vanitasvitaeNice, the XSF got selected for GSoC :)
Half-ShotXhas left
Half-ShotXhas joined
ThibGhas left
ThibGhas joined
ralphmhas left
ralphmhas joined
Half-ShotXhas left
GuusYes!
kokonoehas left
Half-ShotXhas joined
frainzhas left
kokonoehas joined
frainzhas joined
404.cityhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Seve\o/!
Half-ShotXhas left
Half-ShotXhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
delehas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
jonas’\o/
Half-ShotXhas left
Half-ShotXhas joined
delehas left
nycohas left
404.cityhas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
larmahas joined
contrapunctushas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
rionhas joined
lorddavidiiihas left
rionseems like xep-0214 depends on deprecated xep-0137. Probably it has to be updated or deprecated too.
alacerhas joined
Half-ShotXhas left
Half-ShotXhas joined
!xsf_Martinhas left
rtq3has joined
rionwe were just thinking on support@j.ru how to make file storage management for http upload.
lorddavidiiihas joined
Wiktorvanitasvitae: is there a list of topics?
Half-ShotXhas left
Half-ShotXhas joined
nycohas joined
lorddavidiiihas left
lorddavidiiihas joined
contrapunctushas left
contrapunctushas joined
andyhas left
andyhas joined
Link Mauverion, there is also XEP-0329, which depends on XEP-0234 instead.
marc_has joined
Link MauveThose two are part of my list of deferred XEPs to look at and either revive or deprecate, but there was some opposition to deprecating a deferred XEP recently.
Half-ShotXhas left
Half-ShotXhas joined
Andrew NenakhovXep 214 is a bad idea that will end in pubsubfs, not that we're looking into
rionLink Mauve: 329 looks good to me, thanks. and it can be combined with http jingle transport.
Link MauveYup.
Link MauveI think goffi has another implementation of it.
Half-ShotXhas left
Link MauveHe demo’d it at the Summit.
Link MauveAndrew Nenakhov, being able to subscribe to a node mapping to a directory sounds useful though.
Link MauveThe 0329 can’t be used for a dropbox-like, or even any notification.
kokonoehas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
kokonoehas joined
andyhas left
andyhas joined
Half-ShotXhas left
ralphmhas left
rtq3has left
rtq3has joined
Half-ShotXhas joined
ralphmhas joined
vanitasvitaeWiktor: in the xmpp wiki
Wiktorvanitasvitae: kthx
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
j.rhas left
contrapunctushas left
contrapunctushas joined
kokonoehas left
Half-ShotXhas joined
kokonoehas joined
alacerhas left
alacerhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
debaclehas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
lnjhas joined
Yagizahas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
lnjhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
igoosehas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
Yagizahas joined
rtq3has left
rtq3has joined
Half-ShotXhas joined
novnovhas left
blablahas left
blablahas joined
blablahas left
blablahas joined
novnovhas joined
Half-ShotXhas left
igoosehas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas joined
Half-ShotXhas left
lskdjfhas joined
Half-ShotXhas joined
j.rhas joined
Half-ShotXhas left
goffihas left
kokonoehas left
kokonoehas joined
lnjhas joined
lnjhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
bowlofeggshas joined
Half-ShotXhas left
Half-ShotXhas joined
jmpmanhas left
efrithas joined
j.rhas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
andyhas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
efrithas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
andyhas joined
andyhas left
contrapunctushas left
andyhas joined
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
goffihas joined
blablahas left
blablahas joined
Half-ShotXhas left
rtq3has left
rtq3has joined
lorddavidiiihas left
goffiindeed I have an implementation of XEP-0329, I'm pretty happy with it.
goffiI've made a quick evaluation of various options, I've chosen this one because it's working and simple.
goffiLink Mauve: while it can't be used for dropbox like?
Half-ShotXhas joined
goffis/while/why/
Alexhas left
j.rhas joined
Half-ShotXhas left
Andrew Nenakhovhas left
Half-ShotXhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Half-ShotXhas left
Link Mauvegoffi, how do you subscribe to files being added or removed or changed?
Andrew Nenakhovhas joined
Half-ShotXhas joined
goffiLink Mauve: is this needed for dropbrox like?
goffi(note that I've never used dropbox)
Link Mauvegoffi, Dropbox is a software you install on your computer, which provides you a fuse(-like?) interface to mount a remote directory.
Half-ShotXhas left
Link MauveThen when anyone puts files there, they will be downloaded on your computer.
Link MauveOr something like that.
Link MauveI haven’t used it either, but I’ve heard people talk about it.
ZashIt lets the cloud put files on your computer. Probably.
jonas’I think the closest FLOSS thing is Sparkleshare
jonas’or Seafile
jonas’so if you want to check out the UX, go to those projects
jonas’although sparkleshare in particular was pretty bad when I tested it the last time
nycohi
GuusHello
Link Mauvejonas’, yes, it is.
Link MauveAlso unmaintained.
goffiLink Mauve: to looks for files on a server (my current use case), XEP-0329 is enough and working well. To subscribe to a directory or a file it would need to be extended, but I think it can be done quite cleanly with references.
Link Mauvenow shuts up and lets board do boardy things.
GuusSeve ralphm MattJ shall we meet?
Link Mauvegoffi, XEP-0214 did that already.
goffiyes, but it's overcomplicated in my opinion
nycoto all, my apologies for last week, as I did not join, and did not tell...
GuusI think you did?
Guusor was that the week before? I was not here last week myself.
blablahas left
Guusanyways. you are forgiven. 🙂
blablahas joined
Guus... did these guys find another place to meet while we were gone?
MattJHey
Guusola!
Half-ShotXhas joined
Half-ShotXhas left
SeveHi! My bad
MattJSorry, had a delivery arrive just as the meeting began :)
MattJJust missing ralphm?
GuusThat's generally when delivery guys show up at my door too. Mostly for neighbors, too.
Guusyes
nycoa softer way of swatting?
Guusperhaps 🙂
nycohttps://trello.com/b/Dn6IQOu0/board-meetings
Half-ShotXhas joined
Guushands a gavel to nyco
nycotries to catch it on the fly
nycoBANG
nycoMinute taker, who are you today?
nycoso we have Seve, Matt, Guus, and me, only Ralph is missing
nycowe have 2 topics for decision:
* E2E CA req
* membership application
commitment:
* typo in deferred XEP
discussion:
* money, money, money
* reach out high profile users
* badge designer
MattJThe stated requirements for the XSF seem trivial enough as specified, but I'm not sure what the wider context is here
nycofeels there is lag indeed
jonas’the eax.html is Standards Track and has been handled by Board
Half-ShotXhas left
jonas’but it’s useful context
jonas’more context is in xor.html
MattJWhat root CAs are we supposed to redirect to? Is there some vetting to be done? etc. - I need to read it more
kokonoehas joined
SeveSame here as the rest
MattJand why isn't relying on normal trust anchors enough? E.g. Mozilla's
nycoare we able to do this?
GuusAlso - this introduces the XSF as a single source of truth
MattJSo let's punt on this for the moment, understand it more and discuss next week
Guuswhich somehwat clashes with doing things distributed/federated - unsure if that can be helped here (I must read more, as a wise man just said), but it's bound to raise brows.
Ge0rGMattJ: normal CAs are forbidden to issue non-web certificates, essentially, by CA/Browser Forum rules
Half-ShotXhas joined
Ge0rG(which is something the XSF Board might well be able to address, in a proper formal inquiry to the CABF)
nycoif there is a CA, there are many ICA ?
nycowhich is more decentralised, still as a pyramid
lnjhas joined
jonas’kind of like how DNSSEC works
GuusGe0rG is that an alternative approach than the one suggested in the XEP?
andyhas left
nycoa blockain-based CA? wait no
Ge0rGGuus: no, it's completely orthogonal. I haven't had the time to read _this_ incarnation of the XEP either
GuusGe0rG ok thanks
SeveI think there are too many questions on this one :)
Guusas MattJ suggested, lets kick this can down the road for a week.
MattJ+1
Guus(and do some reading)
nyco2. XEP-0345 (Form of Membership Applications)
nycocard without description, what's needed from the board?
nycohttps://xmpp.org/extensions/xep-0345.html
frainzhas left
MattJWho added it?
Guusapproval.
Ge0rGnyco: it's a procedural XEP that needs to be decided upon
nycook
Ge0rGSo Board shoul decide whether it shall be accepted or not.
nycoso I feel like emil, jid, affiliations and name are not enough
can we add things like values, objectives, past contributions?
GuusI only now see that there was feedback in the Last Call
MattJnyco, I think that's up to the candidate to add as much as they want to share to be accepted
SeveI would have wanted that to be a discussion topic maybe? And then decide something about it.
MattJI don't think we need to make those things mandatory in a formal document
nycomandatory no, but as an option
nycorather a suggestion
GuusMattJ didn't you raise an example of someone having 'valid' reasons for wanting to apply anonymously?
Guusalthough we shot down applying anonymously before, your example might warrant to re-address that
MattJPossibly so
GuusI think you were going to see if said person would be willing to provide details?
GuusDo you recall who I'm talking of? You weren't specific.
MattJThere is a slight difference between being an anonymous member and having your details being known only to the Secretary
GuusIf that's still ongoing, I'd like to have that information before voting on XEP-0345.
MattJYes, I recall the conversation, I need to follow up
Ge0rGI've recently brought up the anonymity question, and by now told the respective user that it's not an option.
jonas’did you also tell them that contributing to standards etc. is very much possible without being a member?
MattJGe0rG, iirc that was before the summit, where we had some in-person discussions about how we may improve the process
GuusGe0rG which is what we decided on.
MattJThe decision still holds
MattJWe /may/ be able to change the way we do things, and we /may/ decide to do that
MattJand that may or may not be enough for these people who want to remain anonymous
Guus(what he said - my choice of words was poor)
Ge0rGBut you SHOULD document the current status quo in some way. And XEP-0345 is a good place
GuusAgreed - I'd still like to review the feedback from the Last Call before I vote. I neglected doing that.
GuusI think we have a fix for that, and this trello card was only left for tracking that that fix got applied?
Guusjonas’ - do you recall the details?
Ge0rGIt was decided upon in January
MattJ"In today's board meeting, Board agrees wiath Jonas' suggested change, and ask the Editor to draft a proposal for the change in XEP-0001."
jonas’Guus, yes... I should make a Pr
jonas’buuuuuut .... -EBUSY
Guussure, no problem
nycolooks weird to un-defer to re-defer later, can't we just let edition of deferred XEP, at least for archival purposes and probable later revival ?
Guusjust trying to recall if there's something for us to do here 🙂
Guusnyco we already voted on this - do you really want to re-open the issue?
SeveI have a question for you about that jonas’, would be possible to specify the equivalent? For instance I would like to update my contact information on a XEP, so I guess that falls into equivalent as well, but would be nice to have this specified
jonas’Seve, sorry, -ENOCTX
nyconope, I'm fine, can't recall, sorry, was it a meeting I missed?
Guus(yeah, you need to be slightly less nerdy for me to follow here 😛 )
MattJSeve, I guess we can consider that when the PR is submitted
GuusI think this boils down to a) there's general consensus that the XSF could use more money to 'do things' that stimulate XMPP, and b) we need to find sources of income.
MattJi.e. make sure the wording encompasses those kinds of changes
MattJGuus, right
Guuswe've previously established that from a finanicial point of view, the XSF is in good shape - but does not have much reserves to significantly spend on things
GuusMaybe it's time to bury this card, and recreate one that says 'get sponsors' (which actually is hopefully a byproduct of the next card )
nycoI'd say it's more of a continuous effort...
Guusunless there's other topics related to 'fundraising and financing' that board wants to discuss
MattJGuus, that sounds like good progress
nyco5. Define strategy to reach out to (and reap benefits) high profile XMPP applications/users.
Guusfor various reasons, I feel that we should get in touch with high-profile XMPP applicators
Ge0rGslightly related to this, Winfried wrote in his application <https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019> that he wanted to reach out to interesting XMPP deployments
Guus1) they act as awesome showcases - which can be good for marketing
Guus2) we can likely learn a lot from each-other - they can benefit from our resources, we can benefit from their expertise
Guus3) some of these might be sponsor candidatesd
Ge0rGGuus: it would be great to appriach the companies behind https://xmpp.org/uses/gaming and also to finish https://github.com/xsf/xmpp.org/issues/490
GuusGe0rG yes.
Half-ShotXhas joined
GuusAs we do not have an executive director anymore (who I'd think would be perfect for the reaching out), I think that it falls on board to figure out how to approach this.
Guuswhich I suggests boils down to: "who do we contact?" and "what message do we want to convey?"
GuusI have very little experience here, so I'm looking for input.
Ge0rGGuus: also it's good to clarify who is "we"
nycoour approach could be bottom-up, to start with, that is: we collect those data from member willing to share
Ge0rGGuus: 'we' should be a volunteering person or maybe a small working team. SCAM or commteam might be a good fit.
MattJGuus, I think something winfried and I were discussing in Brussels... many of the people involved in the XSF are involved with various XMPP projects that don't necessarily get the exposure they deserve
MattJI'm sure some of them don't want to, but I'm also sure some of them do
Ge0rGWinfried might be a good candidate if he happens to have time.
Ge0rGI planned to ask him, but his server was down
GuusI'm hearing the name "Winfried" a lot, so it makes sense to at least ask him if he is interested in taking point on this.
tuxhas left
alacerhas left
Guusbut I do wonder if the reaching-out bit should be done by an officer.
Ge0rGGuus: according to his own words from four weeks ago, he is
Guusas it's the beginning of potentially formal relationship?
SeveWhen I applied for board I mentioned I would like to see what can we do about making companies advertise they use XMPP like they would do using any kind of framework or language for example, but I have no experience on this topic. But I don't think just a single person can manage all of this. From my point of view we should gather together like we do on this meetings and start bit by bit discussing how, what, etc.
Ge0rGFrom https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019 -
> I want to do more of those: go out there and interview the people behind interesting XMPP deployments and publish about them.
nycoif we want exposure, we can do interviews
5 to 10 questions, always the same, send them to a project/product leader (dev, product, marketing, CEO, whatever), put them in shape, do a blog post, automatically post to Twitter (and more, if possible)
MattJGuus, my point is that many of us are already working with the people we're discussing
MattJand that's our easiest way into such users of XMPP
MattJrather than starting cold with high-profile users we've got no current routes into
nycoSeve this is an itch I also would like to scratch
Sevenyco, that's in my todo list, I wanted to reach to companies and do that kind of interviewing, so it is fair for everybody
SeveBut we need to talk a bit on what to ask, and so on
GuusMany things at the same time: Ge0rG: good! nyco: that would be awesome, but I like to have more: not just an article, but active involvement. MattJ also, that's a good start, but I also want to find _new_ organisations.
nycoI'm following you Seve
MattJGuus, you think the XSF knows all the current ones?
nycoGuus article vs article involvment
Guusnyco: much more than articles! I'd like them to eventually become members 🙂
Guusbut they're all good starts
nycoGuus MattJ yes, hidden uses of XMPP are everywhere
Half-ShotXhas left
GuusMattJ no, definately not - and what you propose might be a good start.
GuusThis topic might warrant a meeting on its own
Guus(also, we're running out of time - and I need to divert my attention soon)
SeveSeveral even :D
winfriedSeve I already interviewed one and am in the process of finishing it, good to ream up
Ge0rGwinfried! \o/
nycoGuus oh yeah, definitely, members rock
though, I felt that many orgs follow the XSF, but do not wish to contribute/participate, for various reasons: not time, shyness, intimidating, too/only technical
GuusCan we wrap up for today?
MattJnyco, also I've encountered some that didn't want their use of XMPP to be public knowledge
Half-ShotXhas joined
nycohey, we have passed the 16:00 mark, we should adjourn this meeting, who against that?
MattJ+1
SeveMattJ, interesting
nycoNext ? +1W as usual ?
MattJwfm
Ge0rG's got another point for heated discussion, but will delay that by +1W
GuusI'm fine with +1w
nycoBANG
SeveSure +1
nycoThanks everybody! 😉
MattJThanks nyco and all :)
SeveVery nice to meet with you all!
Dele Olajidehas left
GuusGe0rG curious, what was the topic?
GuusI like to be prepared for next time 🙂
Ge0rGGuus: it's related to the Jabber trademark.
Guusyour license was arranged, right?
Guusso, different issue?
Marandahas left
Marandahas joined
Ge0rGGuus: right
Guuskk
Guus"looking forward to it"
Guus😉
MattJ:)
lnjhas joined
zinidso XEP-CAR is postponed?
goffihas left
goffihas joined
zinid*EAX-CAR
Half-ShotXhas left
winfriedGe0rG: time to do some SSL debugging?
Ge0rGwinfried: do you mind running your domain through xmpp.net?
winfrieddon't mind :-D
MattJzinid, yes, until next week
zinidtl;dr? 😀
MattJJust so everyone can get a better understanding of what the responsibilities are
zinidwell, I'm just asking to run the url redirection, it's an experimental anyway
MattJGood to know
zinidbut of course I can just copy that CA/B Forum's insane requirements to the XEP so *nobody* will able to read it
MattJCan you give an example of an entity the redirect might go to?
zinidMattJ, we're going to start the CA at process-one, that will be the first URL for redirection
MattJor... just maybe wait until I've read the other XEP, I'll probably understand more then :)
MattJOk
moparisthebestjonas’, Link Mauve: I'd say closest floss thing to Dropbox would be nextcloud or syncthing , I probably wouldn't want my xmpp client trying to reinvent that wheel...
Link Mauvemoparisthebest, does that mean you want it to be impossible to implement such a service?
Link MauveIt doesn’t have to be your client.
alameyohas left
alameyohas joined
Half-ShotXhas joined
ThibGhas left
ThibGhas joined
moparisthebestno of course not
MattJWhat advantages does using XMPP have here?
moparisthebestjust, to me, seems totally unsuited for XMPP
Ge0rGwinfried: is there a particular reason for ECDSA?
Guuszinid can you share a link to the insane CA/B Forums requirements? 🙂
zinidMattJ, for incident resolution we can just borrow formal rules developed by CA/B Forum, but I don't want to copy the whole requirements of CA/B Forum, they are too complex and this will prevent some OSS community to run any CA at all except a few companies with money
Link Mauvemoparisthebest, getting notifications about things, and being able to manage things you already uploaded in some form over XMPP, doesn’t sound that unsuited to me.
Link MauveIn the recent years, a lot of clients have started uploading files to their server for instance.
zinidGuus, achtung, the document is very TL;DR 😀
Half-ShotXhas left
Link MauveIt would be useful to have a way to manage that, instead of an upload once, regret forever kind of thing.
moparisthebestonly to share links, synchronizing directory trees across computers is an entirely different ballgame
goffiXMPP is absolutely suited for that, and I'm already on the way of doing something similar. XMPP brings its ecosystem (accounts, permissions, notifications, etc.)
Link MauveAnd that.
Guuszinid aren't they always? 🙂
zinidGuus, yeah, CA is hard
winfriedGe0rG: must have been, but I don't remember anymore... ;-) I guess I may relax my ciphers a bit.
alameyohas left
Ge0rGwinfried: you could use the recommendations from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
moparisthebestwinfried, it doesn't look like cipher selection as much as you got an ecdsa key+certificate and not an RSA one ?
Marandahas left
Marandahas joined
Half-ShotXhas joined
Ge0rGyou can get a pure ecdsa cert from public CAs?
zinidGe0rG, yes
zinidLet's Encrypt may issue pure ECC cert
Ge0rGand it won't do RSA based DH?
zinidGe0rG, no, ejabberd's ACME only supports ECC so far and LE doesn't complain
Ge0rGzinid: so I won't be able to talk to any of the ejabberd self-ACMEd servers if I forbid ECDSA?
winfriedhas left
zinidGe0rG, yes, but that's a bug of ejabberd of course
Ge0rGwhy are you even promoting that footgun?
zinidI promote?
zinidthat was GSoC, and as any GSoC it sucks
Ge0rGECDSA is the most profoundly misdesigned crypto algorithm of the last decade or so
zinidah, you mean DSA?
winfriedhas joined
zinidsorry, I'm lost in terms
zinidI thought you meant pure ECC cert (or how it's correctly called, i.e. not RSA)
Ge0rGzinid: I'm speaking of the ECC based algorithms that are part of TLS
zinidokay, then I don't know what you mean, I'm clueless
moparisthebestGe0rG, looks like you support all the ECDHE* algorithms and even prefer them though
moparisthebestthat's a different issue than ECDSA vs RSA certificates
Ge0rGOkay, so I'm probably too stupid to follow my own advice.
moparisthebestalso TLS 1.3 called and said it ONLY supports ECDHE algorithms so, keep that in mind :)
zinidECDHE is something that only works with ECC certs, right?
moparisthebestno
zinid😀
moparisthebestentirely seperate, things
zinidokay
ThibGhas left
ThibGhas joined
moparisthebestfor ECDSA vs RSA certificates, it's on my list of things to investigate, I *think* new nginx supports having both
moparisthebestI'm *guessing* no XMPP server currently does
Half-ShotXhas left
Half-ShotXhas joined
zinidwtf is ECDSA certificate?
zinidwhich is based on ECC private key or what?
Zashmoparisthebest: You can probably configure Prosody with that now, if you have bleeding edge LuaSec
winfriedZash: interesting challenge :-)
moparisthebestI think I'll try nginx first :P
zinidaccording to wikipedia it seems like ECDSA cert is indeed a ECC cert
contrapunctushas left
contrapunctushas joined
zinidmoparisthebest, haproxy supports the combo for sure
zinidand we have some feature requests to support that in ejabberd
moparisthebestbut only useable with xep-0368 I'm guessing?
moparisthebestawesome, maybe I will try that first then, thanks Zash
alameyohas joined
winfriedZash moparisthebest checking right now with my SSL-supplier if I can get a second certificate....
Ge0rGwinfried: unfortunately my testssl is going very slow.
Ge0rGwinfried: is the cert the same as on your https://?
moparisthebestwinfried, not using letsencrypt?
winfriedGe0rG: same as https://tilanus.com/ not the same as https://www.tilanus.com/
Half-ShotXhas left
Half-ShotXhas joined
Ge0rGwinfried: one is a redirect to the other :>
winfriedGe0rG: / yes
Ge0rGwinfried: anyway, I wanted to ping you regarding your promise in the Membership application. Can do that in public as well
winfriedGe0rG: :-D
Ge0rGwinfried: it would be awesome if somebody could follow-up on https://github.com/xsf/xmpp.org/issues/490 and to contact the different teams behind the https://xmpp.org/uses/gaming items
olihas joined
winfriedGe0rG: do you know if anybody has contacts to one of those groups?
Half-ShotXhas left
zinidRiot Games used to be our customer
Half-ShotXhas joined
alacerhas joined
Ge0rGwinfried: when I was collecting the links for the gaming section, I tried to find the most authoritative ones. If they don't list contacts, I don't have anything better unfortunately.
Nekithas left
Nekithas joined
alacerhas left
alacerhas joined
zinidnot sure how that promotes XMPP though, as the majority of them use highly customized XMPP servers
zinidexcept maybe EVE online
contrapunctushas left
zinidfor the record, EVE Online maintains their ejabberd branch at github
zinidlast time I checked they had very few changes from mainline
Ge0rGzinid: is it wrong to run heavily patched servers?
winfriedGe0rG: I would like to avoid making cold calls/doing research to find the right people, but I will be able to do so if needed...
zinidGe0rG, well, heavily patched means they patch the parts related to XMPP protocol, so basically they are not XMPP compliant
kokonoehas left
zinidlike WhatsApp for example
zinidit's hard to call them XMPP
kokonoehas joined
winfriedzinid: I call WhatsApp XMPP inspired, not an XMPP deployment...
zinidwinfried, we can call almost all of them this way
zinidthey start from XMPP and then diverge drastically
ziniddropping all the bloat of XMPP
Ge0rGwinfried: I can understand that, yeah. But I don't know what would be a better way. Write a post on xmpp.org saying "Dear large scale deployments, please contact us for cross promotion"?
winfriedGe0rG: yes, would be a nice way, also good to point to if I am making a cold call...
lnjhas left
Ge0rGwinfried: this directly plugs into today's Board discussion, have a list of questions about the deployment.
Ge0rGMattJ did a survey among xmpp developers recently.
alacerhas left
zinidwhat survey?
alameyohas left
alameyohas joined
winfriedzinid: it is hard to draw a line when something is still XMPP or not, many private deployments extend or bend the protocol in some way. But some of them may still provide nice usecases for XMPP. But it would be good to stay critical about. (And some would be better of if they kept in closer contact with the XSF)
winfriedGe0rG: I saw it, I answered it myself too ;-)
lnjhas joined
tuxhas joined
winfriedGe0rG: There may be different projects here: a survey, liason and whitepapers
MattJGe0rG, Prosody community != XMPP developers...
MattJThe results landed somewhere where Zash has been nagging me to process them (the survey isn't officially closed yet)
winfried(will be AFK for a while) Ge0rG, zash, I will try a ECDSA and a RSA cert side by side later today
Ge0rGwinfried: I'm pretty sure it's not about the cert but about the allowed ciphers
Ge0rGBut then again, I'm not an expert
moparisthebestthat's correct but the ciphers you can use depend on your cert
moparisthebestECDHE-RSA-AES256-GCM-SHA384
moparisthebestthat can only be used with an RSA cert
winfriedI checked my configuration, it should allow RSA
winfried(really gone now)
moparisthebestECDHE-ECDSA-AES256-GCM-SHA384
moparisthebestthat can only be used with an ECDSA cert
Ge0rGBut you can use ECDSA with an RSA cert?
moparisthebestthose are different things though
moparisthebestgah I wish I knew the term, there is the certificate part, then the key exchange part, then the encription part
moparisthebestalso wish I could spell haha, encryption*
Half-ShotXhas left
Ge0rGLMC to the rescue!
zinid> And some would be better of if they kept in closer contact with the XSF
I'm not sure they are interested, they don't think in terms of the protocol, just like when you deploy an HTTP server you don't go in contact with the corresponding standards body
moparisthebestdon't think dino does that yet, or I don't know the spell to invoke it
MattJzinid, I tend to agree. I think XMPP is useful for many of them to bootstrap, but they don't necessarily need federation or interoperability
MattJEven if both those things would generally be considered good by most people here, they do come at a cost, so I see why they get dropped easily
MattJWe should still make contact with though, I think having communication with them can be good, even if we fail
Half-ShotXhas joined
zinidMattJ, they also choose a solution, among others, so this is nothing to do with the protocol. I just know how they think, we talked to them a lot, for example, with Belkin (former Linksys). BTW, they run 2M IoT devices on their cluster (just in case, it's not mentioned by the XSF iot cases page)
marc_has left
zinidand solution typically means "how much money"
Half-ShotXhas left
lnjhas left
alacerhas joined
Ge0rGzinid: is Belkin documented anywhere in the public?
lnjhas joined
zinidGe0rG, yes, but I'm not sure they want to reveal their capacity
zinidhttps://fluux.io/clients
zinidthey only allowed us to mention them as a client
zinid*a customer
alameyohas joined
Ge0rGzinid: this is what I meant by "in the public"
lovetoxhas joined
zinidwhat exactly? The fact that they use XMPP? Or their capacity?
zinidalthough, it's hard to call that XMPP, they just send encapsulated JSON and use XMPP as a streaming transport only. We try to convince them to MQTT instead.
zinid*to use MQTT
zinidas MQTT requires far less resources, we can shrink cluster capacity twice or so
Half-ShotXhas joined
rtq3has joined
marc_has joined
rtq3has left
rtq3has joined
delehas joined
Half-ShotXhas left
Half-ShotXhas joined
delehas left
Ge0rGzinid: the fact that they are using XMPP. That would be a good mention for the IoT page
zinidwell, it's up to you of course, but my view is that XMPP is something about federation, and this is where "the community" fails miserably, I think there are less than a million of users using federated XMPP
404.cityhas joined
alameyohas left
alameyohas joined
zinidin the sense that the XSF spends so much time to produce federated protocols (the compliance suite is an example), but the largest user base is located at walled gardens of quasi XMPP
Ge0rGzinid: I'm speaking of XMPP the protocol, not Jabber the IM network
zinidwell, I clarified what I mean
alameyohas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alameyohas joined
rtq3has left
Half-ShotXhas joined
rtq3has joined
rtq3has left
rtq3has joined
Half-ShotXhas left
alacerhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alameyohas left
alameyohas joined
alameyohas left
frainzhas left
Dele Olajidehas joined
ralphmhas left
kokonoehas left
Half-ShotXhas joined
Half-ShotXhas left
kokonoehas joined
!xsf_Martinhas joined
Dele Olajidehas left
alameyohas joined
Half-ShotXhas joined
Steve Killehas left
ralphmhas joined
goffihas left
goffihas joined
Steve Killehas joined
Half-ShotXhas left
jmpmanhas joined
lumihas joined
pep.Re CABF, can XSF members not infiltrate it? :p What do you need to get in? money?
Half-ShotXhas joined
ZashBe a browser or a CA I guess?
Ge0rGpep.: excellent question. There was a discussion about xmpp srv-id already some years ago. But it seems to not have led anywhere
pep.Ge0rG, yeah I remember that thread
pep.Do we have a clear set of changes we want to bring to that document?
Half-ShotXhas left
pep.Then we'd need to invest time in politics a bit
rionhas left
alameyohas left
alameyohas joined
alameyohas left
Ge0rGpep.: we should at least demand that SRV id are not forbidden in SAN
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rGI'm not sure what the state of art is in xmppAddr fields.
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rGIt would be awesome if we could ask a public CA for a cert that only contains an srvId for an xmpp server. That would allow secure delegation of your xmpp to a service provider without letting them impersonate your webshits
Ge0rGNot that web security was in a good shape.
ralphmhas left
ralphmhas joined
pep.I'd also like to be able to be able to set another Key Usage
pep.And we need to do something about it now, because LE is not going to
pep.But it's not just about SRV id in SANs, it's also that Key Usage
pep.i.e., s/TlS Web Server Authentication/TLS Server Authentication/
pep.Or even s/Web/XMPP/
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas joined
Nekithas left
!xsf_Martinhas left
ralphmhas left
ralphmhas joined
Half-ShotXhas left
Half-ShotXhas joined
winfriedhas left
alacerhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
vaulorhas left
vaulorhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
alameyohas joined
Half-ShotXhas joined
alacerhas left
Half-ShotXhas left
!xsf_Martinhas joined
ralphmhas left
ralphmhas joined
Half-ShotXhas joined
rtq3has left
rtq3has joined
alameyohas left
alameyohas joined
moparisthebestGe0rG, pep. , or we could push for DNSSEC + DANE ?
moparisthebestthat way you control what key is valid for what server+port via DNS
alameyohas left
moparisthebestseems better and more doable than getting CAs to do anything
rtq3has left
rtq3has joined
winfriedhas joined
goffihas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alacerhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
alacerhas left
marc_has left
marc_has joined
olihas left
ralphmhas left
ralphmhas joined
contrapunctushas left
contrapunctushas joined
Wiktormoparisthebest, you can specify multiple certs in nginx since 1.11, it's desinged to be used in RSA+ECDSA scenarios, see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
Half-ShotXhas left
Wiktornote that even though Let's Encrypt will issue ECDSA cert it will be signed by their RSA intermediate cert, they don't (yet) have full ECDSA chain: https://letsencrypt.org/upcoming-features/
frainzhas joined
moparisthebestah thanks, I thought I remembered them adding support for that I just haven't gotten around to it yet
Half-ShotXhas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas left
Wiktor👍️
rtq3has left
rtq3has joined
pep.moparisthebest, that's orthogonal. Even though I agree we could focus our efforts on one thing, but then I'm not sure which one to do. I remember daniel having criticism against dnssec, or the deployment (middle boxes) in germany or sth, but I don't remember the details
Ge0rGmoparisthebest [19:57]:
> Ge0rG, pep. , or we could push for DNSSEC + DANE ?
I'm sure that 2019 will be the year of DNSSEC. Especially for the IM TLD
Half-ShotXhas joined
pep.Yeah and that..
404.cityhas left
moparisthebestall new domains since, idk, 2012 or something have DNSSEC support
moparisthebestI'd argue any domain worth having right now supports it, maybe it's time to abandon .im
pep.I always verify the tld supports it before I buy anything fwiw
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Half-ShotXhas left
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
Ge0rGIt'll be another decade until all DNS servers support it.
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
moparisthebestI still can't find the link I wanted but the gtld's, all the new fancy ones, must have DNSSEC support
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
moparisthebestall DNS servers support it now? maybe you mean all TLDs ?
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
alameyohas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rGJust this week I had a problem with Telekom DNS server returning ServFail for a non existent SRV record on a DNSSEC signed domain... after a 3s delay!
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rGmoparisthebest: I'm speaking of resolvers out there in the wils✎
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rGmoparisthebest: I'm speaking of resolvers out there in the wild ✏
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Half-ShotXhas joined
Ge0rGSome CPE routers still fail at SRV altogether
!xsf_Martinhas left
!xsf_Martinhas joined
moparisthebestthose are already dead https://dnsflagday.net/
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
Link Mauvehas left
Ge0rGOn yax.im I've got 10-15% of non SRV clients
moparisthebestI give it about another year before 99.9% of the DNS requests are via HTTPS anyway
Half-ShotXhas left
moparisthebestand all those support DNSSEC etc
!xsf_MartinPlease tell me when he’s done flooding with part/join, so I can take back my normal nick.
Ge0rGyax.im: Serious problem detected!
This domain will face issues after February 1st 2019!
olihas joined
Yagizahas left
pep.!xsf_Martin, how are we supposed to see now? :p
pep.xml_tab?
pep.Not even, that wouldn't get to me
olihas left
olihas joined
olihas left
olihas joined
olihas left
debaclehas joined
olihas joined
!xsf_Martinhas left
Link MauveSeems fixed.
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
kokonoehas left
kokonoehas joined
contrapunctushas left
contrapunctushas joined
Ge0rGYou need to see presence changes to understand the context, right?
pep.indeed
Half-ShotXhas left
Half-ShotXhas joined
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
alameyohas left
alameyohas joined
alameyohas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
coderx002has joined
coderx002has left
Half-ShotXhas joined
jmpmanhas left
Half-ShotXhas left
lumihas left
Nekithas joined
Half-ShotXhas joined
valohas left
valohas joined
lumihas joined
alameyohas joined
igoosehas left
igoosehas joined
igoosehas left
igoosehas joined
lumihas left
lumihas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
undefinedhas left
undefinedhas joined
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
alameyohas left
alameyohas joined
contrapunctushas left
contrapunctushas joined
alameyohas left
contrapunctushas left
contrapunctushas joined
neshtaxmpphas left
neshtaxmpphas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
olihas left
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
marc_has left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
vaulorhas left
contrapunctushas left
Half-ShotXhas joined
neshtaxmpphas left
Half-ShotXhas left
contrapunctushas joined
neshtaxmpphas joined
Half-ShotXhas joined
lorddavidiiihas joined
Half-ShotXhas left
alameyohas joined
contrapunctushas left
contrapunctushas joined
lorddavidiiihas left
lumihas left
lumihas joined
Half-ShotXhas joined
lorddavidiiihas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
pep.Who do I need to ping again to appear in planet jabber? ralphm?
contrapunctushas left
winfriedhas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
winfriedhas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
winfriedmoparisthebest Ge0rG: to resolve the discussion: at Prosody, with an ECDHE certificate it accepts only incoming ECDHE connections, with an RSA certificate only RSA connections
contrapunctushas left
contrapunctushas joined
Ge0rGThat's... unfortunate.
andrey.ghas left
alameyohas left
alameyohas joined
andrey.ghas joined
alameyohas left
dwdpep., ralphm, indeed. Maybe intosi can help, I don't know.
Half-ShotXhas joined
!xsf_Martinhas left
dwdmoparisthebest, I do hope we don't end up with DoH everywhere. The ramifications of that scare me badly.
kokonoehas left
yvohas left
debaclehas left
moparisthebestwinfried, I mean that's not prosody specific, that's universal TLS (assuming you meant ECDSA instead of ECDHE)
kokonoehas joined
moparisthebestdwd, too late, I think it's the default on latest android?
moparisthebestalso enable-able in firefox
dwdmoparisthebest, All the DNS data going through Google, is it?
dwdmoparisthebest, And no doubt it's for our own good, of course.
moparisthebestI would guess by default yes :'(
Ge0rGGoogle and Clownflare
winfriedmoparisthebest: I also assume it is universal, but I just tested it on prosody
Ge0rGUsing Google DNS is already a reality on my Samsung phone
moparisthebestwinfried, but did you try both?
dwdwinfried, OpenSSL, at least, can accept multiple cert/key pairs, and if given both it'll use whichever fits the ciphers requested.
winfriedmoparisthebest: yes, I tried both
moparisthebestI run my own though, which randomly picks from a list of upstream DNS servers, and proxies over tor, so I like dns-over-tls (and dns-over-https) sorry for shameless plug https://github.com/moparisthebest/jDnsProxy
winfriedwinfried: 100% guarantee, the key I select, the cipher I get :-D
winfrieddwd: I know, but I am trying to get prosody talking both, no success so far.
winfrieddiving into the debugging logs right now
winfriedhas left
Half-ShotXhas left
Half-ShotXhas joined
alameyohas joined
lnjhas left
winfriedhas joined
Half-ShotXhas left
Half-ShotXhas joined
winfriedhas left
Half-ShotXhas left
valohas left
valohas joined
valohas left
wurstsalathas joined
winfriedhas joined
lovetoxhas left
lorddavidiiihas left
winfriedZash: I tried https://issues.prosody.im/809#comment-5 no luck, it picks only the ec certificate like that. I tried to verify I really got the right version of luasec (installed the dev version locally, ahead in the path of the regular/package manager one) but I am not 100% sure it picked the right one.