XSF Discussion - 2019-12-06

  1. calvin has joined

  2. andrey.g has joined

  3. mathijs has left

  4. mathijs has joined

  5. LNJ has left

  6. LNJ has joined

  7. andy has left

  8. pep.

    Thanks for the meeting/minutes. As I mentioned on the non-public board list, I was at the protests in france :)

  9. Daniel has left

  10. Daniel has joined

  11. wurstsalat has left

  12. calvin has left

  13. calvin has joined

  14. goffi has left

  15. sonny has left

  16. calvin has left

  17. curen has left

  18. Daniel has left

  19. kokonoe has left

  20. Dele (Mobile) has joined

  21. Daniel has joined

  22. pdurbin has joined

  23. kokonoe has joined

  24. Zash has left

  25. Zash has joined

  26. mukt2 has joined

  27. Daniel has left

  28. pdurbin has left

  29. Daniel has joined

  30. stpeter has joined

  31. mukt2 has left

  32. pdurbin has joined

  33. Steve Kille has joined

  34. matkor has left

  35. Daniel has left

  36. adiaholic has joined

  37. lskdjf has left

  38. Daniel has joined

  39. calvin has joined

  40. matkor has joined

  41. calvin has left

  42. calvin has joined

  43. pdurbin has left

  44. calvin has left

  45. calvin has joined

  46. Zash has left

  47. pdurbin has joined

  48. calvin has left

  49. pdurbin has left

  50. pdurbin has joined

  51. stpeter has left

  52. pdurbin has left

  53. alexis has left

  54. alexis has joined

  55. pdurbin has joined

  56. pdurbin has left

  57. Daniel has left

  58. Daniel has joined

  59. matkor has left

  60. matkor has joined

  61. mukt2 has joined

  62. mukt2 has left

  63. mukt2 has joined

  64. pdurbin has joined

  65. mukt2 has left

  66. mukt2 has joined

  67. Nekit has joined

  68. david has left

  69. stpeter has joined

  70. adiaholic has left

  71. adiaholic has joined

  72. david has joined

  73. mukt2 has left

  74. mukt2 has joined

  75. Yagiza has joined

  76. stpeter has left

  77. adiaholic has left

  78. adiaholic has joined

  79. Daniel has left

  80. lorddavidiii has joined

  81. j.r has left

  82. j.r has joined

  83. Daniel has joined

  84. matkor has left

  85. andy has joined

  86. matkor has joined

  87. lovetox has joined

  88. j.r has left

  89. j.r has joined

  90. Tobias has joined

  91. lorddavidiii has left

  92. lorddavidiii has joined

  93. paul has joined

  94. pdurbin has left

  95. mimi89999 has left

  96. mimi89999 has joined

  97. pdurbin has joined

  98. Daniel has left

  99. wurstsalat has joined

  100. pdurbin has left

  101. pdurbin has joined

  102. Daniel has joined

  103. Daniel has left

  104. j.r has left

  105. j.r has joined

  106. APach has left

  107. APach has joined

  108. Daniel has joined

  109. j.r has left

  110. j.r has joined

  111. waqas has left

  112. waqas has joined

  113. waqas has left

  114. mukt2 has left

  115. mukt2 has joined

  116. Daniel has left

  117. Daniel has joined

  118. lorddavidiii has left

  119. mukt2 has left

  120. mukt2 has joined

  121. lorddavidiii has joined

  122. lorddavidiii has left

  123. edhelas


  124. lorddavidiii has joined

  125. Daniel has left

  126. Daniel has joined

  127. mukt2 has left

  128. mukt2 has joined

  129. mathijs has left

  130. mathijs has joined

  131. mukt2 has left

  132. mukt2 has joined

  133. jcbrand has joined

  134. mukt2 has left

  135. murabito has joined

  136. mathijs has left

  137. mathijs has joined

  138. Zash has joined

  139. mukt2 has joined

  140. mukt2 has left

  141. COM8 has joined

  142. SpaceFreak aka Tracer has joined

  143. mukt2 has joined

  144. APach has left

  145. APach has joined

  146. SpaceFreak aka Tracer has left

  147. goffi has joined

  148. COM8 has left

  149. mukt2 has left

  150. mukt2 has joined

  151. SpaceFreak aka Tracer has joined

  152. mukt2 has left

  153. test has joined

  154. paul has left

  155. mukt2 has joined

  156. paul has joined

  157. paul has left

  158. test has left

  159. edhelas

    Movim 0.16.1 released https://nl.movim.eu/?node/pubsub.movim.eu/Movim/cdfc0a4c-3459-4d3b-8c15-08994810d54e

  160. Guus


  161. Guus

    out of personal interest: does that now work with the latest Openfire? iirc, we've fixed the issues that caused interop problems

  162. sonny has joined

  163. Zash

    Do we have all the server devs in one of the channelrooMUCs?

  164. mukt2 has left

  165. edhelas

    Guus didn't tried with Openfire recently

  166. Martin has joined

  167. Guus

    Zash this one? 🙂

  168. Guus


  169. Zash

    Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471 Thoughts?

  170. Zash

    (Metarelated: We need that Hats XEP implemented)

  171. Daniel has left

  172. Daniel has joined

  173. Guus

    I was going to show you how bad of an idea of that was, because over half of my s2s connections use dialback - only to find out that hardly any do.

  174. paul has joined

  175. paul has left

  176. Guus

    Still, I'd not be a fan, as it'd break backwards compatibility. I'm constantly talking to people that are running server versions that are pretty old.

  177. Guus

    (even those _could_ also do certificate based auth, etc, etc)

  178. Zash

    I was going to ask why the only Dialback connections I have are to jabber.org, dwd and an openfire

  179. Guus

    Why is Openfire's (I'm assuming xmpp.igniterealtime.org) using Dialback? It has valid certs.

  180. Daniel has left

  181. Daniel has joined

  182. Zash

    Why is it not offering me SASL EXTERNAL? I have valid certs?

  183. Guus

    we're running something alpha - buggydibugbug?

  184. jubalh has joined

  185. Guus

    also, we're currently rewriting all of the s2s code...

  186. Guus

    (not doing dialback would actually save us a lot of time...)

  187. paul has joined

  188. Zash

    In theory having multiplexing would be very nice, but in practice I've never seen that be used, except for that one time dwd tried and found a bug in Prosody.

  189. Zash

    So I've been leaning towards depoying XEP-0288 - Bidi instead and being happy enough with that.

  190. Martin has left

  191. Holger

    > I'd not be a fan, as it'd break backwards compatibility. Same here.

  192. Holger

    I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.)

  193. mukt2 has joined

  194. Martin has joined

  195. Zash

    Are any of the Tigase folks here or in jdev@?

  196. jonas’

    fun question: those hosts which can only do dialback, what TLS version can they do?

  197. jonas’

    is it likely that they will become unreachable "soon" either way because libssl drops support for that version?

  198. Guus

    I don't think we should remove support for people that for one reason or another don't want or can't set up certificates. Dialback offers better security than no security.

  199. Guus

    I can think of deployments that are deliberately not internet-facing, or have other reasons to not want to depend on Let's Encrypt

  200. mukt2 has left

  201. Guus

    Also, everyone having valid certificates very much is an effect of one single organisation providing a service, I think. What happens if, for whatever reason, Let's Encrypt stops doing their thing (or stops being trustworthy)?

  202. Guus

    Their certificates are only valid for 3 months - having dialback as a fallback to a service that pretty much hinges on one organisation isn't the worst of ideas, maybe.

  203. Zash

    I'm not a fan of this single point of failure either

  204. Zash

    However it is the current reality

  205. Guus

    would making it easier to disable dialback be a compromise to be considered?

  206. Zash

    I did word it as "phase out", meaning not instant.

  207. Guus

    security-minded setups can then disable it, while others might opt to choose interop over security. It boils down to that question, right?

  208. Zash


  209. Zash

    FWIW it's pretty easy in Prosody already, just comment out that module.

  210. Guus

    Sure, not saying it wasn't 🙂

  211. Zash

    No idea about other servers, but if it's not easy then making it easy seems like a good idea.

  212. Guus

    Having given this 5 minutes of thought, I'd not be a fan of phase out Dialback though.

  213. Maranda

    > Guus, Holger, other server devs: We Prosody devs have been thinking about phasing out Dialback, for reasons written down in https://issues.prosody.im/1471 > Thoughts? > (Metarelated: We need that Hats XEP implemented) Agreed with Guus phasing out DB is a horrible idea, I already more than once expressed my opinion on it

  214. Guus

    I think it's good to discuss these things though. Thanks!

  215. Guus

    Maranda : I never said it was a horrible idea.

  216. !XSF_Martin

    Zash: Didn't you recently talk about disabling dialback in prosody?

  217. Maranda

    Plenty of cisco jabber deployments only do DB for example

  218. Zash

    !XSF_Martin: Yes.

  219. Maranda

    And not sasl external

  220. lskdjf has joined

  221. Maranda

    > Same here. > I think Tigase still doesn't support SASL EXTERNAL at all, for example. (Not entirely sure though.) I'm not sure if it doesnt support it for sure I never seen any deployment I know of using it with my server

  222. SpaceFreak aka Tracer has left

  223. Guus

    fwiw: https://issues.igniterealtime.org/browse/OF-1940

  224. sonny has left

  225. SpaceFreak aka Tracer has joined

  226. Maranda

    Also I never agreed about most of the security concerns on DB nowadays, very few implementations don't do STARTTLS before DB (Metronome does bump servers that do that for example)

  227. Maranda

    And the rogue issuing of certificates by LE just introduces more security concerns, so I'm not sure what you expect to achieve here beside breaking interoperability

  228. Caius Cartapus has left

  229. Caius Cartapus has joined

  230. MattJ

    Backwards compatibility: meh Let's Encrypt: it's still not the world's only CA by far Closed setups: don't care about s2s, or can run their own CA or enable dialback

  231. Wojtek has joined

  232. pdurbin has left

  233. debacle has joined

  234. jubalh has left

  235. Daniel

    Where is memberbot again?

  236. Daniel

    The source code I mean

  237. Daniel

    I finally want to do a lower case and a trim around the response parsing

  238. Daniel

    The fact that it doesn't accept 'Yes ' is super annoying

  239. Maranda

    MattJ: I'm not the one who mentioned LE as solution for a free certificate to feed to SASL external to begin with

  240. Wojtek

    @Maranda - we added it recently in development versions so it will be included in next 8.1.0

  241. lorddavidiii has left

  242. pep.

    Daniel, https://github.com/legastero/memberbot

  243. pep.

    See also some fixes here already: https://github.com/linkmauve/memberbot/commits/master

  244. Daniel

    pep.: thank you

  245. Guus

    Daniel I think Alex mentioned forking that into the xsf github account recently. Not sure if he's working on it.

  246. mukt2 has joined

  247. Guus

    and yes, it's annoying. I'd welcome that fix 🙂

  248. Alex

    travelling right now with bad internet access. Feel free to fork it to the XSF repo and I will take it from there ;-)

  249. Daniel

    I think I'll pr link's repo

  250. lorddavidiii has joined

  251. Alex

    also, don't think I have permissions to fork it to XSF repo, so someone else would need to do the initial fork

  252. pep.

    Maybe I can, now

  253. Alex


  254. pep.

    hmm no I can't

  255. mukt2 has left

  256. pep.

    Daniel, as you might have seen the "Redis woohoo!" commit is just here to bypass Redis as we didn't want to set it up to test our changes :-°

  257. wurstsalat has left

  258. wurstsalat has joined

  259. pep.

    (also I'm curious if it's actually necessary..)

  260. Daniel

    I was just blindly going to add strip().lower() in some places. I wasn't even going to run it

  261. pep.


  262. SpaceFreak aka Tracer has left

  263. SpaceFreak aka Tracer has joined

  264. dwd

    Zash, XEP-0220 is also used by XEP-0288 - are you suggesting that the dialback auth is deprecated, or that the syntax itself is deprecated?

  265. mukt2 has joined

  266. moparisthebest

    Maranda: rogue issuing of certs by LE?

  267. Zash

    dwd: Personally I really don't like the syntax. But I'm pretty sure you can do 288 without talking Dialback.

  268. mukt2 has left

  269. sonny has joined

  270. mukt2 has joined

  271. pep.

    ralphm, Guus, can somebody give me perms on the trello board so I add agendan items please.

  272. pep.

    ralphm, Guus, can somebody give me perms on the trello board so I add agenda items please.

  273. andrey.g has left

  274. j.r has left

  275. mukt2 has left

  276. ralphm

    pep., what is your username there?

  277. pep.


  278. mukt2 has joined

  279. ralphm

    pep., oh, interesting, I also found another one, which does have an avatar

  280. pep.

    I just added an avatar

  281. ralphm

    but that one is maximebuquet

  282. pep.

    Yeah, that was the original username they gave me, and apparently it's possible to change it.

  283. j.r has joined

  284. pep.

    Not sure how long it sticks around

  285. ralphm

    so it is one account then?

  286. ralphm


  287. pep.

    it is

  288. pep.


  289. pep.

    Thanks I've been added

  290. ralphm

    Well, I think I added both

  291. pep.

    ugh, weird

  292. SpaceFreak aka Tracer has left

  293. SpaceFreak aka Tracer has joined

  294. j.r has left

  295. j.r has joined

  296. Guus

    I though I already added you?

  297. Guus

    Are you there three times now? 😁

  298. ralphm

    You added one of his accounts as guest

  299. ralphm

    I promoted that one, and added the other for good measure.

  300. ralphm

    So pep. is double important now

  301. Guus

    Internet is hard

  302. ralphm


  303. mukt2 has left

  304. Martin

    The *hard* parts are not the problems, the problems come from the *soft* part. No software, no problem. 😁

  305. Guus

    You beat the end boss?

  306. SpaceFreak aka Tracer has left

  307. sonny has left

  308. SpaceFreak aka Tracer has joined

  309. Zash has left

  310. Zash has joined

  311. mukt2 has joined

  312. j.r has left

  313. j.r has joined

  314. pdurbin has joined

  315. mukt2 has left

  316. andrey.g has joined

  317. jcbrand has left

  318. mukt2 has joined

  319. pdurbin has left

  320. mukt2 has left

  321. mukt2 has joined

  322. mukt2 has left

  323. waqas has joined

  324. Link Mauve

    RFC5891 says it obsoletes RFC3491, does that mean XMPP applications should stop using the Nameprep stringprep profile for domain names?

  325. Caius Cartapus has left

  326. Caius Cartapus has joined

  327. ralphm


  328. lorddavidiii has left

  329. ralphm

    It turns out that there are some issues surrounding Precis and multiple versions of Unicode.

  330. Zash

    Understatement of the decade 🙂

  331. Link Mauve

    ralphm, this isn’t PRECIS yet.

  332. Zash

    IDNA 2008?

  333. Zash

    That's a separate thing from stringprep

  334. Link Mauve

    I’m looking at whether IDNA2008 can be used for the domainpart of JIDs instead of IDNA2003 + Nameprep.

  335. Zash

    That's not how it works

  336. Link Mauve

    Is it not?

  337. ralphm

    Link Mauve, for reference: https://mailarchive.ietf.org/arch/msg/xmpp/a-WhzOTyOq168GujQHgzQ1-DURI

  338. Link Mauve


  339. !XSF_Martin has left

  340. Link Mauve

    Ah yes, I have read this email already.

  341. Link Mauve

    This thread.

  342. Zash

    If IDNA 2008 replaces IDNA 2003 AND Nameprep then I've gotten it all backwards.

  343. lorddavidiii has joined

  344. mukt2 has joined

  345. alexis has left

  346. Link Mauve

    Zash, that’s what I get from the obsoletes header of the RFC, but I may be wrong.

  347. ralphm

    I think you either do it using stringprep as earlier versions of XMPP Addresses, or using Precis using the latests incarnation of it

  348. Zash

    I've just replaced the IDNA part and kept the stringprep part

  349. sonny has joined

  350. alexis has joined

  351. Zash

    IDNA doesn't come into play until you start doing DNS

  352. lorddavidiii has left

  353. Caius Cartapus has left

  354. Link Mauve

    IDNA2008 did the same mistake (?) as PRECIS of relaxing the Unicode version from Unicode 3.2 to undefined version.

  355. Zash

    Related: The 1023 byte limit on JID parts is super weird given the 256 byte limit on DNS names.

  356. Zash

    I guess you can invent your own non-DNS based federation with looooooong server names.

  357. SpaceFreak aka Tracer has left

  358. Link Mauve

    Wouldn’t that break any XMPP software using IDNA*?

  359. SpaceFreak aka Tracer has joined

  360. lorddavidiii has joined

  361. Zash

    Define "using IDNA*"

  362. Zash

    Being mostly familiar with Prosody, I can say that it should work fine as long as you don't try to federate.

  363. Zash

    Because IDNA isn't applied until you start doing DNS lookups

  364. Link Mauve

    So I shouldn’t use IDNA2003 nor IDNA2008 in my JID library at all?

  365. lorddavidiii has left

  366. Link Mauve

    Since it isn’t involved in DNS in any way?

  367. Zash

    Prosody's JID library doesn't use IDNA at least.

  368. Link Mauve


  369. adiaholic has left

  370. adiaholic has joined

  371. lorddavidiii has joined

  372. SpaceFreak aka Tracer has left

  373. SpaceFreak aka Tracer has joined

  374. Caius Cartapus has joined

  375. sonny has left

  376. !XSF_Martin has joined

  377. Zash

    I guess read https://tools.ietf.org/html/rfc7622#section-3.2 and https://tools.ietf.org/html/rfc6122#section-2.2

  378. Maranda has left

  379. Maranda has joined

  380. karoshi has left

  381. karoshi has joined

  382. ralphm

    Or get a hold of Peter

  383. Zash

    One could probably interpret those texts as nameprep being basically the same as IDNA?

  384. ralphm

    Nameprep uses IDNA, but there a bunch more.

  385. SpaceFreak aka Tracer has left

  386. flow

    Link Mauve, domainparts can be DNS names of U-labels, not A-labels, hence they are in ACE. IDNA converts U-labels to A-labels and is hence not needed for your JID library.

  387. flow

    Note that RFC7622 is underspecified regarding domainparts, see also https://www.rfc-editor.org/errata/eid5789

  388. mukt2 has left

  389. Zash

    > ifqdn = 1*1023(domainbyte) > a "domainbyte" is a byte used to represent a UTF-8 encoded Unicode code point that can be contained in a string that conforms to RFC 5890

  390. Zash


  391. flow

    and here lies the problem

  392. Zash

    > ifqdn = 1*(namepoint) > a "namepoint" is a UTF-8 encoded Unicode code point that satisfies the Nameprep profile of stringprep in RFC 6122

  393. flow

    strike that, the ifqnd definition is not the problem, the textual description is

  394. Zash

    Note that those are from two separate RFCs

  395. Zash

    The first I pasted replaces the second.

  396. flow


  397. Zash

    Does the 7622 definition permit 1023 UTF-8 continuation bytes?

  398. flow

    The problem is that RFC7622 only allows code points allowed in NR-LDH labels and U-labels

  399. flow

    which excludes the colon for example, and I am pretty sure most of us have domainparts which include colons

  400. Zash

    Oh glob what's an NR-LDH label?

  401. Zash


  402. flow

    non reserved letters digits hypen label

  403. flow

    Zash, just have a look at https://www.rfc-editor.org/errata/eid5789

  404. Zash

    That's not allowed in domain names

  405. Zash

    And IP literals are in "good luck with that" territory

  406. goffi has left

  407. flow

    NR-LDH are the old style dns label format prior unicode, which just could include letters, digits and the hypen, hence the name

  408. Zash

    Aren't U-labels the new ones?

  409. flow

    yes and no

  410. flow

    on the wire DNS still uses LDH labels

  411. flow

    hence IDNA

  412. Zash remembers how touching on this topic generally ends with a great desire to crawl down under the desk and cry

  413. flow

    It's really not that hard

  414. Zash

    `to_ascii()` yes

  415. flow


  416. Nekit has left

  417. Nekit has joined

  418. karoshi has left

  419. karoshi has joined

  420. mukt2 has joined

  421. !XSF_Martin has left

  422. stpeter has joined

  423. SpaceFreak aka Tracer has joined

  424. kokonoe has left

  425. !XSF_Martin has joined

  426. SpaceFreak aka Tracer has left

  427. alameyo has left

  428. alameyo has joined

  429. stpeter has left

  430. SpaceFreak aka Tracer has joined

  431. mukt2 has left

  432. mukt2 has joined

  433. mukt2 has left

  434. kokonoe has joined

  435. stpeter has joined

  436. mathijs has left

  437. mathijs has joined

  438. mathijs has left

  439. mathijs has joined

  440. mukt2 has joined

  441. Yagiza has left

  442. Yagiza has joined

  443. stpeter has left

  444. murabito has left

  445. stpeter has joined

  446. Yagiza has left

  447. Yagiza has joined

  448. SpaceFreak aka Tracer has left

  449. SpaceFreak aka Tracer has joined

  450. krauq has left

  451. krauq has joined

  452. stpeter has left

  453. pdurbin has joined

  454. SpaceFreak aka Tracer has left

  455. kokonoe has left

  456. mukt2 has left

  457. stpeter has joined

  458. SpaceFreak aka Tracer has joined

  459. Caius Cartapus has left

  460. Link Mauve

    edhelas, “when you join a chatroom (especially that one)”, which one?

  461. Link Mauve

    Otherwise, congrats for the release!

  462. kokonoe has joined

  463. kokonoe has left

  464. SpaceFreak aka Tracer has left

  465. SpaceFreak aka Tracer has joined

  466. kokonoe has joined

  467. pdurbin has left

  468. SpaceFreak aka Tracer has left

  469. SpaceFreak aka Tracer has joined

  470. stpeter has left

  471. kokonoe has left

  472. kokonoe has joined

  473. kokonoe has left

  474. kokonoe has joined

  475. Wojtek has left

  476. mukt2 has joined

  477. sonny has joined

  478. Yagiza has left

  479. SpaceFreak aka Tracer has left

  480. adiaholic has left

  481. sonny has left

  482. mukt2 has left

  483. eevvoor has joined

  484. neshtaxmpp has left

  485. kokonoe has left

  486. dele has joined

  487. kokonoe has joined

  488. SpaceFreak aka Tracer has joined

  489. dele has left

  490. Wojtek has joined

  491. SpaceFreak aka Tracer has left

  492. SpaceFreak aka Tracer has joined

  493. SpaceFreak aka Tracer has left

  494. pdurbin has joined

  495. mathijs has left

  496. mathijs has joined

  497. mathijs has left

  498. mathijs has joined

  499. neshtaxmpp has joined

  500. SpaceFreak aka Tracer has joined

  501. pdurbin has left

  502. mathijs has left

  503. mathijs has joined

  504. mukt2 has joined

  505. debacle has left

  506. Wojtek has left

  507. adiaholic has joined

  508. mukt2 has left

  509. mukt2 has joined

  510. pdurbin has joined

  511. adiaholic has left

  512. adiaholic has joined

  513. Wojtek has joined

  514. adiaholic has left

  515. SpaceFreak aka Tracer has left

  516. mathijs has left

  517. mathijs has joined

  518. pdurbin has left

  519. SpaceFreak aka Tracer has joined

  520. kokonoe has left

  521. kokonoe has joined

  522. SpaceFreak aka Tracer has left

  523. Wojtek has left

  524. mathijs has left

  525. mathijs has joined

  526. mathijs has left

  527. mathijs has joined

  528. mathijs has left

  529. mathijs has joined

  530. Nekit has left

  531. Caius Cartapus has joined

  532. mukt2 has left

  533. lovetox has left

  534. eevvoor has left

  535. neshtaxmpp has left

  536. neshtaxmpp has joined

  537. pdurbin has joined

  538. pdurbin has left

  539. wurstsalat has left

  540. kokonoe has left

  541. Tobias has left

  542. Daniel has left

  543. Daniel has joined

  544. Daniel has left

  545. kokonoe has joined

  546. Daniel has joined

  547. lorddavidiii has left

  548. Daniel has left

  549. Steve Kille has left

  550. Daniel has joined

  551. stpeter has joined

  552. mukt2 has joined

  553. mukt2 has left

  554. Martin has left

  555. alexis has left