XSF Discussion - 2020-05-09


  1. krauq has left

  2. krauq has joined

  3. arc has left

  4. arc has joined

  5. arc has left

  6. arc has joined

  7. govanify has left

  8. govanify has joined

  9. Neustradamus has left

  10. Neustradamus has joined

  11. pdurbin has joined

  12. govanify has left

  13. govanify has joined

  14. arc has left

  15. arc has joined

  16. pdurbin has left

  17. Neustradamus has left

  18. Neustradamus_ has left

  19. Neustradamus has joined

  20. Neustradamus has left

  21. Neustradamus has joined

  22. Neustradamus_ has joined

  23. Neustradamus_

    I am not sure but SCRAM-SHA-256(-PLUS) is prefered than SCRAM-SHA-1(-PLUS) no? -> https://xmpp.org/extensions/xep-0438.html

  24. Neustradamus_

    RFC 8600 is not listed -> https://tools.ietf.org/html/rfc8600 "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"

  25. govanify has left

  26. govanify has joined

  27. alexis has left

  28. govanify has left

  29. govanify has joined

  30. LNJ has left

  31. govanify has left

  32. Neustradamus_

    -> https://github.com/xsf/xeps/issues/944

  33. govanify has joined

  34. karoshi has left

  35. alexis has joined

  36. Wojtek has left

  37. pep.

    Neustradamus_, I'm not sure you understand what you just changed. All the SCRAM-*-PLUS are on the same level, they have the same priority

  38. pep.

    Also github is not the venue to discuss specifications

  39. pep.

    The RFC8600 thing seems like a valid concern though (not for me to judge, I'm no crypto-specialist). You should raise this on the standards list

  40. Neustradamus_

    pep.: Thanks for your reply

  41. Neustradamus_

    Prefered is not same

  42. Neustradamus_

    -> "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"

  43. pep.

    I'm sorry I don't understand what you're trying to say

  44. pep.

    (and I'm also not the one to be convinced by the way)

  45. Daniel has left

  46. Neustradamus_

    SCRAM-SHA-256-PLUS > SCRAM-SHA-256 > SCRAM-SHA-1-PLUS > SCRAM-SHA-1

  47. Daniel has joined

  48. pep.

    I invite you to raise this issue on the standards list then if you think it's important.

  49. stpeter has joined

  50. pep.

    I'm going to close the github issue you opened though as it's not what we use github for

  51. Neustradamus_

    pep.: no no no

  52. pep.

    no?

  53. Neustradamus_

    It is important to keep open, the problem is not solved.

  54. pep.

    This is not the place to open it

  55. pep.

    The place is the standards mailing list

  56. Neustradamus_

    I think you can close all opened issues

  57. Neustradamus_

    Look here: https://github.com/xsf/xeps/issues

  58. pep.

    No, opened issues are editorial issues, not issues about standards

  59. pep.

    That is, something not being properly displayed, or broken links etc.

  60. debacle has left

  61. pep.

    Is that ok?

  62. Neustradamus_

    There is an editorial problem here

  63. pep.

    No there isn't.

  64. pep.

    You're trying to change the meaning of a standard

  65. Daniel has left

  66. pep.

    Again if you want this to change, it may be a very valid concern, we have processes in place (sometimes annoying I give you that, but there are there nonetheless for reasons)

  67. pep.

    Are you fine with me closing the issue now? :)

  68. Neustradamus_

    No.

  69. Daniel has joined

  70. pep.

    Well I'm sorry I tried the peaceful way.. but I'm going to close it anyway

  71. pep.

    If it happens I'm wrong I am very sorry but I really don't think this is an editorial issue.

  72. Neustradamus_

    A ticket is here for a trace, we do not close a not solved ticket...

  73. pep.

    So if you open a ticket on my XMPP client tracker saying "There is hunger in the world", should I keep it open forever?

  74. pep.

    Even if it's unrelated

  75. pep.

    (well somewhat..)

  76. pep.

    Does this make sense?

  77. Neustradamus_

    I can create a new ticket for explain missing RFC 8600 in XEP-0438 :)

  78. arc has left

  79. arc has joined

  80. pep.

    Github is not the place for this.

  81. pep.

    Period.

  82. Neustradamus_

    I can create a new ticket to explain missing RFC 8600 in XEP-0438 :)

  83. arc has left

  84. arc has joined

  85. pep.

    If you want to change standards, send an email to the standards list, please.

  86. Neustradamus_

    Please re-add the tracker.xmpp.org ^^

  87. pep.

    Raise that to board if that's an issue for you, I'll be happy to raise it

  88. pep.

    (Unfortunately I have an idea of the answer)

  89. Neustradamus_

    We will see the return of stpeter about it.

  90. arc has left

  91. arc has joined

  92. arc has left

  93. arc has joined

  94. Neustradamus_

    I know that some people think that SCRAM-SHA-256(-PLUS) is not needed.

  95. pep.

    I hope you understand this is not what I am discussing here

  96. Neustradamus_

    It is the official XSF MUC Room :) Maybe we must talk on jdev?

  97. pep.

    That is not what I mean

  98. stpeter has left

  99. pep.

    I'll do it in french quickly: Le fait que SCRAM-SHA-256* soit important ou pas n'est pas la question pour moi ici. La question c'est que Github n'est pas un endroit où on souhaite avoir des discussions concernant les spécifications. Les discussions sur le tracker sont uniquement déstinées à la forme (formattage, liens cassés, etc.). Les discussions sur les spécifications se passent sur la liste « standards »

  100. pep.

    (And that's it for baguette)

  101. Yagiza has joined

  102. pep.

    And I'm going to sleep now :x night

  103. neshtaxmpp has left

  104. neshtaxmpp has joined

  105. govanify has left

  106. govanify has joined

  107. govanify has left

  108. govanify has joined

  109. aj has joined

  110. govanify has left

  111. govanify has joined

  112. pdurbin has joined

  113. govanify has left

  114. govanify has joined

  115. pdurbin has left

  116. aj has left

  117. govanify has left

  118. govanify has joined

  119. govanify has left

  120. govanify has joined

  121. pdurbin has joined

  122. andrey.g has joined

  123. govanify has left

  124. govanify has joined

  125. stpeter has joined

  126. govanify has left

  127. govanify has joined

  128. arc has left

  129. arc has joined

  130. contrapunctus has left

  131. stpeter has left

  132. govanify has left

  133. govanify has joined

  134. krauq has left

  135. krauq has joined

  136. govanify has left

  137. govanify has joined

  138. DebXWoody has joined

  139. govanify has left

  140. govanify has joined

  141. contrapunctus has joined

  142. govanify has left

  143. govanify has joined

  144. govanify has left

  145. govanify has joined

  146. gav has left

  147. lovetox has joined

  148. DebXWoody has left

  149. pdurbin has left

  150. DebXWoody has joined

  151. pdurbin has joined

  152. neshtaxmpp has left

  153. neshtaxmpp has joined

  154. sonny has left

  155. sonny has joined

  156. lovetox has left

  157. sonny has left

  158. neshtaxmpp has left

  159. sonny has joined

  160. waqas has left

  161. Yagiza has left

  162. Yagiza has joined

  163. lorddavidiii has joined

  164. stpeter has joined

  165. adiaholic_ has joined

  166. lovetox has joined

  167. stpeter has left

  168. govanify has left

  169. govanify has joined

  170. Daniel

    Fwiw the benefits PLUS offers definitely outweigh the downsides of Sha1 over over sha2

  171. Nekit has joined

  172. govanify has left

  173. govanify has joined

  174. govanify has left

  175. govanify has joined

  176. lovetox has left

  177. adiaholic_ has left

  178. adiaholic_ has joined

  179. lskdjf has joined

  180. Shell has joined

  181. lskdjf has left

  182. krauq has left

  183. krauq has joined

  184. mukt2 has joined

  185. lskdjf has joined

  186. govanify has left

  187. govanify has joined

  188. mukt2 has left

  189. Dele Olajide has joined

  190. lovetox has joined

  191. Shell has left

  192. Daniel has left

  193. Daniel has joined

  194. arc has left

  195. arc has joined

  196. Shell has joined

  197. matkor has left

  198. matkor has joined

  199. adiaholic_ has left

  200. adiaholic_ has joined

  201. Daniel has left

  202. Daniel has joined

  203. Daniel has left

  204. Daniel has joined

  205. mimi89999 has left

  206. mimi89999 has joined

  207. goffi has joined

  208. goffi has left

  209. goffi has joined

  210. adiaholic_ has left

  211. adiaholic_ has joined

  212. Daniel has left

  213. Daniel has joined

  214. Daniel has left

  215. Daniel has joined

  216. Daniel has left

  217. Daniel has joined

  218. Mikaela has joined

  219. Daniel has left

  220. Daniel has joined

  221. stpeter has joined

  222. Neustradamus has left

  223. Neustradamus has joined

  224. Daniel has left

  225. Daniel has joined

  226. xecks has joined

  227. Daniel has left

  228. Daniel has joined

  229. Tobias has joined

  230. robertooo has joined

  231. stpeter has left

  232. arc has left

  233. arc has joined

  234. arc has left

  235. arc has joined

  236. karoshi has joined

  237. neshtaxmpp has joined

  238. adiaholic_ has left

  239. adiaholic_ has joined

  240. andy has joined

  241. adiaholic_ has left

  242. adiaholic_ has joined

  243. bear has left

  244. Daniel has left

  245. Daniel has joined

  246. Daniel has left

  247. Daniel has joined

  248. Daniel has left

  249. Daniel has joined

  250. Daniel has left

  251. Daniel has joined

  252. Daniel has left

  253. Daniel has joined

  254. arc has left

  255. arc has joined

  256. matkor has left

  257. matkor has joined

  258. sonny has left

  259. sonny has joined

  260. sonny has left

  261. sonny has joined

  262. mimi89999 has left

  263. LNJ has joined

  264. arc has left

  265. arc has joined

  266. j.r has joined

  267. Daniel has left

  268. arc has left

  269. arc has joined

  270. bear has joined

  271. adiaholic_ has left

  272. adiaholic_ has joined

  273. debacle has joined

  274. Daniel has joined

  275. aj has joined

  276. debacle has left

  277. neshtaxmpp has left

  278. mimi89999 has joined

  279. aj has left

  280. neshtaxmpp has joined

  281. sonny has left

  282. sonny has joined

  283. sonny has left

  284. sonny has joined

  285. Jeybe has joined

  286. karoshi has left

  287. karoshi has joined

  288. karoshi has left

  289. stpeter has joined

  290. lovetox has left

  291. Jeybe has left

  292. Jeybe has joined

  293. mukt2 has joined

  294. mukt2 has left

  295. stpeter has left

  296. adiaholic_ has left

  297. adiaholic_ has joined

  298. Yagiza has left

  299. southerntofu has joined

  300. debacle has joined

  301. debacle has left

  302. debacle has joined

  303. karoshi has joined

  304. Yagiza has joined

  305. govanify has left

  306. govanify has joined

  307. govanify has left

  308. govanify has joined

  309. govanify has left

  310. govanify has joined

  311. govanify has left

  312. govanify has joined

  313. govanify has left

  314. govanify has joined

  315. andrey.g has left

  316. contrapunctus has left

  317. sonny has left

  318. sonny has joined

  319. sonny has left

  320. sonny has joined

  321. emus has left

  322. emus has joined

  323. xsf has left

  324. xsf has joined

  325. stpeter has joined

  326. mukt2 has joined

  327. adiaholic_ has left

  328. adiaholic_ has joined

  329. mukt2 has left

  330. stpeter has left

  331. adiaholic_ has left

  332. adiaholic_ has joined

  333. xsf has left

  334. lovetox has joined

  335. andrey.g has joined

  336. Zash has left

  337. Zash has joined

  338. karoshi has left

  339. karoshi has joined

  340. lovetox has left

  341. adiaholic_ has left

  342. adiaholic_ has joined

  343. contrapunctus has joined

  344. lovetox has joined

  345. alexis has left

  346. mukt2 has joined

  347. govanify has left

  348. govanify has joined

  349. mukt2 has left

  350. govanify has left

  351. govanify has joined

  352. govanify has left

  353. govanify has joined

  354. govanify has left

  355. govanify has joined

  356. govanify has left

  357. govanify has joined

  358. govanify has left

  359. govanify has joined

  360. govanify has left

  361. govanify has joined

  362. Jeybe has left

  363. pdurbin has left

  364. flow

    I have the same feeling, but that it's crypto territory, so I'd really like if someone could provide some arguments in either direction ;)

  365. flow

    I can 't find anything in my notes, but wasn't there something like tls-server-end-point being broken (or "broken")? it's been a loooong time since I looked deeply into the various channel binding types and TLS.

  366. govanify has left

  367. govanify has joined

  368. govanify has left

  369. govanify has joined

  370. govanify has left

  371. govanify has joined

  372. govanify has left

  373. govanify has joined

  374. flow

    hmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would also work, since IIRC it's simply the hash of the server certificate

  375. flow

    hmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would always work, since IIRC it's simply the hash of the server certificate

  376. Zash

    The TLS 1.3 RFC says in an appendix that channel bindings are not defined.

  377. Jeybe has joined

  378. Zash

    In a (oh btw those aren't defined), in the cellar behind a locked door marked "beware the otter"

  379. adiaholic_ has left

  380. flow

    Zash, thanks. But does this mean it is impossible for technical reasons to use tls-server-end-point with TLS 1.3?

  381. LNJ has left

  382. Zash

    The only reason I know of is the parenthesis in https://tools.ietf.org/html/rfc8446#appendix-C.5

  383. Neustradamus_

    Zash: maybe but software can add it

  384. Neustradamus_

    I will show you examples

  385. LNJ has joined

  386. Zash

    flow: the main implementation issue for me is that you need to know the signature algorithm used in the cert and I don't know it because all I have is a cert object with very limited introspection

  387. Zash

    tho 99% of the time it'll be SHA-256, so you could just guess that

  388. Zash

    because of how anything less than that should use SHA-256, but if someone somewhere has a cert with SHA-512 signatures then it'll break

  389. stpeter has joined

  390. debacle has left

  391. Zash

    and according to OpenSSL tls-unique works just fine in TLS 1.3 and I hadn't even noticed that it wasn't supposed to

  392. gav has joined

  393. mukt2 has joined

  394. Neustradamus_

    A lot of RFC has been done before TLS 1.3 but it is not a problem to add support.

  395. Neustradamus_

    Example: http://w1.fi/cgit/hostap/plain/hostapd/ChangeLog - added experimental support for EAP-TLS server with TLS v1.3 EAP-TLS in not normally with TLS v1.3.

  396. karoshi has left

  397. karoshi has joined

  398. govanify has left

  399. govanify has joined

  400. govanify has left

  401. govanify has joined

  402. karoshi has left

  403. karoshi has joined

  404. mukt2 has left

  405. stpeter has left

  406. adiaholic_ has joined

  407. calvin has joined

  408. adiaholic_ has left

  409. adiaholic_ has joined

  410. sonny has left

  411. sonny has joined

  412. sonny has left

  413. sonny has joined

  414. adiaholic_ has left

  415. adiaholic_ has joined

  416. karoshi has left

  417. karoshi has joined

  418. adiaholic_ has left

  419. sonny has left

  420. adiaholic_ has joined

  421. stpeter has joined

  422. lovetox has left

  423. sonny has joined

  424. sonny has left

  425. sonny has joined

  426. Nekit has left

  427. calvin has left

  428. pdurbin has joined

  429. pdurbin has left

  430. emus has left

  431. adiaholic_ has left

  432. adiaholic_ has joined

  433. govanify has left

  434. govanify has joined

  435. govanify has left

  436. govanify has joined

  437. arc has left

  438. arc has joined

  439. karoshi has left

  440. stpeter has left

  441. govanify has left

  442. govanify has joined

  443. andy has left

  444. andy has joined

  445. govanify has left

  446. govanify has joined

  447. karoshi has joined

  448. Zash has left

  449. Zash has joined

  450. calvin has joined

  451. krauq has left

  452. krauq has joined

  453. jonas’

    Daniel, Ge0rG, please reply to my message on standards@ re message routing sprint

  454. jonas’

    Daniel, Ge0rG, I sent the announcement for the sprint just now and you’re welcome to join in :)

  455. Zash

    jonas’, do you have a *huge* whiteboard?

  456. jonas’

    Zash, I hear there are online whiteboard things

  457. jonas’

    I think they even have "infinite" scroll :)

  458. Zash

    on .. line? but I want 2d, not 1d! :P

  459. Zash

    infinite zoom too?

  460. jonas’

    not sure

  461. Ge0rG

    A Turing board?

  462. jonas’

    if only we had networked Inkscape already :)

  463. Ge0rG

    jonas’: thanks, I'll look into it

  464. Zash

    Yeah, that, be great, eh, Link Mauve?

  465. calvin has left

  466. andy has left

  467. matkor has left

  468. matkor has joined

  469. arc has left

  470. arc has joined

  471. adiaholic_ has left

  472. adiaholic_ has joined

  473. arc has left

  474. arc has joined

  475. Yagiza has left

  476. Yagiza has joined

  477. pdurbin has joined

  478. karoshi has left

  479. karoshi has joined

  480. andrey.g has left

  481. govanify has left

  482. govanify has joined

  483. govanify has left

  484. govanify has joined

  485. waqas has joined

  486. govanify has left

  487. govanify has joined

  488. govanify has left

  489. govanify has joined

  490. larma

    flow, > Actually the schema is irrelevant when it comes to RFC compliance. Schemas are non-normative. This is explicitly noted in the RFC. true, but the fact that this is described explicitly in the non-normative part thus very much clarifies that the lack of explicit prohibition is intentional and not by accident. Thus it's still relevant, even if non-normative. After all, the non-normative part isn't there just for fun. That's one thing I learned in law classes 😉

  491. jonas’

    good that you two agree (I read flows email saying essentially the same)

  492. moparisthebest

    Do any other protocols do TLS channel binding?

  493. Link Mauve

    Zash, if only I didn’t lose an important part of it from svn being terrible.

  494. arc has left

  495. arc has joined

  496. Link Mauve

    I’m not done rewriting it yet. :/

  497. Zash

    moparisthebest: Yes. Probably LDAP and protocols like that.

  498. Zash

    moparisthebest: But HTTPS doesn't so who cares, right?

  499. Jeybe has left

  500. moparisthebest

    Pretty much yes :)

  501. Jeybe has joined

  502. moparisthebest

    People: XMPP is too complicated XSF: hold my beer *writes more complicated authentication mechanisms with no real benefit*

  503. Zash

    I'd feel real special if the IETF & co invented channel bindings just for us :)

  504. pdurbin has left

  505. jonas’

    As if HTTP was simple

  506. jonas’

    That’s a lie people can tell themselves because of widespread library support for their *simple* usecases.

  507. Zash

    It's so simple you just GET and POST and wait what's this section about caching and content negotiation?

  508. govanify has left

  509. govanify has joined

  510. govanify has left

  511. govanify has joined

  512. andrey.g has joined

  513. andy has joined

  514. govanify has left

  515. govanify has joined

  516. govanify has left

  517. govanify has joined

  518. Daniel has left

  519. Daniel has joined

  520. krauq has left

  521. krauq has joined

  522. stpeter has joined

  523. calvin has joined

  524. calvin has left

  525. Daniel has left

  526. Daniel has joined

  527. Shell has left

  528. Shell has joined

  529. debacle has joined

  530. Shell has left

  531. Shell has joined

  532. stpeter has left

  533. andy has left

  534. govanify has left

  535. govanify has joined

  536. govanify has left

  537. govanify has joined

  538. govanify has left

  539. govanify has joined

  540. Dele Olajide has left

  541. andy has joined

  542. Daniel has left

  543. Daniel has joined

  544. LNJ has left

  545. LNJ has joined

  546. govanify has left

  547. govanify has joined

  548. govanify has left

  549. govanify has joined

  550. govanify has left

  551. govanify has joined

  552. govanify has left

  553. govanify has joined

  554. LNJ has left

  555. Yagiza has left

  556. debacle has left

  557. Daniel has left

  558. Daniel has joined

  559. LNJ has joined

  560. Daniel has left

  561. Daniel has joined

  562. debacle has joined

  563. moparisthebest has left

  564. Daniel has left

  565. Daniel has joined

  566. mukt2 has joined

  567. moparisthebest has joined

  568. karoshi has left

  569. Daniel has left

  570. Daniel has joined

  571. mukt2 has left

  572. adiaholic_ has left

  573. adiaholic_ has joined

  574. eta has left

  575. eta has joined

  576. Daniel has left

  577. Daniel has joined

  578. LNJ has left

  579. LNJ has joined

  580. moparisthebest has left

  581. Daniel has left

  582. Daniel has joined

  583. karoshi has joined

  584. Daniel has left

  585. Daniel has joined

  586. Daniel has left

  587. Daniel has joined

  588. Daniel has left

  589. Daniel has joined

  590. stpeter has joined

  591. adiaholic_ has left

  592. adiaholic_ has joined

  593. Shell has left

  594. Shell has joined

  595. stpeter has left

  596. Daniel has left

  597. Daniel has joined

  598. Daniel has left

  599. Daniel has joined

  600. Daniel has left

  601. Daniel has joined

  602. LNJ has left

  603. LNJ has joined

  604. sonny has left

  605. sonny has joined

  606. sonny has left

  607. sonny has joined

  608. lovetox has joined

  609. Carlito has joined

  610. Carlito

    Hello

  611. Zash

    Hi

  612. DebXWoody has left

  613. Nekit has joined

  614. Zash has left

  615. Zash has joined

  616. karoshi has left

  617. lorddavidiii has left

  618. xsf has joined

  619. lorddavidiii has joined

  620. Shell has left

  621. Shell has joined

  622. eta has left

  623. eta has joined

  624. karoshi has joined

  625. Jeybe has left

  626. Jeybe has joined

  627. Shell has left

  628. Shell has joined

  629. pdurbin has joined

  630. Neustradamus has left

  631. Neustradamus_ has left

  632. Shell has left

  633. Shell has joined

  634. Neustradamus_ has joined

  635. Neustradamus has joined

  636. arc has left

  637. arc has joined

  638. arc has left

  639. arc has joined

  640. pdurbin has left

  641. Neustradamus has left

  642. Neustradamus_ has left

  643. Neustradamus has joined

  644. Neustradamus_ has joined

  645. Carlito has left

  646. Shell has left

  647. Shell has joined

  648. mukt2 has joined

  649. goffi has left

  650. stpeter has joined

  651. robertooo has left

  652. robertooo has joined

  653. Tobias has left

  654. lovetox has left

  655. stpeter has left

  656. eta has left

  657. eta has joined

  658. mukt2 has left

  659. xsf has left

  660. Jeybe has left

  661. Jeybe has joined

  662. xsf has joined

  663. karoshi has left

  664. karoshi has joined

  665. sonny has left

  666. sonny has joined

  667. lskdjf has left

  668. Shell has left

  669. xecks has left

  670. xecks has joined

  671. Jeybe has left

  672. LNJ has left

  673. andy has left

  674. andy has joined

  675. govanify has left

  676. govanify has joined

  677. pdurbin has joined

  678. arc has left

  679. arc has joined

  680. andy has left

  681. govanify has left

  682. govanify has joined

  683. pdurbin has left

  684. xecks has left

  685. Mikaela has left

  686. govanify has left

  687. govanify has joined

  688. Nekit has left

  689. mukt2 has joined

  690. moparisthebest has joined

  691. stpeter has joined

  692. debacle has left

  693. debacle has joined

  694. karoshi has left

  695. j.r has left

  696. j.r has joined