you still have the option to issue a new version of your app.

  328. Andrew Nenakhov has left

  329. Andrew Nenakhov has joined

  330. Ge0rG

    apps should just do cert pinning

  331. Wiktor

    ralphm: yes, but the xeo that moparisthebest is authoring would be more similar to hpkp in the browser (as I guess xmpp clients would not ship with this list and would not update the list as servers change their pins)

  332. ralphm

    Ge0rG: please explain how you handle cert expiry. Unless you meant public key pinning, in which case I will ask: how do you handle revocation in case your secret key is compromised?

  333. Wiktor

    Ge0rG: cert pinning can be more dangerous than key pinning, in case someone revokes your cert you're out of options, see https://scotthelme.co.uk/the-power-to-revoke-lies-with-the-ca/

  334. jubalh has left

  335. ralphm

    Wiktor: I think HPKP definitely has merit, so if you can mitigate the above by having some way to recover from faulty headers, yay!

  336. Ge0rG

    ralphm: indeed I'm using "cert pinning" as a loosely defined term for pinning either the SPKI, the certificate or the CA cert.

  337. Ge0rG

    ralphm: which of those should be taken, I'd decide on a case-by-case basis

  338. Wiktor

    ralphm: well, it's just a very sharp blade, if you take extra care then sure, but I wouldn't recommend it lightly

  339. Ge0rG

    ralphm: I think it's not too far-fetched to have a long-living self-signed cert for an app and to roll out a new app version in case of compromise.

  340. Wiktor

    Ge0rG: new app version? that'd tightly couple client to server, for centralized service such as Signal this is OK but for XMPP all clients would need to be upgraded... unless I'm missing something in this design :)

  341. ralphm

    I agree that rolling out a new app is the easier way, but using HPKP in this particular case makes it more seamless to the user. Having to tell your user to upgrade, is a) painful, b) not trivial if you depended on the certificate/key to deliver a notice to the app.

  342. Ge0rG

    Wiktor: I'm only talking of apps that are bound to a given service. For other (xmpp-style) apps, I've written https://github.com/ge0rg/MemorizingTrustManager

  343. Ge0rG

    ralphm: right. with sufficient planning, you can have a fallback pin in the app, too ;)

  344. Wiktor

    got it

  345. jonasw

    Ge0rG, I’d have a backup cert in a secure store which the app already trusts. if cert A is comprimised, I roll out cert B on the services. App would distrust cert A once it has seen cert B in the wild.

  346. jonasw

    then I’ve got some time to roll out an update with cert B as primary and a new cert C as backup.

  347. ralphm

    jonasw: that is more or less exactly HPKP

  348. Ge0rG

    There is an easy solution: don't lose your private keys :P

  349. ralphm

    Ge0rG: thanks for your theoretical insight

  350. Ge0rG

    ralphm: I'm full of those. Ask me for more any time

  351. jonasw

    Ge0rG, ah, damn, so simple a plan! pity that *I* didn’t think of that. Maybe make that an RFC, it’s genious :)

  352. ralphm


  353. rtq3 has left

  354. rtq3 has joined

  355. lskdjf has joined

  356. intosi has joined

  357. jubalh has joined

  358. jubalh has left

  359. lumi has joined

  360. daniel has left

  361. daniel has joined

  362. Andrew Nenakhov has left

  363. Andrew Nenakhov has joined

  364. marmistrz has left

  365. Andrew Nenakhov has left

  366. Andrew Nenakhov has joined

  367. Andrew Nenakhov has left

  368. Andrew Nenakhov has joined

  369. Lance has joined

  370. SaltyBones has left

  371. mrdoctorwho has joined

  372. Dave Cridland has left

  373. Andrew Nenakhov has left

  374. Andrew Nenakhov has joined

  375. lskdjf has left

  376. jubalh has joined

  377. Valerian has left

  378. Valerian has joined

  379. SaltyBones has left

  380. Andrew Nenakhov has left

  381. Andrew Nenakhov has joined

  382. Andrew Nenakhov has left

  383. Lance has joined

  384. mimi89999 has left

  385. Andrew Nenakhov has joined

  386. daniel has left

  387. daniel has joined

  388. Andrew Nenakhov has left

  389. Andrew Nenakhov has joined

  390. daniel has left

  391. daniel has joined

  392. Andrew Nenakhov has left

  393. Andrew Nenakhov has joined

  394. la|r|ma has left

  395. Tobias has joined

  396. marmistrz has left

  397. daniel has left

  398. daniel has joined

  399. daniel has left

  400. daniel has joined

  401. lskdjf has joined

  402. lskdjf has joined

  403. Valerian has left

  404. Valerian has joined

  405. Guus has left

  406. Tobias has joined

  407. Lance has joined

  408. Steve Kille has left

  409. Dave Cridland has left

  410. Dave Cridland has left

  411. Andrew Nenakhov has left

  412. Andrew Nenakhov has joined

  413. jubalh has left

  414. daniel has left

  415. daniel has joined

  416. daniel has left

  417. daniel has joined

  418. daniel has left

  419. daniel has joined

  420. ThibG has joined

  421. ThibG has joined

  422. alacer has joined

  423. Guus has left

  424. daniel has left

  425. daniel has joined

  426. alacer has left

  427. rtq3 has left

  428. rtq3 has joined

  429. Guus has left

  430. Guus has left

  431. Dave Cridland has left

  432. alexis has left

  433. alexis has joined

  434. alexis has left

  435. alexis has joined

  436. marmistrz has left

  437. mimi89999 has left

  438. Kev has left

  439. mimi89999 has left

  440. Andrew Nenakhov has left

  441. Guus has left

  442. Andrew Nenakhov has joined

  443. Guus has left

  444. Holger has left

  445. Andrew Nenakhov has left

  446. Andrew Nenakhov has joined

  447. Lance has joined

  448. Andrew Nenakhov has left

  449. Guus has left

  450. Wiktor has joined

  451. Guus has left

  452. Guus has left

  453. Andrew Nenakhov has joined

  454. marmistrz has joined

  455. marmistrz has joined

  456. Guus has left

  457. tux has joined

  458. Zash has left

  459. Andrew Nenakhov has left

  460. Andrew Nenakhov has joined

  461. lnj has joined

  462. Dave Cridland has left

  463. Dave Cridland has left

  464. Zash has left

  465. Andrew Nenakhov has left

  466. Andrew Nenakhov has joined

  467. Andrew Nenakhov has left

  468. Andrew Nenakhov has joined

  469. alexis has left

  470. alexis has joined

  471. alexis has left

  472. alexis has joined

  473. Wiktor has joined

  474. alexis has left

  475. alexis has joined

  476. alexis has left

  477. la|r|ma has joined

  478. alexis has joined

  479. la|r|ma has joined

  480. lnj has left

  481. Holger has left

  482. alexis has left

  483. alexis has joined

  484. alexis has left

  485. alexis has joined

  486. alexis has left

  487. alexis has joined

  488. alexis has left

  489. alexis has joined

  490. xnyhps has joined

  491. daniel has left

  492. jonasw

    I wonder whether we want a way to signal in-band that an account has been deleted.

  493. daniel has joined

  494. xnyhps has joined

  495. jonasw

    example use-case: user A registers at foreign biboumi instance B, joins a channel and sets it to persistent. account of user A gets deleted. biboumi will forever be in that channel for no use

  496. jonasw

    idea: send <presence type="unavailable"><deleted/></presence> in response to presence probes.

  497. MattJ

    type="error" <gone/>

  498. MattJ

    Already in the RFC

  499. jonasw

    MattJ, oh

  500. jonasw

    did I say something?

  501. mimi89999 has joined

  502. la|r|ma has joined

  503. la|r|ma has joined

  504. Guus has left

  505. la|r|ma has joined

  506. la|r|ma has joined

  507. la|r|ma has joined

  508. la|r|ma has joined

  509. Holger

    But biboumi won't actively contact the JID and hence not receive that stanza error, right?

  510. la|r|ma has joined

  511. la|r|ma has joined

  512. la|r|ma has joined

  513. la|r|ma has joined

  514. la|r|ma has joined

  515. la|r|ma has joined

  516. la|r|ma has joined

  517. la|r|ma has joined

  518. la|r|ma has joined

  519. Holger

    Oh "in response to presence probes". biboumi generates presence probes?

  520. Zash

    Should servers send out that to bookmarked rooms or something?

  521. la|r|ma has joined

  522. la|r|ma has joined

  523. la|r|ma has joined

  524. la|r|ma has joined

  525. Zash

    Would sorta fit with the move towards account based groupchats

  526. la|r|ma has joined

  527. la|r|ma has joined

  528. pep. has left

  529. la|r|ma has joined

  530. la|r|ma has joined

  531. la|r|ma has joined

  532. jonasw

    Holger, yeah, biboumi would have to poll or do something similar

  533. la|r|ma has joined

  534. Holger

    That could also help affiliation list entries and nickname registrations and stuff like that.

  535. la|r|ma has joined

  536. la|r|ma has joined

  537. la|r|ma has joined

  538. la|r|ma has joined

  539. jubalh has joined

  540. jonasw

    (or require presence subscription)

  541. la|r|ma has joined

  542. jubalh has left

  543. la|r|ma has joined

  544. la|r|ma has joined

  545. la|r|ma has joined

  546. la|r|ma has joined

  547. la|r|ma has joined

  548. la|r|ma has joined

  549. alacer has joined

  550. Valerian has left

  551. Valerian has joined

  552. Valerian has left

  553. Valerian has joined

  554. Valerian has left

  555. rtq3 has left

  556. jubalh has joined

  557. jubalh has left

  558. Lance has joined

  559. mimi89999 has left

  560. Guus has left

  561. Guus has left

  562. Guus has left

  563. lumi has joined

  564. Andrew Nenakhov has left

  565. Andrew Nenakhov has joined

  566. lnj has joined

  567. alacer has left

  568. Lance has joined

  569. Dave Cridland has left

  570. Dave Cridland has left

  571. marmistrz has left

  572. rtq3 has joined

  573. rtq3 has left

  574. rtq3 has joined

  575. Dave Cridland has left

  576. Dave Cridland has left

  577. alacer has joined

  578. tux has left

  579. Dave Cridland has left

  580. alacer has left

  581. alacer has joined

  582. jubalh has joined

  583. Dave Cridland has left

  584. jjrh has left

  585. Valerian has joined

  586. jubalh has left

  587. Dave Cridland has left

  588. moparisthebest has left

  589. moparisthebest

    Dave Cridland, DOH is only provided by a few providers and is easily blocked, plus SRV records can't contain sni/alpn info

  590. Andrew Nenakhov has left

  591. Andrew Nenakhov has joined

  592. moparisthebest

    the entire point of this is to be censorship resistant, I haven't gotten down to use cases and such yet

  593. moparisthebest

    it also supports domain fronting and such

  594. Zash

    Use Tor?

  595. moparisthebest

    I hear china is pretty good at blocking tor

  596. jonasw

    I don’t think this makes a lot of sense in general use-cases.

  597. jonasw

    china is pretty good at blocking a lot of stuff, even if running via VPN.

  598. Zash

    You can't crypto your way out of *blocking*

  599. jubalh has joined

  600. moparisthebest

    you can to a point

  601. Nekit has joined

  602. Zash

    And is blocking equal to censorship?

  603. moparisthebest

    yes? it's designed to get around blocking

  604. alacer has left

  605. alexis has left

  606. alexis has joined

  607. moparisthebest

    and application code should be able to use the exact same logic as for xep-0368 (and kinda-posh) except a single https call instead of DNS queries

  608. moparisthebest

    it's a total hack that shouldn't exist, you can thank oppressive regimes

  609. lovetox has left

  610. lovetox has joined

  611. Dave Cridland

    I don't follow why this is more resistent than DOH etc.

  612. moparisthebest

    Dave Cridland, because each xmpp server runs their own

  613. moparisthebest

    it's federated

  614. Dave Cridland

    So you just block the XMPP server IP as a whole?

  615. moparisthebest

    then the operator spins up another xmpp server someplace else

  616. Zash

    Calling everything censorship annoys me. :(

  617. moparisthebest

    also you can use tricks to make it not look like an XMPP server

  618. SaltyBones has left

  619. moparisthebest

    (you could inspect IP + User-Agent requesting this document and lie to russian govt with a 404)

  620. moparisthebest

    plus it supports domain fronting (send sni someunrelatedservice.com) and nothing else currently does

  621. alacer has joined

  622. rtq3 has left

  623. Yagiza has joined

  624. Ge0rG

    Chinese VPN detection is based on traffic patterns, so even if you tunnel through https, they'll throttle you into oblivion

  625. moparisthebest

    xmpp runs pretty well on slow connections doesn't it?

  626. Zash


  627. MattJ

    It can do. I'm not entirely certain how many standard implementations handle it

  628. MattJ

    e.g. I think some clients aggressively ping the server

  629. moparisthebest

    oh thought of another reason for this, telegram is handing different server blocks to different people based on region to make IP blocking harder

  630. moparisthebest

    and you can only do that if you can afford to run your own DNS network

  631. moparisthebest

    unless it's just a page on a web server in which case any tiny xmpp server can do it

  632. marmistrz has left

  633. matlag has left

  634. Ge0rG

    how many IP blocks does a tiny xmpp server have, typically?

  635. jonasw


  636. Maranda


  637. jonasw

    something between 0 and 1 I guess

  638. Maranda

    as long as you don't take in account ipv6

  639. Ge0rG

    Maranda: how many non-consecutive IPv6 blocks do you have?

  640. Maranda

    ipv4 I got like 3 IPs, ipv6 one native, and one /48 tunneled.

  641. Ge0rG

    Maranda: 3 IPs from different ISPs?

  642. Maranda

    (on the xmpp server vps, but it does different stuff)

  643. alacer has left

  644. Maranda


  645. alacer has joined

  646. Ge0rG

    Maranda: how do you want to get around blocking with that?

  647. Maranda

    well they're non consecutive though

  648. jonasw

    "how many blocks with different rwhois do you have?" is probably the most reasonable question in this context ;-)

  649. Maranda

    the ipv4 addresses are all from different CIDRs

  650. Ge0rG

    I've got a dozen or so IPs from my core ISP, over two different CIDRs. And I could arrange for traffic redirects on two other ASNs, more if I involve friends.

  651. Maranda

    Ge0rG, I'm not sure neither I care about blocking I just answered your ip question btw

  652. moparisthebest

    Ge0rG, well if you could aws and such, a lot

  653. Ge0rG

    moparisthebest: do the moxie dance?

  654. moparisthebest

    regardless, way more than if you have to run your own distributed global dns network

  655. moparisthebest

    Ge0rG, that's the whole point yes

  656. jonasw

    I don’t see use in that, to be honest

  657. jonasw

    it will be way too complex for any server or client to implement *with actual benefit*

  658. Maranda gives an eerie stare at XEP-0357

  659. Andrew Nenakhov has joined

  660. j.r has joined

  661. jjrh has left

  662. j.r has joined

  663. moparisthebest

    jonasw, anything that implements 368 and http upload should be able to implement this with, ~20 lines of code max?

  664. jonasw

    moparisthebest, but there’s no benefit

  665. jonasw

    as Ge0rG said, you need quite a bit of resources (both time and money) to do the things which bring the benefit here

  666. moparisthebest

    jonasw, the benefit is evading blocks

  667. jonasw

    I am aware

  668. Valerian has left

  669. Valerian has joined

  670. Ge0rG

    you can't evade blocks if all you have is one IP address.

  671. jonasw


  672. Lance has joined

  673. moparisthebest

    you can if they don't know it's an xmpp server, and you can for a bit

  674. moparisthebest

    then you jump to a different xmpp server

  675. jonasw

    yeah, but, who has the time resources to actually do that

  676. moparisthebest

    plus right now even big xmpp servers can't do domain fronting etc without custom clients

  677. Dave Cridland has left

  678. moparisthebest

    this would enable that too

  679. Maranda

    well I added on lightwitch.org a xep 368 record for direct tls c2s on port 443, I played with port multiplexing a bit.

  680. Maranda


  681. jonasw

    yeah, 368 was simple and such, which is why it gained adoption really fast

  682. Maranda

    and noticed Conversation is actually using it.

  683. jonasw

    but this isn’t simple

  684. moparisthebest

    explain how it's any different?

  685. jonasw

    and it doesn’t bring any benefit without additional resources (time to hop IPs, and the actual IPs to hop to)

  686. Maranda

    jonasw, I'm not sure if I should consider implementing direct tls for s2s too...

  687. Kev has left

  688. moparisthebest

    jonasw, it does, domain fronting

  689. jonasw

    moparisthebest, where does that still work?

  690. jonasw

    I heard google and AWS kill you if you do that

  691. moparisthebest

    if you are a huge service like signal maybe

  692. Dave Cridland has left

  693. moparisthebest

    just as a future view, this is step 1 to censorship (blocking for Zash) proof xmpp

  694. moparisthebest

    other stuff we talked about is being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged)

  695. moparisthebest

    fun stuff

  696. Maranda has left

  697. moparisthebest

    oh also allowing contact's clients to route messages, the fun possibilities are endless

  698. jonasw

    that’s mostly stuff you talked about, which I personally find quite unneeded and overkill

  699. jonasw

    before venturing in that direction XMPP should get it’s basic sh*t together.

  700. jonasw

    we’re still losing messages (#thanksomemo)

  701. Dave Cridland has left

  702. moparisthebest

    sure if you don't live in a place that is blocking secure chat apps this is entirely un-needed jonasw

  703. ThibG has joined

  704. jonasw

    moparisthebest, a place which is blocking secure chat apps will block XMPP too when the time has come

  705. Zash

    Yeah, can we get all our shit, put it in backpack, so it's together.

  706. moparisthebest

    not if we make it impossible to block with those changes?

  707. moparisthebest

    that is after all the entire point

  708. jonasw

    that won’t make it impossible.

  709. jonasw

    only harder

  710. moparisthebest

    you only have to make it hard enough so it's not worth trying

  711. Valerian has left

  712. Valerian has joined

  713. Zash

    moparisthebest: https://www.schneier.com/books/secrets_and_lies/pref.html this was a good read

  714. moparisthebest

    it looks like https, anyone can use any server, so as fast as you block them, new ones pop up and you interrupt no one

  715. Dave Cridland has left

  716. Zash

    I think you need to read it

  717. jonasw

    moparisthebest, it does not look like HTTPS

  718. jonasw

    it may look like HTTPS on the byte level

  719. jonasw

    but the chinese are very godo at blocking based on patterns

  720. jonasw

    you won’t stop /that/ with your fancy stuff

  721. jonasw

    (with patterns, I mean packet sizes and timings)

  722. moparisthebest

    so it looks like any modern interactive html5 app?

  723. jonasw

    moparisthebest, not quite

  724. jonasw

    take a look at their research.

  725. j.r has left

  726. jonasw

    they can detect e.g. Facebook quite certainly even through a VPN.

  727. Holger

    > being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged) Haha, sure. We fail at fixing avatars.

  728. moparisthebest

    Zash, I read this one https://www.schneier.com/books/data_and_goliath/

  729. j.r has joined

  730. waqas has joined

  731. jonasw

    my thoughts exactly, Holger

  732. Dave Cridland has left

  733. moparisthebest

    that's just client-side changes though, you could make a version of conversations that did that today without anything extra required from servers

  734. moparisthebest

    it would even be backwards compatible with other clients, though not very friendly UI wise in them

  735. jonasw

    "just clients"

  736. jonasw

    because clients aren’t the main problem :)

  737. moparisthebest

    you specifically mentioned avatars which require all clients and all servers to change

  738. moparisthebest

    you'd agree changing a single client is easier right?

  739. Holger

    Well if we're just interested in a single client then the avatar issues become much easier to solve as well.

  740. Holger

    Whatever. Just implement it if it's so simple?

  741. moparisthebest

    I plan to

  742. Holger


  743. moparisthebest

    I don't really write specs without implementations

  744. moparisthebest

    usually the implementations come first, I think that makes me a bad programmer, oh well :)

  745. Zash

    I think you wanna write specs and implement at roughly the same time

  746. MattJ


  747. Zash

    Maybe think real hard about requirements first.

  748. Zash

    But all that goes out the window when you start implement anyways

  749. MattJ

    I don't think I've ever seen a pre-written spec survive an implementation unscathed

  750. Ge0rG

    > clients would ignore jid and use a cryptographic identifier instead Congratulations, you just combined the drawbacks of XMPP with the drawbacks of p2p systems and the drawbacks of mixnets

  751. jere has joined

  752. Yagiza has left

  753. moparisthebest

    I looked at it the other way, benefits if p2p systems plus benefits of XMPP

  754. Ge0rG

    moparisthebest: what's the benefit of XMPP once you replace JID-based routing with crypto identifiers?

  755. Ge0rG

    Why not XEP-0174 over .onion nodes?

  756. Zash

    Why not normal xmpp over .onion?

  757. moparisthebest

    Ge0rG, routing is still jid-based, clients just collapse multiple JIDs using the same crypto identifier under one 'contact'

  758. moparisthebest

    and the benefit is still all the other things xmpp provides, one of the biggest being it's mobile-battery-friendly

  759. Ge0rG

    moparisthebest: how do you tell your buddies about your new JID if they also just switched JIDs because of blocking?

  760. jonasw

    I don’t even want to think how that works with MAM queries

  761. jonasw

    or MUCs.

  762. jonasw

    or anything non-trivial really

  763. Ge0rG

    moparisthebest: you just invented a crypto-overlay network over XMPP.

  764. moparisthebest

    right that's exactly what it will be

  765. Ge0rG

    moparisthebest: but WHY?

  766. moparisthebest

    fun and censorship resistance? :P

  767. jonasw

    for certain definitions of fun

  768. jonasw

    not to kinkshame, but I’m not into that I think

  769. Ge0rG

    moparisthebest: it won't get you censorship resistance.

  770. Ge0rG

    moparisthebest: because once your server is censored, you have no way to find out the new identity of your friends

  771. moparisthebest

    I guess that is a problem if you both switch at the same time

  772. moparisthebest

    DHT over XMPP ?

  773. Ge0rG

    why use xmpp if you can have QUANTUM BLOCKCHAIN TECHNOLOGY!

  774. MattJ


  775. MattJ

    in particular https://wiki.xmpp.org/web/Secure_Distributed_JID_Discovery#DHT_Based_Solution

  776. moparisthebest


  777. moparisthebest

    verification would be solved since the identifier is a cryptographic key anyway

  778. MattJ

    Discussion at https://mail.jabber.org/pipermail/standards/2013-February/027036.html

  779. Ge0rG

    Open Problems: 1. How to prevent impersonating other users.

  780. moparisthebest

    solved by crypto already

  781. debacle has joined

  782. Ge0rG

    moparisthebest: Zooko called, and he wants his triangle back.

  783. moparisthebest

    that's a problem *there* because you want to prove a certain jid has a certain phone number

  784. moparisthebest

    my thing would only want to prove a certain jid has control of a certain cryptographic key, which of course is super easy to prove

  785. Ge0rG

    for certain values of "super easy"

  786. Ge0rG

    moparisthebest: my point is: the XMPP model is not suited for what you want.

  787. moparisthebest

    I don't know why you'd invent something else to give you everything XMPP does when you can just overlay it?

  788. Ge0rG

    moparisthebest: because you'll end up with a system that combines the drawbacks of xmpp with... we've been here already.

  789. lovetox has left

  790. MattJ

    I'm on both sides :)

  791. jubalh has left

  792. MattJ

    If you're going to make such a system, using XMPP as a foundation buys you a lot

  793. MattJ

    It would of course be quite different to what we have today, I don't think sane interop can be expected

  794. Ge0rG

    I want to see a list of reasons, not some hand-waving of how great xmpp is.

  795. rtq3 has joined

  796. Lance has joined

  797. Ge0rG

    Okay, thanks. That's a reasonable response.

  798. MattJ

    <-- fixing production issues

  799. jonasw tired

  800. marmistrz has joined

  801. derdaniel has joined

  802. jjrh has left

  803. j.r has joined

  804. j.r has joined

  805. Dave Cridland has left

  806. alacer has left

  807. marmistrz has joined

  808. marmistrz has joined

  809. Dave Cridland has left

  810. jere has joined

  811. jere has joined

  812. lumi has joined

  813. marmistrz has left

  814. marmistrz has joined

  815. Lance has joined

  816. jjrh has left

  817. Lance has joined

  818. Dave Cridland has left

  819. marmistrz has joined

  820. marmistrz has joined

  821. matlag has left

  822. Tim has joined

  823. Zash has left

  824. SaltyBones has left

  825. Yagiza has joined

  826. jere has joined

  827. jere has joined

  828. SamWhited has left

  829. alexis has left

  830. alexis has joined

  831. Lance has joined

  832. rtq3 has left

  833. rtq3 has joined

  834. alexis has left

  835. alexis has joined

  836. daniel has left

  837. derdaniel has left

  838. derdaniel has left

  839. Dave Cridland has left

  840. rion has joined

  841. Valerian has left

  842. Valerian has joined

  843. sezuan has left

  844. Dave Cridland has left

  845. Steve Kille has joined

  846. Dave Cridland has left

  847. ibikk has joined

  848. Dave Cridland has left

  849. jjrh has left

  850. jere has joined

  851. Dave Cridland has left

  852. Dave Cridland has left

  853. alacer has joined

  854. Dave Cridland has left

  855. Dave Cridland has left

  856. Wiktor has left

  857. Wiktor has joined

  858. daniel has left

  859. rion has left

  860. Dave Cridland has left

  861. alacer has left

  862. Valerian has left

  863. Valerian has joined

  864. alacer has joined

  865. debacle has left

  866. Wiktor has joined

  867. marmistrz has left

  868. daniel has joined

  869. Valerian has left

  870. Valerian has joined

  871. jubalh has joined

  872. ta has joined

  873. jere has left

  874. jere has joined

  875. Yagiza has left

  876. Valerian has left

  877. Valerian has joined

  878. ibikk has joined

  879. SamWhited has left

  880. SamWhited has left

  881. Andrew Nenakhov has left

  882. lumi has joined

  883. Steve Kille has left

  884. SamWhited has joined

  885. Guus has left

  886. jubalh has left

  887. tux has joined

  888. Guus has left

  889. alexis has left

  890. alexis has joined

  891. Valerian has left

  892. jjrh has left

  893. Valerian has joined

  894. Valerian has left

  895. Valerian has joined

  896. alexis has left

  897. Valerian has left

  898. Chobbes has joined

  899. sezuan has left

  900. sezuan has joined

  901. lovetox has joined

  902. SamWhited has left

  903. Guus has left

  904. Dave Cridland has left

  905. SamWhited has joined

  906. Maranda

    okay let's see if direct tls for s2s causes a meltdown...

  907. Maranda will need to restart the server anyways.

  908. jubalh has joined

  909. Lance has joined

  910. Guus has left

  911. Guus has left

  912. Valerian has joined

  913. Valerian has left

  914. peter has joined

  915. lskdjf has left

  916. Dave Cridland has left

  917. SamWhited has left

  918. blabla has left

  919. Lance has joined

  920. Maranda has left

  921. Maranda has left

  922. la|r|ma has left

  923. Dave Cridland has left

  924. derdaniel has joined

  925. Dave Cridland has left

  926. SamWhited has left

  927. alexis has joined

  928. vanitasvitae has left

  929. marmistrz has joined

  930. alexis has left

  931. Dave Cridland has left

  932. Valerian has joined

  933. la|r|ma has joined

  934. la|r|ma has joined

  935. la|r|ma has joined

  936. la|r|ma has joined

  937. la|r|ma has joined

  938. la|r|ma has joined

  939. Dave Cridland has left

  940. la|r|ma has joined

  941. la|r|ma has joined

  942. la|r|ma has joined

  943. la|r|ma has joined

  944. la|r|ma has joined

  945. la|r|ma has joined

  946. la|r|ma has joined

  947. la|r|ma has joined

  948. la|r|ma has joined

  949. la|r|ma has joined

  950. la|r|ma has joined

  951. la|r|ma has joined

  952. la|r|ma has joined

  953. la|r|ma has joined

  954. la|r|ma has joined

  955. la|r|ma has joined

  956. la|r|ma has joined

  957. la|r|ma has joined

  958. la|r|ma has joined

  959. la|r|ma has joined

  960. la|r|ma has joined

  961. la|r|ma has joined

  962. la|r|ma has joined

  963. Guus has left

  964. la|r|ma has joined

  965. la|r|ma has joined

  966. la|r|ma has joined

  967. la|r|ma has joined

  968. la|r|ma has joined

  969. la|r|ma has joined

  970. Guus has left

  971. la|r|ma has joined

  972. la|r|ma has joined

  973. la|r|ma has joined

  974. la|r|ma has joined

  975. la|r|ma has joined

  976. la|r|ma has joined

  977. la|r|ma has joined

  978. la|r|ma has joined

  979. la|r|ma has joined

  980. la|r|ma has joined

  981. la|r|ma has joined

  982. la|r|ma has joined

  983. la|r|ma has joined

  984. la|r|ma has joined

  985. la|r|ma has joined

  986. la|r|ma has joined

  987. la|r|ma has joined

  988. la|r|ma has joined

  989. la|r|ma has joined

  990. la|r|ma has joined

  991. la|r|ma has joined

  992. la|r|ma has joined

  993. la|r|ma has joined

  994. la|r|ma has joined

  995. la|r|ma has joined

  996. la|r|ma has joined

  997. la|r|ma has joined

  998. la|r|ma has joined

  999. Guus has left

  1000. Kev has left

  1001. SamWhited has left

  1002. rtq3 has left

  1003. Guus has left

  1004. Guus has left

  1005. rtq3 has joined

  1006. mimi89999 has left

  1007. mimi89999 has left

  1008. Guus has left

  1009. alexis has joined

  1010. waqas has left

  1011. SamWhited has left

  1012. tux has joined

  1013. alexis has left

  1014. rtq3 has left

  1015. rtq3 has joined

  1016. tux has joined

  1017. Nekit has left

  1018. Nekit has joined

  1019. lovetox has left

  1020. lovetox has joined

  1021. waqas has joined

  1022. Nekit has left

  1023. Nekit has joined

  1024. marmistrz has joined

  1025. j.r has joined

  1026. alexis has joined

  1027. marmistrz has left

  1028. j.r has joined

  1029. alexis has left

  1030. SamWhited has left

  1031. jonasw

    is there any s2s implementation of it?

  1032. SamWhited has left

  1033. SamWhited has joined

  1034. rtq3 has left

  1035. rtq3 has joined

  1036. rtq3 has left

  1037. Andrew Nenakhov has joined

  1038. rtq3 has joined

  1039. moparisthebest

    jonasw, I think zinid said latest ejabberd supports it

  1040. moparisthebest

    plus metre

  1041. Andrew Nenakhov has left

  1042. SamWhited has left

  1043. rtq3 has left

  1044. rtq3 has joined

  1045. SamWhited has joined

  1046. Dave Cridland has left

  1047. alexis has joined

  1048. ibikk has joined

  1049. peter has left

  1050. alexis has left

  1051. jjrh has left

  1052. UsL has joined

  1053. UsL has joined

  1054. j.r has left

  1055. j.r has joined

  1056. SamWhited has left

  1057. Steve Kille has joined

  1058. j.r has joined

  1059. j.r has joined

  1060. alacer has left

  1061. Tobias has left

  1062. Tobias has joined

  1063. Lance has joined

  1064. Guus has left

  1065. SamWhited has joined

  1066. Guus has left

  1067. Maranda has joined

  1068. Valerian has left

  1069. Valerian has joined

  1070. Maranda has left

  1071. j.r has left

  1072. Maranda has left

  1073. Maranda has joined

  1074. Dave Cridland has left

  1075. Dave Cridland has left

  1076. Valerian has left

  1077. Valerian has joined

  1078. j.r has joined

  1079. matlag has joined

  1080. matlag has left

  1081. marmistrz has left

  1082. Valerian has left

  1083. alexis has joined

  1084. alexis has left

  1085. ta has left

  1086. ta has joined

  1087. rtq3 has left

  1088. Dave Cridland has left

  1089. jere has left

  1090. jere has joined

  1091. ralphm has left

  1092. Lance has joined

  1093. valo has left

  1094. valo has joined

  1095. rtq3 has joined

  1096. marmistrz has left

  1097. Guus has left

  1098. ThibG has left

  1099. ThibG has joined

  1100. remko has left

  1101. Guus has left

  1102. SaltyBones has left

  1103. nyco has joined

  1104. nyco has left

  1105. rtq3 has left

  1106. matlag has joined

  1107. rtq3 has joined

  1108. rtq3 has left

  1109. Guus has left

  1110. rtq3 has joined

  1111. alexis has joined

  1112. rtq3 has left

  1113. rtq3 has joined

  1114. rtq3 has left

  1115. SamWhited has left

  1116. alexis has left

  1117. jubalh has joined

  1118. Dave Cridland has left

  1119. Dave Cridland has left

  1120. Dave Cridland has left

  1121. Dave Cridland has left

  1122. Dave Cridland has left

  1123. Dave Cridland has left

  1124. Guus has left

  1125. peter has joined

  1126. Guus has left

  1127. SamWhited has left

  1128. lnj has left

  1129. lskdjf has joined

  1130. lskdjf has joined

  1131. jubalh has left

  1132. jubalh has joined

  1133. Guus has left

  1134. lumi has joined

  1135. waqas has left

  1136. la|r|ma has joined

  1137. waqas has joined

  1138. rion has left

  1139. Dave Cridland has left

  1140. Dave Cridland has left

  1141. ibikk has joined

  1142. ibikk has joined

  1143. la|r|ma has joined

  1144. la|r|ma has joined

  1145. Dave Cridland has left

  1146. alexis has joined

  1147. SamWhited has left

  1148. j.r has joined

  1149. alexis has left

  1150. Alex has left

  1151. jubalh has left

  1152. SamWhited has left

  1153. Dave Cridland has left

  1154. Dave Cridland has left

  1155. Dave Cridland has left

  1156. tux has left

  1157. alexis has joined

  1158. SamWhited has left

  1159. Guus has left

  1160. rtq3 has joined

  1161. j.r has joined

  1162. alexis has left

  1163. rtq3 has left

  1164. Guus has left

  1165. rtq3 has joined

  1166. rtq3 has left

  1167. rtq3 has joined

  1168. goffi has left

  1169. rtq3 has left

  1170. rtq3 has joined

  1171. ibikk has left

  1172. moparisthebest has joined

  1173. Guus has left

  1174. alexis has joined

  1175. rtq3 has left

  1176. rtq3 has joined

  1177. SaltyBones has left

  1178. matlag has left

  1179. daniel has left

  1180. SamWhited has left

  1181. alexis has left

  1182. daniel has joined

  1183. j.r has joined

  1184. jjrh has left

  1185. blabla has left

  1186. daniel has left

  1187. Nekit has joined

  1188. j.r has joined

  1189. alexis has joined

  1190. jjrh has left

  1191. jjrh has left

  1192. daniel has joined

  1193. alexis has left

  1194. daniel has left

  1195. SamWhited has left

  1196. daniel has joined

  1197. Dave Cridland has left

  1198. jjrh has left

  1199. Maranda

    Oh Metre does it?

  1200. SamWhited has left

  1201. Maranda just finished implementing it in Metronome

  1202. Maranda

    tested it with ejabberd

  1203. Maranda

    let's see Metre

  1204. Maranda grabs dave.cridland.net :P

  1205. Dave Cridland has left

  1206. peter has left

  1207. moparisthebest

    Isn't metronome a prosody fork? How hard would it be to patch prosody the same way Maranda ?

  1208. alexis has joined

  1209. Maranda

    I'm not entirely sure, my knowledge of Prosody's codebase sort of stilled at around 0.9 tbh 🤣

  1210. Maranda

    But I suppose "not much"

  1211. moparisthebest

    Do you support SNI and alpn too ? (For outgoing connections?)

  1212. Maranda


  1213. moparisthebest

    Not even SNI? That's a must

  1214. Maranda

    moparisthebest, nai and luasec 0.5/0.6 which are the most common around don't support SNI anyways

  1215. Zash

    moparisthebest: No need, the unencrypted stream header has it.

  1216. moparisthebest

    2005 called and wants it's TLS extensions implemented

  1217. Zash

    LuaSec has had SNI a long time FWIW

  1218. Maranda

    at least I'm sure LuaSec 0.5 doesn't support it

  1219. moparisthebest

    Just make sure you fall back on cert errors

  1220. Maranda lookies.

  1221. Maranda

    nope doesn't

  1222. alexis has left

  1223. rtq3 has left

  1224. lovetox has left

  1225. rtq3 has joined

  1226. ta has joined

  1227. rtq3 has left

  1228. rtq3 has joined

  1229. peter has joined

  1230. j.r has joined

  1231. mimi89999 has left

  1232. Maranda has left

  1233. SamWhited has left

  1234. Maranda has left

  1235. Lance has joined

  1236. mimi89999 has left

  1237. daniel has left

  1238. mimi89999 has left

  1239. ta has left

  1240. ta has joined

  1241. daniel has joined

  1242. mimi89999 has left

  1243. peter has left

  1244. jjrh has left

  1245. Lance has joined

  1246. Guus has left

  1247. Zash has left

  1248. marc has joined

  1249. SamWhited has left

  1250. j.r has joined

  1251. Maranda has left

  1252. Guus has left

  1253. Guus has left

  1254. alexis has joined

  1255. lskdjf has left

  1256. Guus has left

  1257. Guus has left

  1258. Guus has left

  1259. peter has joined

  1260. ralphm has joined

  1261. j.r has joined

  1262. lskdjf has joined

  1263. alexis has left

  1264. SamWhited has left

  1265. SamWhited has joined

  1266. Guus has left

  1267. blabla has left

  1268. vanitasvitae has left

  1269. Guus has left

  1270. rtq3 has left

  1271. daniel has left

  1272. daniel has joined

  1273. alexis has joined

  1274. dwd has left

  1275. j.r has joined

  1276. la|r|ma has left

  1277. ta has left

  1278. ta has joined

  1279. alexis has left

  1280. UsL has left

  1281. SamWhited has left

  1282. Guus has left

  1283. Maranda has left

  1284. SamWhited has joined

  1285. Maranda has left

  1286. j.r has joined

  1287. alexis has joined

  1288. Maranda has left

  1289. Maranda has left

  1290. alexis has left

  1291. Maranda has left

  1292. Maranda has left

  1293. Andrew Nenakhov has joined

  1294. Andrew Nenakhov has left

  1295. daniel has left

  1296. j.r has joined

  1297. Guus has left

  1298. la|r|ma has joined

  1299. daniel has joined

  1300. Maranda has left

  1301. lskdjf has joined

  1302. marc has left

  1303. lskdjf has joined

  1304. alexis has joined

  1305. daniel has left