XSF Discussion - 2020-06-01


  1. eta has left
  2. calvin has left
  3. calvin has joined
  4. strypey has joined
  5. Nekit has left
  6. bear has left
  7. mukt2 has left
  8. eta has joined
  9. mukt2 has joined
  10. arc has left
  11. arc has joined
  12. calvin has left
  13. lskdjf has left
  14. alexis has left
  15. alexis has joined
  16. Zash has left
  17. Zash has joined
  18. bear has joined
  19. eta has left
  20. calvin has joined
  21. mukt2 has left
  22. mukt2 has joined
  23. Zash has left
  24. Zash has joined
  25. Zash has left
  26. neshtaxmpp has left
  27. neshtaxmpp has joined
  28. mukt2 has left
  29. eta has joined
  30. mukt2 has joined
  31. Zash has joined
  32. wurstsalat has left
  33. strypey has left
  34. Zash has left
  35. calvin has left
  36. Zash has joined
  37. Zash has left
  38. Zash has joined
  39. Daniel has left
  40. Daniel has joined
  41. mukt2 has left
  42. neshtaxmpp has left
  43. mukt2 has joined
  44. neshtaxmpp has joined
  45. calvin has joined
  46. sonny has left
  47. sonny has joined
  48. neshtaxmpp has left
  49. neshtaxmpp has joined
  50. calvin has left
  51. arc has left
  52. arc has joined
  53. andy has joined
  54. sonny has left
  55. sonny has joined
  56. eta has left
  57. lovetox has joined
  58. sonny has left
  59. sonny has joined
  60. Andrzej has joined
  61. Daniel has left
  62. Daniel has joined
  63. sonny has left
  64. sonny has joined
  65. neshtaxmpp has left
  66. sonny has left
  67. sonny has joined
  68. sonny has left
  69. sonny has joined
  70. Mikaela has joined
  71. APach has joined
  72. lovetox has left
  73. eta has joined
  74. Yagiza has joined
  75. paul has joined
  76. mukt2 has left
  77. mukt2 has joined
  78. lovetox has joined
  79. xecks has left
  80. wurstsalat has joined
  81. xecks has joined
  82. adiaholic_ has left
  83. adiaholic_ has joined
  84. lovetox has left
  85. eta has left
  86. lovetox has joined
  87. eta has joined
  88. werdan has joined
  89. andrey.g has joined
  90. Mikaela has left
  91. Mikaela has joined
  92. waqas has left
  93. krauq has left
  94. xecks has left
  95. xecks has joined
  96. lovetox has left
  97. Nekit has joined
  98. bear has left
  99. david has left
  100. david has joined
  101. david has left
  102. david has joined
  103. lovetox has joined
  104. emus has joined
  105. govanify has left
  106. govanify has joined
  107. lovetox has left
  108. govanify has left
  109. govanify has joined
  110. govanify has left
  111. govanify has joined
  112. karoshi has joined
  113. bear has joined
  114. goffi has joined
  115. Tobias has joined
  116. lovetox has joined
  117. govanify has left
  118. govanify has joined
  119. rion has left
  120. rion has joined
  121. adiaholic_ has left
  122. adiaholic_ has joined
  123. adiaholic_ has left
  124. adiaholic_ has joined
  125. Mikaela has left
  126. debacle has joined
  127. LNJ has joined
  128. Dele Olajide has joined
  129. jonas’ has joined
  130. werdan has left
  131. werdan has joined
  132. Dele Olajide has left
  133. lovetox has left
  134. matkor has left
  135. matkor has joined
  136. adiaholic_ has left
  137. adiaholic_ has joined
  138. Guus what's the better client on Mac these days?
  139. krauq has joined
  140. Mikaela has joined
  141. Andrzej on macOS I'm using BeagleIM but I'm developer of BeagleIM so I may be biased
  142. Steve Kille has left
  143. goffi has left
  144. Kev I use Swift, obviously ;)
  145. Kev Although I'm using 5.0previews rather than 4.0.
  146. Steve Kille has joined
  147. lovetox has joined
  148. jonas’ has left
  149. jonas’ has joined
  150. lskdjf has joined
  151. Guus I'm starting to see the flaw in my approach.
  152. goffi has joined
  153. krauq has left
  154. Seve has left
  155. Seve has joined
  156. Mikaela has left
  157. Mikaela has joined
  158. Dele Olajide has joined
  159. lovetox has left
  160. neshtaxmpp has joined
  161. mathieui Guus, :D
  162. emus has left
  163. emus has joined
  164. karoshi has left
  165. mukt2 has left
  166. !XSF_Martin has left
  167. !XSF_Martin has joined
  168. Mikaela has left
  169. mukt2 has joined
  170. Shell has joined
  171. lovetox has joined
  172. karoshi has joined
  173. mukt2 has left
  174. debacle has left
  175. Dele Olajide has left
  176. mukt2 has joined
  177. Dele Olajide has joined
  178. Dele Olajide has left
  179. alameyo has left
  180. neshtaxmpp has left
  181. LNJ has left
  182. werdan has left
  183. LNJ has joined
  184. calvin has joined
  185. karoshi has left
  186. karoshi has joined
  187. lovetox has left
  188. lovetox has joined
  189. Tobias has left
  190. Tobias has joined
  191. krauq has joined
  192. neshtaxmpp has joined
  193. Zash Why doesn't xep-0084 use "current" or something as item id for the metadata node?
  194. Shell has left
  195. Shell has joined
  196. krauq has left
  197. Mikaela has joined
  198. govanify has left
  199. govanify has joined
  200. neshtaxmpp has left
  201. karoshi has left
  202. alameyo has joined
  203. krauq has joined
  204. Yagiza Zash, I guess authors just forgot about it.
  205. Yagiza If I adopted a XEP and now is an author of, may I commit my changes directly to XEP repo, or I must do it via PRs?
  206. Andrzej Zash: I think that section 7.1. will answer that https://xmpp.org/extensions/xep-0084.html#impl-resources
  207. alameyo has left
  208. Zash Ugh
  209. alameyo has joined
  210. Kev Yagiza: PRs
  211. Yagiza Kev, IC, thanx.
  212. Mikaela has left
  213. Yagiza Kev, once I publish a PR for a deffered XEP, should I change its status back to experimental in that PR?
  214. Half-Shot has left
  215. Half-Shot has joined
  216. Kev Maybe submit the PR without it, and ask what the Editors would like you to do.
  217. Kev I don't know if jonas’ normally asks authors to do that bump, or not.
  218. govanify has left
  219. govanify has joined
  220. Yagiza Kev, so, I have to ask him first?
  221. Kev I would. But if you don't do what he wants, he'll let you know anyway :)
  222. jonas’ Yagiza, feel free to change back to Experimental in the same commit you add the <revision/> lbock
  223. Kev There we go :)
  224. jonas’ if you don’t add a <revision/> block but want the Editors to do that, then please also don’t change the status
  225. Yagiza jonas’, ok, thanx!
  226. karoshi has joined
  227. neshtaxmpp has joined
  228. krauq has left
  229. Mikaela has joined
  230. Dele Olajide has joined
  231. Shell has left
  232. Shell has joined
  233. karoshi has left
  234. andrey.g has left
  235. karoshi has joined
  236. calvin has left
  237. Shell has left
  238. Shell has joined
  239. Dele Olajide has left
  240. wurstsalat has left
  241. neshtaxmpp has left
  242. wurstsalat has joined
  243. lovetox has left
  244. jnaeff has joined
  245. jnaeff has left
  246. emus has left
  247. jnaeff has joined
  248. emus has joined
  249. Shell has left
  250. calvin has joined
  251. Mikaela has left
  252. emus has left
  253. emus has joined
  254. Yagiza I wonder...
  255. Mikaela has joined
  256. Yagiza If I receive a <message/> with <attention/> element and it with an encrypted <body/> element, which I failed to decrypt, what client shoftware should display?
  257. Zash 🔒️💔️🤷‍♀️️
  258. pep. OMEMO < 0.4?
  259. werdan has joined
  260. Yagiza Should it display Attention, notifying user, that it had message text, which it failed to decrypt, or just notify user about it failed failed to decrypt message, without trying to attract his attention?
  261. pep. What do you do if you receive LMC and fail to encrypt body?
  262. Yagiza pep., right now I'm working on OMEMO v5.0, but I'm asking in general.
  263. pep. What do you do if you receive LMC and fail to decrypt body?
  264. Zash What do you do if something fails for any reason?
  265. Yagiza pep., LMC is not supported right now.
  266. Yagiza Zash, it depends.
  267. pep. Replace "LMC" with anything that you support that's not stuffed in <body/>
  268. andy has left
  269. vanitasvitae Yagiza: I'd argue that with OMEMO:1 the <attention> would probably also be part of the <encrypted> element, no?
  270. Yagiza vanitasvitae, I don't think so. <attention/> element contains no sensitive information to encrypt it.
  271. vanitasvitae But I admit that such error cases are not yet well covered.
  272. vanitasvitae Mostly due to lack of experience.
  273. vanitasvitae Well, having it plain leaks that there is an attention in the first place
  274. pep. this ^
  275. Yagiza So, let's suppose we use some type of old encryption, which do not support SCE.
  276. andy has joined
  277. vanitasvitae Yeah in that case there is no way to not leak the exiatence of the <attention>
  278. pep. There is a way, just don't send it :P
  279. vanitasvitae Haha :D
  280. Yagiza Encrypting <attention/> element or not is up to implementation right now, 'cause it is not regulated by any XEP.
  281. vanitasvitae Yeah, sce should be more precise in that
  282. Yagiza So, let's get back to the initial question: what to do, if only <body/> was encrypted and we failed to decrypt it?
  283. pep. In poezio I'm filtering out everything that doesn't go in <body/> when doing OMEMO, because of this limitation
  284. vanitasvitae I'd say simply encrypt anything that doesnt need to be read by the server.
  285. vanitasvitae (As a rule of thumb)
  286. vanitasvitae > So, let's get back to the initial question: what to do, if only <body/> was encrypted and we failed to decrypt it? I'd say there is no ideal way to recover :(
  287. vanitasvitae Probably discard the attention?
  288. pep. Yagiza, tell both to your user? "Somebody is requiring your attention but we don't know what for"
  289. vanitasvitae Or that
  290. pep. I don't know what poezio does. "Attention" is not something I see everyday :x
  291. Zash print \a ?
  292. pep. Zash, in the case it can't decrypt body?
  293. Zash Dunno?
  294. Yagiza pep., eyeCU is a GUI cliant, so it does a lot of annoying things to attract user's attention. That's why it's critical what to do in such case.
  295. Zash Show what you know? "Couldn't decrypt message. Extra stuff: attention"
  296. pep. Yagiza, it's critical to annoy the user more? :P
  297. Yagiza pep., it's critical to annoy user with suspicious attempt to attract his attention, or not.
  298. karoshi has left
  299. j.r has left
  300. j.r has joined
  301. Andrzej has left
  302. waqas has joined
  303. govanify has left
  304. govanify has joined
  305. neshtaxmpp has joined
  306. karoshi has joined
  307. mukt2 has left
  308. dwd Anyone know where the slixmpp devs hang out? Poezio MUC perhaps?
  309. pep. Poezio MUC works, you might have more people there, but otherwise it's xmpp:slixmpp@muc.poez.io?join
  310. neshtaxmpp has left
  311. pep. or jdev
  312. Daniel has left
  313. Daniel has joined
  314. adiaholic_ has left
  315. adiaholic_ has joined
  316. Bezi has left
  317. Bezi has joined
  318. karoshi has left
  319. karoshi has joined
  320. neshtaxmpp has joined
  321. mukt2 has joined
  322. Andrzej has joined
  323. adiaholic_ has left
  324. alexis has left
  325. alexis has joined
  326. karoshi has left
  327. karoshi has joined
  328. werdan has left
  329. Wojtek has joined
  330. Blue has left
  331. Blue has joined
  332. neshtaxmpp has left
  333. andy has left
  334. karoshi has left
  335. karoshi has joined
  336. mukt2 has left
  337. mukt2 has joined
  338. eevvoor has joined
  339. andy has joined
  340. adiaholic_ has joined
  341. adiaholic_ has left
  342. adiaholic_ has joined
  343. lovetox has joined
  344. stpeter has joined
  345. lovetox Yagiza, simple, you display the omemo fallback message like you always do when you cant decrypt it
  346. eevvoor has left
  347. lovetox and then additionally run the attention code, whatever that is
  348. lovetox i dont know why you are spending much more thought on that
  349. lovetox and of course with omemo:1 it should be encrypted
  350. lovetox you should not get into the fallacy to decide yourself what stuff seems important to *you* and needs to be encrypted
  351. Yagiza lovetox, well... when I run Attention code, do I have to display "Failed to decrypt" fallback message, or just no message at all?
  352. lovetox full stanza encryption means, encrypt the full stanza, except stuff that is added for partys that cannot decrypt (like the server)
  353. andrey.g has joined
  354. lovetox Yagiza, i remember you argued the other day
  355. lovetox to have a fallback body
  356. lovetox and now you thing about not displaying it?!
  357. lovetox and now you think about not displaying it?!
  358. Yagiza lovetox, "fallback body" and "fallback message" are different things.
  359. lovetox how are they different?
  360. lovetox inside the fallback body is the fallback message
  361. lovetox except you mean something different
  362. Steve Kille has left
  363. lovetox but the question really is, why would you want to treat this non-decryptable message differently because it has an attention attached
  364. lovetox do whatever you do when a message fails to decrypt without attention
  365. Nekit has left
  366. Steve Kille has joined
  367. Yagiza "fallback body" is a <body/> element of stanza with <encrypted/> element, to be shown by clients, which know nothing about encryption. "Decryption failure fallback message" - is a message, which client, which supports encryption displays, when it failed do decrypt encrypted content.
  368. krauq has joined
  369. xecks has left
  370. jonas’ lovetox, though, maybe <attention/> is important for the server? thinking push & stuff
  371. pep. Maybe there should be a systematic study of all new XEPs wrt. SCE. That is, should they be in or out :x
  372. krauq has left
  373. pep. But what about the 400 previous XEPs..
  374. Zash Didn't we start an E2EE WG?
  375. pep. I don't think going through all previous XEPs is doable anyway. I think general definitions like vanitasvitae or lovetox gave here are good, with maybe a few explicit exceptions / examples
  376. Zash When I looked at MAM, Carbons and CSI code recently, I started with the ones in the latest compliance suite.
  377. Zash + >= Draft maybe
  378. adiaholic_ has left
  379. xecks has joined
  380. adiaholic_ has joined
  381. moparisthebest > "Decryption failure fallback message" - is a message, which client, which supports encryption displays, when it failed do decrypt encrypted content.
  382. moparisthebest the SENDING client gets to decide this????
  383. Zash Planning for failure eh?
  384. moparisthebest my knee-jerk reaction is that is wrong and maybe exploitable, but I'll have to think about it harder
  385. pep. I don't understand the sentence enough to react this way :x
  386. lovetox Yagiza, but for your question its irrelevant if fallback body, or your custom failure message
  387. lovetox moparisthebest, i think you misunderstanding something
  388. moparisthebest very likely, the only context I have is that right there
  389. lovetox if you mean the server could manipulate the encrypted content so its not decryptable anymore, then exchange the fallback body with a message of his choice
  390. lovetox yes thats possible
  391. lovetox but 1. the message would show as unencrypted
  392. Yagiza lovetox, for me that's important. In this case I have to display decryption failure message. And I want to know, if I have to display it as Attention message, or should I display Attention with no message, and display decryption failure message as a separate message (not Attention).
  393. lovetox 2. only clients that dont support encryption at all, should use the fallback body
  394. lovetox let me rephrase this
  395. lovetox 2. only client that are legacy and not updated anymore use the fallback body
  396. lovetox every maintained client should depend on the <eme> attribute, and display his own failure messages, not depending on the fallback body
  397. Yagiza moparisthebest, why sending? Sending client cannot know if receiving client will successfully decrypt message content or something will go wrong.
  398. lovetox but yeah thats definitly an attack vector against clients that simply always display fallback body without an additional hint
  399. lovetox of course Yagiza, the sending client can always know when you cant decrypt the messge
  400. lovetox because the sending client can simply encrypt it wrong
  401. lovetox and for a server its even more simple
  402. lovetox just cut some bytes of the encrypted payload
  403. lovetox and i can make sure you cannot decrypt it anymore
  404. alexis has left
  405. lovetox then i add my own body
  406. lovetox you should never trust the fallback body
  407. krauq has joined
  408. Yagiza lovetox, yes. So, sending client MUST NOT decide, which message will be displayed in case of failure. Only receiving client should display correct message to notify user about an error.
  409. lovetox fallback body is for legacy clients
  410. lovetox pidgin and stuff
  411. lovetox i just thought about what i said
  412. lovetox this is no attack vector at all
  413. lovetox the server can send the client messages all day
  414. lovetox manipulating an encrypted message into non-decryptable is only more work
  415. Wojtek has left
  416. adiaholic_ has left
  417. adiaholic_ has joined
  418. Bezi has left
  419. Bezi has joined
  420. moparisthebest But why add another payload to worry about, if a client capable of decryption can't decrypt something, it should display it's own message in it's own language, not something the sending client said, no?
  421. Half-Shot has left
  422. Half-Shot has joined
  423. mukt2 has left
  424. mukt2 has joined
  425. lovetox we do that moparisthebest
  426. lovetox we add a message for legacy clients
  427. lovetox that dont know anything about encryption
  428. krauq has left
  429. Yagiza has left
  430. andy has left
  431. neshtaxmpp has joined
  432. Neustradamus https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447
  433. andy has joined
  434. debacle has joined
  435. krauq has joined
  436. Vaulor has left
  437. Seve has left
  438. Vaulor has joined
  439. Seve has joined
  440. govanify has left
  441. govanify has joined
  442. krauq has left
  443. govanify has left
  444. govanify has joined
  445. Vaulor has left
  446. Seve has left
  447. Seve has joined
  448. Vaulor has joined
  449. krauq has joined
  450. neshtaxmpp has left
  451. emus has left
  452. karoshi has left
  453. emus has joined
  454. Zash has left
  455. Zash has joined
  456. krauq has left
  457. krauq has joined
  458. arc has left
  459. arc has joined
  460. krauq has left
  461. neshtaxmpp has joined
  462. krauq has joined
  463. lorddavidiii has joined
  464. lorddavidiii has left
  465. lorddavidiii has joined
  466. neshtaxmpp has left
  467. karoshi has joined
  468. Zash has left
  469. Zash has joined
  470. govanify has left
  471. govanify has joined
  472. govanify has left
  473. govanify has joined
  474. krauq has left
  475. govanify has left
  476. govanify has joined
  477. Zash has left
  478. Zash has joined
  479. arc has left
  480. arc has joined
  481. mukt2 has left
  482. govanify has left
  483. govanify has joined
  484. Andrzej has left
  485. j.r has left
  486. mukt2 has joined
  487. calvin has left
  488. neshtaxmpp has joined
  489. j.r has joined
  490. govanify has left
  491. govanify has joined
  492. werdan has joined
  493. papatutuwawa has joined
  494. LNJ has left
  495. LNJ has joined
  496. Nekit has joined
  497. calvin has joined
  498. j.r has left
  499. j.r has joined
  500. adiaholic_ has left
  501. adiaholic_ has joined
  502. neshtaxmpp has left
  503. lovetox has left
  504. calvin has left
  505. LNJ has left
  506. mukt2 has left
  507. adiaholic_ has left
  508. adiaholic_ has joined
  509. adiaholic_ has left
  510. adiaholic_ has joined
  511. Mikaela has left
  512. calvin has joined
  513. mukt2 has joined
  514. andrey.g has left
  515. papatutuwawa has left
  516. LNJ has joined
  517. alexis has joined
  518. Dele Olajide has joined
  519. Dele Olajide has left
  520. xecks has left
  521. Tobias has left
  522. karoshi has left
  523. Wojtek has joined
  524. karoshi has joined
  525. stpeter has left
  526. rion has left
  527. rion has joined
  528. goffi has left
  529. stpeter has joined
  530. karoshi has left
  531. karoshi has joined
  532. robertooo has left
  533. robertooo has joined
  534. alexis has left
  535. adiaholic_ has left
  536. adiaholic_ has joined
  537. mukt2 has left
  538. APach has left
  539. Daniel has left
  540. Daniel has joined
  541. APach has joined
  542. waqas has left
  543. mukt2 has joined
  544. andy has left
  545. adiaholic_ has left
  546. adiaholic_ has joined
  547. karoshi has left
  548. karoshi has joined
  549. andy has joined
  550. mukt2 has left
  551. mukt2 has joined
  552. andy has left
  553. Daniel has left
  554. Daniel has joined
  555. wurstsalat has left
  556. werdan has left
  557. Neustradamus has left
  558. Neustradamus has joined
  559. emus has left
  560. emus has joined
  561. karoshi has left
  562. debacle has left
  563. LNJ has left
  564. stpeter has left
  565. LNJ has joined
  566. Wojtek has left
  567. mimi89999 has left
  568. mimi89999 has joined
  569. mimi89999 has left
  570. mimi89999 has joined
  571. arc has left
  572. arc has joined
  573. sonny has left
  574. sonny has joined