XSF Discussion - 2020-11-13

Zash, what versions of prosody announce muc#stable_id?

Daniel, looks like >= 0.10.1

ok cool thank. so i should be able to find one in the wild

!version mdosch.de

Ha, no HAL.

Should be possible to locate one or two .. :)

I've been contemplating https://letsencrypt.org/2020/11/06/own-two-feet.html and its impact on the XMPP ecosystem. I haven't yet looked at certificates being used on public servers, but I'd expect a fair number of them using LE. While browsers already (Firefox) or soon (Chrome) ship with their own bundle of root certs, making it viable to keep working on Android < 7.1, this probably doesn't hold for XMPP clients? Thoughts?

I seem to remember that Pidgin ships with its own bundle, so it's certainly possible.

> run a banner asking your Android users on older OSes to install Firefox Look, it's as easy as that!

ralphm: that's an important problem. However, I can imagine that most Android xmpp clients will support something like my https://github.com/ge0rg/MemorizingTrustManager if they predate the wide availability of LE

Because before LE, most small servers were running self signed or otherwise 'untrusted' certificates

Out of 578 s2s connections to this server, 526 seem to use LE

to+from, there'll be some dupes

Zash: aren't you blocking invalid certificates?

Looks like 90-95% Let's Encrypt ✏

Checked prosody.im too

Ge0rG, on my personal server, yes. Awkward for public MUC hosts where you might try to join to get help with your broken TLS settings or code or whatever.

Indeed. I'm also not blocking on yax.im, because who knows all the contacts of my users

That would be like mod_block_strangers on abuse contact addresses…

I once made the difficult decision to block all unencrypted s2s, which closed about 10% of my total s2s amounts.

That was like two or three years ago.

Blocking insecure certs would be a similarly difficult decision.

Sure, but in this case, we're not actually talking about insecure certs. Just that clients that use the set of root certs provided by the OS are going to have issues if those don't include the LE root cert. Which, according to this post, is around 33% of Android devices.

And I'm also not sure that it is a good idea for clients to do have their own, by the way. Deciding what certs are ok and which aren't, is hard. Mozilla has some good documentation on this.

Certpocalypse!

Sorry, may one break down the issue to me? I read the article and I understood that old android cannot handle their certs anymore with update, which then will also affect xmpp servers?

Least terrible is probably to pick an existing bundle, e.g. Mozillas.

Possibly a subset of it, if you're daring.

Conversations has an option to distrust the OS certs, but I'm not sure if the manual approval stuff also works if you have this disabled (the default).

Zash: well, only if you also correctly interpret the Trust Bits. I.e. their collections has certs to explicitly *not* trust.

emus: I'm not too worried about the server part, but rather clients not being able to verify the certs the server is offering.

emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1.

Starting in January

There are also other related problems, like older androids not supporting TLS 1.2 by default

TLS 1.2 is supported from Android 5 and up, no?

ralphm: supported from 4.1, enabled by default from 5

According the table in the blog post, there are only 5.9% of devices on Android <5, so I'm a bit less worried about that.

ralphm: how many android xmpp clients are there in the wild?

No idea, TBH

I only use one, and I know it'll gracefully degrade with certificates not signed by a trusted root. I'm sure there will be more significant actual compatibility problems.

Ge0rG: I hope you are right

Yeah, with Debian stable shipping with TLS < 1.2 disabled people should have noticed that by now.

TLS < 1.2 should have been obliterated by now.

Which is one of the reasons I still haven't upgraded my server from oldstable. I have many Russian users on old Android phones

Do you have stats how many percent use tls < 1.2?

I hope you understand that leaves them open to an increasing set of vulnerabilities, though.

you should add 1.3 as standard and below as possible Ge0rG

did you? ✏

TLS implementations generally pick the highest mutually supported version

I'm sure that'll go over nicely in Russia :-D

mh maybe it's in postfix or somewhere I've seen this Zash ✏

but no matter, 1.3 should always be added today

Arne: no, because oldstable doesn't do 1.3

but can't you upgrade and still allow below 1.2?

Yes

I suppose it should be possible to configure to support a superset of the oldstable ciphers

Some lines in a config file to poke

See prosody@

ralphm: I'm not sure how I'm leaving owners of old phones leaving open to vulnerabilities by not locking them out

in prosody it's an easy setting

Ge0rG: I understand the dilemma.

like this maybe: https://prosody.im/doc/advanced_ssl_config

Noooooooooooooooo

But if everything keeps compatibility for ancient and insecure stuff some won't ever update.

Also I hate to throw away working devices due to missing SW support, too. Such a waste of ressources…

Zash: This site is legit now. Otherwise it would still be red blinking text on yellow ground. :D

oh wait it's a wrong site?

mdosch: I'm not the patch police

Don't make me bring back Comic Sans

I understand. But do you want to keep stretch forever until the last russian Android is updated?

At least not in my leasure time 😁😁😁

Probably some self defense mechanism erased the memory.

Why can you do big red comic sans on the ssl page but not on the IBR page?

But I think I've got most of the accidentally IBR servers down by now. The spam I'm still seeing mostly comes from large public servers

> emus: i.e. if indeed 90+% of servers use Let's Encrypt, with any manual intervention, those will start serving up certificates signed by the new root (indirectly), without cross signing by a root cert that is in the OS trust store on Android devices < 7.1. Thanks for clarifying. As I see no other way I can help: Anything you want/should announce through the newsletter?

More acute cases of people shooting their entire security away from following random blogs that used that page as source.

emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root

actually I set it up pretty good this way

Zash: shouldn't that be incentive to make the page better? What is the default minimal version that ships with Prosody now?

ralphm, you mean replace the whole page with "the defaults are fine, no touchy" ? sure, that'd be an improvement

Is the default TLS 1.2+ ?

ralphm, still TLS 1.0+, but distros may make that stricter. Likely be changed to 1.0+ in the next major version.

1.2+ you mean?

Right, yes, 1.2+

There is also a difference between setting up a new server and upgrading an old one. You can get away with strict settings on a new box. People won't be able to register with their old clients.

I can't just lock out my users from one day to the other

> emus: users can't do much, server operators should add that "alternate" flag to their acme client. Client developers should bundle the new root But then I guess they may read the newsletter^^

But wait - to get it correctly: The problem are actually the user devices, which are more than outdated, right? So the issue is a general one and LE calls server maintainers to ask their users to upgrade (to another closed source device which will be outdated soon)?

Going forward this is less of a problem. The LE X1 root expires in 2035.

Also, how open the platform is doesn't say anything about its continued future updates.

> I can't just lock out my users from one day to the other

I mean if all the cellphone providers in the USA can why not you

Yup, providers are turning off 2G GSM here in Europe, too.

They just announced they are turning off 3g here, in January

But wait, but was my statement kinda correct?