XSF Discussion - 2018-07-24

  1. pep.

    Noob question here, (probably going to start a holy war), why is everybody playing with direct TLS again, is "corporate firewalls" the only reason it was brought back from legacy land, (what I gather from 368)? Please enlighten me :x

  2. Ge0rG

    pep.: less round trips

  3. pep.

    Also why did we even switch to starttls by default in the first place

  4. daniel

    pep.: certs

  5. daniel

    In multi domain environments you need a way to signal the domain

  6. daniel

    That role is now played by sni

  7. daniel

    And also I think people collectively thought starttls was cool

  8. MattJ

    I think people also thought SNI was cool

  9. MattJ

    I'm glad it's finally receiving a lot of attention that it's also unencrypted and doesn't offer much

  10. Ge0rG

    MattJ: the agencies still try to sabotage encrypted SNI

  11. jonasw

    somebody needs to tell the encrypted SNI folks that it won’t play well with use-cases like XMPP

  12. jonasw

    before that draft advances further

  13. jonasw

    I’d appreciate if that was somebody who has more experience with IETF processes than me though

  14. Ge0rG

    jonasw: why wouldn't it play well?

  15. jonasw

    the public keys for SNI encryption are in DNS, under _esni.$domain TXT

  16. Ge0rG


  17. jonasw

    so if you host both HTTP and XMPP on $domain, both services need to have the same private key

  18. flow

    jonasw, guess that is what you wanted to tell the authors?

  19. jonasw

    flow, yes

  20. pep.

    Ge0rG, tell me a thing the agencies are not trying to sabotage :)

  21. Ge0rG

    pep.: your mom!

  22. pep.

    who knows

  23. Ge0rG

    pep.: your mom!

  24. pep.

    You sure

  25. Ge0rG


  26. SamWhited

    Oh hey, jonasw's sed echo bot is front page of HN all of a sudden: https://news.ycombinator.com/item?id=17601761