XSF Discussion - 2020-06-01


  1. eta has left

  2. calvin has left

  3. calvin has joined

  4. strypey has joined

  5. Nekit has left

  6. bear has left

  7. mukt2 has left

  8. eta has joined

  9. mukt2 has joined

  10. arc has left

  11. arc has joined

  12. calvin has left

  13. lskdjf has left

  14. alexis has left

  15. alexis has joined

  16. Zash has left

  17. Zash has joined

  18. bear has joined

  19. eta has left

  20. calvin has joined

  21. mukt2 has left

  22. mukt2 has joined

  23. Zash has left

  24. Zash has joined

  25. Zash has left

  26. neshtaxmpp has left

  27. neshtaxmpp has joined

  28. mukt2 has left

  29. eta has joined

  30. mukt2 has joined

  31. Zash has joined

  32. wurstsalat has left

  33. strypey has left

  34. Zash has left

  35. calvin has left

  36. Zash has joined

  37. Zash has left

  38. Zash has joined

  39. Daniel has left

  40. Daniel has joined

  41. mukt2 has left

  42. neshtaxmpp has left

  43. mukt2 has joined

  44. neshtaxmpp has joined

  45. calvin has joined

  46. sonny has left

  47. sonny has joined

  48. neshtaxmpp has left

  49. neshtaxmpp has joined

  50. calvin has left

  51. arc has left

  52. arc has joined

  53. andy has joined

  54. sonny has left

  55. sonny has joined

  56. eta has left

  57. lovetox has joined

  58. sonny has left

  59. sonny has joined

  60. Andrzej has joined

  61. Daniel has left

  62. Daniel has joined

  63. sonny has left

  64. sonny has joined

  65. neshtaxmpp has left

  66. sonny has left

  67. sonny has joined

  68. sonny has left

  69. sonny has joined

  70. Mikaela has joined

  71. APach has joined

  72. lovetox has left

  73. eta has joined

  74. Yagiza has joined

  75. paul has joined

  76. mukt2 has left

  77. mukt2 has joined

  78. lovetox has joined

  79. xecks has left

  80. wurstsalat has joined

  81. xecks has joined

  82. adiaholic_ has left

  83. adiaholic_ has joined

  84. lovetox has left

  85. eta has left

  86. lovetox has joined

  87. eta has joined

  88. werdan has joined

  89. andrey.g has joined

  90. Mikaela has left

  91. Mikaela has joined

  92. waqas has left

  93. krauq has left

  94. xecks has left

  95. xecks has joined

  96. lovetox has left

  97. Nekit has joined

  98. bear has left

  99. david has left

  100. david has joined

  101. david has left

  102. david has joined

  103. lovetox has joined

  104. emus has joined

  105. govanify has left

  106. govanify has joined

  107. lovetox has left

  108. govanify has left

  109. govanify has joined

  110. govanify has left

  111. govanify has joined

  112. karoshi has joined

  113. bear has joined

  114. goffi has joined

  115. Tobias has joined

  116. lovetox has joined

  117. govanify has left

  118. govanify has joined

  119. rion has left

  120. rion has joined

  121. adiaholic_ has left

  122. adiaholic_ has joined

  123. adiaholic_ has left

  124. adiaholic_ has joined

  125. Mikaela has left

  126. debacle has joined

  127. LNJ has joined

  128. Dele Olajide has joined

  129. jonas’ has joined

  130. werdan has left

  131. werdan has joined

  132. Dele Olajide has left

  133. lovetox has left

  134. matkor has left

  135. matkor has joined

  136. adiaholic_ has left

  137. adiaholic_ has joined

  138. Guus

    what's the better client on Mac these days?

  139. krauq has joined

  140. Mikaela has joined

  141. Andrzej

    on macOS I'm using BeagleIM but I'm developer of BeagleIM so I may be biased

  142. Steve Kille has left

  143. goffi has left

  144. Kev

    I use Swift, obviously ;)

  145. Kev

    Although I'm using 5.0previews rather than 4.0.

  146. Steve Kille has joined

  147. lovetox has joined

  148. jonas’ has left

  149. jonas’ has joined

  150. lskdjf has joined

  151. Guus

    I'm starting to see the flaw in my approach.

  152. goffi has joined

  153. krauq has left

  154. Seve has left

  155. Seve has joined

  156. Mikaela has left

  157. Mikaela has joined

  158. Dele Olajide has joined

  159. lovetox has left

  160. neshtaxmpp has joined

  161. mathieui

    Guus, :D

  162. emus has left

  163. emus has joined

  164. karoshi has left

  165. mukt2 has left

  166. !XSF_Martin has left

  167. !XSF_Martin has joined

  168. Mikaela has left

  169. mukt2 has joined

  170. Shell has joined

  171. lovetox has joined

  172. karoshi has joined

  173. mukt2 has left

  174. debacle has left

  175. Dele Olajide has left

  176. mukt2 has joined

  177. Dele Olajide has joined

  178. Dele Olajide has left

  179. alameyo has left

  180. neshtaxmpp has left

  181. LNJ has left

  182. werdan has left

  183. LNJ has joined

  184. calvin has joined

  185. karoshi has left

  186. karoshi has joined

  187. lovetox has left

  188. lovetox has joined

  189. Tobias has left

  190. Tobias has joined

  191. krauq has joined

  192. neshtaxmpp has joined

  193. Zash

    Why doesn't xep-0084 use "current" or something as item id for the metadata node?

  194. Shell has left

  195. Shell has joined

  196. krauq has left

  197. Mikaela has joined

  198. govanify has left

  199. govanify has joined

  200. neshtaxmpp has left

  201. karoshi has left

  202. alameyo has joined

  203. krauq has joined

  204. Yagiza

    Zash, I guess authors just forgot about it.

  205. Yagiza

    If I adopted a XEP and now is an author of, may I commit my changes directly to XEP repo, or I must do it via PRs?

  206. Andrzej

    Zash: I think that section 7.1. will answer that https://xmpp.org/extensions/xep-0084.html#impl-resources

  207. alameyo has left

  208. Zash

    Ugh

  209. alameyo has joined

  210. Kev

    Yagiza: PRs

  211. Yagiza

    Kev, IC, thanx.

  212. Mikaela has left

  213. Yagiza

    Kev, once I publish a PR for a deffered XEP, should I change its status back to experimental in that PR?

  214. Half-Shot has left

  215. Half-Shot has joined

  216. Kev

    Maybe submit the PR without it, and ask what the Editors would like you to do.

  217. Kev

    I don't know if jonas’ normally asks authors to do that bump, or not.

  218. govanify has left

  219. govanify has joined

  220. Yagiza

    Kev, so, I have to ask him first?

  221. Kev

    I would. But if you don't do what he wants, he'll let you know anyway :)

  222. jonas’

    Yagiza, feel free to change back to Experimental in the same commit you add the <revision/> lbock

  223. Kev

    There we go :)

  224. jonas’

    if you don’t add a <revision/> block but want the Editors to do that, then please also don’t change the status

  225. Yagiza

    jonas’, ok, thanx!

  226. karoshi has joined

  227. neshtaxmpp has joined

  228. krauq has left

  229. Mikaela has joined

  230. Dele Olajide has joined

  231. Shell has left

  232. Shell has joined

  233. karoshi has left

  234. andrey.g has left

  235. karoshi has joined

  236. calvin has left

  237. Shell has left

  238. Shell has joined

  239. Dele Olajide has left

  240. wurstsalat has left

  241. neshtaxmpp has left

  242. wurstsalat has joined

  243. lovetox has left

  244. jnaeff has joined

  245. jnaeff has left

  246. emus has left

  247. jnaeff has joined

  248. emus has joined

  249. Shell has left

  250. calvin has joined

  251. Mikaela has left

  252. emus has left

  253. emus has joined

  254. Yagiza

    I wonder...

  255. Mikaela has joined

  256. Yagiza

    If I receive a <message/> with <attention/> element and it with an encrypted <body/> element, which I failed to decrypt, what client shoftware should display?

  257. Zash

    🔒️💔️🤷‍♀️️

  258. pep.

    OMEMO < 0.4?

  259. werdan has joined

  260. Yagiza

    Should it display Attention, notifying user, that it had message text, which it failed to decrypt, or just notify user about it failed failed to decrypt message, without trying to attract his attention?

  261. pep.

    What do you do if you receive LMC and fail to encrypt body?

  262. Yagiza

    pep., right now I'm working on OMEMO v5.0, but I'm asking in general.

  263. pep.

    What do you do if you receive LMC and fail to decrypt body?

  264. Zash

    What do you do if something fails for any reason?

  265. Yagiza

    pep., LMC is not supported right now.

  266. Yagiza

    Zash, it depends.

  267. pep.

    Replace "LMC" with anything that you support that's not stuffed in <body/>

  268. andy has left

  269. vanitasvitae

    Yagiza: I'd argue that with OMEMO:1 the <attention> would probably also be part of the <encrypted> element, no?

  270. Yagiza

    vanitasvitae, I don't think so. <attention/> element contains no sensitive information to encrypt it.

  271. vanitasvitae

    But I admit that such error cases are not yet well covered.

  272. vanitasvitae

    Mostly due to lack of experience.

  273. vanitasvitae

    Well, having it plain leaks that there is an attention in the first place

  274. pep.

    this ^

  275. Yagiza

    So, let's suppose we use some type of old encryption, which do not support SCE.

  276. andy has joined

  277. vanitasvitae

    Yeah in that case there is no way to not leak the exiatence of the <attention>

  278. pep.

    There is a way, just don't send it :P

  279. vanitasvitae

    Haha :D

  280. Yagiza

    Encrypting <attention/> element or not is up to implementation right now, 'cause it is not regulated by any XEP.

  281. vanitasvitae

    Yeah, sce should be more precise in that

  282. Yagiza

    So, let's get back to the initial question: what to do, if only <body/> was encrypted and we failed to decrypt it?

  283. pep.

    In poezio I'm filtering out everything that doesn't go in <body/> when doing OMEMO, because of this limitation

  284. vanitasvitae

    I'd say simply encrypt anything that doesnt need to be read by the server.

  285. vanitasvitae

    (As a rule of thumb)

  286. vanitasvitae

    > So, let's get back to the initial question: what to do, if only <body/> was encrypted and we failed to decrypt it? I'd say there is no ideal way to recover :(

  287. vanitasvitae

    Probably discard the attention?

  288. pep.

    Yagiza, tell both to your user? "Somebody is requiring your attention but we don't know what for"

  289. vanitasvitae

    Or that

  290. pep.

    I don't know what poezio does. "Attention" is not something I see everyday :x

  291. Zash

    print \a ?

  292. pep.

    Zash, in the case it can't decrypt body?

  293. Zash

    Dunno?

  294. Yagiza

    pep., eyeCU is a GUI cliant, so it does a lot of annoying things to attract user's attention. That's why it's critical what to do in such case.

  295. Zash

    Show what you know? "Couldn't decrypt message. Extra stuff: attention"

  296. pep.

    Yagiza, it's critical to annoy the user more? :P

  297. Yagiza

    pep., it's critical to annoy user with suspicious attempt to attract his attention, or not.

  298. karoshi has left

  299. j.r has left

  300. j.r has joined

  301. Andrzej has left

  302. waqas has joined

  303. govanify has left

  304. govanify has joined

  305. neshtaxmpp has joined

  306. karoshi has joined

  307. mukt2 has left

  308. dwd

    Anyone know where the slixmpp devs hang out? Poezio MUC perhaps?

  309. pep.

    Poezio MUC works, you might have more people there, but otherwise it's xmpp:slixmpp@muc.poez.io?join

  310. neshtaxmpp has left

  311. pep.

    or jdev

  312. Daniel has left

  313. Daniel has joined

  314. adiaholic_ has left

  315. adiaholic_ has joined

  316. Bezi has left

  317. Bezi has joined

  318. karoshi has left

  319. karoshi has joined

  320. neshtaxmpp has joined

  321. mukt2 has joined

  322. Andrzej has joined

  323. adiaholic_ has left

  324. alexis has left

  325. alexis has joined

  326. karoshi has left

  327. karoshi has joined

  328. werdan has left

  329. Wojtek has joined

  330. Blue has left

  331. Blue has joined

  332. neshtaxmpp has left

  333. andy has left

  334. karoshi has left

  335. karoshi has joined

  336. mukt2 has left

  337. mukt2 has joined

  338. eevvoor has joined

  339. andy has joined

  340. adiaholic_ has joined

  341. adiaholic_ has left

  342. adiaholic_ has joined

  343. lovetox has joined

  344. stpeter has joined

  345. lovetox

    Yagiza, simple, you display the omemo fallback message like you always do when you cant decrypt it

  346. eevvoor has left

  347. lovetox

    and then additionally run the attention code, whatever that is

  348. lovetox

    i dont know why you are spending much more thought on that

  349. lovetox

    and of course with omemo:1 it should be encrypted

  350. lovetox

    you should not get into the fallacy to decide yourself what stuff seems important to *you* and needs to be encrypted

  351. Yagiza

    lovetox, well... when I run Attention code, do I have to display "Failed to decrypt" fallback message, or just no message at all?

  352. lovetox

    full stanza encryption means, encrypt the full stanza, except stuff that is added for partys that cannot decrypt (like the server)

  353. andrey.g has joined

  354. lovetox

    Yagiza, i remember you argued the other day

  355. lovetox

    to have a fallback body

  356. lovetox

    and now you thing about not displaying it?!

  357. lovetox

    and now you think about not displaying it?!

  358. Yagiza

    lovetox, "fallback body" and "fallback message" are different things.

  359. lovetox

    how are they different?

  360. lovetox

    inside the fallback body is the fallback message

  361. lovetox

    except you mean something different

  362. Steve Kille has left

  363. lovetox

    but the question really is, why would you want to treat this non-decryptable message differently because it has an attention attached

  364. lovetox

    do whatever you do when a message fails to decrypt without attention

  365. Nekit has left

  366. Steve Kille has joined

  367. Yagiza

    "fallback body" is a <body/> element of stanza with <encrypted/> element, to be shown by clients, which know nothing about encryption. "Decryption failure fallback message" - is a message, which client, which supports encryption displays, when it failed do decrypt encrypted content.

  368. krauq has joined

  369. xecks has left

  370. jonas’

    lovetox, though, maybe <attention/> is important for the server? thinking push & stuff

  371. pep.

    Maybe there should be a systematic study of all new XEPs wrt. SCE. That is, should they be in or out :x

  372. krauq has left

  373. pep.

    But what about the 400 previous XEPs..

  374. Zash

    Didn't we start an E2EE WG?

  375. pep.

    I don't think going through all previous XEPs is doable anyway. I think general definitions like vanitasvitae or lovetox gave here are good, with maybe a few explicit exceptions / examples

  376. Zash

    When I looked at MAM, Carbons and CSI code recently, I started with the ones in the latest compliance suite.

  377. Zash

    + >= Draft maybe

  378. adiaholic_ has left

  379. xecks has joined

  380. adiaholic_ has joined

  381. moparisthebest

    > "Decryption failure fallback message" - is a message, which client, which supports encryption displays, when it failed do decrypt encrypted content.

  382. moparisthebest

    the SENDING client gets to decide this????

  383. Zash

    Planning for failure eh?

  384. moparisthebest

    my knee-jerk reaction is that is wrong and maybe exploitable, but I'll have to think about it harder

  385. pep.

    I don't understand the sentence enough to react this way :x

  386. lovetox

    Yagiza, but for your question its irrelevant if fallback body, or your custom failure message

  387. lovetox

    moparisthebest, i think you misunderstanding something

  388. moparisthebest

    very likely, the only context I have is that right there

  389. lovetox

    if you mean the server could manipulate the encrypted content so its not decryptable anymore, then exchange the fallback body with a message of his choice

  390. lovetox

    yes thats possible

  391. lovetox

    but 1. the message would show as unencrypted

  392. Yagiza

    lovetox, for me that's important. In this case I have to display decryption failure message. And I want to know, if I have to display it as Attention message, or should I display Attention with no message, and display decryption failure message as a separate message (not Attention).

  393. lovetox

    2. only clients that dont support encryption at all, should use the fallback body

  394. lovetox

    let me rephrase this

  395. lovetox

    2. only client that are legacy and not updated anymore use the fallback body

  396. lovetox

    every maintained client should depend on the <eme> attribute, and display his own failure messages, not depending on the fallback body

  397. Yagiza

    moparisthebest, why sending? Sending client cannot know if receiving client will successfully decrypt message content or something will go wrong.

  398. lovetox

    but yeah thats definitly an attack vector against clients that simply always display fallback body without an additional hint

  399. lovetox

    of course Yagiza, the sending client can always know when you cant decrypt the messge

  400. lovetox

    because the sending client can simply encrypt it wrong

  401. lovetox

    and for a server its even more simple

  402. lovetox

    just cut some bytes of the encrypted payload

  403. lovetox

    and i can make sure you cannot decrypt it anymore

  404. alexis has left

  405. lovetox

    then i add my own body

  406. lovetox

    you should never trust the fallback body

  407. krauq has joined

  408. Yagiza

    lovetox, yes. So, sending client MUST NOT decide, which message will be displayed in case of failure. Only receiving client should display correct message to notify user about an error.

  409. lovetox

    fallback body is for legacy clients

  410. lovetox

    pidgin and stuff

  411. lovetox

    i just thought about what i said

  412. lovetox

    this is no attack vector at all

  413. lovetox

    the server can send the client messages all day

  414. lovetox

    manipulating an encrypted message into non-decryptable is only more work

  415. Wojtek has left

  416. adiaholic_ has left

  417. adiaholic_ has joined

  418. Bezi has left

  419. Bezi has joined

  420. moparisthebest

    But why add another payload to worry about, if a client capable of decryption can't decrypt something, it should display it's own message in it's own language, not something the sending client said, no?

  421. Half-Shot has left

  422. Half-Shot has joined

  423. mukt2 has left

  424. mukt2 has joined

  425. lovetox

    we do that moparisthebest

  426. lovetox

    we add a message for legacy clients

  427. lovetox

    that dont know anything about encryption

  428. krauq has left

  429. Yagiza has left

  430. andy has left

  431. neshtaxmpp has joined

  432. Neustradamus

    https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447

  433. andy has joined

  434. debacle has joined

  435. krauq has joined

  436. Vaulor has left

  437. Seve has left

  438. Vaulor has joined

  439. Seve has joined

  440. govanify has left

  441. govanify has joined

  442. krauq has left

  443. govanify has left

  444. govanify has joined

  445. Vaulor has left

  446. Seve has left

  447. Seve has joined

  448. Vaulor has joined

  449. krauq has joined

  450. neshtaxmpp has left

  451. emus has left

  452. karoshi has left

  453. emus has joined

  454. Zash has left

  455. Zash has joined

  456. krauq has left

  457. krauq has joined

  458. arc has left

  459. arc has joined

  460. krauq has left

  461. neshtaxmpp has joined

  462. krauq has joined

  463. lorddavidiii has joined

  464. lorddavidiii has left

  465. lorddavidiii has joined

  466. neshtaxmpp has left

  467. karoshi has joined

  468. Zash has left

  469. Zash has joined

  470. govanify has left

  471. govanify has joined

  472. govanify has left

  473. govanify has joined

  474. krauq has left

  475. govanify has left

  476. govanify has joined

  477. Zash has left

  478. Zash has joined

  479. arc has left

  480. arc has joined

  481. mukt2 has left

  482. govanify has left

  483. govanify has joined

  484. Andrzej has left

  485. j.r has left

  486. mukt2 has joined

  487. calvin has left

  488. neshtaxmpp has joined

  489. j.r has joined

  490. govanify has left

  491. govanify has joined

  492. werdan has joined

  493. papatutuwawa has joined

  494. LNJ has left

  495. LNJ has joined

  496. Nekit has joined

  497. calvin has joined

  498. j.r has left

  499. j.r has joined

  500. adiaholic_ has left

  501. adiaholic_ has joined

  502. neshtaxmpp has left

  503. lovetox has left

  504. calvin has left

  505. LNJ has left

  506. mukt2 has left

  507. adiaholic_ has left

  508. adiaholic_ has joined

  509. adiaholic_ has left

  510. adiaholic_ has joined

  511. Mikaela has left

  512. calvin has joined

  513. mukt2 has joined

  514. andrey.g has left

  515. papatutuwawa has left

  516. LNJ has joined

  517. alexis has joined

  518. Dele Olajide has joined

  519. Dele Olajide has left

  520. xecks has left

  521. Tobias has left

  522. karoshi has left

  523. Wojtek has joined

  524. karoshi has joined

  525. stpeter has left

  526. rion has left

  527. rion has joined

  528. goffi has left

  529. stpeter has joined

  530. karoshi has left

  531. karoshi has joined

  532. robertooo has left

  533. robertooo has joined

  534. alexis has left

  535. adiaholic_ has left

  536. adiaholic_ has joined

  537. mukt2 has left

  538. APach has left

  539. Daniel has left

  540. Daniel has joined

  541. APach has joined

  542. waqas has left

  543. mukt2 has joined

  544. andy has left

  545. adiaholic_ has left

  546. adiaholic_ has joined

  547. karoshi has left

  548. karoshi has joined

  549. andy has joined

  550. mukt2 has left

  551. mukt2 has joined

  552. andy has left

  553. Daniel has left

  554. Daniel has joined

  555. wurstsalat has left

  556. werdan has left

  557. Neustradamus has left

  558. Neustradamus has joined

  559. emus has left

  560. emus has joined

  561. karoshi has left

  562. debacle has left

  563. LNJ has left

  564. stpeter has left

  565. LNJ has joined

  566. Wojtek has left

  567. mimi89999 has left

  568. mimi89999 has joined

  569. mimi89999 has left

  570. mimi89999 has joined

  571. arc has left

  572. arc has joined

  573. sonny has left

  574. sonny has joined