XSF Discussion - 2019-02-28

  1. Half-ShotX has joined

  2. jmpman has left

  3. Half-ShotX has left

  4. Half-ShotX has joined

  5. UsL has left

  6. moparisthebest has left

  7. moparisthebest has joined

  8. Half-ShotX has left

  9. architekt has joined

  10. Half-ShotX has joined

  11. architekt has left

  12. architekt has joined

  13. UsL has joined

  14. arc has left

  15. arc has joined

  16. UsL has left

  17. UsL has joined

  18. architekt has left

  19. bowlofeggs has left

  20. bowlofeggs has joined

  21. Half-ShotX has left

  22. Half-ShotX has joined

  23. moparisthebest has left

  24. moparisthebest has joined

  25. Half-ShotX has left

  26. Half-ShotX has joined

  27. moparisthebest has left

  28. moparisthebest has joined

  29. arc has left

  30. arc has joined

  31. arc has left

  32. arc has joined

  33. Half-ShotX has left

  34. Half-ShotX has joined

  35. Half-ShotX has left

  36. Half-ShotX has joined

  37. Half-ShotX has left

  38. Half-ShotX has joined

  39. Half-ShotX has left

  40. Half-ShotX has joined

  41. Half-ShotX has left

  42. Half-ShotX has joined

  43. larma has left

  44. larma has joined

  45. Half-ShotX has left

  46. Half-ShotX has joined

  47. lskdjf has left

  48. lumi has left

  49. Half-ShotX has left

  50. Half-ShotX has joined

  51. lumi has joined

  52. Half-ShotX has left

  53. larma has left

  54. Half-ShotX has joined

  55. arc has left

  56. arc has joined

  57. Half-ShotX has left

  58. Half-ShotX has joined

  59. j.r has left

  60. j.r has joined

  61. wurstsalat has joined

  62. lumi has left

  63. lumi has joined

  64. Neustradamus has joined

  65. arc has left

  66. arc has joined

  67. Half-ShotX has left

  68. Half-ShotX has joined

  69. contrapunctus has left

  70. contrapunctus has joined

  71. Half-ShotX has left

  72. Half-ShotX has joined

  73. Half-ShotX has left

  74. Half-ShotX has joined

  75. lskdjf has joined

  76. Half-ShotX has left

  77. Half-ShotX has joined

  78. jmpman has joined

  79. contrapunctus has left

  80. contrapunctus has joined

  81. Half-ShotX has left

  82. Half-ShotX has joined

  83. contrapunctus has left

  84. contrapunctus has joined

  85. contrapunctus has left

  86. contrapunctus has joined

  87. contrapunctus has left

  88. contrapunctus has joined

  89. lskdjf has left

  90. Half-ShotX has left

  91. Half-ShotX has joined

  92. Half-ShotX has left

  93. Half-ShotX has joined

  94. contrapunctus has left

  95. contrapunctus has joined

  96. wurstsalat has left

  97. tux has left

  98. tux has joined

  99. Half-ShotX has left

  100. Half-ShotX has joined

  101. lumi has left

  102. j.r has left

  103. j.r has joined

  104. Half-ShotX has left

  105. Half-ShotX has joined

  106. Half-ShotX has left

  107. Half-ShotX has joined

  108. Yagiza has joined

  109. Half-ShotX has left

  110. Half-ShotX has joined

  111. Neustradamus has left

  112. j.r has left

  113. j.r has joined

  114. Neustradamus has joined

  115. contrapunctus has left

  116. contrapunctus has joined

  117. Half-ShotX has left

  118. Half-ShotX has joined

  119. novnov has left

  120. novnov has joined

  121. Nekit has joined

  122. novnov has left

  123. Neustradamus has left

  124. novnov has joined

  125. Neustradamus has joined

  126. Half-ShotX has left

  127. Half-ShotX has joined

  128. igoose has left

  129. Half-ShotX has left

  130. Half-ShotX has joined

  131. igoose has joined

  132. Half-ShotX has left

  133. Half-ShotX has joined

  134. alexis has joined

  135. Half-ShotX has left

  136. Half-ShotX has joined

  137. alexis has left

  138. alexis has joined

  139. Half-ShotX has left

  140. Half-ShotX has joined

  141. alexis has left

  142. alexis has joined

  143. contrapunctus has left

  144. contrapunctus has joined

  145. Half-ShotX has left

  146. Half-ShotX has joined

  147. lorddavidiii has joined

  148. Half-ShotX has left

  149. Half-ShotX has joined

  150. alexis has left

  151. alexis has joined

  152. Half-ShotX has left

  153. Half-ShotX has joined

  154. arc has left

  155. arc has joined

  156. vaulor has joined

  157. arc has left

  158. arc has joined

  159. Half-ShotX has left

  160. Half-ShotX has joined

  161. mimi89999 has left

  162. mimi89999 has joined

  163. bowlofeggs has left

  164. Half-ShotX has left

  165. Half-ShotX has joined

  166. Half-ShotX has left

  167. Half-ShotX has joined

  168. mimi89999 has left

  169. mimi89999 has joined

  170. arc has left

  171. arc has joined

  172. arc has left

  173. arc has joined

  174. arc has left

  175. arc has joined

  176. blabla has joined

  177. Half-ShotX has left

  178. Half-ShotX has joined

  179. alacer has joined

  180. contrapunctus has left

  181. contrapunctus has joined

  182. valo has left

  183. valo has joined

  184. contrapunctus has left

  185. contrapunctus has joined

  186. contrapunctus has left

  187. contrapunctus has joined

  188. Half-ShotX has left

  189. Half-ShotX has joined

  190. contrapunctus has left

  191. Nekit has left

  192. Nekit has joined

  193. arc has left

  194. arc has joined

  195. Half-ShotX has left

  196. Half-ShotX has joined

  197. contrapunctus has joined

  198. alexis has left

  199. karoshi has joined

  200. Half-ShotX has left

  201. Half-ShotX has joined

  202. lorddavidiii has left

  203. alexis has joined

  204. lorddavidiii has joined

  205. alexis has left

  206. andy has joined

  207. andy has left

  208. andy has joined

  209. andy has left

  210. novnov has left

  211. contrapunctus has left

  212. contrapunctus has joined

  213. novnov has joined

  214. Half-ShotX has left

  215. Half-ShotX has joined

  216. alexis has joined

  217. alexis has left

  218. lnj has left

  219. lorddavidiii has left

  220. Half-ShotX has left

  221. Half-ShotX has joined

  222. lorddavidiii has joined

  223. alacer has left

  224. alacer has joined

  225. yvo has joined

  226. marc_ has joined

  227. Half-ShotX has left

  228. Half-ShotX has joined

  229. goffi has joined

  230. ralphm has left

  231. debacle has joined

  232. Half-ShotX has left

  233. Half-ShotX has joined

  234. Half-ShotX has left

  235. Half-ShotX has joined

  236. marc_ has left

  237. andy has joined

  238. vaulor has left

  239. vaulor has joined

  240. vaulor has left

  241. vaulor has joined

  242. Half-ShotX has left

  243. Half-ShotX has joined

  244. intosi has left

  245. intosi has joined

  246. Half-ShotX has left

  247. Half-ShotX has joined

  248. Half-ShotX has left

  249. Half-ShotX has joined

  250. kokonoe has left

  251. kokonoe has joined

  252. ThibG has left

  253. ThibG has joined

  254. Half-ShotX has left

  255. Half-ShotX has joined

  256. zinid has left

  257. zinid has joined

  258. contrapunctus has left

  259. contrapunctus has joined

  260. lorddavidiii has left

  261. ralphm has joined

  262. Half-ShotX has left

  263. Half-ShotX has joined

  264. lorddavidiii has joined

  265. lorddavidiii has left

  266. Half-ShotX has left

  267. Half-ShotX has joined

  268. contrapunctus has left

  269. contrapunctus has joined

  270. lorddavidiii has joined

  271. ralphm has left

  272. ralphm has joined

  273. !xsf_Martin has joined

  274. Half-ShotX has left

  275. Half-ShotX has joined

  276. alacer has left

  277. vanitasvitae

    Nice, the XSF got selected for GSoC :)

  278. Half-ShotX has left

  279. Half-ShotX has joined

  280. ThibG has left

  281. ThibG has joined

  282. ralphm has left

  283. ralphm has joined

  284. Half-ShotX has left

  285. Guus


  286. kokonoe has left

  287. Half-ShotX has joined

  288. frainz has left

  289. kokonoe has joined

  290. frainz has joined

  291. 404.city has joined

  292. !xsf_Martin has left

  293. !xsf_Martin has joined

  294. !xsf_Martin has left

  295. !xsf_Martin has joined

  296. Seve


  297. Half-ShotX has left

  298. Half-ShotX has joined

  299. !xsf_Martin has left

  300. !xsf_Martin has joined

  301. dele has joined

  302. contrapunctus has left

  303. contrapunctus has joined

  304. contrapunctus has left

  305. contrapunctus has joined

  306. Half-ShotX has left

  307. Half-ShotX has joined

  308. contrapunctus has left

  309. contrapunctus has joined

  310. jonas’


  311. Half-ShotX has left

  312. Half-ShotX has joined

  313. dele has left

  314. nyco has left

  315. 404.city has left

  316. contrapunctus has left

  317. contrapunctus has joined

  318. contrapunctus has left

  319. larma has joined

  320. contrapunctus has joined

  321. !xsf_Martin has left

  322. !xsf_Martin has joined

  323. !xsf_Martin has left

  324. !xsf_Martin has joined

  325. !xsf_Martin has left

  326. !xsf_Martin has joined

  327. rion has joined

  328. lorddavidiii has left

  329. rion

    seems like xep-0214 depends on deprecated xep-0137. Probably it has to be updated or deprecated too.

  330. alacer has joined

  331. Half-ShotX has left

  332. Half-ShotX has joined

  333. !xsf_Martin has left

  334. rtq3 has joined

  335. rion

    we were just thinking on support@j.ru how to make file storage management for http upload.

  336. lorddavidiii has joined

  337. Wiktor

    vanitasvitae: is there a list of topics?

  338. Half-ShotX has left

  339. Half-ShotX has joined

  340. nyco has joined

  341. lorddavidiii has left

  342. lorddavidiii has joined

  343. contrapunctus has left

  344. contrapunctus has joined

  345. andy has left

  346. andy has joined

  347. Link Mauve

    rion, there is also XEP-0329, which depends on XEP-0234 instead.

  348. marc_ has joined

  349. Link Mauve

    Those two are part of my list of deferred XEPs to look at and either revive or deprecate, but there was some opposition to deprecating a deferred XEP recently.

  350. Half-ShotX has left

  351. Half-ShotX has joined

  352. Andrew Nenakhov

    Xep 214 is a bad idea that will end in pubsubfs, not that we're looking into

  353. rion

    Link Mauve: 329 looks good to me, thanks. and it can be combined with http jingle transport.

  354. Link Mauve


  355. Link Mauve

    I think goffi has another implementation of it.

  356. Half-ShotX has left

  357. Link Mauve

    He demo’d it at the Summit.

  358. Link Mauve

    Andrew Nenakhov, being able to subscribe to a node mapping to a directory sounds useful though.

  359. Link Mauve

    The 0329 can’t be used for a dropbox-like, or even any notification.

  360. kokonoe has left

  361. contrapunctus has left

  362. contrapunctus has joined

  363. contrapunctus has left

  364. contrapunctus has joined

  365. Half-ShotX has joined

  366. kokonoe has joined

  367. andy has left

  368. andy has joined

  369. Half-ShotX has left

  370. ralphm has left

  371. rtq3 has left

  372. rtq3 has joined

  373. Half-ShotX has joined

  374. ralphm has joined

  375. vanitasvitae

    Wiktor: in the xmpp wiki

  376. Wiktor

    vanitasvitae: kthx

  377. Half-ShotX has left

  378. Half-ShotX has joined

  379. Half-ShotX has left

  380. j.r has left

  381. contrapunctus has left

  382. contrapunctus has joined

  383. kokonoe has left

  384. Half-ShotX has joined

  385. kokonoe has joined

  386. alacer has left

  387. alacer has joined

  388. contrapunctus has left

  389. contrapunctus has joined

  390. Half-ShotX has left

  391. Half-ShotX has joined

  392. Half-ShotX has left

  393. contrapunctus has left

  394. contrapunctus has joined

  395. debacle has left

  396. contrapunctus has left

  397. contrapunctus has joined

  398. contrapunctus has left

  399. contrapunctus has joined

  400. Half-ShotX has joined

  401. lnj has joined

  402. Yagiza has left

  403. contrapunctus has left

  404. contrapunctus has joined

  405. Half-ShotX has left

  406. lnj has left

  407. contrapunctus has left

  408. contrapunctus has joined

  409. Half-ShotX has joined

  410. contrapunctus has left

  411. contrapunctus has joined

  412. Half-ShotX has left

  413. contrapunctus has left

  414. contrapunctus has joined

  415. Half-ShotX has joined

  416. igoose has left

  417. Half-ShotX has left

  418. Half-ShotX has joined

  419. Half-ShotX has left

  420. Yagiza has joined

  421. rtq3 has left

  422. rtq3 has joined

  423. Half-ShotX has joined

  424. novnov has left

  425. blabla has left

  426. blabla has joined

  427. blabla has left

  428. blabla has joined

  429. novnov has joined

  430. Half-ShotX has left

  431. igoose has joined

  432. ThibG has left

  433. ThibG has joined

  434. Half-ShotX has joined

  435. Half-ShotX has left

  436. lskdjf has joined

  437. Half-ShotX has joined

  438. j.r has joined

  439. Half-ShotX has left

  440. goffi has left

  441. kokonoe has left

  442. kokonoe has joined

  443. lnj has joined

  444. lnj has left

  445. Half-ShotX has joined

  446. Half-ShotX has left

  447. Half-ShotX has joined

  448. bowlofeggs has joined

  449. Half-ShotX has left

  450. Half-ShotX has joined

  451. jmpman has left

  452. efrit has joined

  453. j.r has left

  454. Half-ShotX has left

  455. Half-ShotX has joined

  456. Half-ShotX has left

  457. Half-ShotX has joined

  458. andy has left

  459. Half-ShotX has left

  460. Half-ShotX has joined

  461. Half-ShotX has left

  462. contrapunctus has left

  463. contrapunctus has joined

  464. Half-ShotX has joined

  465. efrit has left

  466. contrapunctus has left

  467. contrapunctus has joined

  468. contrapunctus has left

  469. contrapunctus has joined

  470. Half-ShotX has left

  471. contrapunctus has left

  472. contrapunctus has joined

  473. andy has joined

  474. andy has left

  475. contrapunctus has left

  476. andy has joined

  477. contrapunctus has joined

  478. Half-ShotX has joined

  479. contrapunctus has left

  480. contrapunctus has joined

  481. contrapunctus has left

  482. contrapunctus has joined

  483. contrapunctus has left

  484. contrapunctus has joined

  485. contrapunctus has left

  486. contrapunctus has joined

  487. Half-ShotX has left

  488. Half-ShotX has joined

  489. contrapunctus has left

  490. contrapunctus has joined

  491. Half-ShotX has left

  492. contrapunctus has left

  493. contrapunctus has joined

  494. Half-ShotX has joined

  495. contrapunctus has left

  496. contrapunctus has joined

  497. contrapunctus has left

  498. contrapunctus has joined

  499. contrapunctus has left

  500. contrapunctus has joined

  501. contrapunctus has left

  502. contrapunctus has joined

  503. Half-ShotX has left

  504. Half-ShotX has joined

  505. contrapunctus has left

  506. contrapunctus has joined

  507. Half-ShotX has left

  508. Half-ShotX has joined

  509. goffi has joined

  510. blabla has left

  511. blabla has joined

  512. Half-ShotX has left

  513. rtq3 has left

  514. rtq3 has joined

  515. lorddavidiii has left

  516. goffi

    indeed I have an implementation of XEP-0329, I'm pretty happy with it.

  517. goffi

    I've made a quick evaluation of various options, I've chosen this one because it's working and simple.

  518. goffi

    Link Mauve: while it can't be used for dropbox like?

  519. Half-ShotX has joined

  520. goffi


  521. Alex has left

  522. j.r has joined

  523. Half-ShotX has left

  524. Andrew Nenakhov has left

  525. Half-ShotX has joined

  526. Andrew Nenakhov has joined

  527. Andrew Nenakhov has left

  528. Half-ShotX has left

  529. Link Mauve

    goffi, how do you subscribe to files being added or removed or changed?

  530. Andrew Nenakhov has joined

  531. Half-ShotX has joined

  532. goffi

    Link Mauve: is this needed for dropbrox like?

  533. goffi

    (note that I've never used dropbox)

  534. Link Mauve

    goffi, Dropbox is a software you install on your computer, which provides you a fuse(-like?) interface to mount a remote directory.

  535. Half-ShotX has left

  536. Link Mauve

    Then when anyone puts files there, they will be downloaded on your computer.

  537. Link Mauve

    Or something like that.

  538. Link Mauve

    I haven’t used it either, but I’ve heard people talk about it.

  539. Zash

    It lets the cloud put files on your computer. Probably.

  540. jonas’

    I think the closest FLOSS thing is Sparkleshare

  541. jonas’

    or Seafile

  542. jonas’

    so if you want to check out the UX, go to those projects

  543. jonas’

    although sparkleshare in particular was pretty bad when I tested it the last time

  544. nyco


  545. Guus


  546. Link Mauve

    jonas’, yes, it is.

  547. Link Mauve

    Also unmaintained.

  548. goffi

    Link Mauve: to looks for files on a server (my current use case), XEP-0329 is enough and working well. To subscribe to a directory or a file it would need to be extended, but I think it can be done quite cleanly with references.

  549. Link Mauve now shuts up and lets board do boardy things.

  550. Guus

    Seve ralphm MattJ shall we meet?

  551. Link Mauve

    goffi, XEP-0214 did that already.

  552. goffi

    yes, but it's overcomplicated in my opinion

  553. nyco

    to all, my apologies for last week, as I did not join, and did not tell...

  554. Guus

    I think you did?

  555. Guus

    or was that the week before? I was not here last week myself.

  556. blabla has left

  557. Guus

    anyways. you are forgiven. 🙂

  558. blabla has joined

  559. Guus

    ... did these guys find another place to meet while we were gone?

  560. MattJ


  561. Guus


  562. Half-ShotX has joined

  563. Half-ShotX has left

  564. Seve

    Hi! My bad

  565. MattJ

    Sorry, had a delivery arrive just as the meeting began :)

  566. MattJ

    Just missing ralphm?

  567. Guus

    That's generally when delivery guys show up at my door too. Mostly for neighbors, too.

  568. Guus


  569. nyco

    a softer way of swatting?

  570. Guus

    perhaps 🙂

  571. nyco


  572. Half-ShotX has joined

  573. Guus hands a gavel to nyco

  574. nyco tries to catch it on the fly

  575. nyco


  576. nyco

    Minute taker, who are you today?

  577. nyco

    so we have Seve, Matt, Guus, and me, only Ralph is missing

  578. nyco

    we have 2 topics for decision: * E2E CA req * membership application commitment: * typo in deferred XEP discussion: * money, money, money * reach out high profile users * badge designer

  579. Alex has joined

  580. nyco

    let's start ?

  581. nyco

    1. E2E

  582. nyco


  583. nyco


  584. nyco


  585. nyco

    <you know my client now>

  586. Guus

    are you typing a lot in one message, or do I have delays?

  587. nyco

    maybe the weather

  588. Guus

    that's possible 🙂

  589. Guus

    wifi is acting up 🙂

  590. Guus

    I must admit I've not yet taken the time to study the E2E protoxep

  591. nyco

    so I have no clue of this item, too tech for me, I hand over to <who>?

  592. MattJ

    Yeah, I need more time to review it

  593. nyco

    so what's neede here?

  594. nyco

    so what's needed here?

  595. Guus

    It seems two-prone, at least.

  596. Ge0rG

    If this is the CA part of the recently rejected XOR proto-XEP, it's about the XSF running a CA

  597. nyco

    so what's needed from the Board here?

  598. nyco

    oh ok

  599. kokonoe has left

  600. Guus

    I'm assuming that this is brought before board, because it defines XSF-organisational requirements?

  601. jonas’

    there is a separate ProtoXEP for that

  602. Link Mauve

    Ge0rG, it has been accepted, hasn’t it?

  603. jonas’


  604. Guus

    In our trello boad, this is linked: https://xmpp.org/extensions/inbox/eax-car.html

  605. jonas’


  606. nyco

    https://xmpp.org/extensions/inbox/eax.html https://xmpp.org/extensions/inbox/eax-car.html

  607. jonas’

    now we have it linked thrice

  608. MattJ

    The stated requirements for the XSF seem trivial enough as specified, but I'm not sure what the wider context is here

  609. nyco feels there is lag indeed

  610. jonas’

    the eax.html is Standards Track and has been handled by Board

  611. Half-ShotX has left

  612. jonas’

    but it’s useful context

  613. jonas’

    more context is in xor.html

  614. MattJ

    What root CAs are we supposed to redirect to? Is there some vetting to be done? etc. - I need to read it more

  615. kokonoe has joined

  616. Seve

    Same here as the rest

  617. MattJ

    and why isn't relying on normal trust anchors enough? E.g. Mozilla's

  618. nyco

    are we able to do this?

  619. Guus

    Also - this introduces the XSF as a single source of truth

  620. MattJ

    So let's punt on this for the moment, understand it more and discuss next week

  621. Guus

    which somehwat clashes with doing things distributed/federated - unsure if that can be helped here (I must read more, as a wise man just said), but it's bound to raise brows.

  622. Ge0rG

    MattJ: normal CAs are forbidden to issue non-web certificates, essentially, by CA/Browser Forum rules

  623. Half-ShotX has joined

  624. Ge0rG

    (which is something the XSF Board might well be able to address, in a proper formal inquiry to the CABF)

  625. nyco

    if there is a CA, there are many ICA ?

  626. nyco

    which is more decentralised, still as a pyramid

  627. lnj has joined

  628. jonas’

    kind of like how DNSSEC works

  629. Guus

    Ge0rG is that an alternative approach than the one suggested in the XEP?

  630. andy has left

  631. nyco

    a blockain-based CA? wait no

  632. Ge0rG

    Guus: no, it's completely orthogonal. I haven't had the time to read _this_ incarnation of the XEP either

  633. Guus

    Ge0rG ok thanks

  634. Seve

    I think there are too many questions on this one :)

  635. Guus

    as MattJ suggested, lets kick this can down the road for a week.

  636. MattJ


  637. Guus

    (and do some reading)

  638. nyco

    2. XEP-0345 (Form of Membership Applications)

  639. nyco

    card without description, what's needed from the board?

  640. nyco


  641. frainz has left

  642. MattJ

    Who added it?

  643. Guus


  644. Ge0rG

    nyco: it's a procedural XEP that needs to be decided upon

  645. nyco


  646. Ge0rG

    So Board shoul decide whether it shall be accepted or not.

  647. nyco

    so I feel like emil, jid, affiliations and name are not enough can we add things like values, objectives, past contributions?

  648. Guus

    I only now see that there was feedback in the Last Call

  649. MattJ

    nyco, I think that's up to the candidate to add as much as they want to share to be accepted

  650. Seve

    I would have wanted that to be a discussion topic maybe? And then decide something about it.

  651. MattJ

    I don't think we need to make those things mandatory in a formal document

  652. nyco

    mandatory no, but as an option

  653. nyco

    rather a suggestion

  654. Guus

    MattJ didn't you raise an example of someone having 'valid' reasons for wanting to apply anonymously?

  655. Guus

    although we shot down applying anonymously before, your example might warrant to re-address that

  656. MattJ

    Possibly so

  657. Guus

    I think you were going to see if said person would be willing to provide details?

  658. Guus

    Do you recall who I'm talking of? You weren't specific.

  659. MattJ

    There is a slight difference between being an anonymous member and having your details being known only to the Secretary

  660. Guus

    If that's still ongoing, I'd like to have that information before voting on XEP-0345.

  661. MattJ

    Yes, I recall the conversation, I need to follow up

  662. Ge0rG

    I've recently brought up the anonymity question, and by now told the respective user that it's not an option.

  663. jonas’

    did you also tell them that contributing to standards etc. is very much possible without being a member?

  664. MattJ

    Ge0rG, iirc that was before the summit, where we had some in-person discussions about how we may improve the process

  665. Guus

    Ge0rG which is what we decided on.

  666. MattJ

    The decision still holds

  667. MattJ

    We /may/ be able to change the way we do things, and we /may/ decide to do that

  668. MattJ

    and that may or may not be enough for these people who want to remain anonymous

  669. Guus

    (what he said - my choice of words was poor)

  670. Ge0rG

    But you SHOULD document the current status quo in some way. And XEP-0345 is a good place

  671. Guus

    Agreed - I'd still like to review the feedback from the Last Call before I vote. I neglected doing that.

  672. MattJ


  673. nyco

    ok next item?

  674. nyco

    3. typo in deferred XEP

  675. nyco


  676. Half-ShotX has left

  677. Half-ShotX has joined

  678. lnj has left

  679. rtq3 has left

  680. Guus

    I think we have a fix for that, and this trello card was only left for tracking that that fix got applied?

  681. Guus

    jonas’ - do you recall the details?

  682. Ge0rG

    It was decided upon in January

  683. MattJ

    "In today's board meeting, Board agrees wiath Jonas' suggested change, and ask the Editor to draft a proposal for the change in XEP-0001."

  684. jonas’

    Guus, yes... I should make a Pr

  685. jonas’

    buuuuuut .... -EBUSY

  686. Guus

    sure, no problem

  687. nyco

    looks weird to un-defer to re-defer later, can't we just let edition of deferred XEP, at least for archival purposes and probable later revival ?

  688. Guus

    just trying to recall if there's something for us to do here 🙂

  689. Guus

    nyco we already voted on this - do you really want to re-open the issue?

  690. Seve

    I have a question for you about that jonas’, would be possible to specify the equivalent? For instance I would like to update my contact information on a XEP, so I guess that falls into equivalent as well, but would be nice to have this specified

  691. jonas’

    Seve, sorry, -ENOCTX

  692. nyco

    nope, I'm fine, can't recall, sorry, was it a meeting I missed?

  693. Guus

    (yeah, you need to be slightly less nerdy for me to follow here 😛 )

  694. nyco

    4. Money

  695. nyco


  696. Half-ShotX has left

  697. frainz has joined

  698. MattJ

    Seve, I guess we can consider that when the PR is submitted

  699. Guus

    I think this boils down to a) there's general consensus that the XSF could use more money to 'do things' that stimulate XMPP, and b) we need to find sources of income.

  700. MattJ

    i.e. make sure the wording encompasses those kinds of changes

  701. MattJ

    Guus, right

  702. Guus

    we've previously established that from a finanicial point of view, the XSF is in good shape - but does not have much reserves to significantly spend on things

  703. Guus

    Maybe it's time to bury this card, and recreate one that says 'get sponsors' (which actually is hopefully a byproduct of the next card )

  704. nyco

    I'd say it's more of a continuous effort...

  705. Guus

    unless there's other topics related to 'fundraising and financing' that board wants to discuss

  706. MattJ

    Guus, that sounds like good progress

  707. nyco

    5. Define strategy to reach out to (and reap benefits) high profile XMPP applications/users.

  708. nyco


  709. Guus

    for various reasons, I feel that we should get in touch with high-profile XMPP applicators

  710. Ge0rG

    slightly related to this, Winfried wrote in his application <https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019> that he wanted to reach out to interesting XMPP deployments

  711. Guus

    1) they act as awesome showcases - which can be good for marketing

  712. Guus

    2) we can likely learn a lot from each-other - they can benefit from our resources, we can benefit from their expertise

  713. Guus

    3) some of these might be sponsor candidatesd

  714. Ge0rG

    Guus: it would be great to appriach the companies behind https://xmpp.org/uses/gaming and also to finish https://github.com/xsf/xmpp.org/issues/490

  715. Guus

    Ge0rG yes.

  716. Half-ShotX has joined

  717. Guus

    As we do not have an executive director anymore (who I'd think would be perfect for the reaching out), I think that it falls on board to figure out how to approach this.

  718. Guus

    which I suggests boils down to: "who do we contact?" and "what message do we want to convey?"

  719. Guus

    I have very little experience here, so I'm looking for input.

  720. Ge0rG

    Guus: also it's good to clarify who is "we"

  721. nyco

    our approach could be bottom-up, to start with, that is: we collect those data from member willing to share

  722. Guus

    Ge0rG to clarify, with 'we' I mean 'the XSF'

  723. Seve

    I don't see any other 'we' here

  724. Guus

    nyco what 'data' do you mean exactly?

  725. Dele Olajide has joined

  726. nyco

    use cases, verticals, numbers, values, benefits

  727. Ge0rG

    Guus: 'we' should be a volunteering person or maybe a small working team. SCAM or commteam might be a good fit.

  728. MattJ

    Guus, I think something winfried and I were discussing in Brussels... many of the people involved in the XSF are involved with various XMPP projects that don't necessarily get the exposure they deserve

  729. MattJ

    I'm sure some of them don't want to, but I'm also sure some of them do

  730. Ge0rG

    Winfried might be a good candidate if he happens to have time.

  731. Ge0rG

    I planned to ask him, but his server was down

  732. Guus

    I'm hearing the name "Winfried" a lot, so it makes sense to at least ask him if he is interested in taking point on this.

  733. tux has left

  734. alacer has left

  735. Guus

    but I do wonder if the reaching-out bit should be done by an officer.

  736. Ge0rG

    Guus: according to his own words from four weeks ago, he is

  737. Guus

    as it's the beginning of potentially formal relationship?

  738. Seve

    When I applied for board I mentioned I would like to see what can we do about making companies advertise they use XMPP like they would do using any kind of framework or language for example, but I have no experience on this topic. But I don't think just a single person can manage all of this. From my point of view we should gather together like we do on this meetings and start bit by bit discussing how, what, etc.

  739. Ge0rG

    From https://wiki.xmpp.org/web/Winfried_Tilanus_Application_2019 - > I want to do more of those: go out there and interview the people behind interesting XMPP deployments and publish about them.

  740. nyco

    if we want exposure, we can do interviews 5 to 10 questions, always the same, send them to a project/product leader (dev, product, marketing, CEO, whatever), put them in shape, do a blog post, automatically post to Twitter (and more, if possible)

  741. MattJ

    Guus, my point is that many of us are already working with the people we're discussing

  742. MattJ

    and that's our easiest way into such users of XMPP

  743. MattJ

    rather than starting cold with high-profile users we've got no current routes into

  744. nyco

    Seve this is an itch I also would like to scratch

  745. Seve

    nyco, that's in my todo list, I wanted to reach to companies and do that kind of interviewing, so it is fair for everybody

  746. Seve

    But we need to talk a bit on what to ask, and so on

  747. Guus

    Many things at the same time: Ge0rG: good! nyco: that would be awesome, but I like to have more: not just an article, but active involvement. MattJ also, that's a good start, but I also want to find _new_ organisations.

  748. nyco

    I'm following you Seve

  749. MattJ

    Guus, you think the XSF knows all the current ones?

  750. nyco

    Guus article vs article involvment

  751. Guus

    nyco: much more than articles! I'd like them to eventually become members 🙂

  752. Guus

    but they're all good starts

  753. nyco

    Guus MattJ yes, hidden uses of XMPP are everywhere

  754. Half-ShotX has left

  755. Guus

    MattJ no, definately not - and what you propose might be a good start.

  756. Guus

    This topic might warrant a meeting on its own

  757. Guus

    (also, we're running out of time - and I need to divert my attention soon)

  758. Seve

    Several even :D

  759. winfried

    Seve I already interviewed one and am in the process of finishing it, good to ream up

  760. Ge0rG

    winfried! \o/

  761. nyco

    Guus oh yeah, definitely, members rock though, I felt that many orgs follow the XSF, but do not wish to contribute/participate, for various reasons: not time, shyness, intimidating, too/only technical

  762. Guus

    Can we wrap up for today?

  763. MattJ

    nyco, also I've encountered some that didn't want their use of XMPP to be public knowledge

  764. Half-ShotX has joined

  765. nyco

    hey, we have passed the 16:00 mark, we should adjourn this meeting, who against that?

  766. MattJ


  767. Seve

    MattJ, interesting

  768. nyco

    Next ? +1W as usual ?

  769. MattJ


  770. Ge0rG 's got another point for heated discussion, but will delay that by +1W

  771. Guus

    I'm fine with +1w

  772. nyco


  773. Seve

    Sure +1

  774. nyco

    Thanks everybody! 😉

  775. MattJ

    Thanks nyco and all :)

  776. Seve

    Very nice to meet with you all!

  777. Dele Olajide has left

  778. Guus

    Ge0rG curious, what was the topic?

  779. Guus

    I like to be prepared for next time 🙂

  780. Ge0rG

    Guus: it's related to the Jabber trademark.

  781. Guus

    your license was arranged, right?

  782. Guus

    so, different issue?

  783. Maranda has left

  784. Maranda has joined

  785. Ge0rG

    Guus: right

  786. Guus


  787. Guus

    "looking forward to it"

  788. Guus


  789. MattJ


  790. lnj has joined

  791. zinid

    so XEP-CAR is postponed?

  792. goffi has left

  793. goffi has joined

  794. zinid


  795. Half-ShotX has left

  796. winfried

    Ge0rG: time to do some SSL debugging?

  797. Ge0rG

    winfried: do you mind running your domain through xmpp.net?

  798. winfried

    don't mind :-D

  799. MattJ

    zinid, yes, until next week

  800. zinid

    tl;dr? 😀

  801. MattJ

    Just so everyone can get a better understanding of what the responsibilities are

  802. zinid

    well, I'm just asking to run the url redirection, it's an experimental anyway

  803. MattJ

    Good to know

  804. zinid

    but of course I can just copy that CA/B Forum's insane requirements to the XEP so *nobody* will able to read it

  805. MattJ

    Can you give an example of an entity the redirect might go to?

  806. zinid

    MattJ, we're going to start the CA at process-one, that will be the first URL for redirection

  807. MattJ

    or... just maybe wait until I've read the other XEP, I'll probably understand more then :)

  808. MattJ


  809. moparisthebest

    jonas’, Link Mauve: I'd say closest floss thing to Dropbox would be nextcloud or syncthing , I probably wouldn't want my xmpp client trying to reinvent that wheel...

  810. Link Mauve

    moparisthebest, does that mean you want it to be impossible to implement such a service?

  811. Link Mauve

    It doesn’t have to be your client.

  812. alameyo has left

  813. alameyo has joined

  814. Half-ShotX has joined

  815. ThibG has left

  816. ThibG has joined

  817. moparisthebest

    no of course not

  818. MattJ

    What advantages does using XMPP have here?

  819. moparisthebest

    just, to me, seems totally unsuited for XMPP

  820. winfried

    Ge0rG: https://xmpp.net/result.php?id=1452651 :-D

  821. Ge0rG

    winfried: so you only accept ECDSA and I reject ECDSA

  822. winfried

    Ge0rG: Got already a smelling suspicion....

  823. Ge0rG

    winfried: https://xmpp.net/result.php?domain=yax.im&type=server#ciphers

  824. Ge0rG

    winfried: is there a particular reason for ECDSA?

  825. Guus

    zinid can you share a link to the insane CA/B Forums requirements? 🙂

  826. zinid

    MattJ, for incident resolution we can just borrow formal rules developed by CA/B Forum, but I don't want to copy the whole requirements of CA/B Forum, they are too complex and this will prevent some OSS community to run any CA at all except a few companies with money

  827. Ge0rG

    Guus: https://cabforum.org/baseline-requirements-documents/

  828. Guus


  829. Link Mauve

    moparisthebest, getting notifications about things, and being able to manage things you already uploaded in some form over XMPP, doesn’t sound that unsuited to me.

  830. Link Mauve

    In the recent years, a lot of clients have started uploading files to their server for instance.

  831. zinid

    Guus, achtung, the document is very TL;DR 😀

  832. Half-ShotX has left

  833. Link Mauve

    It would be useful to have a way to manage that, instead of an upload once, regret forever kind of thing.

  834. moparisthebest

    only to share links, synchronizing directory trees across computers is an entirely different ballgame

  835. goffi

    XMPP is absolutely suited for that, and I'm already on the way of doing something similar. XMPP brings its ecosystem (accounts, permissions, notifications, etc.)

  836. Link Mauve

    And that.

  837. Guus

    zinid aren't they always? 🙂

  838. zinid

    Guus, yeah, CA is hard

  839. winfried

    Ge0rG: must have been, but I don't remember anymore... ;-) I guess I may relax my ciphers a bit.

  840. alameyo has left

  841. Ge0rG

    winfried: you could use the recommendations from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

  842. moparisthebest

    winfried, it doesn't look like cipher selection as much as you got an ecdsa key+certificate and not an RSA one ?

  843. Maranda has left

  844. Maranda has joined

  845. Half-ShotX has joined

  846. Ge0rG

    you can get a pure ecdsa cert from public CAs?

  847. zinid

    Ge0rG, yes

  848. zinid

    Let's Encrypt may issue pure ECC cert

  849. Ge0rG

    and it won't do RSA based DH?

  850. zinid

    Ge0rG, no, ejabberd's ACME only supports ECC so far and LE doesn't complain

  851. Ge0rG

    zinid: so I won't be able to talk to any of the ejabberd self-ACMEd servers if I forbid ECDSA?

  852. winfried has left

  853. zinid

    Ge0rG, yes, but that's a bug of ejabberd of course

  854. Ge0rG

    why are you even promoting that footgun?

  855. zinid

    I promote?

  856. zinid

    that was GSoC, and as any GSoC it sucks

  857. Ge0rG

    ECDSA is the most profoundly misdesigned crypto algorithm of the last decade or so

  858. zinid

    ah, you mean DSA?

  859. winfried has joined

  860. zinid

    sorry, I'm lost in terms

  861. zinid

    I thought you meant pure ECC cert (or how it's correctly called, i.e. not RSA)

  862. Ge0rG

    zinid: I'm speaking of the ECC based algorithms that are part of TLS

  863. zinid

    okay, then I don't know what you mean, I'm clueless

  864. moparisthebest

    Ge0rG, looks like you support all the ECDHE* algorithms and even prefer them though

  865. moparisthebest

    that's a different issue than ECDSA vs RSA certificates

  866. Ge0rG

    Okay, so I'm probably too stupid to follow my own advice.

  867. moparisthebest

    also TLS 1.3 called and said it ONLY supports ECDHE algorithms so, keep that in mind :)

  868. zinid

    ECDHE is something that only works with ECC certs, right?

  869. moparisthebest


  870. zinid


  871. moparisthebest

    entirely seperate, things

  872. zinid


  873. ThibG has left

  874. ThibG has joined

  875. moparisthebest

    for ECDSA vs RSA certificates, it's on my list of things to investigate, I *think* new nginx supports having both

  876. moparisthebest

    I'm *guessing* no XMPP server currently does

  877. Half-ShotX has left

  878. Half-ShotX has joined

  879. zinid

    wtf is ECDSA certificate?

  880. zinid

    which is based on ECC private key or what?

  881. Zash

    moparisthebest: You can probably configure Prosody with that now, if you have bleeding edge LuaSec

  882. winfried

    Zash: interesting challenge :-)

  883. moparisthebest

    I think I'll try nginx first :P

  884. zinid

    according to wikipedia it seems like ECDSA cert is indeed a ECC cert

  885. contrapunctus has left

  886. contrapunctus has joined

  887. zinid

    moparisthebest, haproxy supports the combo for sure

  888. zinid

    and we have some feature requests to support that in ejabberd

  889. moparisthebest

    but only useable with xep-0368 I'm guessing?

  890. zinid

    if you use front-end like haproxy? yes

  891. Zash

    moparisthebes, winfried: https://issues.prosody.im/809#comment-5

  892. moparisthebest

    awesome, maybe I will try that first then, thanks Zash

  893. alameyo has joined

  894. winfried

    Zash moparisthebest checking right now with my SSL-supplier if I can get a second certificate....

  895. Ge0rG

    winfried: unfortunately my testssl is going very slow.

  896. Ge0rG

    winfried: is the cert the same as on your https://?

  897. moparisthebest

    winfried, not using letsencrypt?

  898. winfried

    Ge0rG: same as https://tilanus.com/ not the same as https://www.tilanus.com/

  899. Half-ShotX has left

  900. Half-ShotX has joined

  901. Ge0rG

    winfried: one is a redirect to the other :>

  902. winfried

    Ge0rG: / yes

  903. Ge0rG

    winfried: anyway, I wanted to ping you regarding your promise in the Membership application. Can do that in public as well

  904. winfried

    Ge0rG: :-D

  905. Ge0rG

    winfried: it would be awesome if somebody could follow-up on https://github.com/xsf/xmpp.org/issues/490 and to contact the different teams behind the https://xmpp.org/uses/gaming items

  906. oli has joined

  907. winfried

    Ge0rG: do you know if anybody has contacts to one of those groups?

  908. Half-ShotX has left

  909. zinid

    Riot Games used to be our customer

  910. Half-ShotX has joined

  911. alacer has joined

  912. Ge0rG

    winfried: when I was collecting the links for the gaming section, I tried to find the most authoritative ones. If they don't list contacts, I don't have anything better unfortunately.

  913. Nekit has left

  914. Nekit has joined

  915. alacer has left

  916. alacer has joined

  917. zinid

    not sure how that promotes XMPP though, as the majority of them use highly customized XMPP servers

  918. zinid

    except maybe EVE online

  919. contrapunctus has left

  920. zinid

    for the record, EVE Online maintains their ejabberd branch at github

  921. zinid

    last time I checked they had very few changes from mainline

  922. Ge0rG

    zinid: is it wrong to run heavily patched servers?

  923. winfried

    Ge0rG: I would like to avoid making cold calls/doing research to find the right people, but I will be able to do so if needed...

  924. zinid

    Ge0rG, well, heavily patched means they patch the parts related to XMPP protocol, so basically they are not XMPP compliant

  925. kokonoe has left

  926. zinid

    like WhatsApp for example

  927. zinid

    it's hard to call them XMPP

  928. kokonoe has joined

  929. winfried

    zinid: I call WhatsApp XMPP inspired, not an XMPP deployment...

  930. zinid

    winfried, we can call almost all of them this way

  931. zinid

    they start from XMPP and then diverge drastically

  932. zinid

    dropping all the bloat of XMPP

  933. Ge0rG

    winfried: I can understand that, yeah. But I don't know what would be a better way. Write a post on xmpp.org saying "Dear large scale deployments, please contact us for cross promotion"?

  934. winfried

    Ge0rG: yes, would be a nice way, also good to point to if I am making a cold call...

  935. lnj has left

  936. Ge0rG

    winfried: this directly plugs into today's Board discussion, have a list of questions about the deployment.

  937. Ge0rG

    MattJ did a survey among xmpp developers recently.

  938. alacer has left

  939. zinid

    what survey?

  940. alameyo has left

  941. alameyo has joined

  942. winfried

    zinid: it is hard to draw a line when something is still XMPP or not, many private deployments extend or bend the protocol in some way. But some of them may still provide nice usecases for XMPP. But it would be good to stay critical about. (And some would be better of if they kept in closer contact with the XSF)

  943. winfried

    Ge0rG: I saw it, I answered it myself too ;-)

  944. lnj has joined

  945. tux has joined

  946. winfried

    Ge0rG: There may be different projects here: a survey, liason and whitepapers

  947. Ge0rG

    zinid: https://goo.gl/forms/L1AKnTLXjIAfP27W2

  948. Ge0rG

    Not sure where the results landed

  949. alameyo has left

  950. MattJ

    Ge0rG, Prosody community != XMPP developers...

  951. MattJ

    The results landed somewhere where Zash has been nagging me to process them (the survey isn't officially closed yet)

  952. winfried

    (will be AFK for a while) Ge0rG, zash, I will try a ECDSA and a RSA cert side by side later today

  953. Ge0rG

    winfried: I'm pretty sure it's not about the cert but about the allowed ciphers

  954. Ge0rG

    But then again, I'm not an expert

  955. moparisthebest

    that's correct but the ciphers you can use depend on your cert

  956. moparisthebest


  957. moparisthebest

    that can only be used with an RSA cert

  958. winfried

    I checked my configuration, it should allow RSA

  959. winfried

    (really gone now)

  960. moparisthebest


  961. moparisthebest

    that can only be used with an ECDSA cert

  962. Ge0rG

    But you can use ECDSA with an RSA cert?

  963. moparisthebest

    those are different things though

  964. moparisthebest

    gah I wish I knew the term, there is the certificate part, then the key exchange part, then the encription part

  965. moparisthebest

    also wish I could spell haha, encryption*

  966. Half-ShotX has left

  967. Ge0rG

    LMC to the rescue!

  968. zinid

    > And some would be better of if they kept in closer contact with the XSF I'm not sure they are interested, they don't think in terms of the protocol, just like when you deploy an HTTP server you don't go in contact with the corresponding standards body

  969. moparisthebest

    don't think dino does that yet, or I don't know the spell to invoke it

  970. MattJ

    zinid, I tend to agree. I think XMPP is useful for many of them to bootstrap, but they don't necessarily need federation or interoperability

  971. MattJ

    Even if both those things would generally be considered good by most people here, they do come at a cost, so I see why they get dropped easily

  972. MattJ

    We should still make contact with though, I think having communication with them can be good, even if we fail

  973. Half-ShotX has joined

  974. zinid

    MattJ, they also choose a solution, among others, so this is nothing to do with the protocol. I just know how they think, we talked to them a lot, for example, with Belkin (former Linksys). BTW, they run 2M IoT devices on their cluster (just in case, it's not mentioned by the XSF iot cases page)

  975. marc_ has left

  976. zinid

    and solution typically means "how much money"

  977. Half-ShotX has left

  978. lnj has left

  979. alacer has joined

  980. Ge0rG

    zinid: is Belkin documented anywhere in the public?

  981. lnj has joined

  982. zinid

    Ge0rG, yes, but I'm not sure they want to reveal their capacity

  983. zinid


  984. zinid

    they only allowed us to mention them as a client

  985. zinid

    *a customer

  986. alameyo has joined

  987. Ge0rG

    zinid: this is what I meant by "in the public"

  988. lovetox has joined

  989. zinid

    what exactly? The fact that they use XMPP? Or their capacity?

  990. zinid

    although, it's hard to call that XMPP, they just send encapsulated JSON and use XMPP as a streaming transport only. We try to convince them to MQTT instead.

  991. zinid

    *to use MQTT

  992. zinid

    as MQTT requires far less resources, we can shrink cluster capacity twice or so

  993. Half-ShotX has joined

  994. rtq3 has joined

  995. marc_ has joined

  996. rtq3 has left

  997. rtq3 has joined

  998. dele has joined

  999. Half-ShotX has left

  1000. Half-ShotX has joined

  1001. dele has left

  1002. Ge0rG

    zinid: the fact that they are using XMPP. That would be a good mention for the IoT page

  1003. zinid

    well, it's up to you of course, but my view is that XMPP is something about federation, and this is where "the community" fails miserably, I think there are less than a million of users using federated XMPP

  1004. 404.city has joined

  1005. alameyo has left

  1006. alameyo has joined

  1007. zinid

    in the sense that the XSF spends so much time to produce federated protocols (the compliance suite is an example), but the largest user base is located at walled gardens of quasi XMPP

  1008. Ge0rG

    zinid: I'm speaking of XMPP the protocol, not Jabber the IM network

  1009. zinid

    well, I clarified what I mean

  1010. alameyo has left

  1011. Half-ShotX has left

  1012. Half-ShotX has joined

  1013. Half-ShotX has left

  1014. alameyo has joined

  1015. rtq3 has left

  1016. Half-ShotX has joined

  1017. rtq3 has joined

  1018. rtq3 has left

  1019. rtq3 has joined

  1020. Half-ShotX has left

  1021. alacer has left

  1022. Half-ShotX has joined

  1023. Half-ShotX has left

  1024. Half-ShotX has joined

  1025. Half-ShotX has left

  1026. alameyo has left

  1027. alameyo has joined

  1028. alameyo has left

  1029. frainz has left

  1030. Dele Olajide has joined

  1031. ralphm has left

  1032. kokonoe has left

  1033. Half-ShotX has joined

  1034. Half-ShotX has left

  1035. kokonoe has joined

  1036. !xsf_Martin has joined

  1037. Dele Olajide has left

  1038. alameyo has joined

  1039. Half-ShotX has joined

  1040. Steve Kille has left

  1041. ralphm has joined

  1042. goffi has left

  1043. goffi has joined

  1044. Steve Kille has joined

  1045. Half-ShotX has left

  1046. jmpman has joined

  1047. lumi has joined

  1048. pep.

    Re CABF, can XSF members not infiltrate it? :p What do you need to get in? money?

  1049. Half-ShotX has joined

  1050. Zash

    Be a browser or a CA I guess?

  1051. Ge0rG

    pep.: excellent question. There was a discussion about xmpp srv-id already some years ago. But it seems to not have led anywhere

  1052. pep.

    Ge0rG, yeah I remember that thread

  1053. pep.

    Do we have a clear set of changes we want to bring to that document?

  1054. Half-ShotX has left

  1055. pep.

    Then we'd need to invest time in politics a bit

  1056. rion has left

  1057. alameyo has left

  1058. alameyo has joined

  1059. alameyo has left

  1060. Ge0rG

    pep.: we should at least demand that SRV id are not forbidden in SAN

  1061. !xsf_Martin has left

  1062. !xsf_Martin has joined

  1063. !xsf_Martin has left

  1064. !xsf_Martin has joined

  1065. Ge0rG

    I'm not sure what the state of art is in xmppAddr fields.

  1066. !xsf_Martin has left

  1067. !xsf_Martin has joined

  1068. !xsf_Martin has left

  1069. !xsf_Martin has joined

  1070. !xsf_Martin has left

  1071. !xsf_Martin has joined

  1072. Ge0rG

    It would be awesome if we could ask a public CA for a cert that only contains an srvId for an xmpp server. That would allow secure delegation of your xmpp to a service provider without letting them impersonate your webshits

  1073. Ge0rG

    Not that web security was in a good shape.

  1074. ralphm has left

  1075. ralphm has joined

  1076. pep.

    I'd also like to be able to be able to set another Key Usage

  1077. pep.

    (X509v3 Extended Key Usage)

  1078. Half-ShotX has joined

  1079. Ge0rG

    pep.: what exactly do you want to have there

  1080. pep.

    _not_ Web

  1081. pep.

    For a start

  1082. Ge0rG

    pep.: https://github.com/letsencrypt/boulder/issues/1309

  1083. pep.

    Yeah I know that issue

  1084. pep.

    And we need to do something about it now, because LE is not going to

  1085. pep.

    But it's not just about SRV id in SANs, it's also that Key Usage

  1086. pep.

    i.e., s/TlS Web Server Authentication/TLS Server Authentication/

  1087. pep.

    Or even s/Web/XMPP/

  1088. Half-ShotX has left

  1089. Half-ShotX has joined

  1090. contrapunctus has joined

  1091. Nekit has left

  1092. !xsf_Martin has left

  1093. ralphm has left

  1094. ralphm has joined

  1095. Half-ShotX has left

  1096. Half-ShotX has joined

  1097. winfried has left

  1098. alacer has joined

  1099. Half-ShotX has left

  1100. contrapunctus has left

  1101. contrapunctus has joined

  1102. vaulor has left

  1103. vaulor has joined

  1104. contrapunctus has left

  1105. contrapunctus has joined

  1106. contrapunctus has left

  1107. contrapunctus has joined

  1108. alameyo has joined

  1109. Half-ShotX has joined

  1110. alacer has left

  1111. Half-ShotX has left

  1112. !xsf_Martin has joined

  1113. ralphm has left

  1114. ralphm has joined

  1115. Half-ShotX has joined

  1116. rtq3 has left

  1117. rtq3 has joined

  1118. alameyo has left

  1119. alameyo has joined

  1120. moparisthebest

    Ge0rG, pep. , or we could push for DNSSEC + DANE ?

  1121. moparisthebest

    that way you control what key is valid for what server+port via DNS

  1122. alameyo has left

  1123. moparisthebest

    seems better and more doable than getting CAs to do anything

  1124. rtq3 has left

  1125. rtq3 has joined

  1126. winfried has joined

  1127. goffi has left

  1128. Half-ShotX has left

  1129. Half-ShotX has joined

  1130. Half-ShotX has left

  1131. alacer has joined

  1132. !xsf_Martin has left

  1133. !xsf_Martin has joined

  1134. !xsf_Martin has left

  1135. !xsf_Martin has joined

  1136. !xsf_Martin has left

  1137. !xsf_Martin has joined

  1138. !xsf_Martin has left

  1139. !xsf_Martin has joined

  1140. !xsf_Martin has left

  1141. !xsf_Martin has joined

  1142. !xsf_Martin has left

  1143. !xsf_Martin has joined

  1144. !xsf_Martin has left

  1145. !xsf_Martin has joined

  1146. !xsf_Martin has left

  1147. !xsf_Martin has joined

  1148. !xsf_Martin has left

  1149. !xsf_Martin has joined

  1150. !xsf_Martin has left

  1151. !xsf_Martin has joined

  1152. !xsf_Martin has left

  1153. !xsf_Martin has joined

  1154. !xsf_Martin has left

  1155. !xsf_Martin has joined

  1156. !xsf_Martin has left

  1157. !xsf_Martin has joined

  1158. !xsf_Martin has left

  1159. !xsf_Martin has joined

  1160. !xsf_Martin has left

  1161. !xsf_Martin has joined

  1162. !xsf_Martin has left

  1163. !xsf_Martin has joined

  1164. !xsf_Martin has left

  1165. !xsf_Martin has joined

  1166. contrapunctus has left

  1167. contrapunctus has joined

  1168. Half-ShotX has joined

  1169. contrapunctus has left

  1170. contrapunctus has joined

  1171. alacer has left

  1172. marc_ has left

  1173. marc_ has joined

  1174. oli has left

  1175. ralphm has left

  1176. ralphm has joined

  1177. contrapunctus has left

  1178. contrapunctus has joined

  1179. Wiktor

    moparisthebest, you can specify multiple certs in nginx since 1.11, it's desinged to be used in RSA+ECDSA scenarios, see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate

  1180. Half-ShotX has left

  1181. Wiktor

    note that even though Let's Encrypt will issue ECDSA cert it will be signed by their RSA intermediate cert, they don't (yet) have full ECDSA chain: https://letsencrypt.org/upcoming-features/

  1182. frainz has joined

  1183. moparisthebest

    ah thanks, I thought I remembered them adding support for that I just haven't gotten around to it yet

  1184. Half-ShotX has joined

  1185. ThibG has left

  1186. ThibG has joined

  1187. Half-ShotX has left

  1188. Wiktor


  1189. rtq3 has left

  1190. rtq3 has joined

  1191. pep.

    moparisthebest, that's orthogonal. Even though I agree we could focus our efforts on one thing, but then I'm not sure which one to do. I remember daniel having criticism against dnssec, or the deployment (middle boxes) in germany or sth, but I don't remember the details

  1192. Ge0rG

    moparisthebest [19:57]: > Ge0rG, pep. , or we could push for DNSSEC + DANE ? I'm sure that 2019 will be the year of DNSSEC. Especially for the IM TLD

  1193. Half-ShotX has joined

  1194. pep.

    Yeah and that..

  1195. 404.city has left

  1196. moparisthebest

    all new domains since, idk, 2012 or something have DNSSEC support

  1197. pep.

    not .im no

  1198. moparisthebest

    I'd argue any domain having right now supports it, maybe it's time to abandon .im

  1199. pep.

    not im. no

  1200. moparisthebest

    that's not a new one

  1201. 404.city has joined

  1202. pep.

    Ah right my bad. Well in the meantime..

  1203. 404.city has left

  1204. moparisthebest

    oh, I missed a word haha

  1205. moparisthebest

    I'd argue any domain worth having right now supports it, maybe it's time to abandon .im

  1206. pep.

    I always verify the tld supports it before I buy anything fwiw

  1207. !xsf_Martin has left

  1208. !xsf_Martin has joined

  1209. !xsf_Martin has left

  1210. !xsf_Martin has joined

  1211. !xsf_Martin has left

  1212. !xsf_Martin has joined

  1213. !xsf_Martin has left

  1214. !xsf_Martin has joined

  1215. !xsf_Martin has left

  1216. !xsf_Martin has joined

  1217. !xsf_Martin has left

  1218. !xsf_Martin has joined

  1219. !xsf_Martin has left

  1220. !xsf_Martin has joined

  1221. !xsf_Martin has left

  1222. !xsf_Martin has joined

  1223. !xsf_Martin has left

  1224. !xsf_Martin has joined

  1225. !xsf_Martin has left

  1226. !xsf_Martin has joined

  1227. !xsf_Martin has left

  1228. !xsf_Martin has joined

  1229. !xsf_Martin has left

  1230. !xsf_Martin has joined

  1231. Half-ShotX has left

  1232. !xsf_Martin has left

  1233. !xsf_Martin has joined

  1234. !xsf_Martin has left

  1235. !xsf_Martin has joined

  1236. !xsf_Martin has left

  1237. !xsf_Martin has joined

  1238. !xsf_Martin has left

  1239. Ge0rG

    It'll be another decade until all DNS servers support it.

  1240. !xsf_Martin has joined

  1241. !xsf_Martin has left

  1242. !xsf_Martin has joined

  1243. moparisthebest

    I still can't find the link I wanted but the gtld's, all the new fancy ones, must have DNSSEC support

  1244. !xsf_Martin has left

  1245. !xsf_Martin has joined

  1246. !xsf_Martin has left

  1247. moparisthebest

    all DNS servers support it now? maybe you mean all TLDs ?

  1248. !xsf_Martin has joined

  1249. !xsf_Martin has left

  1250. !xsf_Martin has joined

  1251. !xsf_Martin has left

  1252. !xsf_Martin has joined

  1253. !xsf_Martin has left

  1254. !xsf_Martin has joined

  1255. alameyo has joined

  1256. !xsf_Martin has left

  1257. !xsf_Martin has joined

  1258. Ge0rG

    Just this week I had a problem with Telekom DNS server returning ServFail for a non existent SRV record on a DNSSEC signed domain... after a 3s delay!

  1259. !xsf_Martin has left

  1260. !xsf_Martin has joined

  1261. !xsf_Martin has left

  1262. !xsf_Martin has joined

  1263. !xsf_Martin has left

  1264. !xsf_Martin has joined

  1265. !xsf_Martin has left

  1266. !xsf_Martin has joined

  1267. Ge0rG

    moparisthebest: I'm speaking of resolvers out there in the wils

  1268. !xsf_Martin has left

  1269. !xsf_Martin has joined

  1270. Ge0rG

    moparisthebest: I'm speaking of resolvers out there in the wild

  1271. !xsf_Martin has left

  1272. !xsf_Martin has joined

  1273. !xsf_Martin has left

  1274. !xsf_Martin has joined

  1275. !xsf_Martin has left

  1276. !xsf_Martin has joined

  1277. Half-ShotX has joined

  1278. Ge0rG

    Some CPE routers still fail at SRV altogether

  1279. !xsf_Martin has left

  1280. !xsf_Martin has joined

  1281. moparisthebest

    those are already dead https://dnsflagday.net/

  1282. !xsf_Martin has left

  1283. !xsf_Martin has joined

  1284. !xsf_Martin has left

  1285. Link Mauve has left

  1286. Ge0rG

    On yax.im I've got 10-15% of non SRV clients

  1287. moparisthebest

    I give it about another year before 99.9% of the DNS requests are via HTTPS anyway

  1288. Half-ShotX has left

  1289. moparisthebest

    and all those support DNSSEC etc

  1290. !xsf_Martin

    Please tell me when he’s done flooding with part/join, so I can take back my normal nick.

  1291. Ge0rG

    yax.im: Serious problem detected! This domain will face issues after February 1st 2019!

  1292. oli has joined

  1293. Yagiza has left

  1294. pep.

    !xsf_Martin, how are we supposed to see now? :p

  1295. pep.


  1296. pep.

    Not even, that wouldn't get to me

  1297. oli has left

  1298. oli has joined

  1299. oli has left

  1300. oli has joined

  1301. oli has left

  1302. debacle has joined

  1303. oli has joined

  1304. !xsf_Martin has left

  1305. Link Mauve

    Seems fixed.

  1306. Half-ShotX has joined

  1307. contrapunctus has left

  1308. contrapunctus has joined

  1309. contrapunctus has left

  1310. contrapunctus has joined

  1311. kokonoe has left

  1312. kokonoe has joined

  1313. contrapunctus has left

  1314. contrapunctus has joined

  1315. Ge0rG

    You need to see presence changes to understand the context, right?

  1316. pep.


  1317. Half-ShotX has left

  1318. Half-ShotX has joined

  1319. !xsf_Martin has joined

  1320. !xsf_Martin has left

  1321. !xsf_Martin has joined

  1322. !xsf_Martin has left

  1323. !xsf_Martin has joined

  1324. !xsf_Martin has left

  1325. !xsf_Martin has joined

  1326. !xsf_Martin has left

  1327. !xsf_Martin has joined

  1328. !xsf_Martin has left

  1329. !xsf_Martin has joined

  1330. !xsf_Martin has left

  1331. !xsf_Martin has joined

  1332. !xsf_Martin has left

  1333. !xsf_Martin has joined

  1334. !xsf_Martin has left

  1335. !xsf_Martin has joined

  1336. !xsf_Martin has left

  1337. !xsf_Martin has joined

  1338. !xsf_Martin has left

  1339. !xsf_Martin has joined

  1340. !xsf_Martin has left

  1341. !xsf_Martin has joined

  1342. !xsf_Martin has left

  1343. !xsf_Martin has joined

  1344. !xsf_Martin has left

  1345. !xsf_Martin has joined

  1346. !xsf_Martin has left

  1347. !xsf_Martin has joined

  1348. !xsf_Martin has left

  1349. !xsf_Martin has joined

  1350. !xsf_Martin has left

  1351. !xsf_Martin has joined

  1352. !xsf_Martin has left

  1353. !xsf_Martin has joined

  1354. !xsf_Martin has left

  1355. !xsf_Martin has joined

  1356. !xsf_Martin has left

  1357. !xsf_Martin has joined

  1358. !xsf_Martin has left

  1359. !xsf_Martin has joined

  1360. !xsf_Martin has left

  1361. !xsf_Martin has joined

  1362. !xsf_Martin has left

  1363. !xsf_Martin has joined

  1364. !xsf_Martin has left

  1365. !xsf_Martin has joined

  1366. !xsf_Martin has left

  1367. !xsf_Martin has joined

  1368. alameyo has left

  1369. alameyo has joined

  1370. alameyo has left

  1371. Half-ShotX has left

  1372. Half-ShotX has joined

  1373. Half-ShotX has left

  1374. coderx002 has joined

  1375. coderx002 has left

  1376. Half-ShotX has joined

  1377. jmpman has left

  1378. Half-ShotX has left

  1379. lumi has left

  1380. Nekit has joined

  1381. Half-ShotX has joined

  1382. valo has left

  1383. valo has joined

  1384. lumi has joined

  1385. alameyo has joined

  1386. igoose has left

  1387. igoose has joined

  1388. igoose has left

  1389. igoose has joined

  1390. lumi has left

  1391. lumi has joined

  1392. Half-ShotX has left

  1393. Half-ShotX has joined

  1394. Half-ShotX has left

  1395. contrapunctus has left

  1396. undefined has left

  1397. undefined has joined

  1398. contrapunctus has joined

  1399. contrapunctus has left

  1400. contrapunctus has joined

  1401. alameyo has left

  1402. alameyo has joined

  1403. contrapunctus has left

  1404. contrapunctus has joined

  1405. alameyo has left

  1406. contrapunctus has left

  1407. contrapunctus has joined

  1408. neshtaxmpp has left

  1409. neshtaxmpp has joined

  1410. ThibG has left

  1411. ThibG has joined

  1412. Half-ShotX has joined

  1413. contrapunctus has left

  1414. contrapunctus has joined

  1415. contrapunctus has left

  1416. contrapunctus has joined

  1417. contrapunctus has left

  1418. contrapunctus has joined

  1419. contrapunctus has left

  1420. contrapunctus has joined

  1421. contrapunctus has left

  1422. contrapunctus has joined

  1423. contrapunctus has left

  1424. contrapunctus has joined

  1425. contrapunctus has left

  1426. contrapunctus has joined

  1427. Half-ShotX has left

  1428. Half-ShotX has joined

  1429. oli has left

  1430. Half-ShotX has left

  1431. contrapunctus has left

  1432. contrapunctus has joined

  1433. contrapunctus has left

  1434. contrapunctus has joined

  1435. contrapunctus has left

  1436. contrapunctus has joined

  1437. contrapunctus has left

  1438. contrapunctus has joined

  1439. contrapunctus has left

  1440. contrapunctus has joined

  1441. contrapunctus has left

  1442. contrapunctus has joined

  1443. Half-ShotX has joined

  1444. marc_ has left

  1445. contrapunctus has left

  1446. contrapunctus has joined

  1447. Half-ShotX has left

  1448. vaulor has left

  1449. contrapunctus has left

  1450. Half-ShotX has joined

  1451. neshtaxmpp has left

  1452. Half-ShotX has left

  1453. contrapunctus has joined

  1454. neshtaxmpp has joined

  1455. Half-ShotX has joined

  1456. lorddavidiii has joined

  1457. Half-ShotX has left

  1458. alameyo has joined

  1459. contrapunctus has left

  1460. contrapunctus has joined

  1461. lorddavidiii has left

  1462. lumi has left

  1463. lumi has joined

  1464. Half-ShotX has joined

  1465. lorddavidiii has joined

  1466. contrapunctus has left

  1467. contrapunctus has joined

  1468. Half-ShotX has left

  1469. pep.

    Who do I need to ping again to appear in planet jabber? ralphm?

  1470. contrapunctus has left

  1471. winfried has left

  1472. contrapunctus has joined

  1473. contrapunctus has left

  1474. contrapunctus has joined

  1475. contrapunctus has left

  1476. contrapunctus has joined

  1477. winfried has joined

  1478. Half-ShotX has joined

  1479. contrapunctus has left

  1480. contrapunctus has joined

  1481. Half-ShotX has left

  1482. winfried

    moparisthebest Ge0rG: to resolve the discussion: at Prosody, with an ECDHE certificate it accepts only incoming ECDHE connections, with an RSA certificate only RSA connections

  1483. contrapunctus has left

  1484. contrapunctus has joined

  1485. Ge0rG

    That's... unfortunate.

  1486. andrey.g has left

  1487. alameyo has left

  1488. alameyo has joined

  1489. andrey.g has joined

  1490. alameyo has left

  1491. dwd

    pep., ralphm, indeed. Maybe intosi can help, I don't know.

  1492. Half-ShotX has joined

  1493. !xsf_Martin has left

  1494. dwd

    moparisthebest, I do hope we don't end up with DoH everywhere. The ramifications of that scare me badly.

  1495. kokonoe has left

  1496. yvo has left

  1497. debacle has left

  1498. moparisthebest

    winfried, I mean that's not prosody specific, that's universal TLS (assuming you meant ECDSA instead of ECDHE)

  1499. kokonoe has joined

  1500. moparisthebest

    dwd, too late, I think it's the default on latest android?

  1501. moparisthebest

    also enable-able in firefox

  1502. dwd

    moparisthebest, All the DNS data going through Google, is it?

  1503. dwd

    moparisthebest, And no doubt it's for our own good, of course.

  1504. moparisthebest

    I would guess by default yes :'(

  1505. Ge0rG

    Google and Clownflare

  1506. winfried

    moparisthebest: I also assume it is universal, but I just tested it on prosody

  1507. Ge0rG

    Using Google DNS is already a reality on my Samsung phone

  1508. moparisthebest

    winfried, but did you try both?

  1509. dwd

    winfried, OpenSSL, at least, can accept multiple cert/key pairs, and if given both it'll use whichever fits the ciphers requested.

  1510. winfried

    moparisthebest: yes, I tried both

  1511. moparisthebest

    I run my own though, which randomly picks from a list of upstream DNS servers, and proxies over tor, so I like dns-over-tls (and dns-over-https) sorry for shameless plug https://github.com/moparisthebest/jDnsProxy

  1512. winfried

    winfried: 100% guarantee, the key I select, the cipher I get :-D

  1513. winfried

    dwd: I know, but I am trying to get prosody talking both, no success so far.

  1514. winfried

    diving into the debugging logs right now

  1515. winfried has left

  1516. Half-ShotX has left

  1517. Half-ShotX has joined

  1518. alameyo has joined

  1519. lnj has left

  1520. winfried has joined

  1521. Half-ShotX has left

  1522. Half-ShotX has joined

  1523. winfried has left

  1524. Half-ShotX has left

  1525. valo has left

  1526. valo has joined

  1527. valo has left

  1528. wurstsalat has joined

  1529. winfried has joined

  1530. lovetox has left

  1531. lorddavidiii has left

  1532. winfried

    Zash: I tried https://issues.prosody.im/809#comment-5 no luck, it picks only the ec certificate like that. I tried to verify I really got the right version of luasec (installed the dev version locally, ahead in the path of the regular/package manager one) but I am not 100% sure it picked the right one.

  1533. valo has joined

  1534. Half-ShotX has joined

  1535. rtq3 has left

  1536. rtq3 has joined

  1537. Half-ShotX has left

  1538. Half-ShotX has joined

  1539. rtq3 has left

  1540. rtq3 has joined

  1541. Half-ShotX has left

  1542. Half-ShotX has joined

  1543. Half-ShotX has left

  1544. j.r has left

  1545. j.r has joined

  1546. efrit has joined

  1547. Half-ShotX has joined

  1548. Half-ShotX has left

  1549. Nekit has left

  1550. efrit has left

  1551. efrit has joined

  1552. Half-ShotX has joined

  1553. Dele Olajide has joined

  1554. Dele Olajide has left

  1555. jmpman has joined

  1556. Half-ShotX has left

  1557. Half-ShotX has joined

  1558. j.r has left

  1559. j.r has joined

  1560. rtq3 has left

  1561. rtq3 has joined

  1562. karoshi has left