- rion is updating xep-0371 against updated ICE RFC. PR will be ready soon.
-
Link Mauve
jonas’, what are your plans wrt XEP-0390?
-
Link Mauve
Is it planned to stay compatible or do you want to change things?
-
Link Mauve
For a new client which doesn’t need to be compatible with anything else, can I require it instead of 0115?
-
rion
I remember we discussed some missing features in XEP-0390. Not sure if it went to mail-list
-
jonas’
Link Mauve, I think it needs some breaking changes
-
jonas’
though I don’t recall specifically what those were
-
Link Mauve
Ok.
-
Link Mauve
I’d like to become author for XEP-0284 btw.
-
pep.
You need an ack from the author? How does that work? Council if no reply from them after some time?
-
pep.
authors*
-
jonas’
pep., effectively
-
pep.
Link Mauve, can you PR?
-
Link Mauve
Sure.
-
Link Mauve
I have other changes to do too.
-
pep.
:)
-
pep.
Just that it's the best way to get things to move
-
jonas’
yeah, if we have a PR to look at, we can track the authors responsiveness, and if it is lacking, we can make you author
-
Ge0rG
And what do you do if you have an author, but you disagree with them on some important architectural points? Fork the XEP?
-
pep.
I guess that's up to the author to know what they want and accept/refuse new authors
-
pep.
And yeah you'd fork the XEP if you really wanted.. ?
-
pep.
Not sure where council would stand here
-
moparisthebest
Syndace: "GCM is not meant to handle larger amounts of data" what do you mean?
-
Syndace
moparisthebest: GCM mandates to not return any of the plaintext until the auth tag is verified. This means that conforming implementations have to keep the whole plaintext in ram
-
moparisthebest
I don't think so
-
Daniel
You can/are supposed to chunk the data I think
-
Syndace
See the Conversations thing that you just helped Daniel fix :D
-
moparisthebest
You can just split it into smaller chunks
-
Daniel
But it doesn't matter. The other two points are correct
-
Daniel
And more important
-
Syndace
Sure, you can also just use CBC
-
moparisthebest
The problem isn't solved by cbc
-
moparisthebest
Do you output unverified CBC decryption? You shouldn't
-
Syndace
We use HMAC
-
moparisthebest
Right, gcm is just hmac but built in so you can't use it incorrectly
-
Syndace
then consider that point of my mail as invalid
-
moparisthebest
The same restriction applies, you shouldn't use the result of the decryption unless the hmac is valid
-
Link Mauve
pep., jonas’, here: https://github.com/xsf/xeps/pull/904
-
moparisthebest
So you must keep that chunk in ram until you do, in both cases the solution is chunking
-
moparisthebest
The "single primitive" is still a good argument
-
moparisthebest
Just means you have to be super careful about the hmac...
-
Syndace
Also I think GCM impls are not known for being bug free and super compatible
-
Daniel
Well to be fair with gcm you have to be careful with the Auth tag
-
Daniel
And both old old omemo and http upload do it wrong
-
Daniel
I guess you always have to be careful with crypto
-
moparisthebest
I think aes-gcm is required for http2 TLS, pretty compatible
-
moparisthebest
If you use the correct length IV
-
moparisthebest
Which obviously isn't obvious :)
-
moparisthebest
Do you encrypt then hmac or hmac then encrypt, that's the real gotcha when not using authenticated encryption modes
-
Syndace
encrypt then hmac
-
Syndace
...the same way it's done by double ratchet
-
moparisthebest
So you can verify the hmac before you even try to decrypt
-
moparisthebest
But that means for large data you still need chunked, because the hmac is at the end, so you buffer encrypted data before getting to it, verify, then decrypt
-
Syndace
yup, the description of the message decryption algorithm also lists the hmac verification before the decryption
-
jonas’
fun
-
Syndace
moparisthebest: well we encrypt stanzas so size limits apply
-
Syndace
pretty sure a single stanza can fit the ram
-
moparisthebest
Hehehe how sure are you :)
-
jonas’
moparisthebest, did you submit your updates on '368 already?
-
moparisthebest
No, still need to...
-
jonas’
alright, then I didn’t miss it
-
Syndace
> Hehehe how sure are you :) not sure enough. Noted as something we have to think/talk about again, thanks for the input.
-
jonas’
to play it safe, a Full Stanza Encryption implementation can’t generate stanzas over ~7 kiB (decrypted) either way
-
Syndace
I mean, stanzas are pretty damn certainly under 1 MiB in size, but still there are theoretical edge cases of IoT devices wanting to use OMEMO or something...
-
Syndace
Oh is that so? cool
-
jonas’
because 10 kiB is the minimum stanza limit defined in RFC 6120
-
jonas’
not that anyone enforces that
-
jonas’
I mean your average PEP-based avatar is way above that already
-
jonas’
s/ki/k/
-
jonas’
so my comment is pretty useless, but alludes to a general issue: there should be a limit or (cross-stanza) chunking (which then sounds awfully like sending stanzas via JET-encrypted IBB)
-
Zash
Anyone got stats on avatar sizes?
-
jonas’
Zash, I have for MUCs ;)
-
jonas’
(or, could have. I downscale)✎ -
jonas’
(or, could have. I scale them down on ingestion) ✏
-
jonas’
Syndace, actually, how about implementing FSE as JET-encrypted IBB?
-
Syndace
I don't XMPP, what is IBB xD Heard of JET at least
-
jonas’
In-Band Bytestreams
-
Syndace
uh huh
-
jonas’
https://xmpp.org/extensions/xep-0047.html
-
Syndace
"sessions" looks like it's synchronous/requires both parties to be online
-
jonas’
ahh, right
-
jonas’
that’s gonna be a deal-breaker
-
jonas’
would’ve been fun tho
-
jonas’
so you need to either specify some kind of chunking (then the question: how to deal with missing chunks? see the vulnerabilities in IP fragmentation implementations to get an idea of why this question is important and non-trivial) or set an upper limit which is sane
-
Syndace
chunking is a big nope from my side
-
Syndace
so much complexity for such an edge case
-
lovetox
xmpp.net server test is soooooo slow
-
Syndace
servers are already encouraged to do stanza-too-big stuff
-
jonas’
Syndace, so we end up with Path-MTU discovery in XMPP :D
-
jonas’
lovely
-
jonas’
it is amazing how problems replicate on each layer of the stack
-
lovetox
it cant even take my request to check a new server
-
moparisthebest
I'm about 98% sure all clients would crash and burn if a server sent them too big of a stanza
-
Syndace
yeaj✎ -
moparisthebest
for some definition of too big
-
Syndace
yeah ✏
-
jonas’
when I started aioxmpp, I asked, and people told me to trust the server on that one.
-
jonas’
and I think that’s a sane way to look at it
-
jonas’
obviously it shouldn’t allow you to RCE, and you may handle it more gracefully than OOMing, but what are you gonna do?
-
moparisthebest
*maybe*, but RFC-wise does anything really stop a server from just streaming stanzas around?
-
Syndace
I'm not sure that's on us to solve
-
Link Mauve
lovetox, it throttles a lot in order not to take down any server, no matter how underpowered it is.
-
moparisthebest
once you have who the stanza is addressed to, you don't really *need* to buffer it in memory anymore as a server right?
-
moparisthebest
just read a bit and send it right out the other end
-
jonas’
moparisthebest, you still need to do buffering to synchronise when multiple entities want to same to the same entity at the same time
-
moparisthebest
I suspect no servers in the wild are written this way, but they could be
-
jonas’
you also have to reject stanzas which are invalid XML
-
jonas’
(as per a MUST in RFC 6120)
-
jonas’
so you have to at least de- and re-serialise them
-
moparisthebest
hmm, well that does imply buffering entire stanzas then
-
jonas’
(of course, you can do this by simply streaming SAX events around, no need to build the full tree)
-
jonas’
ah yeah, you have to at least keep a copy
-
lovetox
damn xmpp.net server test cant do direct tls test ..
-
lovetox
can somebody test direct tls on movim.eu
-
jonas’
correct
-
jonas’
"test"?
-
lovetox
it does send invalid tls handshake for me, and i want to find out if thats my lib or a problem on the server
-
jonas’
s2s, c2s?
-
lovetox
c2s
-
moparisthebest
does it listen on 443? if so you can test the TLS bit with ssllabs.com
-
lovetox
no
-
lovetox
149.210.220.39:5223
-
lovetox
thats the address
-
jonas’
2020/03/10 18:58:09 failed to probe c2s to xmpp:movim.eu: tls: first record does not look like a TLS handshake
-
jonas’
lovetox, ^
-
jonas’
my blackbox exporter agrees
-
jonas’
openssl s_client agrees, too: 139993024365760:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
-
jonas’
yeah, that’s plain XMPP
-
moparisthebest
you can also do https://nl.movim.eu:5223/
-
jonas’
sending anything with ncat gives me a not-well-formed XMPP steram error
-
jonas’
do http:// instead
-
moparisthebest
won't let me, HSTS ?
-
jonas’
pity
-
jonas’
then use ncat :)
-
moparisthebest
but yes, mostly that works too :)
-
jonas’
it’s a plaintext XMPP port, not direct TLS
-
moparisthebest
yep that record is wrong, dino will likely fail to connect ever too
-
moparisthebest
(yet another reason TCP connect success should NOT be a criteria for not falling back to next SRV record)
-
lovetox
yes moparisthebest a user reported this today
-
lovetox
and now he cant connect, because i dont try the others ^
-
moparisthebest
who's responsible for movim.eu ? edhelas ?
-
lovetox
yeah i notified him
-
lovetox
but see moparisthebest nobody would find that error
-
lovetox
its a thin line to walk
-
moparisthebest
well, user would probably have preferred to just be connected though
-
lovetox
you dont want to shadow all errors, and you dont want to make your users mad
-
moparisthebest
you could maybe report connection errors anyway?
-
lovetox
yes, i agree in this case user wants to connect and does not care
-
moparisthebest
"hey we failed to connect to X so now we are connecting to Y" or something
-
moparisthebest
you won't hear any "UX is easy" arguments from me :)
-
jonas’
lovetox, it’s the operators responsibility to monitor
-
jonas’
the tools are there
-
moparisthebest
10 day TTL on that SRV record, so the fix needs to be make that a direct TLS port, not remove the SRV
-
jonas’
the first error I showed you is from a tool to monitor c2s/s2s connectivity on both direct TLS and STARTTLS. it can even do XMPP pings if you give it credentials. it’ll also check whether expected SASL mechanisms are there.
-
jonas’
hm
-
jonas’
maybe I should take the search.jabber.network domain corpus and scan all the SRV endpoints and notify operators about failures.
-
jonas’
or at least the corpus of domains affiliated with the top 100 or so rooms
-
moparisthebest
I was going to say, a tool is good, but you need another off-network server to be able to run it on for it to be real useful most of the time, not all admins have that I guess
-
jonas’
moparisthebest, not really
-
jonas’
most of the time, failures discovered by monitoring from the outside are not something you can fix either way
-
moparisthebest
if you only have 1 server, running the tool and xmpp server on the same machine isn't ideal
-
jonas’
it’s not ideal, but it would definitely have caught this problem
-
moparisthebest
certainly better than *nothing*, and yes
-
jonas’
it will also catch the issue when the server runs OOM
-
jonas’
and crashes
-
jonas’
it will catch most of the things you can fix locally
-
jonas’
it won’t catch when the entire box goes down, but chances are you’ll notice that either way
-
jonas’
(and you can ping-probe the up-ness of the box cheaply from the outside)
-
jonas’
also, maybe I should start offering XMPP probes to others. it’s cheap for me to do, sending emails on problems is cheap too
-
moparisthebest
on my giant todo list is still such a tool/service but also checking things like "is alpn required" and such
-
jonas’
moparisthebest, feel free to include basic checks in this: https://github.com/horazont/prometheus-xmpp-blackbox-exporter
-
moparisthebest
"is SNI required" as well, similar to ssllabs
-
jonas’
"is X required" kind of stuff isn’t interesting for continuous monitoring though
-
jonas’
(oftentimes)
-
moparisthebest
yep I agree, it's pretty helpful when setting up though
-
jonas’
true
-
jonas’
extending/rewriting xmpp.net would be the target for this type of efforts
-
jonas’
> I honestly don’t see the point in proving to the other side that you can do regular expressions on the user input. ahahaha✎ -
jonas’
> I honestly don’t see the point in proving to the other side that you can do regular expressions on the user input. ahahaha ✏
-
jonas’
love that wording