Thanks for the meeting/minutes. As I mentioned on the non-public board list, I was at the protests in france :)
Danielhas left
Danielhas joined
wurstsalathas left
calvinhas left
calvinhas joined
goffihas left
sonnyhas left
calvinhas left
curenhas left
Danielhas left
kokonoehas left
Dele (Mobile)has joined
Danielhas joined
pdurbinhas joined
kokonoehas joined
Zashhas left
Zashhas joined
mukt2has joined
Danielhas left
pdurbinhas left
Danielhas joined
stpeterhas joined
mukt2has left
pdurbinhas joined
Steve Killehas joined
matkorhas left
Danielhas left
adiaholichas joined
lskdjfhas left
Danielhas joined
calvinhas joined
matkorhas joined
calvinhas left
calvinhas joined
pdurbinhas left
calvinhas left
calvinhas joined
Zashhas left
pdurbinhas joined
calvinhas left
pdurbinhas left
pdurbinhas joined
stpeterhas left
pdurbinhas left
alexishas left
alexishas joined
pdurbinhas joined
pdurbinhas left
Danielhas left
Danielhas joined
matkorhas left
matkorhas joined
mukt2has joined
mukt2has left
mukt2has joined
pdurbinhas joined
mukt2has left
mukt2has joined
Nekithas joined
davidhas left
stpeterhas joined
adiaholichas left
adiaholichas joined
davidhas joined
mukt2has left
mukt2has joined
Yagizahas joined
stpeterhas left
adiaholichas left
adiaholichas joined
Danielhas left
lorddavidiiihas joined
j.rhas left
j.rhas joined
Danielhas joined
matkorhas left
andyhas joined
matkorhas joined
lovetoxhas joined
j.rhas left
j.rhas joined
Tobiashas joined
lorddavidiiihas left
lorddavidiiihas joined
paulhas joined
pdurbinhas left
mimi89999has left
mimi89999has joined
pdurbinhas joined
Danielhas left
wurstsalathas joined
pdurbinhas left
pdurbinhas joined
Danielhas joined
Danielhas left
j.rhas left
j.rhas joined
APachhas left
APachhas joined
Danielhas joined
j.rhas left
j.rhas joined
waqashas left
waqashas joined
waqashas left
mukt2has left
mukt2has joined
Danielhas left
Danielhas joined
lorddavidiiihas left
mukt2has left
mukt2has joined
lorddavidiiihas joined
lorddavidiiihas left
edhelas
:)
lorddavidiiihas joined
Danielhas left
Danielhas joined
mukt2has left
mukt2has joined
mathijshas left
mathijshas joined
mukt2has left
mukt2has joined
jcbrandhas joined
mukt2has left
murabitohas joined
mathijshas left
mathijshas joined
Zashhas joined
mukt2has joined
mukt2has left
COM8has joined
SpaceFreak aka Tracerhas joined
mukt2has joined
APachhas left
APachhas joined
SpaceFreak aka Tracerhas left
goffihas joined
COM8has left
mukt2has left
mukt2has joined
SpaceFreak aka Tracerhas joined
mukt2has left
testhas joined
paulhas left
mukt2has joined
paulhas joined
paulhas left
testhas left
edhelas
Movim 0.16.1 released https://nl.movim.eu/?node/pubsub.movim.eu/Movim/cdfc0a4c-3459-4d3b-8c15-08994810d54e
Guus
congrats!
Guus
out of personal interest: does that now work with the latest Openfire? iirc, we've fixed the issues that caused interop problems
sonnyhas joined
Zash
Do we have all the server devs in one of the channelrooMUCs?
mukt2has left
edhelas
Guus didn't tried with Openfire recently
Martinhas joined
Guus
Zash this one? 🙂
Guus
jdev?
Zash
Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471
Thoughts?
Zash
(Metarelated: We need that Hats XEP implemented)
Danielhas left
Danielhas joined
Guus
I was going to show you how bad of an idea of that was, because over half of my s2s connections use dialback - only to find out that hardly any do.
paulhas joined
paulhas left
Guus
Still, I'd not be a fan, as it'd break backwards compatibility. I'm constantly talking to people that are running server versions that are pretty old.
Guus
(even those _could_ also do certificate based auth, etc, etc)
Zash
I was going to ask why the only Dialback connections I have are to jabber.org, dwd and an openfire
Guus
Why is Openfire's (I'm assuming xmpp.igniterealtime.org) using Dialback? It has valid certs.
Danielhas left
Danielhas joined
Zash
Why is it not offering me SASL EXTERNAL? I have valid certs?
Guus
we're running something alpha - buggydibugbug?
jubalhhas joined
Guus
also, we're currently rewriting all of the s2s code...
Guus
(not doing dialback would actually save us a lot of time...)
paulhas joined
Zash
In theory having multiplexing would be very nice, but in practice I've never seen that be used, except for that one time dwd tried and found a bug in Prosody.
Zash
So I've been leaning towards depoying XEP-0288 - Bidi instead and being happy enough with that.
Martinhas left
Holger
> I'd not be a fan, as it'd break backwards compatibility.
Same here.
Holger
I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.)
mukt2has joined
Martinhas joined
Zash
Are any of the Tigase folks here or in jdev@?
jonas’
fun question: those hosts which can only do dialback, what TLS version can they do?
jonas’
is it likely that they will become unreachable "soon" either way because libssl drops support for that version?
Guus
I don't think we should remove support for people that for one reason or another don't want or can't set up certificates. Dialback offers better security than no security.
Guus
I can think of deployments that are deliberately not internet-facing, or have other reasons to not want to depend on Let's Encrypt
mukt2has left
Guus
Also, everyone having valid certificates very much is an effect of one single organisation providing a service, I think. What happens if, for whatever reason, Let's Encrypt stops doing their thing (or stops being trustworthy)?
Guus
Their certificates are only valid for 3 months - having dialback as a fallback to a service that pretty much hinges on one organisation isn't the worst of ideas, maybe.
Zash
I'm not a fan of this single point of failure either
Zash
However it is the current reality
Guus
would making it easier to disable dialback be a compromise to be considered?
Zash
I did word it as "phase out", meaning not instant.
Guus
security-minded setups can then disable it, while others might opt to choose interop over security. It boils down to that question, right?
Zash
Yeah
Zash
FWIW it's pretty easy in Prosody already, just comment out that module.
Guus
Sure, not saying it wasn't 🙂
Zash
No idea about other servers, but if it's not easy then making it easy seems like a good idea.
Guus
Having given this 5 minutes of thought, I'd not be a fan of phase out Dialback though.
Maranda
> Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471
> Thoughts?
> (Metarelated: We need that Hats XEP implemented)
Agreed with Guus phasing out DB is a horrible idea, I already more than once expressed my opinion on it
Guus
I think it's good to discuss these things though. Thanks!
Guus
Maranda : I never said it was a horrible idea.
!XSF_Martin
Zash: Didn't you recently talk about disabling dialback in prosody?
Maranda
Plenty of cisco jabber deployments only do DB for example
Zash
!XSF_Martin: Yes.
Maranda
And not sasl external
lskdjfhas joined
Maranda
> Same here.
> I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.)
I'm not sure if it doesnt support it for sure I never seen any deployment I know of using it with my server
Also I never agreed about most of the security concerns on DB nowadays, very few implementations don't do STARTTLS before DB (Metronome does bump servers that do that for example)
Maranda
And the rogue issuing of certificates by LE just introduces more security concerns, so I'm not sure what you expect to achieve here beside breaking interoperability
Caius Cartapushas left
Caius Cartapushas joined
MattJ
Backwards compatibility: meh
Let's Encrypt: it's still not the world's only CA by far
Closed setups: don't care about s2s, or can run their own CA or enable dialback
Wojtekhas joined
pdurbinhas left
debaclehas joined
jubalhhas left
Daniel
Where is memberbot again?
Daniel
The source code I mean
Daniel
I finally want to do a lower case and a trim around the response parsing
Daniel
The fact that it doesn't accept 'Yes ' is super annoying
Maranda
MattJ: I'm not the one who mentioned LE as solution for a free certificate to feed to SASL external to begin with
Wojtek
@Maranda - we added it recently in development versions so it will be included in next 8.1.0
lorddavidiiihas left
pep.
Daniel, https://github.com/legastero/memberbot
pep.
See also some fixes here already: https://github.com/linkmauve/memberbot/commits/master
Daniel
pep.: thank you
Guus
Daniel I think Alex mentioned forking that into the xsf github account recently. Not sure if he's working on it.
mukt2has joined
Guus
and yes, it's annoying. I'd welcome that fix 🙂
Alex
travelling right now with bad internet access. Feel free to fork it to the XSF repo and I will take it from there ;-)
Daniel
I think I'll pr link's repo
lorddavidiiihas joined
Alex
also, don't think I have permissions to fork it to XSF repo, so someone else would need to do the initial fork
Daniel, as you might have seen the "Redis woohoo!" commit is just here to bypass Redis as we didn't want to set it up to test our changes :-°
wurstsalathas left
wurstsalathas joined
pep.
(also I'm curious if it's actually necessary..)
Daniel
I was just blindly going to add strip().lower() in some places. I wasn't even going to run it
pep.
heh
SpaceFreak aka Tracerhas left
SpaceFreak aka Tracerhas joined
dwd
Zash, XEP-0220 is also used by XEP-0288 - are you suggesting that the dialback auth is deprecated, or that the syntax itself is deprecated?
mukt2has joined
moparisthebest
Maranda: rogue issuing of certs by LE?
Zash
dwd: Personally I really don't like the syntax. But I'm pretty sure you can do 288 without talking Dialback.
mukt2has left
sonnyhas joined
mukt2has joined
pep.
ralphm, Guus, can somebody give me perms on the trello board so I add agendan items please.✎
pep.
ralphm, Guus, can somebody give me perms on the trello board so I add agenda items please. ✏
andrey.ghas left
j.rhas left
mukt2has left
ralphm
pep., what is your username there?
pep.
ppjet6
mukt2has joined
ralphm
pep., oh, interesting, I also found another one, which does have an avatar
pep.
I just added an avatar
ralphm
but that one is maximebuquet
pep.
Yeah, that was the original username they gave me, and apparently it's possible to change it.
j.rhas joined
pep.
Not sure how long it sticks around
ralphm
so it is one account then?
ralphm
confusing
pep.
it is
pep.
(confusing)
pep.
Thanks I've been added
ralphm
Well, I think I added both
pep.
ugh, weird
SpaceFreak aka Tracerhas left
SpaceFreak aka Tracerhas joined
j.rhas left
j.rhas joined
Guus
I though I already added you?
Guus
Are you there three times now? 😁
ralphm
You added one of his accounts as guest
ralphm
I promoted that one, and added the other for good measure.
ralphm
So pep. is double important now
Guus
Internet is hard
ralphm
nah
mukt2has left
Martin
The *hard* parts are not the problems, the problems come from the *soft* part. No software, no problem. 😁
Guus
You beat the end boss?
SpaceFreak aka Tracerhas left
sonnyhas left
SpaceFreak aka Tracerhas joined
Zashhas left
Zashhas joined
mukt2has joined
j.rhas left
j.rhas joined
pdurbinhas joined
mukt2has left
andrey.ghas joined
jcbrandhas left
mukt2has joined
pdurbinhas left
mukt2has left
mukt2has joined
mukt2has left
waqashas joined
Link Mauve
RFC5891 says it obsoletes RFC3491, does that mean XMPP applications should stop using the Nameprep stringprep profile for domain names?
Caius Cartapushas left
Caius Cartapushas joined
ralphm
Well...
lorddavidiiihas left
ralphm
It turns out that there are some issues surrounding Precis and multiple versions of Unicode.
Zash
Understatement of the decade 🙂
Link Mauve
ralphm, this isn’t PRECIS yet.
Zash
IDNA 2008?
Zash
That's a separate thing from stringprep
Link Mauve
I’m looking at whether IDNA2008 can be used for the domainpart of JIDs instead of IDNA2003 + Nameprep.
Zash
That's not how it works
Link Mauve
Is it not?
ralphm
Link Mauve, for reference: https://mailarchive.ietf.org/arch/msg/xmpp/a-WhzOTyOq168GujQHgzQ1-DURI
Link Mauve
Thanks.
!XSF_Martinhas left
Link Mauve
Ah yes, I have read this email already.
Link Mauve
This thread.
Zash
If IDNA 2008 replaces IDNA 2003 AND Nameprep then I've gotten it all backwards.
lorddavidiiihas joined
mukt2has joined
alexishas left
Link Mauve
Zash, that’s what I get from the obsoletes header of the RFC, but I may be wrong.
ralphm
I think you either do it using stringprep as earlier versions of XMPP Addresses, or using Precis using the latests incarnation of it
Zash
I've just replaced the IDNA part and kept the stringprep part
sonnyhas joined
alexishas joined
Zash
IDNA doesn't come into play until you start doing DNS
lorddavidiiihas left
Caius Cartapushas left
Link Mauve
IDNA2008 did the same mistake (?) as PRECIS of relaxing the Unicode version from Unicode 3.2 to undefined version.
Zash
Related: The 1023 byte limit on JID parts is super weird given the 256 byte limit on DNS names.
Zash
I guess you can invent your own non-DNS based federation with looooooong server names.
SpaceFreak aka Tracerhas left
Link Mauve
Wouldn’t that break any XMPP software using IDNA*?
SpaceFreak aka Tracerhas joined
lorddavidiiihas joined
Zash
Define "using IDNA*"
Zash
Being mostly familiar with Prosody, I can say that it should work fine as long as you don't try to federate.
Zash
Because IDNA isn't applied until you start doing DNS lookups
Link Mauve
So I shouldn’t use IDNA2003 nor IDNA2008 in my JID library at all?
lorddavidiiihas left
Link Mauve
Since it isn’t involved in DNS in any way?
Zash
Prosody's JID library doesn't use IDNA at least.
Link Mauve
Ok.
adiaholichas left
adiaholichas joined
lorddavidiiihas joined
SpaceFreak aka Tracerhas left
SpaceFreak aka Tracerhas joined
Caius Cartapushas joined
sonnyhas left
!XSF_Martinhas joined
Zash
I guess read https://tools.ietf.org/html/rfc7622#section-3.2 and https://tools.ietf.org/html/rfc6122#section-2.2
Marandahas left
Marandahas joined
karoshihas left
karoshihas joined
ralphm
Or get a hold of Peter
Zash
One could probably interpret those texts as nameprep being basically the same as IDNA?
ralphm
Nameprep uses IDNA, but there a bunch more.
SpaceFreak aka Tracerhas left
flow
Link Mauve, domainparts can be DNS names of U-labels, not A-labels, hence they are in ACE. IDNA converts U-labels to A-labels and is hence not needed for your JID library.
flow
Note that RFC7622 is underspecified regarding domainparts, see also https://www.rfc-editor.org/errata/eid5789
mukt2has left
Zash
> ifqdn = 1*1023(domainbyte)
> a "domainbyte" is a byte used to represent a UTF-8 encoded Unicode code point that can be contained in a string that conforms to RFC 5890
Zash
Hmmm
flow
and here lies the problem
Zash
> ifqdn = 1*(namepoint)
> a "namepoint" is a UTF-8 encoded Unicode code point that satisfies the Nameprep profile of stringprep
in RFC 6122
flow
strike that, the ifqnd definition is not the problem, the textual description is
Zash
Note that those are from two separate RFCs
Zash
The first I pasted replaces the second.
flow
Yep
Zash
Does the 7622 definition permit 1023 UTF-8 continuation bytes?
flow
The problem is that RFC7622 only allows code points allowed in NR-LDH labels and U-labels
flow
which excludes the colon for example, and I am pretty sure most of us have domainparts which include colons
Zash
Oh glob what's an NR-LDH label?
Zash
Colons?
flow
non reserved letters digits hypen label
flow
Zash, just have a look at https://www.rfc-editor.org/errata/eid5789
Zash
That's not allowed in domain names
Zash
And IP literals are in "good luck with that" territory
goffihas left
flow
NR-LDH are the old style dns label format prior unicode, which just could include letters, digits and the hypen, hence the name
Zash
Aren't U-labels the new ones?
flow
yes and no
flow
on the wire DNS still uses LDH labels
flow
hence IDNA
Zashremembers how touching on this topic generally ends with a great desire to crawl down under the desk and cry
flow
It's really not that hard
Zash
`to_ascii()` yes
flow
bbl
Nekithas left
Nekithas joined
karoshihas left
karoshihas joined
mukt2has joined
!XSF_Martinhas left
stpeterhas joined
SpaceFreak aka Tracerhas joined
kokonoehas left
!XSF_Martinhas joined
SpaceFreak aka Tracerhas left
alameyohas left
alameyohas joined
stpeterhas left
SpaceFreak aka Tracerhas joined
mukt2has left
mukt2has joined
mukt2has left
kokonoehas joined
stpeterhas joined
mathijshas left
mathijshas joined
mathijshas left
mathijshas joined
mukt2has joined
Yagizahas left
Yagizahas joined
stpeterhas left
murabitohas left
stpeterhas joined
Yagizahas left
Yagizahas joined
SpaceFreak aka Tracerhas left
SpaceFreak aka Tracerhas joined
krauqhas left
krauqhas joined
stpeterhas left
pdurbinhas joined
SpaceFreak aka Tracerhas left
kokonoehas left
mukt2has left
stpeterhas joined
SpaceFreak aka Tracerhas joined
Caius Cartapushas left
Link Mauve
edhelas, “when you join a chatroom (especially that one)”, which one?