-
moparisthebest
jonas’: unless/until Cisco takes it away haha
-
jonas’
anyone have a good suggestion how to validate that a listing of a service in disco#items is actually intended by the listed service? I’m asking in the context of muclumbus/search: it is easy for an adversary to list a service in their disco#items which is accessible via s2s, but which doesn’t want to be listed. For example, if someone wanted to host a "hidden" IRC gateway and someone else noted that, someone else could add it to their disco#items and thus un-hide it.
-
flow
jonas’, you could possibly filter out items with an xmpp address not being a "child" address of the requested entity
-
jonas’
flow, how would one determine that?
-
jonas’
DNS-based? :/
-
flow
xmpp address based?
-
flow
and this means domainpart based
-
flow
but maybe I misunderstand the question
-
flow
and, yes, this becomes likely infeasiable if the domainpart is an IP address
-
flow
but if you example.org announce muc.foo.org, then I'd filter it
-
jonas’
right, so DNS based
-
jonas’
it should be zone based though, and that’s tricky to do
-
jonas’
and many not even be generally correct.
-
jonas’
*sigh*
-
flow
zone based?
-
jonas’
you need to take into account authority breaks in DNS, i.e. delegations
-
flow
jonas’, I'm curious, has this turned out to be a practical problem? Did someone complain?
-
jonas’
co.uk. should not be allowed to advertise stuff for fnord.co.uk ;-)
-
jonas’
no, nobody complained yet, but I’d like to play it safe with resources like IRC gateways
-
jonas’
which are easy to abuse
-
jonas’
or may be easy to abuse
-
jonas’
or something
-
jonas’
pep. pre-emptively complained when I threw the idea of listing IRC gateways around in some MUC
-
flow
jonas’, I'm not sure about this, isn't the parent domain is always able to redirect your users?
-
jonas’
flow, with an attack on DNS, yes.
-
jonas’
with an attack on DNS, you can do a lot of things
-
flow
jonas’, no
-
flow
just because it's your parent domain
-
flow
you have to trust it anyways
-
jonas’
I’d count "replace NS records with something I don’t intend them to be" as an attack :)
-
jonas’
even if they have the power to do so by design
-
flow
so you trust them to not do that, but you don't trust them to announce your services?
-
flow
bbl, SIGFOOD
-
jonas’
I think my preferred way would be to require the child-components disco#items to also include the parent-service, but that’s probably infeasible.
-
jonas’
gl
-
pep.
jonas’, really I shouldn't have to wait that you start listing them to filter traffic if I don't want people to use it, but you're the force pushing me to atm :P
-
pep.
I know my gateway is not used by anybody I don't want to, for the moment
-
flow
pep., if you don't want your gateway to be used by other entities on the network it surely provides an options to restrict its usage to local users only?
-
pep.
flow, I want _some_ s2s users to be able to use it, so mod_firewall, plus additional tricks for disco#items maybe
-
flow
pep., allright, so whiteliste the entities that are allowed to use it. Doesn't that solve the problem?
-
pep.
probably, I just need to do it. I didn't need to until now
-
flow
(And I know that whitelisting can be tricky, depending on the used software. But hiding isn't a solution either)
-
flow
pep., I'd argue that you needed to do it before too
-
pep.
Well I've been somewhat monitoring access to that and it's not being abused
-
pep.
But yeah I agree
-
flow
pep., that could change now, especially since you mentioned publicly that you run an open gateway :-P
-
flow
I think it is askin to running an open mail relay
-
pep.
I know
-
flow
*akin
-
pep.
I don't especially agree with the open mail relay thing
-
pep.
It's not like I was running an open j2j gateway
-
pep.
You could want to run an open IRC gateway, and some services do already
-
pep.
(And eventually I may open that gateway as well)
-
jonas’
pep., I have a set of mod_firewall rules which do that (allow all local users + s2s whitelist)
-
pep.
jonas’, yeah, working on it
-
jonas’
pep., %LIST whitelist: file:/etc/prosody/fw/data/biboumi-whitelist.txt %ZONE biboumi: irc.zombofant.net ::deliver ENTERING: biboumi ENTERING: $local NOT CHECK LIST: whitelist contains $<@from|bare> LOG=[debug] dropping inbound message to biboumi from $<@from|bare> BOUNCE=forbidden (You are not allowed to access this host.) ::deliver_remote LEAVING: biboumi NOT TYPE: error NOT CHECK LIST: whitelist contains $<@to|bare> LOG=[debug] dropping outbound message from biboumi to $<@to|bare> BOUNCE=forbidden (The destination is not authorized to access this host.)
-
jonas’
hm, maybe it would make sense to require publicly listed gateways to publish contact information.
-
jonas’
hrm, so there’s no way to detect MIXness of a group chat service from the identity alone?
-
flow
jonas’, I think this is by design (but could be wrong)
-
Ge0rG
> hm, maybe it would make sense to require publicly listed gateways to publish contact information. jonas’: Contact Addresses would fit, but it must be in a server info dataform
-
jonas’
Ge0rG, I’m confused
-
jonas’
that’s exactly what I was talking about?
-
jonas’
but you make it sound like it would be a problem
-
Ge0rG
I'm not a disco specialist, do components come with a http://jabber.org/network/serverinfo record by default?
-
jonas’
what is that?
-
Zash
xep 157 ?
-
jonas’
ah, that
-
jonas’
right
-
jonas’
Ge0rG, probably not, but they should
-
Ge0rG
How many data forms can you fit into one query result?
-
Zash
Ge0rG: unbounded
-
jonas’
Ge0rG, given that conference.jabber.org returns ALL the rooms in a single disco#items, I think we’re good.
-
jonas’
(and I think you can see when muclumbus queries conference.jabber.org in the traffic graphs because it creates a fun spike)
-
Ge0rG
Zash: speaking of real life implementations.
-
jonas’
(and then it discards the result due to malformed JIDs *shrug*)
-
Zash
this kills the terminal
-
Zash
Ge0rG: You can have more than one dataform, like you can have more than one identity and more than one feature
-
Zash
I think I've seen at most two forms
-
Zash
... maybe I did that myself tho, not sure
-
Ge0rG
Zash: I've had a look into how poezio processes such a response. I vaguely kept my sanity.
-
jonas’
Ge0rG, https://lab.louiz.org/louiz/biboumi/issues/3388 ;-)
-
Ge0rG
jonas’: 👍
-
Zash
jonas’: I was about to open an issue in biboumi for 157 but was distracted and now someone already did it
-
jonas’
"someone" :)
-
Zash
SOMEONE
-
Zash
Hm, do MUCs commonly have 157?
-
Ge0rG
Zash: I can't imagine. Should they?
-
Zash
Why not?
-
jonas’
Ge0rG, a contact for an admin when you’re facing an attack in one of your room seems useful
-
Maranda
They could..
-
Maranda
I honestly never put contact info on components
-
Ge0rG
jonas’: on the MUC domain? Sure, would be good
-
Maranda
(as long as you dont service the muc alone)
-
Maranda
(i suppose ppl will look at the upper level domain info)
-
jonas’
that’s not a good thing to do automatedly though
-
pep.
I have that server_contact loaded on every single vhost/component fwiw
-
Maranda
I have it integrated in mod_disco but not every component will use it so (also external components wont at all) it can be tricky for those anyways