-
moparisthebest
in a xep xml, is there a way to do this:
-
moparisthebest
Reference: [&xep0368;]
-
moparisthebest
for a protoxep ?
-
moparisthebest
like a 'this xep'
-
jonasw
moparisthebest, just write "this xep"?
-
Maranda
😆
-
jonasw
moparisthebest, I’ve seen your draft -- are you on a mission to make Zash incredibly sad?
-
flow
moar context pls?
-
jonasw
flow, https://github.com/moparisthebest/xeps/commit/364a577a30e1d42d6fb169e596921befc2c16873
- Maranda stopped at "MUST use HTTPS"
-
flow
quite a dance for an xmpp connectiono
-
lovetox
So this is like POSH but with added connection infos
-
lovetox
though what is the use case
-
lovetox
?
-
lovetox
is there a use case where we cant put these infos into srv entrys?
-
jonasw
lovetox, not sure if one can resolve SRV from within a web client
-
pep.
https://www.w3.org/TR/raw-sockets/
-
Dave Cridland
moparisthebest, I'm going to need a crapload of reasons why this proposal isn't duplicating DOH etc.
-
jonasw
DOH?
-
daniel
Because nobody supports DNS over http🙄
-
daniel
I see your point though
-
jonasw
moparisthebest, have you seen https://xmpp.org/extensions/xep-0156.html#http ?
-
Wiktor
jonasw: for discovering domain name and port an extension to XEP 0156 would be IMHO sufficient, but as far as I can see moparisthebest wants something that could contain info about SNI/ALPN to be used as well as public key pins, etc.
-
jonasw
uh
-
jonasw
that doesn’t make sense to me
-
jonasw
but I bet there’s a rationale
-
Wiktor
especially that public key pinning is being withdrawn from browsers...
-
ralphm
Well, yeah. The problem with HPKP *in the browser*, is that if at a point in time, the wrong header was received by the browser, there is no way to undo this, except for waiting until that header's expiry. Besides the actual owner of the website messing up, the other issue is with somebody hijacking your website in some way, if only temporary, and issuing cripling headers.
-
ralphm
Of course, for mobile apps, this is different. There, you still have the option to issue a new version of your app.
-
Ge0rG
apps should just do cert pinning
-
Wiktor
ralphm: yes, but the xeo that moparisthebest is authoring would be more similar to hpkp in the browser (as I guess xmpp clients would not ship with this list and would not update the list as servers change their pins)
-
ralphm
Ge0rG: please explain how you handle cert expiry. Unless you meant public key pinning, in which case I will ask: how do you handle revocation in case your secret key is compromised?
-
Wiktor
Ge0rG: cert pinning can be more dangerous than key pinning, in case someone revokes your cert you're out of options, see https://scotthelme.co.uk/the-power-to-revoke-lies-with-the-ca/
-
ralphm
Wiktor: I think HPKP definitely has merit, so if you can mitigate the above by having some way to recover from faulty headers, yay!
-
Ge0rG
ralphm: indeed I'm using "cert pinning" as a loosely defined term for pinning either the SPKI, the certificate or the CA cert.
-
Ge0rG
ralphm: which of those should be taken, I'd decide on a case-by-case basis
-
Wiktor
ralphm: well, it's just a very sharp blade, if you take extra care then sure, but I wouldn't recommend it lightly
-
Ge0rG
ralphm: I think it's not too far-fetched to have a long-living self-signed cert for an app and to roll out a new app version in case of compromise.
-
Wiktor
Ge0rG: new app version? that'd tightly couple client to server, for centralized service such as Signal this is OK but for XMPP all clients would need to be upgraded... unless I'm missing something in this design :)
-
ralphm
I agree that rolling out a new app is the easier way, but using HPKP in this particular case makes it more seamless to the user. Having to tell your user to upgrade, is a) painful, b) not trivial if you depended on the certificate/key to deliver a notice to the app.
-
Ge0rG
Wiktor: I'm only talking of apps that are bound to a given service. For other (xmpp-style) apps, I've written https://github.com/ge0rg/MemorizingTrustManager
-
Ge0rG
ralphm: right. with sufficient planning, you can have a fallback pin in the app, too ;)
-
Wiktor
got it
-
jonasw
Ge0rG, I’d have a backup cert in a secure store which the app already trusts. if cert A is comprimised, I roll out cert B on the services. App would distrust cert A once it has seen cert B in the wild.
-
jonasw
then I’ve got some time to roll out an update with cert B as primary and a new cert C as backup.
-
ralphm
jonasw: that is more or less exactly HPKP
-
Ge0rG
There is an easy solution: don't lose your private keys :P
-
ralphm
Ge0rG: thanks for your theoretical insight
-
Ge0rG
ralphm: I'm full of those. Ask me for more any time
-
jonasw
Ge0rG, ah, damn, so simple a plan! pity that *I* didn’t think of that. Maybe make that an RFC, it’s genious :)
-
ralphm
:facepalm:
-
jonasw
I wonder whether we want a way to signal in-band that an account has been deleted.
-
jonasw
example use-case: user A registers at foreign biboumi instance B, joins a channel and sets it to persistent. account of user A gets deleted. biboumi will forever be in that channel for no use
-
jonasw
idea: send <presence type="unavailable"><deleted/></presence> in response to presence probes.
-
MattJ
type="error" <gone/>
-
MattJ
Already in the RFC
-
jonasw
MattJ, oh
-
jonasw
did I say something?
-
Holger
But biboumi won't actively contact the JID and hence not receive that stanza error, right?
-
Holger
Oh "in response to presence probes". biboumi generates presence probes?
-
Zash
Should servers send out that to bookmarked rooms or something?
-
Zash
Would sorta fit with the move towards account based groupchats
-
jonasw
Holger, yeah, biboumi would have to poll or do something similar
-
Holger
That could also help affiliation list entries and nickname registrations and stuff like that.
-
jonasw
(or require presence subscription)
-
moparisthebest
Dave Cridland, DOH is only provided by a few providers and is easily blocked, plus SRV records can't contain sni/alpn info
-
moparisthebest
the entire point of this is to be censorship resistant, I haven't gotten down to use cases and such yet
-
moparisthebest
it also supports domain fronting and such
-
Zash
Use Tor?
-
moparisthebest
I hear china is pretty good at blocking tor
-
jonasw
I don’t think this makes a lot of sense in general use-cases.
-
jonasw
china is pretty good at blocking a lot of stuff, even if running via VPN.
-
Zash
You can't crypto your way out of *blocking*
-
moparisthebest
you can to a point
-
Zash
And is blocking equal to censorship?
-
moparisthebest
yes? it's designed to get around blocking
-
moparisthebest
and application code should be able to use the exact same logic as for xep-0368 (and kinda-posh) except a single https call instead of DNS queries
-
moparisthebest
it's a total hack that shouldn't exist, you can thank oppressive regimes
-
Dave Cridland
I don't follow why this is more resistent than DOH etc.
-
moparisthebest
Dave Cridland, because each xmpp server runs their own
-
moparisthebest
it's federated
-
Dave Cridland
So you just block the XMPP server IP as a whole?
-
moparisthebest
then the operator spins up another xmpp server someplace else
-
Zash
Calling everything censorship annoys me. :(
-
moparisthebest
also you can use tricks to make it not look like an XMPP server
-
moparisthebest
(you could inspect IP + User-Agent requesting this document and lie to russian govt with a 404)
-
moparisthebest
plus it supports domain fronting (send sni someunrelatedservice.com) and nothing else currently does
-
Ge0rG
Chinese VPN detection is based on traffic patterns, so even if you tunnel through https, they'll throttle you into oblivion
-
moparisthebest
xmpp runs pretty well on slow connections doesn't it?
-
Zash
Sure
-
MattJ
It can do. I'm not entirely certain how many standard implementations handle it
-
MattJ
e.g. I think some clients aggressively ping the server
-
moparisthebest
oh thought of another reason for this, telegram is handing different server blocks to different people based on region to make IP blocking harder
-
moparisthebest
and you can only do that if you can afford to run your own DNS network
-
moparisthebest
unless it's just a page on a web server in which case any tiny xmpp server can do it
-
Ge0rG
how many IP blocks does a tiny xmpp server have, typically?
-
jonasw
hah
-
Maranda
0
-
jonasw
something between 0 and 1 I guess
-
Maranda
as long as you don't take in account ipv6
-
Ge0rG
Maranda: how many non-consecutive IPv6 blocks do you have?
-
Maranda
ipv4 I got like 3 IPs, ipv6 one native, and one /48 tunneled.
-
Ge0rG
Maranda: 3 IPs from different ISPs?
-
Maranda
(on the xmpp server vps, but it does different stuff)
-
Maranda
Nay?
-
Ge0rG
Maranda: how do you want to get around blocking with that?
-
Maranda
well they're non consecutive though
-
jonasw
"how many blocks with different rwhois do you have?" is probably the most reasonable question in this context ;-)
-
Maranda
the ipv4 addresses are all from different CIDRs
-
Ge0rG
I've got a dozen or so IPs from my core ISP, over two different CIDRs. And I could arrange for traffic redirects on two other ASNs, more if I involve friends.
-
Maranda
Ge0rG, I'm not sure neither I care about blocking I just answered your ip question btw
-
moparisthebest
Ge0rG, well if you could aws and such, a lot
-
Ge0rG
moparisthebest: do the moxie dance?
-
moparisthebest
regardless, way more than if you have to run your own distributed global dns network
-
moparisthebest
Ge0rG, that's the whole point yes
-
jonasw
I don’t see use in that, to be honest
-
jonasw
it will be way too complex for any server or client to implement *with actual benefit*
- Maranda gives an eerie stare at XEP-0357
-
moparisthebest
jonasw, anything that implements 368 and http upload should be able to implement this with, ~20 lines of code max?
-
jonasw
moparisthebest, but there’s no benefit
-
jonasw
as Ge0rG said, you need quite a bit of resources (both time and money) to do the things which bring the benefit here
-
moparisthebest
jonasw, the benefit is evading blocks
-
jonasw
I am aware
-
Ge0rG
you can't evade blocks if all you have is one IP address.
-
jonasw
yeah
-
moparisthebest
you can if they don't know it's an xmpp server, and you can for a bit
-
moparisthebest
then you jump to a different xmpp server
-
jonasw
yeah, but, who has the time resources to actually do that
-
moparisthebest
plus right now even big xmpp servers can't do domain fronting etc without custom clients
-
moparisthebest
this would enable that too
-
Maranda
well I added on lightwitch.org a xep 368 record for direct tls c2s on port 443, I played with port multiplexing a bit.
-
Maranda
:P
-
jonasw
yeah, 368 was simple and such, which is why it gained adoption really fast
-
Maranda
and noticed Conversation is actually using it.
-
jonasw
but this isn’t simple
-
moparisthebest
explain how it's any different?
-
jonasw
and it doesn’t bring any benefit without additional resources (time to hop IPs, and the actual IPs to hop to)
-
Maranda
jonasw, I'm not sure if I should consider implementing direct tls for s2s too...
-
moparisthebest
jonasw, it does, domain fronting
-
jonasw
moparisthebest, where does that still work?
-
jonasw
I heard google and AWS kill you if you do that
-
moparisthebest
if you are a huge service like signal maybe
-
moparisthebest
just as a future view, this is step 1 to censorship (blocking for Zash) proof xmpp
-
moparisthebest
other stuff we talked about is being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged)
-
moparisthebest
fun stuff
-
moparisthebest
oh also allowing contact's clients to route messages, the fun possibilities are endless
-
jonasw
that’s mostly stuff you talked about, which I personally find quite unneeded and overkill
-
jonasw
before venturing in that direction XMPP should get it’s basic sh*t together.
-
jonasw
we’re still losing messages (#thanksomemo)
-
moparisthebest
sure if you don't live in a place that is blocking secure chat apps this is entirely un-needed jonasw
-
jonasw
moparisthebest, a place which is blocking secure chat apps will block XMPP too when the time has come
-
Zash
Yeah, can we get all our shit, put it in backpack, so it's together.
-
moparisthebest
not if we make it impossible to block with those changes?
-
moparisthebest
that is after all the entire point
-
jonasw
that won’t make it impossible.
-
jonasw
only harder
-
moparisthebest
you only have to make it hard enough so it's not worth trying
-
Zash
moparisthebest: https://www.schneier.com/books/secrets_and_lies/pref.html this was a good read
-
moparisthebest
it looks like https, anyone can use any server, so as fast as you block them, new ones pop up and you interrupt no one
-
Zash
I think you need to read it
-
jonasw
moparisthebest, it does not look like HTTPS
-
jonasw
it may look like HTTPS on the byte level
-
jonasw
but the chinese are very godo at blocking based on patterns
-
jonasw
you won’t stop /that/ with your fancy stuff
-
jonasw
(with patterns, I mean packet sizes and timings)
-
moparisthebest
so it looks like any modern interactive html5 app?
-
jonasw
moparisthebest, not quite
-
jonasw
take a look at their research.
-
jonasw
they can detect e.g. Facebook quite certainly even through a VPN.
-
Holger
> being able to keep your contact list/conversations and hop between any xmpp server you like at any time, even being able to be connected to multiple at the same time (clients would ignore jid and use a cryptographic identifier instead, servers would be unchanged) Haha, sure. We fail at fixing avatars.
-
moparisthebest
Zash, I read this one https://www.schneier.com/books/data_and_goliath/
-
jonasw
my thoughts exactly, Holger
-
moparisthebest
that's just client-side changes though, you could make a version of conversations that did that today without anything extra required from servers
-
moparisthebest
it would even be backwards compatible with other clients, though not very friendly UI wise in them
-
jonasw
"just clients"
-
jonasw
because clients aren’t the main problem :)
-
moparisthebest
you specifically mentioned avatars which require all clients and all servers to change
-
moparisthebest
you'd agree changing a single client is easier right?
-
Holger
Well if we're just interested in a single client then the avatar issues become much easier to solve as well.
-
Holger
Whatever. Just implement it if it's so simple?
-
moparisthebest
I plan to
-
Holger
+1
-
moparisthebest
I don't really write specs without implementations
-
moparisthebest
usually the implementations come first, I think that makes me a bad programmer, oh well :)
-
Zash
I think you wanna write specs and implement at roughly the same time
-
MattJ
+1
-
Zash
Maybe think real hard about requirements first.
-
Zash
But all that goes out the window when you start implement anyways
-
MattJ
I don't think I've ever seen a pre-written spec survive an implementation unscathed
-
Ge0rG
> clients would ignore jid and use a cryptographic identifier instead Congratulations, you just combined the drawbacks of XMPP with the drawbacks of p2p systems and the drawbacks of mixnets
-
moparisthebest
I looked at it the other way, benefits if p2p systems plus benefits of XMPP
-
Ge0rG
moparisthebest: what's the benefit of XMPP once you replace JID-based routing with crypto identifiers?
-
Ge0rG
Why not XEP-0174 over .onion nodes?
-
Zash
Why not normal xmpp over .onion?
-
moparisthebest
Ge0rG, routing is still jid-based, clients just collapse multiple JIDs using the same crypto identifier under one 'contact'
-
moparisthebest
and the benefit is still all the other things xmpp provides, one of the biggest being it's mobile-battery-friendly
-
Ge0rG
moparisthebest: how do you tell your buddies about your new JID if they also just switched JIDs because of blocking?
-
jonasw
I don’t even want to think how that works with MAM queries
-
jonasw
or MUCs.
-
jonasw
or anything non-trivial really
-
Ge0rG
moparisthebest: you just invented a crypto-overlay network over XMPP.
-
moparisthebest
right that's exactly what it will be
-
Ge0rG
moparisthebest: but WHY?
-
moparisthebest
fun and censorship resistance? :P
-
jonasw
for certain definitions of fun
-
jonasw
not to kinkshame, but I’m not into that I think
-
Ge0rG
moparisthebest: it won't get you censorship resistance.
-
Ge0rG
moparisthebest: because once your server is censored, you have no way to find out the new identity of your friends
-
moparisthebest
I guess that is a problem if you both switch at the same time
-
moparisthebest
DHT over XMPP ?
-
Ge0rG
why use xmpp if you can have QUANTUM BLOCKCHAIN TECHNOLOGY!
-
MattJ
https://wiki.xmpp.org/web/Secure_Distributed_JID_Discovery
-
MattJ
in particular https://wiki.xmpp.org/web/Secure_Distributed_JID_Discovery#DHT_Based_Solution
-
moparisthebest
nice
-
moparisthebest
verification would be solved since the identifier is a cryptographic key anyway
-
MattJ
Discussion at https://mail.jabber.org/pipermail/standards/2013-February/027036.html
-
Ge0rG
Open Problems: 1. How to prevent impersonating other users.
-
moparisthebest
solved by crypto already
-
Ge0rG
moparisthebest: Zooko called, and he wants his triangle back.
-
moparisthebest
that's a problem *there* because you want to prove a certain jid has a certain phone number
-
moparisthebest
my thing would only want to prove a certain jid has control of a certain cryptographic key, which of course is super easy to prove
-
Ge0rG
for certain values of "super easy"
-
Ge0rG
moparisthebest: my point is: the XMPP model is not suited for what you want.
-
moparisthebest
I don't know why you'd invent something else to give you everything XMPP does when you can just overlay it?
-
Ge0rG
moparisthebest: because you'll end up with a system that combines the drawbacks of xmpp with... we've been here already.
-
MattJ
I'm on both sides :)
-
MattJ
If you're going to make such a system, using XMPP as a foundation buys you a lot
-
MattJ
It would of course be quite different to what we have today, I don't think sane interop can be expected
-
Ge0rG
I want to see a list of reasons, not some hand-waving of how great xmpp is.
-
Ge0rG
Okay, thanks. That's a reasonable response.
-
MattJ
<-- fixing production issues
- jonasw tired
-
Maranda
okay let's see if direct tls for s2s causes a meltdown...
- Maranda will need to restart the server anyways.
-
jonasw
is there any s2s implementation of it?
-
moparisthebest
jonasw, I think zinid said latest ejabberd supports it
-
moparisthebest
plus metre
-
Maranda
Oh Metre does it?
- Maranda just finished implementing it in Metronome
-
Maranda
tested it with ejabberd
-
Maranda
let's see Metre
- Maranda grabs dave.cridland.net :P
-
moparisthebest
Isn't metronome a prosody fork? How hard would it be to patch prosody the same way Maranda ?
-
Maranda
I'm not entirely sure, my knowledge of Prosody's codebase sort of stilled at around 0.9 tbh 🤣
-
Maranda
But I suppose "not much"
-
moparisthebest
Do you support SNI and alpn too ? (For outgoing connections?)
-
Maranda
nay
-
moparisthebest
Not even SNI? That's a must
-
Maranda
moparisthebest, nai and luasec 0.5/0.6 which are the most common around don't support SNI anyways
-
Zash
moparisthebest: No need, the unencrypted stream header has it.
-
moparisthebest
2005 called and wants it's TLS extensions implemented
-
Zash
LuaSec has had SNI a long time FWIW
-
Maranda
at least I'm sure LuaSec 0.5 doesn't support it
-
moparisthebest
Just make sure you fall back on cert errors
- Maranda lookies.
-
Maranda
nope doesn't