XSF Discussion - 2020-11-06


  1. Seve has left
  2. Vaulor has left
  3. paul has left
  4. lorddavidiii has left
  5. deuill has joined
  6. slouchy6 has left
  7. debacle has left
  8. deuill has left
  9. lskdjf has left
  10. deuill has joined
  11. govanify has left
  12. govanify has joined
  13. Maranda has left
  14. Maranda has joined
  15. akkiko has joined
  16. adityaborikar has joined
  17. adityaborikar has left
  18. adityaborikar has joined
  19. neshtaxmpp has left
  20. alameyo has left
  21. adiaholic has left
  22. adiaholic has joined
  23. adityaborikar has left
  24. Yagiza has joined
  25. wladmis has left
  26. wladmis has joined
  27. alameyo has joined
  28. govanify has left
  29. govanify has joined
  30. akkiko has left
  31. govanify has left
  32. govanify has joined
  33. Neustradamus has left
  34. Neustradamus has joined
  35. govanify has left
  36. govanify has joined
  37. alameyo has left
  38. Mikaela has joined
  39. Seve has joined
  40. Vaulor has joined
  41. Neustradamus has left
  42. Neustradamus has joined
  43. jcbrand has joined
  44. pasdesushi has joined
  45. paul has joined
  46. ChronosX88 has joined
  47. Lance has joined
  48. Lance has left
  49. wurstsalat has joined
  50. pasdesushi has left
  51. pasdesushi has joined
  52. alameyo has joined
  53. LNJ has joined
  54. govanify has left
  55. govanify has joined
  56. lorddavidiii has joined
  57. APach has left
  58. winfried has left
  59. winfried has joined
  60. APach has joined
  61. pasdesushi has left
  62. pasdesushi has joined
  63. pasdesushi has left
  64. pasdesushi has joined
  65. pasdesushi has left
  66. lorddavidiii has left
  67. Alex has joined
  68. sonny has left
  69. sonny has joined
  70. papatutuwawa has left
  71. winfried has left
  72. winfried has joined
  73. DebXWoody has joined
  74. APach has left
  75. wladmis has left
  76. govanify has left
  77. govanify has joined
  78. Arne has joined
  79. sonny has left
  80. sonny has joined
  81. sonny has left
  82. sonny has joined
  83. sonny has left
  84. sonny has joined
  85. Guus Is wiki.xmpp.org dreadfully slow for anyone but me?
  86. APach has joined
  87. Guus Uhoh.
  88. Guus https://igniterealtime.org:443/httpfileupload/jiYCE27cESUD4UHmnYmyBSCeJVg/image.png
  89. Ge0rG same here
  90. Ge0rG MattJ: are you in a position to look at it?
  91. MattJ No :D
  92. MattJ Stirring porridge with one hand, holding a baby in the other, not near my laptop
  93. Zash How are you typing ! ?
  94. Ge0rG "Ok, Google!"
  95. MattJ Sorry, just found the gap between being in a position to fix the wiki and my actual situation comically high
  96. Ge0rG MattJ: just don't drop the baby, right?
  97. papatutuwawa has joined
  98. emus has joined
  99. Guus or the porridge
  100. Ge0rG my priority would be baby > laptop > smartphone > porridge
  101. Guus We will take your suggestion under advisement.
  102. lorddavidiii has joined
  103. goffi has joined
  104. goffi has left
  105. APach has left
  106. APach has joined
  107. inky has left
  108. inky has joined
  109. goffi has joined
  110. lskdjf has joined
  111. jonas’ MattJ, at least the house isn’t on fire :D
  112. Ge0rG everything is fine.
  113. inky has left
  114. inky has joined
  115. jonas’ (totally made up combination of events which most definitely did not happen to anyone I know and they most definitely did not prioritize feeding the porridge over getting out of the house. luckily, and most definitely, the fire was small and nobody was harmed in this definitely made up situation)
  116. Al@cer has joined
  117. lorddavidiii has left
  118. pasdesushi has joined
  119. Al@cer has left
  120. Al@cer has joined
  121. lorddavidiii has joined
  122. pasdesushi has left
  123. pasdesushi has joined
  124. debacle has joined
  125. pasdesushi has left
  126. pasdesushi has joined
  127. mdosch has left
  128. mdosch has joined
  129. Andrzej has joined
  130. pasdesushi has left
  131. floretta has left
  132. Jonas S has joined
  133. winfried has left
  134. winfried has joined
  135. Jonas S has left
  136. nad287 has joined
  137. APach has left
  138. APach has joined
  139. Dele Olajide has joined
  140. miho has joined
  141. DebXWoody has left
  142. APach has left
  143. Shell has left
  144. APach has joined
  145. neshtaxmpp has joined
  146. Steve Kille has left
  147. miho has left
  148. Steve Kille has joined
  149. Dele Olajide has left
  150. Dele Olajide has joined
  151. DebXWoody has joined
  152. govanify has left
  153. govanify has joined
  154. govanify has left
  155. govanify has joined
  156. MattJ The wiki might be a bit more responsive now
  157. MattJ As far as I can tell it's being aggressively crawled by something
  158. MattJ Going into every "What links here" and diff pages, etc.
  159. MattJ So it's still slow
  160. dwd Do you also have an update on the porridge/baby situation?
  161. adiaholic has left
  162. adiaholic has joined
  163. MattJ The porridge was mostly successfully consumed, even if the messy high chair, table and floor didn't look like it when my wife came in. And now baby duty is successfully handed over. I'm ready to take on the easier part of my day now :)
  164. APach has left
  165. APach has joined
  166. vanitasvitae What happens if XEP-A is having a namespace bump, and XEP-B is depending on XEP-A? Is XEP-B required to bump its namespace as well?
  167. dwd Same rules apply. We bump namespaces if not doing so would otherwise cause aa interoperability problem.
  168. jonas’ vanitasvitae, terror ensues
  169. jonas’ see MIX
  170. jonas’ where parts still use an old pam: namespace, which is confusing for implementations
  171. jonas’ as they now have to support both namespaces for the specs-as-written
  172. vanitasvitae Okay, thanks
  173. pep. has left
  174. reedhhw has left
  175. flow vanitasvitae, ideally XEP-B would not simply depend on XEP-A but on (XEP-A, xep-a-namespace)
  176. edhelas has left
  177. Guus Thanks Matt. Good to know that the wiki isn't broken.
  178. Arne has left
  179. vanitasvitae flow: got it. In that case a bump would not be required for XEP-B? Only if XEP-B would be uodated to use XEP-A:++?
  180. edhelas has joined
  181. govanify has left
  182. govanify has joined
  183. Neustradamus has left
  184. Neustradamus has joined
  185. APach has left
  186. akkiko has joined
  187. jonas’ vanitasvitae, see what I wrote. that’s a PITA for developers.
  188. jonas’ there’s not much of a sane way out of that with the way we currently bump namespaces
  189. govanify has left
  190. govanify has joined
  191. Kev Namespaces should only be bumped if you can't interoperate under the existing namespace - almost always you can. We have bumped too often, I have little doubt.
  192. Ge0rG And in most cases you can accomplish the change with a new feature element
  193. Kev Yes.
  194. APach has joined
  195. Arne has joined
  196. adiaholic has left
  197. adiaholic has joined
  198. Al@cer has left
  199. Guus There are no circumstances where it would be allowable to use an intermediate as a trust anchor (meaning, not validating the issuer of the intermadiate) when validating a certificate chain, correct?
  200. Zash I think in DANE that's a thing
  201. Zash You could also cache known indermediates and so allow people to have broken setups.
  202. Ge0rG Guus: if the intermediate is in your trusted root set, it should be safe to abort further validation
  203. Guus My concern is that any revocation checks are thus bypassed.
  204. Guus which arguably is acceptable if the intermediate has been willingly placed in a 'trusted' root set, I suppose...
  205. Ge0rG well, CRLs don't work anyway.
  206. jonas’ Guus, the intermediate could also have its own CRL, right?
  207. jonas’ thinking about the Let’s Encrypt transition period where they had their "root" signed by another well-known CA to be trusted right away on all systems
  208. Guus jonas’ I'm thinking that the CRL as advocated by the intermediate is primarily used to verify certificates issued by it. Should one trust an intermediate-provided CRL to include the intermediate itself, if, for some reason, it should not be trusted anymore? That does not feel particularly safe.
  209. Zash Guus, are you working on a crypto library?
  210. Guus As in: an intermediate that goes malicious won't ever include itself in the CRL.
  211. Guus Zash no, I want to understand how these details are supposed to work.
  212. Zash It seems reasonable that the revocation methods listed in a CA cert applies to the certs it issues
  213. jonas’ Guus, ah, I see; well, what Guus said then; if you have something in your trust store, you don’t check the CRL for it. It’s in your trust store after all.
  214. adiaholic has left
  215. adiaholic has joined
  216. jonas’ s/Guus said/Ge0rG said/
  217. Guus I'm still not sure if that's correct. The entire reason for having CRL's is to be able to revoke an earlier decision to trust something.
  218. Guus What do you do when you have an intermediate as well as its issuer in your truststore, and the issuer adds the intermediate to its CRL?
  219. Guus Accept it, since it's in your truststore (which there should not be a need for, so I can understand the argument)
  220. Zash I suppose if you kept intermediates, you'd want to treat it as a RLU cache or somesuch, and then peridically check it against CRLs?
  221. akkiko has left
  222. Zash Isn't OCSP stamping(?) the thing now however? I.e. the server checks its own certificate and includes a "this is still valid" in TLS handshakes.
  223. govanify has left
  224. govanify has joined
  225. Zash With CRLs and OCSP being fail-open which is weird for a security thing.
  226. govanify has left
  227. govanify has joined
  228. flow vanitasvitae> flow: got it. In that case a bump would not be required for XEP-B? Only if XEP-B would be uodated to use XEP-A:++? Since there nothing has changed in XEP-B, no bump is required
  229. adiaholic has left
  230. Lance has joined
  231. Lance has left
  232. wladmis has joined
  233. Dele Olajide has left
  234. Dele Olajide has joined
  235. govanify has left
  236. govanify has joined
  237. govanify has left
  238. govanify has joined
  239. Dele Olajide has left
  240. Al@cer has joined
  241. Dele Olajide has joined
  242. Dele Olajide has left
  243. adiaholic has joined
  244. adiaholic has left
  245. adiaholic has joined
  246. dwd Zash, I believe that given an cert, there are extensions available to find, download, and then cache the signer, so you can keep going until you find a known TA or a self-signed cert.
  247. Dele Olajide has joined
  248. j.r has left
  249. Dele Olajide has left
  250. j.r has joined
  251. adiaholic has left
  252. adiaholic has joined
  253. dwd s/signer/issuer/ - I'm not thinking today. I think the AIA extension should help. http://pkiglobe.org/auth_info_access.html
  254. j.r has left
  255. j.r has joined
  256. deuill has left
  257. Andrzej has left
  258. adiaholic has left
  259. adiaholic has joined
  260. lorddavidiii has left
  261. dwd Zash, Also, you're thinking OCSP Stapling, and for XMPP servers, I think you fetch the CRL periodically, and use that as a fallback to OCSP (with or without stapling), and if you can't do CRL or OCSP then fail.
  262. dwd Zash, My theory here is that there are very few CRLs you actually need as a server, so you're very likely to have that, and an attack which causes OCSP to fail then has a very small window to work with.
  263. Zash 100% Let's Encrypt probably.
  264. dwd Probably 5 or 6 different CRLs, though 99% LE, yes.
  265. moparisthebest emus: very good work on newsletter once again, it's much appreciated :)
  266. Andrzej has joined
  267. Guus what he said ^
  268. floretta has joined
  269. govanify has left
  270. govanify has joined
  271. govanify has left
  272. govanify has joined
  273. DebXWoody has left
  274. alex-a-soto has left
  275. alex-a-soto has joined
  276. adiaholic has left
  277. adiaholic has joined
  278. Al@cer has left
  279. Adi has joined
  280. govanify has left
  281. govanify has joined
  282. emus ❤ Thank you guys, very happy you like it!
  283. Adi has left
  284. Adi has joined
  285. jonas’ Guus, ah, but CRLs are to revoke trust by the signer.
  286. jonas’ while truststores are configured locally and have nothing to do with the signer
  287. jonas’ (if it exists at all)
  288. jonas’ so to revoke trust in a certificate from a trust store, you remove it from the trust store.
  289. edhelas has left
  290. Neustradamus has left
  291. Neustradamus has joined
  292. adiaholic has left
  293. adiaholic has joined
  294. flow hmm I was assuming that the CRLs override the trust from the truststore
  295. flow to check, the truststore is where your trusted root CAs certs are?
  296. pasdesushi has joined
  297. pasdesushi has left
  298. APach has left
  299. APach has joined
  300. Arne has left
  301. Arne has joined
  302. jonas’ yes
  303. inky has left
  304. inky has joined
  305. Neustradamus has left
  306. Neustradamus has joined
  307. adiaholic has left
  308. adiaholic has joined
  309. APach has left
  310. APach has joined
  311. flow ahh ok, I think I figured out where I went wrong
  312. j.r has left
  313. j.r has joined
  314. APach has left
  315. APach has joined
  316. alex-a-soto has left
  317. alex-a-soto has joined
  318. govanify has left
  319. govanify has joined
  320. inky has left
  321. inky has joined
  322. DebXWoody has joined
  323. dwd flow, A CRL lists the signatures by an issuer that are no longer valid, in effect. An issuer *could* be a TA, but is more likely to be an intermediate cert.
  324. inky has left
  325. adiaholic has left
  326. inky has joined
  327. nyco has left
  328. Neustradamus has left
  329. Neustradamus has joined
  330. nyco has joined
  331. edhelas has joined
  332. govanify has left
  333. govanify has joined
  334. adiaholic has joined
  335. adiaholic has left
  336. adiaholic has joined
  337. inky has left
  338. Steve Kille has left
  339. edhelas has left
  340. Steve Kille has joined
  341. emus has left
  342. emus has joined
  343. lovetox has joined
  344. govanify has left
  345. govanify has joined
  346. Wojtek has joined
  347. winfried has left
  348. winfried has joined
  349. pasdesushi has joined
  350. winfried has left
  351. winfried has joined
  352. nad287 has left
  353. pasdesushi has left
  354. alex-a-soto has left
  355. lorddavidiii has joined
  356. alex-a-soto has joined
  357. miho has joined
  358. miho has left
  359. miho has joined
  360. Neustradamus has left
  361. Neustradamus has joined
  362. sonny has left
  363. sonny has joined
  364. Neustradamus has left
  365. miho has left
  366. nyco has left
  367. govanify has left
  368. govanify has joined
  369. sonny has left
  370. sonny has joined
  371. sonny has left
  372. sonny has joined
  373. Arne has left
  374. Arne has joined
  375. pasdesushi has joined
  376. pasdesushi has left
  377. pasdesushi has joined
  378. Neustradamus has joined
  379. pasdesushi has left
  380. pasdesushi has joined
  381. pasdesushi has left
  382. pasdesushi has joined
  383. pasdesushi has left
  384. pasdesushi has joined
  385. pasdesushi has left
  386. pasdesushi has joined
  387. adiaholic has left
  388. adiaholic has joined
  389. intosi has left
  390. lovetox has left
  391. miho has joined
  392. miho has left
  393. pasdesushi has left
  394. miho has joined
  395. miho has left
  396. edhelas has joined
  397. Nekit has left
  398. lorddavidiii has left
  399. calvin has joined
  400. nyco has joined
  401. sonny has left
  402. sonny has joined
  403. calvin has left
  404. calvin has joined
  405. Yagiza has left
  406. govanify has left
  407. govanify has joined
  408. lorddavidiii has joined
  409. calvin has left
  410. calvin has joined
  411. Calvin has joined
  412. ChronosX88 has left
  413. Calvin has left
  414. Calvin has joined
  415. intosi has joined
  416. pasdesushi has joined
  417. Calvin has left
  418. Calvin has joined
  419. calvin has left
  420. pasdesushi has left
  421. pasdesushi has joined
  422. Andrzej has left
  423. sonny has left
  424. sonny has joined
  425. pasdesushi has left
  426. pasdesushi has joined
  427. pasdesushi has left
  428. intosi has left
  429. nyco has left
  430. ChronosX88 has joined
  431. pasdesushi has joined
  432. nad287 has joined
  433. pasdesushi has left
  434. pasdesushi has joined
  435. inky has joined
  436. emus has left
  437. emus has joined
  438. pasdesushi has left
  439. pasdesushi has joined
  440. pasdesushi has left
  441. pasdesushi has joined
  442. serge90 has left
  443. edhelas has left
  444. edhelas has joined
  445. pasdesushi has left
  446. peetah has left
  447. peetah has joined
  448. intosi has joined
  449. Andrzej has joined
  450. pasdesushi has joined
  451. pasdesushi has left
  452. Andrzej has left
  453. Andrzej has joined
  454. nyco has joined
  455. winfried has left
  456. sonny has left
  457. sonny has joined
  458. winfried has joined
  459. sonny has left
  460. sonny has joined
  461. floretta has left
  462. Andrzej has left
  463. Andrzej has joined
  464. intosi has left
  465. nad287 has left
  466. edhelas has left
  467. nyco has left
  468. Arne has left
  469. nyco has joined
  470. Wojtek has left
  471. lorddavidiii has left
  472. nyco has left
  473. nyco has joined
  474. Nekit has joined
  475. nyco has left
  476. Arne has joined
  477. edhelas has joined
  478. Wojtek has joined
  479. intosi has joined
  480. lorddavidiii has joined
  481. goffi has left
  482. Lance has joined
  483. Lance has left
  484. lorddavidiii has left
  485. adiaholic has left
  486. Andrzej has left
  487. intosi has left
  488. govanify has left
  489. govanify has joined
  490. Andrzej has joined
  491. intosi has joined
  492. floretta has joined
  493. inky has left
  494. Andrzej has left
  495. Andrzej has joined
  496. intosi has left
  497. intosi has joined
  498. lorddavidiii has joined
  499. ChronosX88 has left
  500. ChronosX88 has joined
  501. inky has joined
  502. arc has joined
  503. Arne has left
  504. Mikaela has left
  505. intosi has left
  506. winfried has left
  507. winfried has joined
  508. nyco has joined
  509. alex-a-soto has left
  510. alex-a-soto has joined
  511. nyco has left
  512. j.r has left
  513. DebXWoody has left
  514. nyco has joined
  515. Arne has joined
  516. Andrzej has left
  517. winfried has left
  518. winfried has joined
  519. lovetox has joined
  520. j.r has joined
  521. alex-a-soto has left
  522. alex-a-soto has joined
  523. intosi has joined
  524. alex-a-soto has left
  525. alex-a-soto has joined
  526. floretta has left
  527. alex-a-soto has left
  528. alex-a-soto has joined
  529. Andrzej has joined
  530. alex-a-soto has left
  531. jcbrand has left
  532. andrey.g has joined
  533. Andrzej has left
  534. Andrzej has joined
  535. Tobias has left
  536. LNJ has left
  537. akkiko has joined
  538. akkiko has left
  539. intosi has left
  540. j.r has left
  541. lovetox has left
  542. Shell has joined
  543. neshtaxmpp has left
  544. pasdesushi has joined
  545. pasdesushi has left
  546. pasdesushi has joined
  547. pasdesushi has left
  548. pasdesushi has joined
  549. winfried has left
  550. winfried has joined
  551. pasdesushi has left
  552. Andrzej has left
  553. Andrzej has joined
  554. floretta has joined
  555. miho has joined
  556. miho has left
  557. j.r has joined
  558. nyco has left
  559. pasdesushi has joined
  560. pasdesushi has left
  561. pasdesushi has joined
  562. pasdesushi has left
  563. pasdesushi has joined
  564. nyco has joined
  565. intosi has joined
  566. pasdesushi has left
  567. demonstration has joined
  568. demonstration has left
  569. ChronosX88 has left
  570. pasdesushi has joined
  571. miho has joined
  572. miho has left
  573. Andrzej has left
  574. Andrzej has joined
  575. disgyze has joined
  576. debacle has left
  577. debacle has joined
  578. intosi has left
  579. pasdesushi has left
  580. pasdesushi has joined
  581. debacle has left
  582. pasdesushi has left