seems like xep-0214 depends on deprecated xep-0137. Probably it has to be updated or deprecated too.
alacerhas joined
Half-ShotXhas left
Half-ShotXhas joined
!xsf_Martinhas left
rtq3has joined
rion
we were just thinking on support@j.ru how to make file storage management for http upload.
lorddavidiiihas joined
Wiktor
vanitasvitae: is there a list of topics?
Half-ShotXhas left
Half-ShotXhas joined
nycohas joined
lorddavidiiihas left
lorddavidiiihas joined
contrapunctushas left
contrapunctushas joined
andyhas left
andyhas joined
Link Mauve
rion, there is also XEP-0329, which depends on XEP-0234 instead.
marc_has joined
Link Mauve
Those two are part of my list of deferred XEPs to look at and either revive or deprecate, but there was some opposition to deprecating a deferred XEP recently.
Half-ShotXhas left
Half-ShotXhas joined
Andrew Nenakhov
Xep 214 is a bad idea that will end in pubsubfs, not that we're looking into
rion
Link Mauve: 329 looks good to me, thanks. and it can be combined with http jingle transport.
Link Mauve
Yup.
Link Mauve
I think goffi has another implementation of it.
Half-ShotXhas left
Link Mauve
He demo’d it at the Summit.
Link Mauve
Andrew Nenakhov, being able to subscribe to a node mapping to a directory sounds useful though.
Link Mauve
The 0329 can’t be used for a dropbox-like, or even any notification.
kokonoehas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
kokonoehas joined
andyhas left
andyhas joined
Half-ShotXhas left
ralphmhas left
rtq3has left
rtq3has joined
Half-ShotXhas joined
ralphmhas joined
vanitasvitae
Wiktor: in the xmpp wiki
Wiktor
vanitasvitae: kthx
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
j.rhas left
contrapunctushas left
contrapunctushas joined
kokonoehas left
Half-ShotXhas joined
kokonoehas joined
alacerhas left
alacerhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
debaclehas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
lnjhas joined
Yagizahas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
lnjhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
igoosehas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
Yagizahas joined
rtq3has left
rtq3has joined
Half-ShotXhas joined
novnovhas left
blablahas left
blablahas joined
blablahas left
blablahas joined
novnovhas joined
Half-ShotXhas left
igoosehas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas joined
Half-ShotXhas left
lskdjfhas joined
Half-ShotXhas joined
j.rhas joined
Half-ShotXhas left
goffihas left
kokonoehas left
kokonoehas joined
lnjhas joined
lnjhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
bowlofeggshas joined
Half-ShotXhas left
Half-ShotXhas joined
jmpmanhas left
efrithas joined
j.rhas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
andyhas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
efrithas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
andyhas joined
andyhas left
contrapunctushas left
andyhas joined
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
goffihas joined
blablahas left
blablahas joined
Half-ShotXhas left
rtq3has left
rtq3has joined
lorddavidiiihas left
goffi
indeed I have an implementation of XEP-0329, I'm pretty happy with it.
goffi
I've made a quick evaluation of various options, I've chosen this one because it's working and simple.
goffi
Link Mauve: while it can't be used for dropbox like?
Half-ShotXhas joined
goffi
s/while/why/
Alexhas left
j.rhas joined
Half-ShotXhas left
Andrew Nenakhovhas left
Half-ShotXhas joined
Andrew Nenakhovhas joined
Andrew Nenakhovhas left
Half-ShotXhas left
Link Mauve
goffi, how do you subscribe to files being added or removed or changed?
Andrew Nenakhovhas joined
Half-ShotXhas joined
goffi
Link Mauve: is this needed for dropbrox like?
goffi
(note that I've never used dropbox)
Link Mauve
goffi, Dropbox is a software you install on your computer, which provides you a fuse(-like?) interface to mount a remote directory.
Half-ShotXhas left
Link Mauve
Then when anyone puts files there, they will be downloaded on your computer.
Link Mauve
Or something like that.
Link Mauve
I haven’t used it either, but I’ve heard people talk about it.
Zash
It lets the cloud put files on your computer. Probably.
jonas’
I think the closest FLOSS thing is Sparkleshare
jonas’
or Seafile
jonas’
so if you want to check out the UX, go to those projects
jonas’
although sparkleshare in particular was pretty bad when I tested it the last time
nyco
hi
Guus
Hello
Link Mauve
jonas’, yes, it is.
Link Mauve
Also unmaintained.
goffi
Link Mauve: to looks for files on a server (my current use case), XEP-0329 is enough and working well. To subscribe to a directory or a file it would need to be extended, but I think it can be done quite cleanly with references.
Link Mauvenow shuts up and lets board do boardy things.
Guus
Seve ralphm MattJ shall we meet?
Link Mauve
goffi, XEP-0214 did that already.
goffi
yes, but it's overcomplicated in my opinion
nyco
to all, my apologies for last week, as I did not join, and did not tell...
Guus
I think you did?
Guus
or was that the week before? I was not here last week myself.
blablahas left
Guus
anyways. you are forgiven. 🙂
blablahas joined
Guus
... did these guys find another place to meet while we were gone?
MattJ
Hey
Guus
ola!
Half-ShotXhas joined
Half-ShotXhas left
Seve
Hi! My bad
MattJ
Sorry, had a delivery arrive just as the meeting began :)
MattJ
Just missing ralphm?
Guus
That's generally when delivery guys show up at my door too. Mostly for neighbors, too.
Guus
yes
nyco
a softer way of swatting?
Guus
perhaps 🙂
nyco
https://trello.com/b/Dn6IQOu0/board-meetings
Half-ShotXhas joined
Guushands a gavel to nyco
nycotries to catch it on the fly
nyco
BANG
nyco
Minute taker, who are you today?
nyco
so we have Seve, Matt, Guus, and me, only Ralph is missing
nyco
we have 2 topics for decision:
* E2E CA req
* membership application
commitment:
* typo in deferred XEP
discussion:
* money, money, money
* reach out high profile users
* badge designer
The stated requirements for the XSF seem trivial enough as specified, but I'm not sure what the wider context is here
nycofeels there is lag indeed
jonas’
the eax.html is Standards Track and has been handled by Board
Half-ShotXhas left
jonas’
but it’s useful context
jonas’
more context is in xor.html
MattJ
What root CAs are we supposed to redirect to? Is there some vetting to be done? etc. - I need to read it more
kokonoehas joined
Seve
Same here as the rest
MattJ
and why isn't relying on normal trust anchors enough? E.g. Mozilla's
nyco
are we able to do this?
Guus
Also - this introduces the XSF as a single source of truth
MattJ
So let's punt on this for the moment, understand it more and discuss next week
Guus
which somehwat clashes with doing things distributed/federated - unsure if that can be helped here (I must read more, as a wise man just said), but it's bound to raise brows.
Ge0rG
MattJ: normal CAs are forbidden to issue non-web certificates, essentially, by CA/Browser Forum rules
Half-ShotXhas joined
Ge0rG
(which is something the XSF Board might well be able to address, in a proper formal inquiry to the CABF)
nyco
if there is a CA, there are many ICA ?
nyco
which is more decentralised, still as a pyramid
lnjhas joined
jonas’
kind of like how DNSSEC works
Guus
Ge0rG is that an alternative approach than the one suggested in the XEP?
andyhas left
nyco
a blockain-based CA? wait no
Ge0rG
Guus: no, it's completely orthogonal. I haven't had the time to read _this_ incarnation of the XEP either
Guus
Ge0rG ok thanks
Seve
I think there are too many questions on this one :)
Guus
as MattJ suggested, lets kick this can down the road for a week.
MattJ
+1
Guus
(and do some reading)
nyco
2. XEP-0345 (Form of Membership Applications)
nyco
card without description, what's needed from the board?
nyco
https://xmpp.org/extensions/xep-0345.html
frainzhas left
MattJ
Who added it?
Guus
approval.
Ge0rG
nyco: it's a procedural XEP that needs to be decided upon
nyco
ok
Ge0rG
So Board shoul decide whether it shall be accepted or not.
nyco
so I feel like emil, jid, affiliations and name are not enough
can we add things like values, objectives, past contributions?
Guus
I only now see that there was feedback in the Last Call
MattJ
nyco, I think that's up to the candidate to add as much as they want to share to be accepted
Seve
I would have wanted that to be a discussion topic maybe? And then decide something about it.
MattJ
I don't think we need to make those things mandatory in a formal document
nyco
mandatory no, but as an option
nyco
rather a suggestion
Guus
MattJ didn't you raise an example of someone having 'valid' reasons for wanting to apply anonymously?
Guus
although we shot down applying anonymously before, your example might warrant to re-address that
MattJ
Possibly so
Guus
I think you were going to see if said person would be willing to provide details?
Guus
Do you recall who I'm talking of? You weren't specific.
MattJ
There is a slight difference between being an anonymous member and having your details being known only to the Secretary
Guus
If that's still ongoing, I'd like to have that information before voting on XEP-0345.
MattJ
Yes, I recall the conversation, I need to follow up
Ge0rG
I've recently brought up the anonymity question, and by now told the respective user that it's not an option.
jonas’
did you also tell them that contributing to standards etc. is very much possible without being a member?
MattJ
Ge0rG, iirc that was before the summit, where we had some in-person discussions about how we may improve the process
Guus
Ge0rG which is what we decided on.
MattJ
The decision still holds
MattJ
We /may/ be able to change the way we do things, and we /may/ decide to do that
MattJ
and that may or may not be enough for these people who want to remain anonymous
Guus
(what he said - my choice of words was poor)
Ge0rG
But you SHOULD document the current status quo in some way. And XEP-0345 is a good place
Guus
Agreed - I'd still like to review the feedback from the Last Call before I vote. I neglected doing that.
I think we have a fix for that, and this trello card was only left for tracking that that fix got applied?
Guus
jonas’ - do you recall the details?
Ge0rG
It was decided upon in January
MattJ
"In today's board meeting, Board agrees wiath Jonas' suggested change, and ask the Editor to draft a proposal for the change in XEP-0001."
jonas’
Guus, yes... I should make a Pr
jonas’
buuuuuut .... -EBUSY
Guus
sure, no problem
nyco
looks weird to un-defer to re-defer later, can't we just let edition of deferred XEP, at least for archival purposes and probable later revival ?
Guus
just trying to recall if there's something for us to do here 🙂
Guus
nyco we already voted on this - do you really want to re-open the issue?
Seve
I have a question for you about that jonas’, would be possible to specify the equivalent? For instance I would like to update my contact information on a XEP, so I guess that falls into equivalent as well, but would be nice to have this specified
jonas’
Seve, sorry, -ENOCTX
nyco
nope, I'm fine, can't recall, sorry, was it a meeting I missed?
Guus
(yeah, you need to be slightly less nerdy for me to follow here 😛 )
Seve, I guess we can consider that when the PR is submitted
Guus
I think this boils down to a) there's general consensus that the XSF could use more money to 'do things' that stimulate XMPP, and b) we need to find sources of income.
MattJ
i.e. make sure the wording encompasses those kinds of changes
MattJ
Guus, right
Guus
we've previously established that from a finanicial point of view, the XSF is in good shape - but does not have much reserves to significantly spend on things
Guus
Maybe it's time to bury this card, and recreate one that says 'get sponsors' (which actually is hopefully a byproduct of the next card )
nyco
I'd say it's more of a continuous effort...
Guus
unless there's other topics related to 'fundraising and financing' that board wants to discuss
MattJ
Guus, that sounds like good progress
nyco
5. Define strategy to reach out to (and reap benefits) high profile XMPP applications/users.
for various reasons, I feel that we should get in touch with high-profile XMPP applicators
Ge0rG
slightly related to this, Winfried wrote in his application <https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019> that he wanted to reach out to interesting XMPP deployments
Guus
1) they act as awesome showcases - which can be good for marketing
Guus
2) we can likely learn a lot from each-other - they can benefit from our resources, we can benefit from their expertise
Guus
3) some of these might be sponsor candidatesd
Ge0rG
Guus: it would be great to appriach the companies behind https://xmpp.org/uses/gaming and also to finish https://github.com/xsf/xmpp.org/issues/490
Guus
Ge0rG yes.
Half-ShotXhas joined
Guus
As we do not have an executive director anymore (who I'd think would be perfect for the reaching out), I think that it falls on board to figure out how to approach this.
Guus
which I suggests boils down to: "who do we contact?" and "what message do we want to convey?"
Guus
I have very little experience here, so I'm looking for input.
Ge0rG
Guus: also it's good to clarify who is "we"
nyco
our approach could be bottom-up, to start with, that is: we collect those data from member willing to share
Guus
Ge0rG to clarify, with 'we' I mean 'the XSF'
Seve
I don't see any other 'we' here
Guus
nyco what 'data' do you mean exactly?
Dele Olajidehas joined
nyco
use cases, verticals, numbers, values, benefits
Ge0rG
Guus: 'we' should be a volunteering person or maybe a small working team. SCAM or commteam might be a good fit.
MattJ
Guus, I think something winfried and I were discussing in Brussels... many of the people involved in the XSF are involved with various XMPP projects that don't necessarily get the exposure they deserve
MattJ
I'm sure some of them don't want to, but I'm also sure some of them do
Ge0rG
Winfried might be a good candidate if he happens to have time.
Ge0rG
I planned to ask him, but his server was down
Guus
I'm hearing the name "Winfried" a lot, so it makes sense to at least ask him if he is interested in taking point on this.
tuxhas left
alacerhas left
Guus
but I do wonder if the reaching-out bit should be done by an officer.
Ge0rG
Guus: according to his own words from four weeks ago, he is
Guus
as it's the beginning of potentially formal relationship?
Seve
When I applied for board I mentioned I would like to see what can we do about making companies advertise they use XMPP like they would do using any kind of framework or language for example, but I have no experience on this topic. But I don't think just a single person can manage all of this. From my point of view we should gather together like we do on this meetings and start bit by bit discussing how, what, etc.
Ge0rG
From https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019 -
> I want to do more of those: go out there and interview the people behind interesting XMPP deployments and publish about them.
nyco
if we want exposure, we can do interviews
5 to 10 questions, always the same, send them to a project/product leader (dev, product, marketing, CEO, whatever), put them in shape, do a blog post, automatically post to Twitter (and more, if possible)
MattJ
Guus, my point is that many of us are already working with the people we're discussing
MattJ
and that's our easiest way into such users of XMPP
MattJ
rather than starting cold with high-profile users we've got no current routes into
nyco
Seve this is an itch I also would like to scratch
Seve
nyco, that's in my todo list, I wanted to reach to companies and do that kind of interviewing, so it is fair for everybody
Seve
But we need to talk a bit on what to ask, and so on
Guus
Many things at the same time: Ge0rG: good! nyco: that would be awesome, but I like to have more: not just an article, but active involvement. MattJ also, that's a good start, but I also want to find _new_ organisations.
nyco
I'm following you Seve
MattJ
Guus, you think the XSF knows all the current ones?
nyco
Guus article vs article involvment
Guus
nyco: much more than articles! I'd like them to eventually become members 🙂
Guus
but they're all good starts
nyco
Guus MattJ yes, hidden uses of XMPP are everywhere
Half-ShotXhas left
Guus
MattJ no, definately not - and what you propose might be a good start.
Guus
This topic might warrant a meeting on its own
Guus
(also, we're running out of time - and I need to divert my attention soon)
Seve
Several even :D
winfried
Seve I already interviewed one and am in the process of finishing it, good to ream up
Ge0rG
winfried! \o/
nyco
Guus oh yeah, definitely, members rock
though, I felt that many orgs follow the XSF, but do not wish to contribute/participate, for various reasons: not time, shyness, intimidating, too/only technical
Guus
Can we wrap up for today?
MattJ
nyco, also I've encountered some that didn't want their use of XMPP to be public knowledge
Half-ShotXhas joined
nyco
hey, we have passed the 16:00 mark, we should adjourn this meeting, who against that?
MattJ
+1
Seve
MattJ, interesting
nyco
Next ? +1W as usual ?
MattJ
wfm
Ge0rG's got another point for heated discussion, but will delay that by +1W
Guus
I'm fine with +1w
nyco
BANG
Seve
Sure +1
nyco
Thanks everybody! 😉
MattJ
Thanks nyco and all :)
Seve
Very nice to meet with you all!
Dele Olajidehas left
Guus
Ge0rG curious, what was the topic?
Guus
I like to be prepared for next time 🙂
Ge0rG
Guus: it's related to the Jabber trademark.
Guus
your license was arranged, right?
Guus
so, different issue?
Marandahas left
Marandahas joined
Ge0rG
Guus: right
Guus
kk
Guus
"looking forward to it"
Guus
😉
MattJ
:)
lnjhas joined
zinid
so XEP-CAR is postponed?
goffihas left
goffihas joined
zinid
*EAX-CAR
Half-ShotXhas left
winfried
Ge0rG: time to do some SSL debugging?
Ge0rG
winfried: do you mind running your domain through xmpp.net?
winfried
don't mind :-D
MattJ
zinid, yes, until next week
zinid
tl;dr? 😀
MattJ
Just so everyone can get a better understanding of what the responsibilities are
zinid
well, I'm just asking to run the url redirection, it's an experimental anyway
MattJ
Good to know
zinid
but of course I can just copy that CA/B Forum's insane requirements to the XEP so *nobody* will able to read it
MattJ
Can you give an example of an entity the redirect might go to?
zinid
MattJ, we're going to start the CA at process-one, that will be the first URL for redirection
MattJ
or... just maybe wait until I've read the other XEP, I'll probably understand more then :)
MattJ
Ok
moparisthebest
jonas’, Link Mauve: I'd say closest floss thing to Dropbox would be nextcloud or syncthing , I probably wouldn't want my xmpp client trying to reinvent that wheel...
Link Mauve
moparisthebest, does that mean you want it to be impossible to implement such a service?
Link Mauve
It doesn’t have to be your client.
alameyohas left
alameyohas joined
Half-ShotXhas joined
ThibGhas left
ThibGhas joined
moparisthebest
no of course not
MattJ
What advantages does using XMPP have here?
moparisthebest
just, to me, seems totally unsuited for XMPP
winfried
Ge0rG: https://xmpp.net/result.php?id=1452651 :-D
Ge0rG
winfried: so you only accept ECDSA and I reject ECDSA
zinid can you share a link to the insane CA/B Forums requirements? 🙂
zinid
MattJ, for incident resolution we can just borrow formal rules developed by CA/B Forum, but I don't want to copy the whole requirements of CA/B Forum, they are too complex and this will prevent some OSS community to run any CA at all except a few companies with money
moparisthebest, getting notifications about things, and being able to manage things you already uploaded in some form over XMPP, doesn’t sound that unsuited to me.
Link Mauve
In the recent years, a lot of clients have started uploading files to their server for instance.
zinid
Guus, achtung, the document is very TL;DR 😀
Half-ShotXhas left
Link Mauve
It would be useful to have a way to manage that, instead of an upload once, regret forever kind of thing.
moparisthebest
only to share links, synchronizing directory trees across computers is an entirely different ballgame
goffi
XMPP is absolutely suited for that, and I'm already on the way of doing something similar. XMPP brings its ecosystem (accounts, permissions, notifications, etc.)
Link Mauve
And that.
Guus
zinid aren't they always? 🙂
zinid
Guus, yeah, CA is hard
winfried
Ge0rG: must have been, but I don't remember anymore... ;-) I guess I may relax my ciphers a bit.
alameyohas left
Ge0rG
winfried: you could use the recommendations from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
moparisthebest
winfried, it doesn't look like cipher selection as much as you got an ecdsa key+certificate and not an RSA one ?
Marandahas left
Marandahas joined
Half-ShotXhas joined
Ge0rG
you can get a pure ecdsa cert from public CAs?
zinid
Ge0rG, yes
zinid
Let's Encrypt may issue pure ECC cert
Ge0rG
and it won't do RSA based DH?
zinid
Ge0rG, no, ejabberd's ACME only supports ECC so far and LE doesn't complain
Ge0rG
zinid: so I won't be able to talk to any of the ejabberd self-ACMEd servers if I forbid ECDSA?
winfriedhas left
zinid
Ge0rG, yes, but that's a bug of ejabberd of course
Ge0rG
why are you even promoting that footgun?
zinid
I promote?
zinid
that was GSoC, and as any GSoC it sucks
Ge0rG
ECDSA is the most profoundly misdesigned crypto algorithm of the last decade or so
zinid
ah, you mean DSA?
winfriedhas joined
zinid
sorry, I'm lost in terms
zinid
I thought you meant pure ECC cert (or how it's correctly called, i.e. not RSA)
Ge0rG
zinid: I'm speaking of the ECC based algorithms that are part of TLS
zinid
okay, then I don't know what you mean, I'm clueless
moparisthebest
Ge0rG, looks like you support all the ECDHE* algorithms and even prefer them though
moparisthebest
that's a different issue than ECDSA vs RSA certificates
Ge0rG
Okay, so I'm probably too stupid to follow my own advice.
moparisthebest
also TLS 1.3 called and said it ONLY supports ECDHE algorithms so, keep that in mind :)
zinid
ECDHE is something that only works with ECC certs, right?
moparisthebest
no
zinid
😀
moparisthebest
entirely seperate, things
zinid
okay
ThibGhas left
ThibGhas joined
moparisthebest
for ECDSA vs RSA certificates, it's on my list of things to investigate, I *think* new nginx supports having both
moparisthebest
I'm *guessing* no XMPP server currently does
Half-ShotXhas left
Half-ShotXhas joined
zinid
wtf is ECDSA certificate?
zinid
which is based on ECC private key or what?
Zash
moparisthebest: You can probably configure Prosody with that now, if you have bleeding edge LuaSec
winfried
Zash: interesting challenge :-)
moparisthebest
I think I'll try nginx first :P
zinid
according to wikipedia it seems like ECDSA cert is indeed a ECC cert
contrapunctushas left
contrapunctushas joined
zinid
moparisthebest, haproxy supports the combo for sure
zinid
and we have some feature requests to support that in ejabberd
awesome, maybe I will try that first then, thanks Zash
alameyohas joined
winfried
Zash moparisthebest checking right now with my SSL-supplier if I can get a second certificate....
Ge0rG
winfried: unfortunately my testssl is going very slow.
Ge0rG
winfried: is the cert the same as on your https://?
moparisthebest
winfried, not using letsencrypt?
winfried
Ge0rG: same as https://tilanus.com/ not the same as https://www.tilanus.com/
Half-ShotXhas left
Half-ShotXhas joined
Ge0rG
winfried: one is a redirect to the other :>
winfried
Ge0rG: / yes
Ge0rG
winfried: anyway, I wanted to ping you regarding your promise in the Membership application. Can do that in public as well
winfried
Ge0rG: :-D
Ge0rG
winfried: it would be awesome if somebody could follow-up on https://github.com/xsf/xmpp.org/issues/490 and to contact the different teams behind the https://xmpp.org/uses/gaming items
olihas joined
winfried
Ge0rG: do you know if anybody has contacts to one of those groups?
Half-ShotXhas left
zinid
Riot Games used to be our customer
Half-ShotXhas joined
alacerhas joined
Ge0rG
winfried: when I was collecting the links for the gaming section, I tried to find the most authoritative ones. If they don't list contacts, I don't have anything better unfortunately.
Nekithas left
Nekithas joined
alacerhas left
alacerhas joined
zinid
not sure how that promotes XMPP though, as the majority of them use highly customized XMPP servers
zinid
except maybe EVE online
contrapunctushas left
zinid
for the record, EVE Online maintains their ejabberd branch at github
zinid
last time I checked they had very few changes from mainline
Ge0rG
zinid: is it wrong to run heavily patched servers?
winfried
Ge0rG: I would like to avoid making cold calls/doing research to find the right people, but I will be able to do so if needed...
zinid
Ge0rG, well, heavily patched means they patch the parts related to XMPP protocol, so basically they are not XMPP compliant
kokonoehas left
zinid
like WhatsApp for example
zinid
it's hard to call them XMPP
kokonoehas joined
winfried
zinid: I call WhatsApp XMPP inspired, not an XMPP deployment...
zinid
winfried, we can call almost all of them this way
zinid
they start from XMPP and then diverge drastically
zinid
dropping all the bloat of XMPP
Ge0rG
winfried: I can understand that, yeah. But I don't know what would be a better way. Write a post on xmpp.org saying "Dear large scale deployments, please contact us for cross promotion"?
winfried
Ge0rG: yes, would be a nice way, also good to point to if I am making a cold call...
lnjhas left
Ge0rG
winfried: this directly plugs into today's Board discussion, have a list of questions about the deployment.
Ge0rG
MattJ did a survey among xmpp developers recently.
alacerhas left
zinid
what survey?
alameyohas left
alameyohas joined
winfried
zinid: it is hard to draw a line when something is still XMPP or not, many private deployments extend or bend the protocol in some way. But some of them may still provide nice usecases for XMPP. But it would be good to stay critical about. (And some would be better of if they kept in closer contact with the XSF)
winfried
Ge0rG: I saw it, I answered it myself too ;-)
lnjhas joined
tuxhas joined
winfried
Ge0rG: There may be different projects here: a survey, liason and whitepapers
Ge0rG
zinid: https://goo.gl/forms/L1AKnTLXjIAfP27W2
Ge0rG
Not sure where the results landed
alameyohas left
MattJ
Ge0rG, Prosody community != XMPP developers...
MattJ
The results landed somewhere where Zash has been nagging me to process them (the survey isn't officially closed yet)
winfried
(will be AFK for a while) Ge0rG, zash, I will try a ECDSA and a RSA cert side by side later today
Ge0rG
winfried: I'm pretty sure it's not about the cert but about the allowed ciphers
Ge0rG
But then again, I'm not an expert
moparisthebest
that's correct but the ciphers you can use depend on your cert
moparisthebest
ECDHE-RSA-AES256-GCM-SHA384
moparisthebest
that can only be used with an RSA cert
winfried
I checked my configuration, it should allow RSA
winfried
(really gone now)
moparisthebest
ECDHE-ECDSA-AES256-GCM-SHA384
moparisthebest
that can only be used with an ECDSA cert
Ge0rG
But you can use ECDSA with an RSA cert?
moparisthebest
those are different things though
moparisthebest
gah I wish I knew the term, there is the certificate part, then the key exchange part, then the encription part
moparisthebest
also wish I could spell haha, encryption*
Half-ShotXhas left
Ge0rG
LMC to the rescue!
zinid
> And some would be better of if they kept in closer contact with the XSF
I'm not sure they are interested, they don't think in terms of the protocol, just like when you deploy an HTTP server you don't go in contact with the corresponding standards body
moparisthebest
don't think dino does that yet, or I don't know the spell to invoke it
MattJ
zinid, I tend to agree. I think XMPP is useful for many of them to bootstrap, but they don't necessarily need federation or interoperability
MattJ
Even if both those things would generally be considered good by most people here, they do come at a cost, so I see why they get dropped easily
MattJ
We should still make contact with though, I think having communication with them can be good, even if we fail
Half-ShotXhas joined
zinid
MattJ, they also choose a solution, among others, so this is nothing to do with the protocol. I just know how they think, we talked to them a lot, for example, with Belkin (former Linksys). BTW, they run 2M IoT devices on their cluster (just in case, it's not mentioned by the XSF iot cases page)
marc_has left
zinid
and solution typically means "how much money"
Half-ShotXhas left
lnjhas left
alacerhas joined
Ge0rG
zinid: is Belkin documented anywhere in the public?
lnjhas joined
zinid
Ge0rG, yes, but I'm not sure they want to reveal their capacity
zinid
https://fluux.io/clients
zinid
they only allowed us to mention them as a client
zinid
*a customer
alameyohas joined
Ge0rG
zinid: this is what I meant by "in the public"
lovetoxhas joined
zinid
what exactly? The fact that they use XMPP? Or their capacity?
zinid
although, it's hard to call that XMPP, they just send encapsulated JSON and use XMPP as a streaming transport only. We try to convince them to MQTT instead.
zinid
*to use MQTT
zinid
as MQTT requires far less resources, we can shrink cluster capacity twice or so
Half-ShotXhas joined
rtq3has joined
marc_has joined
rtq3has left
rtq3has joined
delehas joined
Half-ShotXhas left
Half-ShotXhas joined
delehas left
Ge0rG
zinid: the fact that they are using XMPP. That would be a good mention for the IoT page
zinid
well, it's up to you of course, but my view is that XMPP is something about federation, and this is where "the community" fails miserably, I think there are less than a million of users using federated XMPP
404.cityhas joined
alameyohas left
alameyohas joined
zinid
in the sense that the XSF spends so much time to produce federated protocols (the compliance suite is an example), but the largest user base is located at walled gardens of quasi XMPP
Ge0rG
zinid: I'm speaking of XMPP the protocol, not Jabber the IM network
zinid
well, I clarified what I mean
alameyohas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alameyohas joined
rtq3has left
Half-ShotXhas joined
rtq3has joined
rtq3has left
rtq3has joined
Half-ShotXhas left
alacerhas left
Half-ShotXhas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alameyohas left
alameyohas joined
alameyohas left
frainzhas left
Dele Olajidehas joined
ralphmhas left
kokonoehas left
Half-ShotXhas joined
Half-ShotXhas left
kokonoehas joined
!xsf_Martinhas joined
Dele Olajidehas left
alameyohas joined
Half-ShotXhas joined
Steve Killehas left
ralphmhas joined
goffihas left
goffihas joined
Steve Killehas joined
Half-ShotXhas left
jmpmanhas joined
lumihas joined
pep.
Re CABF, can XSF members not infiltrate it? :p What do you need to get in? money?
Half-ShotXhas joined
Zash
Be a browser or a CA I guess?
Ge0rG
pep.: excellent question. There was a discussion about xmpp srv-id already some years ago. But it seems to not have led anywhere
pep.
Ge0rG, yeah I remember that thread
pep.
Do we have a clear set of changes we want to bring to that document?
Half-ShotXhas left
pep.
Then we'd need to invest time in politics a bit
rionhas left
alameyohas left
alameyohas joined
alameyohas left
Ge0rG
pep.: we should at least demand that SRV id are not forbidden in SAN
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rG
I'm not sure what the state of art is in xmppAddr fields.
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rG
It would be awesome if we could ask a public CA for a cert that only contains an srvId for an xmpp server. That would allow secure delegation of your xmpp to a service provider without letting them impersonate your webshits
Ge0rG
Not that web security was in a good shape.
ralphmhas left
ralphmhas joined
pep.
I'd also like to be able to be able to set another Key Usage
And we need to do something about it now, because LE is not going to
pep.
But it's not just about SRV id in SANs, it's also that Key Usage
pep.
i.e., s/TlS Web Server Authentication/TLS Server Authentication/
pep.
Or even s/Web/XMPP/
Half-ShotXhas left
Half-ShotXhas joined
contrapunctushas joined
Nekithas left
!xsf_Martinhas left
ralphmhas left
ralphmhas joined
Half-ShotXhas left
Half-ShotXhas joined
winfriedhas left
alacerhas joined
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
vaulorhas left
vaulorhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
alameyohas joined
Half-ShotXhas joined
alacerhas left
Half-ShotXhas left
!xsf_Martinhas joined
ralphmhas left
ralphmhas joined
Half-ShotXhas joined
rtq3has left
rtq3has joined
alameyohas left
alameyohas joined
moparisthebest
Ge0rG, pep. , or we could push for DNSSEC + DANE ?
moparisthebest
that way you control what key is valid for what server+port via DNS
alameyohas left
moparisthebest
seems better and more doable than getting CAs to do anything
rtq3has left
rtq3has joined
winfriedhas joined
goffihas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
alacerhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
alacerhas left
marc_has left
marc_has joined
olihas left
ralphmhas left
ralphmhas joined
contrapunctushas left
contrapunctushas joined
Wiktor
moparisthebest, you can specify multiple certs in nginx since 1.11, it's desinged to be used in RSA+ECDSA scenarios, see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
Half-ShotXhas left
Wiktor
note that even though Let's Encrypt will issue ECDSA cert it will be signed by their RSA intermediate cert, they don't (yet) have full ECDSA chain: https://letsencrypt.org/upcoming-features/
frainzhas joined
moparisthebest
ah thanks, I thought I remembered them adding support for that I just haven't gotten around to it yet
Half-ShotXhas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas left
Wiktor
👍️
rtq3has left
rtq3has joined
pep.
moparisthebest, that's orthogonal. Even though I agree we could focus our efforts on one thing, but then I'm not sure which one to do. I remember daniel having criticism against dnssec, or the deployment (middle boxes) in germany or sth, but I don't remember the details
Ge0rG
moparisthebest [19:57]:
> Ge0rG, pep. , or we could push for DNSSEC + DANE ?
I'm sure that 2019 will be the year of DNSSEC. Especially for the IM TLD
Half-ShotXhas joined
pep.
Yeah and that..
404.cityhas left
moparisthebest
all new domains since, idk, 2012 or something have DNSSEC support
I'd argue any domain worth having right now supports it, maybe it's time to abandon .im
pep.
I always verify the tld supports it before I buy anything fwiw
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Half-ShotXhas left
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
Ge0rG
It'll be another decade until all DNS servers support it.
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
moparisthebest
I still can't find the link I wanted but the gtld's, all the new fancy ones, must have DNSSEC support
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
moparisthebest
all DNS servers support it now? maybe you mean all TLDs ?
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
alameyohas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rG
Just this week I had a problem with Telekom DNS server returning ServFail for a non existent SRV record on a DNSSEC signed domain... after a 3s delay!
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rG
moparisthebest: I'm speaking of resolvers out there in the wils✎
!xsf_Martinhas left
!xsf_Martinhas joined
Ge0rG
moparisthebest: I'm speaking of resolvers out there in the wild ✏
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
Half-ShotXhas joined
Ge0rG
Some CPE routers still fail at SRV altogether
!xsf_Martinhas left
!xsf_Martinhas joined
moparisthebest
those are already dead https://dnsflagday.net/
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
Link Mauvehas left
Ge0rG
On yax.im I've got 10-15% of non SRV clients
moparisthebest
I give it about another year before 99.9% of the DNS requests are via HTTPS anyway
Half-ShotXhas left
moparisthebest
and all those support DNSSEC etc
!xsf_Martin
Please tell me when he’s done flooding with part/join, so I can take back my normal nick.
Ge0rG
yax.im: Serious problem detected!
This domain will face issues after February 1st 2019!
olihas joined
Yagizahas left
pep.
!xsf_Martin, how are we supposed to see now? :p
pep.
xml_tab?
pep.
Not even, that wouldn't get to me
olihas left
olihas joined
olihas left
olihas joined
olihas left
debaclehas joined
olihas joined
!xsf_Martinhas left
Link Mauve
Seems fixed.
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
kokonoehas left
kokonoehas joined
contrapunctushas left
contrapunctushas joined
Ge0rG
You need to see presence changes to understand the context, right?
pep.
indeed
Half-ShotXhas left
Half-ShotXhas joined
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
!xsf_Martinhas left
!xsf_Martinhas joined
alameyohas left
alameyohas joined
alameyohas left
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
coderx002has joined
coderx002has left
Half-ShotXhas joined
jmpmanhas left
Half-ShotXhas left
lumihas left
Nekithas joined
Half-ShotXhas joined
valohas left
valohas joined
lumihas joined
alameyohas joined
igoosehas left
igoosehas joined
igoosehas left
igoosehas joined
lumihas left
lumihas joined
Half-ShotXhas left
Half-ShotXhas joined
Half-ShotXhas left
contrapunctushas left
undefinedhas left
undefinedhas joined
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
alameyohas left
alameyohas joined
contrapunctushas left
contrapunctushas joined
alameyohas left
contrapunctushas left
contrapunctushas joined
neshtaxmpphas left
neshtaxmpphas joined
ThibGhas left
ThibGhas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
Half-ShotXhas joined
olihas left
Half-ShotXhas left
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas joined
marc_has left
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
vaulorhas left
contrapunctushas left
Half-ShotXhas joined
neshtaxmpphas left
Half-ShotXhas left
contrapunctushas joined
neshtaxmpphas joined
Half-ShotXhas joined
lorddavidiiihas joined
Half-ShotXhas left
alameyohas joined
contrapunctushas left
contrapunctushas joined
lorddavidiiihas left
lumihas left
lumihas joined
Half-ShotXhas joined
lorddavidiiihas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
pep.
Who do I need to ping again to appear in planet jabber? ralphm?
contrapunctushas left
winfriedhas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
contrapunctushas left
contrapunctushas joined
winfriedhas joined
Half-ShotXhas joined
contrapunctushas left
contrapunctushas joined
Half-ShotXhas left
winfried
moparisthebest Ge0rG: to resolve the discussion: at Prosody, with an ECDHE certificate it accepts only incoming ECDHE connections, with an RSA certificate only RSA connections
contrapunctushas left
contrapunctushas joined
Ge0rG
That's... unfortunate.
andrey.ghas left
alameyohas left
alameyohas joined
andrey.ghas joined
alameyohas left
dwd
pep., ralphm, indeed. Maybe intosi can help, I don't know.
Half-ShotXhas joined
!xsf_Martinhas left
dwd
moparisthebest, I do hope we don't end up with DoH everywhere. The ramifications of that scare me badly.
kokonoehas left
yvohas left
debaclehas left
moparisthebest
winfried, I mean that's not prosody specific, that's universal TLS (assuming you meant ECDSA instead of ECDHE)
kokonoehas joined
moparisthebest
dwd, too late, I think it's the default on latest android?
moparisthebest
also enable-able in firefox
dwd
moparisthebest, All the DNS data going through Google, is it?
dwd
moparisthebest, And no doubt it's for our own good, of course.
moparisthebest
I would guess by default yes :'(
Ge0rG
Google and Clownflare
winfried
moparisthebest: I also assume it is universal, but I just tested it on prosody
Ge0rG
Using Google DNS is already a reality on my Samsung phone
moparisthebest
winfried, but did you try both?
dwd
winfried, OpenSSL, at least, can accept multiple cert/key pairs, and if given both it'll use whichever fits the ciphers requested.
winfried
moparisthebest: yes, I tried both
moparisthebest
I run my own though, which randomly picks from a list of upstream DNS servers, and proxies over tor, so I like dns-over-tls (and dns-over-https) sorry for shameless plug https://github.com/moparisthebest/jDnsProxy
winfried
winfried: 100% guarantee, the key I select, the cipher I get :-D
winfried
dwd: I know, but I am trying to get prosody talking both, no success so far.
winfried
diving into the debugging logs right now
winfriedhas left
Half-ShotXhas left
Half-ShotXhas joined
alameyohas joined
lnjhas left
winfriedhas joined
Half-ShotXhas left
Half-ShotXhas joined
winfriedhas left
Half-ShotXhas left
valohas left
valohas joined
valohas left
wurstsalathas joined
winfriedhas joined
lovetoxhas left
lorddavidiiihas left
winfried
Zash: I tried https://issues.prosody.im/809#comment-5 no luck, it picks only the ec certificate like that. I tried to verify I really got the right version of luasec (installed the dev version locally, ahead in the path of the regular/package manager one) but I am not 100% sure it picked the right one.