XSF Discussion - 2019-12-06


  1. calvin has joined
  2. andrey.g has joined
  3. mathijs has left
  4. mathijs has joined
  5. LNJ has left
  6. LNJ has joined
  7. andy has left
  8. pep. Thanks for the meeting/minutes. As I mentioned on the non-public board list, I was at the protests in france :)
  9. Daniel has left
  10. Daniel has joined
  11. wurstsalat has left
  12. calvin has left
  13. calvin has joined
  14. goffi has left
  15. sonny has left
  16. calvin has left
  17. curen has left
  18. Daniel has left
  19. kokonoe has left
  20. Dele (Mobile) has joined
  21. Daniel has joined
  22. pdurbin has joined
  23. kokonoe has joined
  24. Zash has left
  25. Zash has joined
  26. mukt2 has joined
  27. Daniel has left
  28. pdurbin has left
  29. Daniel has joined
  30. stpeter has joined
  31. mukt2 has left
  32. pdurbin has joined
  33. Steve Kille has joined
  34. matkor has left
  35. Daniel has left
  36. adiaholic has joined
  37. lskdjf has left
  38. Daniel has joined
  39. calvin has joined
  40. matkor has joined
  41. calvin has left
  42. calvin has joined
  43. pdurbin has left
  44. calvin has left
  45. calvin has joined
  46. Zash has left
  47. pdurbin has joined
  48. calvin has left
  49. pdurbin has left
  50. pdurbin has joined
  51. stpeter has left
  52. pdurbin has left
  53. alexis has left
  54. alexis has joined
  55. pdurbin has joined
  56. pdurbin has left
  57. Daniel has left
  58. Daniel has joined
  59. matkor has left
  60. matkor has joined
  61. mukt2 has joined
  62. mukt2 has left
  63. mukt2 has joined
  64. pdurbin has joined
  65. mukt2 has left
  66. mukt2 has joined
  67. Nekit has joined
  68. david has left
  69. stpeter has joined
  70. adiaholic has left
  71. adiaholic has joined
  72. david has joined
  73. mukt2 has left
  74. mukt2 has joined
  75. Yagiza has joined
  76. stpeter has left
  77. adiaholic has left
  78. adiaholic has joined
  79. Daniel has left
  80. lorddavidiii has joined
  81. j.r has left
  82. j.r has joined
  83. Daniel has joined
  84. matkor has left
  85. andy has joined
  86. matkor has joined
  87. lovetox has joined
  88. j.r has left
  89. j.r has joined
  90. Tobias has joined
  91. lorddavidiii has left
  92. lorddavidiii has joined
  93. paul has joined
  94. pdurbin has left
  95. mimi89999 has left
  96. mimi89999 has joined
  97. pdurbin has joined
  98. Daniel has left
  99. wurstsalat has joined
  100. pdurbin has left
  101. pdurbin has joined
  102. Daniel has joined
  103. Daniel has left
  104. j.r has left
  105. j.r has joined
  106. APach has left
  107. APach has joined
  108. Daniel has joined
  109. j.r has left
  110. j.r has joined
  111. waqas has left
  112. waqas has joined
  113. waqas has left
  114. mukt2 has left
  115. mukt2 has joined
  116. Daniel has left
  117. Daniel has joined
  118. lorddavidiii has left
  119. mukt2 has left
  120. mukt2 has joined
  121. lorddavidiii has joined
  122. lorddavidiii has left
  123. edhelas :)
  124. lorddavidiii has joined
  125. Daniel has left
  126. Daniel has joined
  127. mukt2 has left
  128. mukt2 has joined
  129. mathijs has left
  130. mathijs has joined
  131. mukt2 has left
  132. mukt2 has joined
  133. jcbrand has joined
  134. mukt2 has left
  135. murabito has joined
  136. mathijs has left
  137. mathijs has joined
  138. Zash has joined
  139. mukt2 has joined
  140. mukt2 has left
  141. COM8 has joined
  142. SpaceFreak aka Tracer has joined
  143. mukt2 has joined
  144. APach has left
  145. APach has joined
  146. SpaceFreak aka Tracer has left
  147. goffi has joined
  148. COM8 has left
  149. mukt2 has left
  150. mukt2 has joined
  151. SpaceFreak aka Tracer has joined
  152. mukt2 has left
  153. test has joined
  154. paul has left
  155. mukt2 has joined
  156. paul has joined
  157. paul has left
  158. test has left
  159. edhelas Movim 0.16.1 released https://nl.movim.eu/?node/pubsub.movim.eu/Movim/cdfc0a4c-3459-4d3b-8c15-08994810d54e
  160. Guus congrats!
  161. Guus out of personal interest: does that now work with the latest Openfire? iirc, we've fixed the issues that caused interop problems
  162. sonny has joined
  163. Zash Do we have all the server devs in one of the channelrooMUCs?
  164. mukt2 has left
  165. edhelas Guus didn't tried with Openfire recently
  166. Martin has joined
  167. Guus Zash this one? 🙂
  168. Guus jdev?
  169. Zash Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471 Thoughts?
  170. Zash (Metarelated: We need that Hats XEP implemented)
  171. Daniel has left
  172. Daniel has joined
  173. Guus I was going to show you how bad of an idea of that was, because over half of my s2s connections use dialback - only to find out that hardly any do.
  174. paul has joined
  175. paul has left
  176. Guus Still, I'd not be a fan, as it'd break backwards compatibility. I'm constantly talking to people that are running server versions that are pretty old.
  177. Guus (even those _could_ also do certificate based auth, etc, etc)
  178. Zash I was going to ask why the only Dialback connections I have are to jabber.org, dwd and an openfire
  179. Guus Why is Openfire's (I'm assuming xmpp.igniterealtime.org) using Dialback? It has valid certs.
  180. Daniel has left
  181. Daniel has joined
  182. Zash Why is it not offering me SASL EXTERNAL? I have valid certs?
  183. Guus we're running something alpha - buggydibugbug?
  184. jubalh has joined
  185. Guus also, we're currently rewriting all of the s2s code...
  186. Guus (not doing dialback would actually save us a lot of time...)
  187. paul has joined
  188. Zash In theory having multiplexing would be very nice, but in practice I've never seen that be used, except for that one time dwd tried and found a bug in Prosody.
  189. Zash So I've been leaning towards depoying XEP-0288 - Bidi instead and being happy enough with that.
  190. Martin has left
  191. Holger > I'd not be a fan, as it'd break backwards compatibility. Same here.
  192. Holger I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.)
  193. mukt2 has joined
  194. Martin has joined
  195. Zash Are any of the Tigase folks here or in jdev@?
  196. jonas’ fun question: those hosts which can only do dialback, what TLS version can they do?
  197. jonas’ is it likely that they will become unreachable "soon" either way because libssl drops support for that version?
  198. Guus I don't think we should remove support for people that for one reason or another don't want or can't set up certificates. Dialback offers better security than no security.
  199. Guus I can think of deployments that are deliberately not internet-facing, or have other reasons to not want to depend on Let's Encrypt
  200. mukt2 has left
  201. Guus Also, everyone having valid certificates very much is an effect of one single organisation providing a service, I think. What happens if, for whatever reason, Let's Encrypt stops doing their thing (or stops being trustworthy)?
  202. Guus Their certificates are only valid for 3 months - having dialback as a fallback to a service that pretty much hinges on one organisation isn't the worst of ideas, maybe.
  203. Zash I'm not a fan of this single point of failure either
  204. Zash However it is the current reality
  205. Guus would making it easier to disable dialback be a compromise to be considered?
  206. Zash I did word it as "phase out", meaning not instant.
  207. Guus security-minded setups can then disable it, while others might opt to choose interop over security. It boils down to that question, right?
  208. Zash Yeah
  209. Zash FWIW it's pretty easy in Prosody already, just comment out that module.
  210. Guus Sure, not saying it wasn't 🙂
  211. Zash No idea about other servers, but if it's not easy then making it easy seems like a good idea.
  212. Guus Having given this 5 minutes of thought, I'd not be a fan of phase out Dialback though.
  213. Maranda > Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471 > Thoughts? > (Metarelated: We need that Hats XEP implemented) Agreed with Guus phasing out DB is a horrible idea, I already more than once expressed my opinion on it
  214. Guus I think it's good to discuss these things though. Thanks!
  215. Guus Maranda : I never said it was a horrible idea.
  216. !XSF_Martin Zash: Didn't you recently talk about disabling dialback in prosody?
  217. Maranda Plenty of cisco jabber deployments only do DB for example
  218. Zash !XSF_Martin: Yes.
  219. Maranda And not sasl external
  220. lskdjf has joined
  221. Maranda > Same here. > I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.) I'm not sure if it doesnt support it for sure I never seen any deployment I know of using it with my server
  222. SpaceFreak aka Tracer has left
  223. Guus fwiw: https://issues.igniterealtime.org/browse/OF-1940
  224. sonny has left
  225. SpaceFreak aka Tracer has joined
  226. Maranda Also I never agreed about most of the security concerns on DB nowadays, very few implementations don't do STARTTLS before DB (Metronome does bump servers that do that for example)
  227. Maranda And the rogue issuing of certificates by LE just introduces more security concerns, so I'm not sure what you expect to achieve here beside breaking interoperability
  228. Caius Cartapus has left
  229. Caius Cartapus has joined
  230. MattJ Backwards compatibility: meh Let's Encrypt: it's still not the world's only CA by far Closed setups: don't care about s2s, or can run their own CA or enable dialback
  231. Wojtek has joined
  232. pdurbin has left
  233. debacle has joined
  234. jubalh has left
  235. Daniel Where is memberbot again?
  236. Daniel The source code I mean
  237. Daniel I finally want to do a lower case and a trim around the response parsing
  238. Daniel The fact that it doesn't accept 'Yes ' is super annoying
  239. Maranda MattJ: I'm not the one who mentioned LE as solution for a free certificate to feed to SASL external to begin with
  240. Wojtek @Maranda - we added it recently in development versions so it will be included in next 8.1.0
  241. lorddavidiii has left
  242. pep. Daniel, https://github.com/legastero/memberbot
  243. pep. See also some fixes here already: https://github.com/linkmauve/memberbot/commits/master
  244. Daniel pep.: thank you
  245. Guus Daniel I think Alex mentioned forking that into the xsf github account recently. Not sure if he's working on it.
  246. mukt2 has joined
  247. Guus and yes, it's annoying. I'd welcome that fix 🙂
  248. Alex travelling right now with bad internet access. Feel free to fork it to the XSF repo and I will take it from there ;-)
  249. Daniel I think I'll pr link's repo
  250. lorddavidiii has joined
  251. Alex also, don't think I have permissions to fork it to XSF repo, so someone else would need to do the initial fork
  252. pep. Maybe I can, now
  253. Alex https://palaver.im:5443/upload/5bb502b7c5289e610734e07c6a499759f520bf98/KfbREEd9IVGxE7vRIIZGilr520dOqpVw0Hncz4qm/2019-12-06_12_48_34-legastero_memberbot__XSF_Memberbot__v2.png
  254. pep. hmm no I can't
  255. mukt2 has left
  256. pep. Daniel, as you might have seen the "Redis woohoo!" commit is just here to bypass Redis as we didn't want to set it up to test our changes :-°
  257. wurstsalat has left
  258. wurstsalat has joined
  259. pep. (also I'm curious if it's actually necessary..)
  260. Daniel I was just blindly going to add strip().lower() in some places. I wasn't even going to run it
  261. pep. heh
  262. SpaceFreak aka Tracer has left
  263. SpaceFreak aka Tracer has joined
  264. dwd Zash, XEP-0220 is also used by XEP-0288 - are you suggesting that the dialback auth is deprecated, or that the syntax itself is deprecated?
  265. mukt2 has joined
  266. moparisthebest Maranda: rogue issuing of certs by LE?
  267. Zash dwd: Personally I really don't like the syntax. But I'm pretty sure you can do 288 without talking Dialback.
  268. mukt2 has left
  269. sonny has joined
  270. mukt2 has joined
  271. pep. ralphm, Guus, can somebody give me perms on the trello board so I add agendan items please.
  272. pep. ralphm, Guus, can somebody give me perms on the trello board so I add agenda items please.
  273. andrey.g has left
  274. j.r has left
  275. mukt2 has left
  276. ralphm pep., what is your username there?
  277. pep. ppjet6
  278. mukt2 has joined
  279. ralphm pep., oh, interesting, I also found another one, which does have an avatar
  280. pep. I just added an avatar
  281. ralphm but that one is maximebuquet
  282. pep. Yeah, that was the original username they gave me, and apparently it's possible to change it.
  283. j.r has joined
  284. pep. Not sure how long it sticks around
  285. ralphm so it is one account then?
  286. ralphm confusing
  287. pep. it is
  288. pep. (confusing)
  289. pep. Thanks I've been added
  290. ralphm Well, I think I added both
  291. pep. ugh, weird
  292. SpaceFreak aka Tracer has left
  293. SpaceFreak aka Tracer has joined
  294. j.r has left
  295. j.r has joined
  296. Guus I though I already added you?
  297. Guus Are you there three times now? 😁
  298. ralphm You added one of his accounts as guest
  299. ralphm I promoted that one, and added the other for good measure.
  300. ralphm So pep. is double important now
  301. Guus Internet is hard
  302. ralphm nah
  303. mukt2 has left
  304. Martin The *hard* parts are not the problems, the problems come from the *soft* part. No software, no problem. 😁
  305. Guus You beat the end boss?
  306. SpaceFreak aka Tracer has left
  307. sonny has left
  308. SpaceFreak aka Tracer has joined
  309. Zash has left
  310. Zash has joined
  311. mukt2 has joined
  312. j.r has left
  313. j.r has joined
  314. pdurbin has joined
  315. mukt2 has left
  316. andrey.g has joined
  317. jcbrand has left
  318. mukt2 has joined
  319. pdurbin has left
  320. mukt2 has left
  321. mukt2 has joined
  322. mukt2 has left
  323. waqas has joined
  324. Link Mauve RFC5891 says it obsoletes RFC3491, does that mean XMPP applications should stop using the Nameprep stringprep profile for domain names?
  325. Caius Cartapus has left
  326. Caius Cartapus has joined
  327. ralphm Well...
  328. lorddavidiii has left
  329. ralphm It turns out that there are some issues surrounding Precis and multiple versions of Unicode.
  330. Zash Understatement of the decade 🙂
  331. Link Mauve ralphm, this isn’t PRECIS yet.
  332. Zash IDNA 2008?
  333. Zash That's a separate thing from stringprep
  334. Link Mauve I’m looking at whether IDNA2008 can be used for the domainpart of JIDs instead of IDNA2003 + Nameprep.
  335. Zash That's not how it works
  336. Link Mauve Is it not?
  337. ralphm Link Mauve, for reference: https://mailarchive.ietf.org/arch/msg/xmpp/a-WhzOTyOq168GujQHgzQ1-DURI
  338. Link Mauve Thanks.
  339. !XSF_Martin has left
  340. Link Mauve Ah yes, I have read this email already.
  341. Link Mauve This thread.
  342. Zash If IDNA 2008 replaces IDNA 2003 AND Nameprep then I've gotten it all backwards.
  343. lorddavidiii has joined
  344. mukt2 has joined
  345. alexis has left
  346. Link Mauve Zash, that’s what I get from the obsoletes header of the RFC, but I may be wrong.
  347. ralphm I think you either do it using stringprep as earlier versions of XMPP Addresses, or using Precis using the latests incarnation of it
  348. Zash I've just replaced the IDNA part and kept the stringprep part
  349. sonny has joined
  350. alexis has joined
  351. Zash IDNA doesn't come into play until you start doing DNS
  352. lorddavidiii has left
  353. Caius Cartapus has left
  354. Link Mauve IDNA2008 did the same mistake (?) as PRECIS of relaxing the Unicode version from Unicode 3.2 to undefined version.
  355. Zash Related: The 1023 byte limit on JID parts is super weird given the 256 byte limit on DNS names.
  356. Zash I guess you can invent your own non-DNS based federation with looooooong server names.
  357. SpaceFreak aka Tracer has left
  358. Link Mauve Wouldn’t that break any XMPP software using IDNA*?
  359. SpaceFreak aka Tracer has joined
  360. lorddavidiii has joined
  361. Zash Define "using IDNA*"
  362. Zash Being mostly familiar with Prosody, I can say that it should work fine as long as you don't try to federate.
  363. Zash Because IDNA isn't applied until you start doing DNS lookups
  364. Link Mauve So I shouldn’t use IDNA2003 nor IDNA2008 in my JID library at all?
  365. lorddavidiii has left
  366. Link Mauve Since it isn’t involved in DNS in any way?
  367. Zash Prosody's JID library doesn't use IDNA at least.
  368. Link Mauve Ok.
  369. adiaholic has left
  370. adiaholic has joined
  371. lorddavidiii has joined
  372. SpaceFreak aka Tracer has left
  373. SpaceFreak aka Tracer has joined
  374. Caius Cartapus has joined
  375. sonny has left
  376. !XSF_Martin has joined
  377. Zash I guess read https://tools.ietf.org/html/rfc7622#section-3.2 and https://tools.ietf.org/html/rfc6122#section-2.2
  378. Maranda has left
  379. Maranda has joined
  380. karoshi has left
  381. karoshi has joined
  382. ralphm Or get a hold of Peter
  383. Zash One could probably interpret those texts as nameprep being basically the same as IDNA?
  384. ralphm Nameprep uses IDNA, but there a bunch more.
  385. SpaceFreak aka Tracer has left
  386. flow Link Mauve, domainparts can be DNS names of U-labels, not A-labels, hence they are in ACE. IDNA converts U-labels to A-labels and is hence not needed for your JID library.
  387. flow Note that RFC7622 is underspecified regarding domainparts, see also https://www.rfc-editor.org/errata/eid5789
  388. mukt2 has left
  389. Zash > ifqdn = 1*1023(domainbyte) > a "domainbyte" is a byte used to represent a UTF-8 encoded Unicode code point that can be contained in a string that conforms to RFC 5890
  390. Zash Hmmm
  391. flow and here lies the problem
  392. Zash > ifqdn = 1*(namepoint) > a "namepoint" is a UTF-8 encoded Unicode code point that satisfies the Nameprep profile of stringprep in RFC 6122
  393. flow strike that, the ifqnd definition is not the problem, the textual description is
  394. Zash Note that those are from two separate RFCs
  395. Zash The first I pasted replaces the second.
  396. flow Yep
  397. Zash Does the 7622 definition permit 1023 UTF-8 continuation bytes?
  398. flow The problem is that RFC7622 only allows code points allowed in NR-LDH labels and U-labels
  399. flow which excludes the colon for example, and I am pretty sure most of us have domainparts which include colons
  400. Zash Oh glob what's an NR-LDH label?
  401. Zash Colons?
  402. flow non reserved letters digits hypen label
  403. flow Zash, just have a look at https://www.rfc-editor.org/errata/eid5789
  404. Zash That's not allowed in domain names
  405. Zash And IP literals are in "good luck with that" territory
  406. goffi has left
  407. flow NR-LDH are the old style dns label format prior unicode, which just could include letters, digits and the hypen, hence the name
  408. Zash Aren't U-labels the new ones?
  409. flow yes and no
  410. flow on the wire DNS still uses LDH labels
  411. flow hence IDNA
  412. Zash remembers how touching on this topic generally ends with a great desire to crawl down under the desk and cry
  413. flow It's really not that hard
  414. Zash `to_ascii()` yes
  415. flow bbl
  416. Nekit has left
  417. Nekit has joined
  418. karoshi has left
  419. karoshi has joined
  420. mukt2 has joined
  421. !XSF_Martin has left
  422. stpeter has joined
  423. SpaceFreak aka Tracer has joined
  424. kokonoe has left
  425. !XSF_Martin has joined
  426. SpaceFreak aka Tracer has left
  427. alameyo has left
  428. alameyo has joined
  429. stpeter has left
  430. SpaceFreak aka Tracer has joined
  431. mukt2 has left
  432. mukt2 has joined
  433. mukt2 has left
  434. kokonoe has joined
  435. stpeter has joined
  436. mathijs has left
  437. mathijs has joined
  438. mathijs has left
  439. mathijs has joined
  440. mukt2 has joined
  441. Yagiza has left
  442. Yagiza has joined
  443. stpeter has left
  444. murabito has left
  445. stpeter has joined
  446. Yagiza has left
  447. Yagiza has joined
  448. SpaceFreak aka Tracer has left
  449. SpaceFreak aka Tracer has joined
  450. krauq has left
  451. krauq has joined
  452. stpeter has left
  453. pdurbin has joined
  454. SpaceFreak aka Tracer has left
  455. kokonoe has left
  456. mukt2 has left
  457. stpeter has joined
  458. SpaceFreak aka Tracer has joined
  459. Caius Cartapus has left
  460. Link Mauve edhelas, “when you join a chatroom (especially that one)”, which one?
  461. Link Mauve Otherwise, congrats for the release!
  462. kokonoe has joined
  463. kokonoe has left
  464. SpaceFreak aka Tracer has left
  465. SpaceFreak aka Tracer has joined
  466. kokonoe has joined
  467. pdurbin has left
  468. SpaceFreak aka Tracer has left
  469. SpaceFreak aka Tracer has joined
  470. stpeter has left
  471. kokonoe has left
  472. kokonoe has joined
  473. kokonoe has left
  474. kokonoe has joined
  475. Wojtek has left
  476. mukt2 has joined
  477. sonny has joined
  478. Yagiza has left
  479. SpaceFreak aka Tracer has left
  480. adiaholic has left
  481. sonny has left
  482. mukt2 has left
  483. eevvoor has joined
  484. neshtaxmpp has left
  485. kokonoe has left
  486. dele has joined
  487. kokonoe has joined
  488. SpaceFreak aka Tracer has joined
  489. dele has left
  490. Wojtek has joined
  491. SpaceFreak aka Tracer has left
  492. SpaceFreak aka Tracer has joined
  493. SpaceFreak aka Tracer has left
  494. pdurbin has joined
  495. mathijs has left
  496. mathijs has joined
  497. mathijs has left
  498. mathijs has joined
  499. neshtaxmpp has joined
  500. SpaceFreak aka Tracer has joined
  501. pdurbin has left
  502. mathijs has left
  503. mathijs has joined
  504. mukt2 has joined
  505. debacle has left
  506. Wojtek has left
  507. adiaholic has joined
  508. mukt2 has left
  509. mukt2 has joined
  510. pdurbin has joined
  511. adiaholic has left
  512. adiaholic has joined
  513. Wojtek has joined
  514. adiaholic has left
  515. SpaceFreak aka Tracer has left
  516. mathijs has left
  517. mathijs has joined
  518. pdurbin has left
  519. SpaceFreak aka Tracer has joined
  520. kokonoe has left
  521. kokonoe has joined
  522. SpaceFreak aka Tracer has left
  523. Wojtek has left
  524. mathijs has left
  525. mathijs has joined
  526. mathijs has left
  527. mathijs has joined
  528. mathijs has left
  529. mathijs has joined
  530. Nekit has left
  531. Caius Cartapus has joined
  532. mukt2 has left
  533. lovetox has left
  534. eevvoor has left
  535. neshtaxmpp has left
  536. neshtaxmpp has joined
  537. pdurbin has joined
  538. pdurbin has left
  539. wurstsalat has left
  540. kokonoe has left
  541. Tobias has left
  542. Daniel has left
  543. Daniel has joined
  544. Daniel has left
  545. kokonoe has joined
  546. Daniel has joined
  547. lorddavidiii has left
  548. Daniel has left
  549. Steve Kille has left
  550. Daniel has joined
  551. stpeter has joined
  552. mukt2 has joined
  553. mukt2 has left
  554. Martin has left
  555. alexis has left