XSF Discussion - 2020-11-13

  1. Daniel

    Zash, what versions of prosody announce muc#stable_id?

  2. Zash

    Daniel, looks like >= 0.10.1

  3. Daniel

    ok cool thank. so i should be able to find one in the wild

  4. mdosch

    !version mdosch.de

  5. mdosch

    Ha, no HAL.

  6. Zash

    Should be possible to locate one or two .. :)

  7. ralphm

    I've been contemplating https://letsencrypt.org/2020/11/06/own-two-feet.html and its impact on the XMPP ecosystem. I haven't yet looked at certificates being used on public servers, but I'd expect a fair number of them using LE. While browsers already (Firefox) or soon (Chrome) ship with their own bundle of root certs, making it viable to keep working on Android < 7.1, this probably doesn't hold for XMPP clients? Thoughts?

  8. Zash

    I seem to remember that Pidgin ships with its own bundle, so it's certainly possible.

  9. Ge0rG

    > run a banner asking your Android users on older OSes to install Firefox Look, it's as easy as that!

  10. Ge0rG

    ralphm: that's an important problem. However, I can imagine that most Android xmpp clients will support something like my https://github.com/ge0rg/MemorizingTrustManager if they predate the wide availability of LE

  11. Ge0rG

    Because before LE, most small servers were running self signed or otherwise 'untrusted' certificates

  12. Zash

    Out of 578 s2s connections to this server, 526 seem to use LE

  13. Zash

    to+from, there'll be some dupes

  14. Ge0rG

    Zash: aren't you blocking invalid certificates?

  15. Zash

    Looks like 90-95%

  16. Zash

    Looks like 90-95% Let's Encrypt

  17. Zash

    Checked prosody.im too

  18. Zash

    Ge0rG, on my personal server, yes. Awkward for public MUC hosts where you might try to join to get help with your broken TLS settings or code or whatever.

  19. Ge0rG

    Indeed. I'm also not blocking on yax.im, because who knows all the contacts of my users

  20. mdosch

    That would be like mod_block_strangers on abuse contact addresses…

  21. Link Mauve

    I once made the difficult decision to block all unencrypted s2s, which closed about 10% of my total s2s amounts.

  22. Link Mauve

    That was like two or three years ago.

  23. Link Mauve

    Blocking insecure certs would be a similarly difficult decision.

  24. ralphm

    Sure, but in this case, we're not actually talking about insecure certs. Just that clients that use the set of root certs provided by the OS are going to have issues if those don't include the LE root cert. Which, according to this post, is around 33% of Android devices.

  25. ralphm

    And I'm also not sure that it is a good idea for clients to do have their own, by the way. Deciding what certs are ok and which aren't, is hard. Mozilla has some good documentation on this.

  26. Zash


  27. emus

    Sorry, may one break down the issue to me? I read the article and I understood that old android cannot handle their certs anymore with update, which then will also affect xmpp servers?

  28. Zash

    Least terrible is probably to pick an existing bundle, e.g. Mozillas.

  29. Zash

    Possibly a subset of it, if you're daring.

  30. ralphm

    Conversations has an option to distrust the OS certs, but I'm not sure if the manual approval stuff also works if you have this disabled (the default).

  31. ralphm

    Zash: well, only if you also correctly interpret the Trust Bits. I.e. their collections has certs to explicitly *not* trust.

  32. ralphm

    emus: I'm not too worried about the server part, but rather clients not being able to verify the certs the server is offering.

  33. ralphm

    emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1.

  34. ralphm

    Starting in January

  35. Ge0rG

    There are also other related problems, like older androids not supporting TLS 1.2 by default

  36. ralphm

    TLS 1.2 is supported from Android 5 and up, no?

  37. Ge0rG

    ralphm: supported from 4.1, enabled by default from 5

  38. ralphm

    According the table in the blog post, there are only 5.9% of devices on Android <5, so I'm a bit less worried about that.

  39. Ge0rG

    ralphm: how many android xmpp clients are there in the wild?

  40. ralphm

    No idea, TBH

  41. Ge0rG

    I only use one, and I know it'll gracefully degrade with certificates not signed by a trusted root. I'm sure there will be more significant actual compatibility problems.

  42. ralphm

    Ge0rG: I hope you are right

  43. Zash

    Yeah, with Debian stable shipping with TLS < 1.2 disabled people should have noticed that by now.

  44. ralphm

    TLS < 1.2 should have been obliterated by now.

  45. Ge0rG

    Which is one of the reasons I still haven't upgraded my server from oldstable. I have many Russian users on old Android phones

  46. mdosch

    Do you have stats how many percent use tls < 1.2?

  47. ralphm

    I hope you understand that leaves them open to an increasing set of vulnerabilities, though.

  48. Arne

    you should add 1.3 as standard and below as possible Ge0rG

  49. Arne

    did you

  50. Arne

    did you?

  51. Zash

    TLS implementations generally pick the highest mutually supported version

  52. ralphm

    I'm sure that'll go over nicely in Russia :-D

  53. Arne

    mh maybe it's in postfix or somewhere I set this Zash

  54. Arne

    mh maybe it's in postfix or somewhere I've seen this Zash

  55. Arne

    but no matter, 1.3 should always be added today

  56. Ge0rG

    Arne: no, because oldstable doesn't do 1.3

  57. Arne

    but can't you upgrade and still allow below 1.2?

  58. Zash


  59. Ge0rG

    I suppose it should be possible to configure to support a superset of the oldstable ciphers

  60. Zash

    Some lines in a config file to poke

  61. mdosch

    See prosody@

  62. Ge0rG

    ralphm: I'm not sure how I'm leaving owners of old phones leaving open to vulnerabilities by not locking them out

  63. Arne

    in prosody it's an easy setting

  64. ralphm

    Ge0rG: I understand the dilemma.

  65. Arne

    like this maybe: https://prosody.im/doc/advanced_ssl_config

  66. Zash


  67. mdosch

    But if everything keeps compatibility for ancient and insecure stuff some won't ever update.

  68. mdosch

    Also I hate to throw away working devices due to missing SW support, too. Such a waste of ressources…

  69. mdosch

    Zash: This site is legit now. Otherwise it would still be red blinking text on yellow ground. :D

  70. Arne

    oh wait it's a wrong site?

  71. Ge0rG

    mdosch: I'm not the patch police

  72. Zash

    Don't make me bring back Comic Sans

  73. mdosch

    I understand. But do you want to keep stretch forever until the last russian Android is updated?

  74. mdosch forgot about comic sans on that site…

  75. Ge0rG

    At least not in my leasure time 😁😁😁

  76. mdosch

    Probably some self defense mechanism erased the memory.

  77. Ge0rG

    Why can you do big red comic sans on the ssl page but not on the IBR page?

  78. Ge0rG

    But I think I've got most of the accidentally IBR servers down by now. The spam I'm still seeing mostly comes from large public servers

  79. emus

    > emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1. Thanks for clarifying. As I see no other way I can help: Anything you want/should announce through the newsletter?

  80. Zash

    More acute cases of people shooting their entire security away from following random blogs that used that page as source.

  81. Ge0rG

    emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root

  82. Arne

    actually I set it up pretty good this way

  83. ralphm

    Zash: shouldn't that be incentive to make the page better? What is the default minimal version that ships with Prosody now?

  84. Zash

    ralphm, you mean replace the whole page with "the defaults are fine, no touchy" ? sure, that'd be an improvement

  85. ralphm

    Is the default TLS 1.2+ ?

  86. Zash

    ralphm, still TLS 1.0+, but distros may make that stricter. Likely be changed to 1.0+ in the next major version.

  87. mdosch

    1.2+ you mean?

  88. Zash

    Right, yes, 1.2+

  89. Ge0rG

    There is also a difference between setting up a new server and upgrading an old one. You can get away with strict settings on a new box. People won't be able to register with their old clients.

  90. Ge0rG

    I can't just lock out my users from one day to the other

  91. emus

    > emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root But then I guess they may read the newsletter^^

  92. emus

    But wait - to get it correctly: The problem are actually the user devices, which are more than outdated, right? So the issue is a general one and LE calls server maintainers to ask their users to upgrade (to another closed source device which will be outdated soon)?

  93. ralphm

    Going forward this is less of a problem. The LE X1 root expires in 2035.

  94. ralphm

    Also, how open the platform is doesn't say anything about its continued future updates.

  95. moparisthebest

    > I can't just lock out my users from one day to the other

  96. moparisthebest

    I mean if all the cellphone providers in the USA can why not you

  97. ralphm

    Yup, providers are turning off 2G GSM here in Europe, too.

  98. moparisthebest

    They just announced they are turning off 3g here, in January

  99. emus

    But wait, but was my statement kinda correct?