Neustradamus_I am not sure but SCRAM-SHA-256(-PLUS) is prefered than SCRAM-SHA-1(-PLUS) no?
-> https://xmpp.org/extensions/xep-0438.html
Neustradamus_RFC 8600 is not listed
-> https://tools.ietf.org/html/rfc8600
"When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"
pep.Neustradamus_, I'm not sure you understand what you just changed. All the SCRAM-*-PLUS are on the same level, they have the same priority
pep.Also github is not the venue to discuss specifications
pep.The RFC8600 thing seems like a valid concern though (not for me to judge, I'm no crypto-specialist). You should raise this on the standards list
Neustradamus_pep.: Thanks for your reply
Neustradamus_Prefered is not same
Neustradamus_-> "When using the SASL SCRAM mechanism, the SCRAM-SHA-256-PLUS variant SHOULD be preferred over the SCRAM-SHA-256 variant, and SHA-256 variants [RFC7677] SHOULD be preferred over SHA-1 variants [RFC5802])"
pep.I'm sorry I don't understand what you're trying to say
pep.(and I'm also not the one to be convinced by the way)
pep.No, opened issues are editorial issues, not issues about standards
pep.That is, something not being properly displayed, or broken links etc.
debaclehas left
pep.Is that ok?
Neustradamus_There is an editorial problem here
pep.No there isn't.
pep.You're trying to change the meaning of a standard
Danielhas left
pep.Again if you want this to change, it may be a very valid concern, we have processes in place (sometimes annoying I give you that, but there are there nonetheless for reasons)
pep.Are you fine with me closing the issue now? :)
Neustradamus_No.
Danielhas joined
pep.Well I'm sorry I tried the peaceful way.. but I'm going to close it anyway
pep.If it happens I'm wrong I am very sorry but I really don't think this is an editorial issue.
Neustradamus_A ticket is here for a trace, we do not close a not solved ticket...
pep.So if you open a ticket on my XMPP client tracker saying "There is hunger in the world", should I keep it open forever?
pep.Even if it's unrelated
pep.(well somewhat..)
pep.Does this make sense?
Neustradamus_I can create a new ticket for explain missing RFC 8600 in XEP-0438 :)✎
archas left
archas joined
pep.Github is not the place for this.
pep.Period.
Neustradamus_I can create a new ticket to explain missing RFC 8600 in XEP-0438 :) ✏
archas left
archas joined
pep.If you want to change standards, send an email to the standards list, please.
Neustradamus_Please re-add the tracker.xmpp.org ^^
pep.Raise that to board if that's an issue for you, I'll be happy to raise it
pep.(Unfortunately I have an idea of the answer)
Neustradamus_We will see the return of stpeter about it.
archas left
archas joined
archas left
archas joined
Neustradamus_I know that some people think that SCRAM-SHA-256(-PLUS) is not needed.
pep.I hope you understand this is not what I am discussing here
Neustradamus_It is the official XSF MUC Room :)
Maybe we must talk on jdev?
pep.That is not what I mean
stpeterhas left
pep.I'll do it in french quickly: Le fait que SCRAM-SHA-256* soit important ou pas n'est pas la question pour moi ici. La question c'est que Github n'est pas un endroit où on souhaite avoir des discussions concernant les spécifications. Les discussions sur le tracker sont uniquement déstinées à la forme (formattage, liens cassés, etc.). Les discussions sur les spécifications se passent sur la liste « standards »
pep.(And that's it for baguette)
Yagizahas joined
pep.And I'm going to sleep now :x night
neshtaxmpphas left
neshtaxmpphas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
ajhas joined
govanifyhas left
govanifyhas joined
pdurbinhas joined
govanifyhas left
govanifyhas joined
pdurbinhas left
ajhas left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
pdurbinhas joined
andrey.ghas joined
govanifyhas left
govanifyhas joined
stpeterhas joined
govanifyhas left
govanifyhas joined
archas left
archas joined
contrapunctushas left
stpeterhas left
govanifyhas left
govanifyhas joined
krauqhas left
krauqhas joined
govanifyhas left
govanifyhas joined
DebXWoodyhas joined
govanifyhas left
govanifyhas joined
contrapunctushas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
gavhas left
lovetoxhas joined
DebXWoodyhas left
pdurbinhas left
DebXWoodyhas joined
pdurbinhas joined
neshtaxmpphas left
neshtaxmpphas joined
sonnyhas left
sonnyhas joined
lovetoxhas left
sonnyhas left
neshtaxmpphas left
sonnyhas joined
waqashas left
Yagizahas left
Yagizahas joined
lorddavidiiihas joined
stpeterhas joined
adiaholic_has joined
lovetoxhas joined
stpeterhas left
govanifyhas left
govanifyhas joined
DanielFwiw the benefits PLUS offers definitely outweigh the downsides of Sha1 over over sha2
Nekithas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
lovetoxhas left
adiaholic_has left
adiaholic_has joined
lskdjfhas joined
Shellhas joined
lskdjfhas left
krauqhas left
krauqhas joined
mukt2has joined
lskdjfhas joined
govanifyhas left
govanifyhas joined
mukt2has left
Dele Olajidehas joined
lovetoxhas joined
Shellhas left
Danielhas left
Danielhas joined
archas left
archas joined
Shellhas joined
matkorhas left
matkorhas joined
adiaholic_has left
adiaholic_has joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
mimi89999has left
mimi89999has joined
goffihas joined
goffihas left
goffihas joined
adiaholic_has left
adiaholic_has joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Mikaelahas joined
Danielhas left
Danielhas joined
stpeterhas joined
Neustradamushas left
Neustradamushas joined
Danielhas left
Danielhas joined
xeckshas joined
Danielhas left
Danielhas joined
Tobiashas joined
robertooohas joined
stpeterhas left
archas left
archas joined
archas left
archas joined
karoshihas joined
neshtaxmpphas joined
adiaholic_has left
adiaholic_has joined
andyhas joined
adiaholic_has left
adiaholic_has joined
bearhas left
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
Danielhas left
Danielhas joined
archas left
archas joined
matkorhas left
matkorhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
mimi89999has left
LNJhas joined
archas left
archas joined
j.rhas joined
Danielhas left
archas left
archas joined
bearhas joined
adiaholic_has left
adiaholic_has joined
debaclehas joined
Danielhas joined
ajhas joined
debaclehas left
neshtaxmpphas left
mimi89999has joined
ajhas left
neshtaxmpphas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
Jeybehas joined
karoshihas left
karoshihas joined
karoshihas left
stpeterhas joined
lovetoxhas left
Jeybehas left
Jeybehas joined
mukt2has joined
mukt2has left
stpeterhas left
adiaholic_has left
adiaholic_has joined
Yagizahas left
southerntofuhas joined
debaclehas joined
debaclehas left
debaclehas joined
karoshihas joined
Yagizahas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
andrey.ghas left
contrapunctushas left
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
emushas left
emushas joined
xsfhas left
xsfhas joined
stpeterhas joined
mukt2has joined
adiaholic_has left
adiaholic_has joined
mukt2has left
stpeterhas left
adiaholic_has left
adiaholic_has joined
xsfhas left
lovetoxhas joined
andrey.ghas joined
Zashhas left
Zashhas joined
karoshihas left
karoshihas joined
lovetoxhas left
adiaholic_has left
adiaholic_has joined
contrapunctushas joined
lovetoxhas joined
alexishas left
mukt2has joined
govanifyhas left
govanifyhas joined
mukt2has left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
Jeybehas left
pdurbinhas left
flowI have the same feeling, but that it's crypto territory, so I'd really like if someone could provide some arguments in either direction ;)
flowI can 't find anything in my notes, but wasn't there something like tls-server-end-point being broken (or "broken")? it's been a loooong time since I looked deeply into the various channel binding types and TLS.
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
flowhmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would also work, since IIRC it's simply the hash of the server certificate✎
flowhmm sam writes that tls-server-end-point is not specified(/avaialble?) in TLS 1.3? I'd assume that is the cb type that would always work, since IIRC it's simply the hash of the server certificate ✏
ZashThe TLS 1.3 RFC says in an appendix that channel bindings are not defined.
Jeybehas joined
ZashIn a (oh btw those aren't defined), in the cellar behind a locked door marked "beware the otter"
adiaholic_has left
flowZash, thanks.
But does this mean it is impossible for technical reasons to use tls-server-end-point with TLS 1.3?
LNJhas left
ZashThe only reason I know of is the parenthesis in https://tools.ietf.org/html/rfc8446#appendix-C.5
Neustradamus_Zash: maybe but software can add it
Neustradamus_I will show you examples
LNJhas joined
Zashflow: the main implementation issue for me is that you need to know the signature algorithm used in the cert and I don't know it because all I have is a cert object with very limited introspection
Zashtho 99% of the time it'll be SHA-256, so you could just guess that
Zashbecause of how anything less than that should use SHA-256, but if someone somewhere has a cert with SHA-512 signatures then it'll break
stpeterhas joined
debaclehas left
Zashand according to OpenSSL tls-unique works just fine in TLS 1.3 and I hadn't even noticed that it wasn't supposed to
gavhas joined
mukt2has joined
Neustradamus_A lot of RFC has been done before TLS 1.3 but it is not a problem to add support.
Neustradamus_Example: http://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
- added experimental support for EAP-TLS server with TLS v1.3
EAP-TLS in not normally with TLS v1.3.
karoshihas left
karoshihas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
karoshihas left
karoshihas joined
mukt2has left
stpeterhas left
adiaholic_has joined
calvinhas joined
adiaholic_has left
adiaholic_has joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
adiaholic_has left
adiaholic_has joined
karoshihas left
karoshihas joined
adiaholic_has left
sonnyhas left
adiaholic_has joined
stpeterhas joined
lovetoxhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
Nekithas left
calvinhas left
pdurbinhas joined
pdurbinhas left
emushas left
adiaholic_has left
adiaholic_has joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
archas left
archas joined
karoshihas left
stpeterhas left
govanifyhas left
govanifyhas joined
andyhas left
andyhas joined
govanifyhas left
govanifyhas joined
karoshihas joined
Zashhas left
Zashhas joined
calvinhas joined
krauqhas left
krauqhas joined
jonas’Daniel, Ge0rG, please reply to my message on standards@ re message routing sprint✎
jonas’Daniel, Ge0rG, I sent the announcement for the sprint just now and you’re welcome to join in :) ✏
Zashjonas’, do you have a *huge* whiteboard?
jonas’Zash, I hear there are online whiteboard things
jonas’I think they even have "infinite" scroll :)
Zashon .. line? but I want 2d, not 1d! :P
Zashinfinite zoom too?
jonas’not sure
Ge0rGA Turing board?
jonas’if only we had networked Inkscape already :)
Ge0rGjonas’: thanks, I'll look into it
ZashYeah, that, be great, eh, Link Mauve?
calvinhas left
andyhas left
matkorhas left
matkorhas joined
archas left
archas joined
adiaholic_has left
adiaholic_has joined
archas left
archas joined
Yagizahas left
Yagizahas joined
pdurbinhas joined
karoshihas left
karoshihas joined
andrey.ghas left
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
waqashas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
larmaflow,
> Actually the schema is irrelevant when it comes to RFC compliance. Schemas are non-normative. This is explicitly noted in the RFC.
true, but the fact that this is described explicitly in the non-normative part thus very much clarifies that the lack of explicit prohibition is intentional and not by accident. Thus it's still relevant, even if non-normative. After all, the non-normative part isn't there just for fun. That's one thing I learned in law classes 😉
jonas’good that you two agree (I read flows email saying essentially the same)
moparisthebestDo any other protocols do TLS channel binding?
Link MauveZash, if only I didn’t lose an important part of it from svn being terrible.
archas left
archas joined
Link MauveI’m not done rewriting it yet. :/
Zashmoparisthebest: Yes. Probably LDAP and protocols like that.
Zashmoparisthebest: But HTTPS doesn't so who cares, right?
Jeybehas left
moparisthebestPretty much yes :)
Jeybehas joined
moparisthebestPeople: XMPP is too complicated
XSF: hold my beer *writes more complicated authentication mechanisms with no real benefit*
ZashI'd feel real special if the IETF & co invented channel bindings just for us :)
pdurbinhas left
jonas’As if HTTP was simple
jonas’That’s a lie people can tell themselves because of widespread library support for their *simple* usecases.
ZashIt's so simple you just GET and POST and wait what's this section about caching and content negotiation?