-
emus
Hello everyone, mid of month again - just reminding you to drop your project news to the last XMPP newsletter release in this year! (Publish on 8th of December!) 📡 You can create a pull request or place a comment here: https://github.com/xsf/xmpp.org/pull/830 Looking forward!
-
Ge0rG
emus: did you write something down for the LEcalypse?
-
emus
Ge0rG: Nope, no sufficient understanding, but PR is welcome
-
Ge0rG
-ENOTIME
-
emus
what?
-
Ge0rG
emus: Error, insufficient time
-
emus
ok
-
emus
I mean, I dont expect something long. If one can summarise the cirumstance in 1-3 sentences that is enough
-
Ge0rG
emus: if I write you a paragraph of markdown here in the room, would you integrate it?
-
emus
Ge0rG: yes
-
Ge0rG
emus: cool!
-
emus
just write it, not formatting
-
Ge0rG
Let's Encrypt announced to [switch away from their Root CA certificate cross-signed by IdenTrust](https://letsencrypt.org/2020/11/06/own-two-feet.html). This means that old client devices (especially the roughly one third of Android phones running Android 7.0 and older) will consider Let's Encrypt certificates issued after January 11th 2021 as untrustworthy. This problem will not go away, as the IdenTrust cross-signed certificate will expire in September, but there are some possible mitigations: - For users: it is possible, but not very straight-forward to [add the new Root CA certificate to the system trust store](https://stackoverflow.com/a/22040887/) - Client developers can bundle the new [ISG Root X1](https://letsencrypt.org/certificates/) certificate with the app, or implement a manual CA approval mechanism like [MemorizingTrustManager](https://github.com/ge0rg/MemorizingTrustManager) - Server operators can use the ["alternate" option](https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516) between January and September to obtain certificates signed by the old IdenTrust-based root.
-
Ge0rG
emus: ^
-
emus
Ge0rG: Thank you very much
-
Ge0rG
emus: at your service :)
-
jonas’
oh wow
-
jonas’
that is .. indeed an apocalypse
-
MattJ
The question to me is, can we identify affected clients somehow?
-
jonas’
before or after the fallout?
-
Shell
the main issue is very old Android devices, and clients which use the system certificate store (i.e. pretty much all of them).
-
jonas’
Shell, Android 7.0 is not very old in my book.
-
Ge0rG
I still think that most Android clients will have some sort of manual certificate approval built in from the times before LE
-
Ge0rG
Because most people had rotten SSL certs before LE came
-
Ge0rG
So you weren't even able to log in into most self-host servers from a normal Android app
-
Ge0rG
But maybe my view is skewed because I'm the developer of the only Android client that survived over a decade.
-
jonas’
I’m afraid that might be the case
-
jonas’
except for Xabber
-
Ge0rG
https://github.com/redsolution/xabber-android/blob/cdf34f44b42f2b9d4de027e06086afbab4a8a0b4/xabber/src/main/java/com/xabber/xmpp/smack/XMPPTCPConnection.java#L775 looks like it supports something in that direction, but no idea where the config class is implemented
-
Ge0rG
oh, it's smack's
-
Ge0rG
jonas’: looks like you are right, Xabber will fail.
-
Ge0rG
oh wait. https://github.com/redsolution/xabber-android/blob/cdf34f44b42f2b9d4de027e06086afbab4a8a0b4/xabber/src/main/java/com/xabber/android/data/connection/ConnectionBuilder.java#L57-L63
-
Ge0rG
TIL github search won't search for substrings
-
Ge0rG
Conversations also comes with some sort of MTM.
-
Ge0rG
Are there any other relevant Android clients?
-
Holger
Alex (et al.): Is Memberbot supposed to talk to me (holger@jabber.fu-berlin.de) right now?
-
Holger
Alex: It worked right after you added(?) my JID a few days ago, but seems it does no longer.
-
Alex
Holger: will check in some minutes when I get back to my office
-
Holger
Thanks (no hurries!).
-
Alex
looks like memberbot terminated. Should be up and running again now
-
Holger
Yes, thank you!
-
emus
Ge0rG: the expire im September... 2021 ?✎ -
emus
Ge0rG: the expire in September... 2021 ? ✏
-
emus
comments welcome: https://github.com/xsf/xmpp.org/pull/836
-
Ge0rG
emus: yes, from the le article