-
SamWhited
Implementing direct TLS in a library and running into the mixing of SRV records again. We really need to change this, it makes no sense. I'm ignoring it because I don't want to manually try to mix the records (the DNS library handles ordering SRV records for you, but doesn't let you specify two different services because that's not how SRV works)
-
SamWhited
And if the server operator wants to prefer StartTLS they can always just not set SRV records, so I don't see that it actually provides any benefit.
-
SamWhited
Also if we mix them and one has a "." record (no such service), what does that even mean? No XMPP server at this address, or no direct TLS at this address? What if one has "." and one has a proper record?
-
Zash
Nonsense is what it means
-
Zash
And headaches
-
SamWhited
Yah, these rules drive me nuts.
-
Dave Cridland
SamWhited, Arnt Gulbrandsen disagrees with "that's now how SRV works".✎ -
Dave Cridland
SamWhited, Arnt Gulbrandsen disagrees with "that's not how SRV works". ✏
-
Dave Cridland
SamWhited, Also I really hope you meant "selecting" rather than "ordering".
-
SamWhited
The SRV spec agrees; as far as I can tell. At least, I can't find anything that tells you to treat two services as one service and how you handle things like a "no such service" record.
-
SamWhited
What's the difference?
-
Dave Cridland
SamWhited, The SRV spec says "This is a default, but the application protocol can say whatever it likes". And you can't "order" SRV records, as such. I mean, there's no fixed order of multiple SRV records at the same priority - you could order them but they'd be an unstable order.
-
Dave Cridland
SamWhited, So yeah, basically you can't use your DNS library's built in SRV selection. But then, you can't with - possibly - any protocol that's formally defined to use SRV now.
-
SamWhited
Seems like we added pointless complexity because other protocols *might* have pointless complexity then.
-
Dave Cridland
SamWhited, Well, no, we've been following along with other existing protocols. Doesn't mean we can't change it. I'm just looking at RFC 6168 versus RFC 8314 now.
-
SamWhited
and there's still no indication what '.' means.
-
SamWhited
I'll go look at those
-
SamWhited
when I'm back at my desk if I haven't already
-
Dave Cridland
SamWhited, RFC 6168 covers that, too (and uses mixed priority as we do for IMAPs/IMAP, for instance). RFC 8314 updates that to say clients should always prefer "Implicit TLS".
-
Dave Cridland
I'd be absolutely fine with updating to match that, by the way.
-
Ge0rG
What's "Implicit TLS"?
-
jonasw
Ge0rG, non-STARTTLS
-
Ge0rG
Is it the opposite of "Direct TLS" or of "Explicit TLS"?
-
jonasw
others call it Direct TLS
-
Ge0rG
And what's explicit?
-
Ge0rG
is it explicit to use a TLS port or to use a TLS command?
-
jonasw
Explict is the use of STARTTLS
-
jonasw
are you genuinely interested or trolling?
-
jonasw
cause I’d like to not waste my evening with trolling :)
-
Ge0rG
people are bad at names.
-
jonasw
yes
-
jonasw
we knew that
-
Ge0rG
No, I was genuinly confused what that means. Thanks
-
jonasw
you’re welcome :)
-
Dave Cridland
Ge0rG, "Implicit TLS" is what RFC 8134 uses: https://tools.ietf.org/html/rfc8314#section-3
-
Dave Cridland
Ge0rG, I don't *love* the term. But it's too late to change the RFC, and it's no worse than any other term really.
-
Zash
It's accurate
-
Ge0rG
I'm not sure it is, but I'm a confused non native speaker
-
Ge0rG
I like Direct TLS vs STARTTLS as terms
-
Dave Cridland
Ge0rG, Sure. But if the rest of the internet is using a different term, I'm fine with changing.
-
Ge0rG
Dave Cridland: if by "the rest of the internet" you mean a bunch of nerds pretty much similar to us, I'm not sure I agree.
-
Zash
Let's call it wannabe-ipsec
-
jonasw
:D
-
pep.
Zash, nooo
-
Dave Cridland
Ge0rG, Well, I mean the IETF, or at least the Internet Mail folks, who are as similar to us as is possible to be (indeed, half of them have been involved in XMPP stuff at the IETF).
-
Ge0rG
Dave Cridland: maybe they just didn't spend any time on the term, and whatever wasn't absolutely idiotic did stick?
-
jonasw
do you seriously believe that such a thing wasn’t bike-shedded?
-
Dave Cridland
Ge0rG, Sure. But that's basically what we did.
-
jonasw
it’s terminology after all
-
Dave Cridland
jonasw, I think it's nomenclature, actually.
- Dave Cridland tries to look innocent.
-
jonasw
well played
-
Zash
Psst, http://www.smbc-comics.com/index.php?id=3907
-
Ge0rG
jonasw [22:03]: > do you seriously believe that such a thing wasn’t bike-shedded? Yes. Otherwise they'd have come up with a better term.
-
Zash
Ge0rG: Terminology by committee!
-
jonasw
I don’t find it extremely bad
-
Ge0rG
Zash: that directly brings back my question of Nickname vs Name vs Screen name.
-
jonasw
screen name is good in en
-
Ge0rG
jonasw: I do.
-
jonasw
but I don’t think it translates well in any language I know
-
Ge0rG
"Anzeigename" is moderately cumbersome
-
jonasw
also I’m not sure it would be clear to the typical user what this even is
-
jonasw
(it’s not more cumbersome than "Screen name", although that’s probably hard to judge)✎ -
jonasw
(I find it not more cumbersome than "Screen name", although that’s probably hard to judge) ✏
-
Zash
What do other things call it?
-
Ge0rG
Yeah, maybe "screen name" is bad as well
-
jonasw
probably just "Name"
-
Ge0rG
Still better than Implicit TLS
-
Ge0rG
(it's not implicit because you do a TLS handshake)
-
jonasw
but it’s implicit regarding the lower layers
-
jonasw
which isn’t the case with STARTTLS
-
jonasw
but yeah, Direct TLS is less ambiguous in that regard
-
Zash
START THY TLS! is pretty explicit
-
jonasw
what just happened: https://sotecware.net/images/dont-puush-me/IrUXvlA_MXTM4ecUHM4ve-TDSXUcHRHBN8_rU85-P_k.png
-
Zash
jonasw: hm?
-
Zash
jonasw: Why there's a room with >300 participants out of a sudden?
-
jonasw
more than one room with >200 at least
-
jonasw
and kuketz-blog and conversations being kicked off the 1st/2nd position in the listing, which they’ve had for weeks now
-
Zash
jonasw: Auto-injected auto-join bookmarks, if my german comprehenion is sufficiently accurate
-
jonasw
ah, neat
-
Zash
jonasw: for all new(?) registrants
-
jonasw
(why tho)
-
jonasw
ah
-
jonasw
for new ones it might make sense
-
jonasw
hmm
-
jonasw
jeopardises the listing a bit, but let’s see how things play out
-
Zash
Someone said because users complained about lack of notice about some downtime
-
jonasw
m(
-
Zash
It was only on Twitter or somesuch
-
jonasw
isn’t there mod_announce for that?
-
Zash
Myeah
-
jonasw
you can even send a type="headline" which will steal your focus if you’re using pidgin
-
jonasw
anyways, heading to bed now, see ya folks
-
Ge0rG
I'm not sure how it helps to announce downtime in a MUC
-
Zash
Ge0rG: If all your users are in it...
-
MattJ
Works for offline users without MAM
-
MattJ
(while the server is up, of course)
-
Ge0rG
Zash: if your server is down. Also Schrödinger's Chat
-
Zash
Ge0rG: I understood this as notice about future planned downtime
-
Zash
*before* the actual downtime