I am not sure but SCRAM-SHA-256(-PLUS) is prefered than SCRAM-SHA-1(-PLUS) no?
-> https://xmpp.org/extensions/xep-0438.html
Neustradamus_
RFC 8600 is not listed
-> https://tools.ietf.org/html/rfc8600
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"
govanifyhas left
govanifyhas joined
alexishas left
govanifyhas left
govanifyhas joined
LNJhas left
govanifyhas left
Neustradamus_
-> https://github.com/xsf/xeps/issues/944
govanifyhas joined
karoshihas left
alexishas joined
Wojtekhas left
pep.
Neustradamus_, I'm not sure you understand what you just changed. All the SCRAM-*-PLUS are on the same level, they have the same priority
pep.
Also github is not the venue to discuss specifications
pep.
The RFC8600 thing seems like a valid concern though (not for me to judge, I'm no crypto-specialist). You should raise this on the standards list
Neustradamus_
pep.: Thanks for your reply
Neustradamus_
Prefered is not same
Neustradamus_
-> "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"
pep.
I'm sorry I don't understand what you're trying to say
pep.
(and I'm also not the one to be convinced by the way)
I invite you to raise this issue on the standards list then if you think it's important.
stpeterhas joined
pep.
I'm going to close the github issue you opened though as it's not what we use github for
Neustradamus_
pep.: no no no
pep.
no?
Neustradamus_
It is important to keep open, the problem is not solved.
pep.
This is not the place to open it
pep.
The place is the standards mailing list
Neustradamus_
I think you can close all opened issues
Neustradamus_
Look here: https://github.com/xsf/xeps/issues
pep.
No, opened issues are editorial issues, not issues about standards
pep.
That is, something not being properly displayed, or broken links etc.
debaclehas left
pep.
Is that ok?
Neustradamus_
There is an editorial problem here
pep.
No there isn't.
pep.
You're trying to change the meaning of a standard
Danielhas left
pep.
Again if you want this to change, it may be a very valid concern, we have processes in place (sometimes annoying I give you that, but there are there nonetheless for reasons)
pep.
Are you fine with me closing the issue now? :)
Neustradamus_
No.
Danielhas joined
pep.
Well I'm sorry I tried the peaceful way.. but I'm going to close it anyway
pep.
If it happens I'm wrong I am very sorry but I really don't think this is an editorial issue.
Neustradamus_
A ticket is here for a trace, we do not close a not solved ticket...
pep.
So if you open a ticket on my XMPP client tracker saying "There is hunger in the world", should I keep it open forever?
pep.
Even if it's unrelated
pep.
(well somewhat..)
pep.
Does this make sense?
Neustradamus_
I can create a new ticket for explain missing RFC 8600 in XEP-0438 :)✎
archas left
archas joined
pep.
Github is not the place for this.
pep.
Period.
Neustradamus_
I can create a new ticket to explain missing RFC 8600 in XEP-0438 :) ✏
archas left
archas joined
pep.
If you want to change standards, send an email to the standards list, please.
Neustradamus_
Please re-add the tracker.xmpp.org ^^
pep.
Raise that to board if that's an issue for you, I'll be happy to raise it
pep.
(Unfortunately I have an idea of the answer)
Neustradamus_
We will see the return of stpeter about it.
archas left
archas joined
archas left
archas joined
Neustradamus_
I know that some people think that SCRAM-SHA-256(-PLUS) is not needed.
pep.
I hope you understand this is not what I am discussing here
Neustradamus_
It is the official XSF MUC Room :)
Maybe we must talk on jdev?
pep.
That is not what I mean
stpeterhas left
pep.
I'll do it in french quickly: Le fait que SCRAM-SHA-256* soit important ou pas n'est pas la question pour moi ici. La question c'est que Github n'est pas un endroit où on souhaite avoir des discussions concernant les spécifications. Les discussions sur le tracker sont uniquement déstinées à la forme (formattage, liens cassés, etc.). Les discussions sur les spécifications se passent sur la liste « standards »
pep.
(And that's it for baguette)
Yagizahas joined
pep.
And I'm going to sleep now :x night
neshtaxmpphas left
neshtaxmpphas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
ajhas joined
govanifyhas left
govanifyhas joined
pdurbinhas joined
govanifyhas left
govanifyhas joined
pdurbinhas left
ajhas left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
pdurbinhas joined
andrey.ghas joined
govanifyhas left
govanifyhas joined
stpeterhas joined
govanifyhas left
govanifyhas joined
archas left
archas joined
contrapunctushas left
stpeterhas left
govanifyhas left
govanifyhas joined
krauqhas left
krauqhas joined
govanifyhas left
govanifyhas joined
DebXWoodyhas joined
govanifyhas left
govanifyhas joined
contrapunctushas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
gavhas left
lovetoxhas joined
DebXWoodyhas left
pdurbinhas left
DebXWoodyhas joined
pdurbinhas joined
neshtaxmpphas left
neshtaxmpphas joined
sonnyhas left
sonnyhas joined
lovetoxhas left
sonnyhas left
neshtaxmpphas left
sonnyhas joined
waqashas left
Yagizahas left
Yagizahas joined
lorddavidiiihas joined
stpeterhas joined
adiaholic_has joined
lovetoxhas joined
stpeterhas left
govanifyhas left
govanifyhas joined
Daniel
Fwiw the benefits PLUS offers definitely outweigh the downsides of Sha1 over over sha2
Nekithas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
lovetoxhas left
adiaholic_has left
adiaholic_has joined
lskdjfhas joined
Shellhas joined
lskdjfhas left
krauqhas left
krauqhas joined
mukt2has joined
lskdjfhas joined
govanifyhas left
govanifyhas joined
mukt2has left
Dele Olajidehas joined
lovetoxhas joined
Shellhas left
Danielhas left
Danielhas joined
archas left
archas joined
Shellhas joined
matkorhas left
matkorhas joined
adiaholic_has left
adiaholic_has joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
mimi89999has left
mimi89999has joined
goffihas joined
goffihas left
goffihas joined
adiaholic_has left
adiaholic_has joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Mikaelahas joined
Danielhas left
Danielhas joined
stpeterhas joined
Neustradamushas left
Neustradamushas joined
Danielhas left
Danielhas joined
xeckshas joined
Danielhas left
Danielhas joined
Tobiashas joined
robertooohas joined
stpeterhas left
archas left
archas joined
archas left
archas joined
karoshihas joined
neshtaxmpphas joined
adiaholic_has left
adiaholic_has joined
andyhas joined
adiaholic_has left
adiaholic_has joined
bearhas left
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
archas left
archas joined
matkorhas left
matkorhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
mimi89999has left
LNJhas joined
archas left
archas joined
j.rhas joined
Danielhas left
archas left
archas joined
bearhas joined
adiaholic_has left
adiaholic_has joined
debaclehas joined
Danielhas joined
ajhas joined
debaclehas left
neshtaxmpphas left
mimi89999has joined
ajhas left
neshtaxmpphas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
Jeybehas joined
karoshihas left
karoshihas joined
karoshihas left
stpeterhas joined
lovetoxhas left
Jeybehas left
Jeybehas joined
mukt2has joined
mukt2has left
stpeterhas left
adiaholic_has left
adiaholic_has joined
Yagizahas left
southerntofuhas joined
debaclehas joined
debaclehas left
debaclehas joined
karoshihas joined
Yagizahas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
andrey.ghas left
contrapunctushas left
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
emushas left
emushas joined
xsfhas left
xsfhas joined
stpeterhas joined
mukt2has joined
adiaholic_has left
adiaholic_has joined
mukt2has left
stpeterhas left
adiaholic_has left
adiaholic_has joined
xsfhas left
lovetoxhas joined
andrey.ghas joined
Zashhas left
Zashhas joined
karoshihas left
karoshihas joined
lovetoxhas left
adiaholic_has left
adiaholic_has joined
contrapunctushas joined
lovetoxhas joined
alexishas left
mukt2has joined
govanifyhas left
govanifyhas joined
mukt2has left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
Jeybehas left
pdurbinhas left
flow
I have the same feeling, but that it's crypto territory, so I'd really like if someone could provide some arguments in either direction ;)
flow
I can 't find anything in my notes, but wasn't there something like tls-server-end-point being broken (or "broken")? it's been a loooong time since I looked deeply into the various channel binding types and TLS.
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
flow
hmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would also work, since IIRC it's simply the hash of the server certificate✎
flow
hmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would always work, since IIRC it's simply the hash of the server certificate ✏
Zash
The TLS 1.3 RFC says in an appendix that channel bindings are not defined.
Jeybehas joined
Zash
In a (oh btw those aren't defined), in the cellar behind a locked door marked "beware the otter"
adiaholic_has left
flow
Zash, thanks.
But does this mean it is impossible for technical reasons to use tls-server-end-point with TLS 1.3?
LNJhas left
Zash
The only reason I know of is the parenthesis in https://tools.ietf.org/html/rfc8446#appendix-C.5
Neustradamus_
Zash: maybe but software can add it
Neustradamus_
I will show you examples
LNJhas joined
Zash
flow: the main implementation issue for me is that you need to know the signature algorithm used in the cert and I don't know it because all I have is a cert object with very limited introspection
Zash
tho 99% of the time it'll be SHA-256, so you could just guess that
Zash
because of how anything less than that should use SHA-256, but if someone somewhere has a cert with SHA-512 signatures then it'll break
stpeterhas joined
debaclehas left
Zash
and according to OpenSSL tls-unique works just fine in TLS 1.3 and I hadn't even noticed that it wasn't supposed to
gavhas joined
mukt2has joined
Neustradamus_
A lot of RFC has been done before TLS 1.3 but it is not a problem to add support.
Neustradamus_
Example: http://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
- added experimental support for EAP-TLS server with TLS v1.3
EAP-TLS in not normally with TLS v1.3.
karoshihas left
karoshihas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
karoshihas left
karoshihas joined
mukt2has left
stpeterhas left
adiaholic_has joined
calvinhas joined
adiaholic_has left
adiaholic_has joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
adiaholic_has left
adiaholic_has joined
karoshihas left
karoshihas joined
adiaholic_has left
sonnyhas left
adiaholic_has joined
stpeterhas joined
lovetoxhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
Nekithas left
calvinhas left
pdurbinhas joined
pdurbinhas left
emushas left
adiaholic_has left
adiaholic_has joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
archas left
archas joined
karoshihas left
stpeterhas left
govanifyhas left
govanifyhas joined
andyhas left
andyhas joined
govanifyhas left
govanifyhas joined
karoshihas joined
Zashhas left
Zashhas joined
calvinhas joined
krauqhas left
krauqhas joined
jonas’
Daniel, Ge0rG, please reply to my message on standards@ re message routing sprint✎
jonas’
Daniel, Ge0rG, I sent the announcement for the sprint just now and you’re welcome to join in :) ✏
Zash
jonas’, do you have a *huge* whiteboard?
jonas’
Zash, I hear there are online whiteboard things
jonas’
I think they even have "infinite" scroll :)
Zash
on .. line? but I want 2d, not 1d! :P
Zash
infinite zoom too?
jonas’
not sure
Ge0rG
A Turing board?
jonas’
if only we had networked Inkscape already :)
Ge0rG
jonas’: thanks, I'll look into it
Zash
Yeah, that, be great, eh, Link Mauve?
calvinhas left
andyhas left
matkorhas left
matkorhas joined
archas left
archas joined
adiaholic_has left
adiaholic_has joined
archas left
archas joined
Yagizahas left
Yagizahas joined
pdurbinhas joined
karoshihas left
karoshihas joined
andrey.ghas left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
waqashas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
larma
flow,
> Actually the schema is irrelevant when it comes to RFC compliance. Schemas are non-normative. This is explicitly noted in the RFC.
true, but the fact that this is described explicitly in the non-normative part thus very much clarifies that the lack of explicit prohibition is intentional and not by accident. Thus it's still relevant, even if non-normative. After all, the non-normative part isn't there just for fun. That's one thing I learned in law classes 😉
jonas’
good that you two agree (I read flows email saying essentially the same)
moparisthebest
Do any other protocols do TLS channel binding?
Link Mauve
Zash, if only I didn’t lose an important part of it from svn being terrible.
archas left
archas joined
Link Mauve
I’m not done rewriting it yet. :/
Zash
moparisthebest: Yes. Probably LDAP and protocols like that.
Zash
moparisthebest: But HTTPS doesn't so who cares, right?
Jeybehas left
moparisthebest
Pretty much yes :)
Jeybehas joined
moparisthebest
People: XMPP is too complicated
XSF: hold my beer *writes more complicated authentication mechanisms with no real benefit*
Zash
I'd feel real special if the IETF & co invented channel bindings just for us :)
pdurbinhas left
jonas’
As if HTTP was simple
jonas’
That’s a lie people can tell themselves because of widespread library support for their *simple* usecases.
Zash
It's so simple you just GET and POST and wait what's this section about caching and content negotiation?