XSF Discussion - 2020-12-18


  1. Neustradamus

    Good news, ejabberd, the last big XMPP server has now all SCRAM: - https://www.process-one.net/blog/ejabberd-20-12/ - https://www.reddit.com/r/xmpp/comments/kewccb/ejabberd_2012_processone/

  2. Zash

    Must you spam this in every friggen channel?

  3. jonas’

    Neustradamus, cool, now think of a good way to make use of that because migration is actually impossible.

  4. jonas’

    I’m sure you thought about that before nagging every developer into spending time on implementing that.

  5. Guus

    Can someone suggest a font that has good Unicode coverage, that has a open source style license?

  6. Guus

    (oh and looks nice too 😉 )

  7. jonas’

    Guus, the Noto family is nice imo

  8. jonas’

    other than that, DejaVu (but only Sans or Mono, I don’t like the normal serif)

  9. Guus

    Thanks jonas’ - I was just looking at Noto

  10. jonas’

    also check google fonts, lots of stuff there, need to check the license of course

  11. Neustradamus

    Real announcement is important ;)

  12. Neustradamus

    When I speak about your projects, no problem guys ;)

  13. Neustradamus

    jonas’: Please note that I have already given the strategy to devs.

  14. Holger

    All clients and servers implement SCRAM-SHA-9999 today, problem solved.

  15. intosi

    Done. Solves a lot of other issues as well, my roster is now empty.

  16. Holger

    Oh and all users re-set their password, of course. Today evening.

  17. vanitasvitae

    https://social.uhoreg.ca/display/11447bcd-115f-dd01-012f-58e085780932 Apparently there are some MLS experiments happening over at the matrix

  18. uhoreg

    extremely early stages

  19. Zash

    Bad gateway it tells me :|

  20. uhoreg

    The server it's on is kind of terrible. Here's the image from the post: https://synapse.uhoreg.ca/_matrix/media/r0/download/uhoreg.ca/LgeHUUScConcPTMXcdKcobow

  21. Zash

    What's the state of MLS implementations? Are there libraries yet?

  22. vanitasvitae

    There are some in go I guess?

  23. uhoreg

    MLS itself isn't finalized, but it's around last-call stage. There are a few libraries in different languages (Rust, C++, TypeScript (the one I'm working on)). I don't think there has been any interoperability testing on the latest drafts yet.

  24. uhoreg

    Oh, there is one in Go too. https://github.com/mlswg/mls-implementations/blob/master/implementation_list.md is the list of implementations.

  25. uhoreg

    For Matrix, we won't be able to use MLS as-is, because it depends on a central server for the room, so we'll need to figure out how to modify it. But it might be doable for XMPP.

  26. Zash

    Long since I glanced at MLS, I was under the impression that PEP would be enough.

  27. Zash

    If not, and it requires storage attached to the room, then MIX should be able to do it.

  28. Zash

    Given https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture-05#section-1 says > intended to be embedded in a concrete protocol such as XMPP I'd assume it to be possible

  29. uhoreg

    I don't think it should require storage attached to rooms. It requires each user to publish a set of "init keys", which in Matrix we can use (almost) the same mechanism for one-time-keys in olm, and I believe OMEMO has something similar. It also requires some mechanism to make sure that handshake messages in the room don't collide.

  30. Zash

    Unless olm diverged waaaaaaay furher from axolotl than omemo, similar principles should apply.

  31. edhelas

    What is MLS ?

  32. MattJ

    The IETF's group end-to-end encryption standard

  33. edhelas

    Is it close to Axolotl/omemo ?

  34. Zash

    I believe overall goals are not too far apart, tho I think MLS aims for better scalability

  35. edhelas

    Okay. :)

  36. Zash

    https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture-05 might be of interest

  37. deuill

    Might even lead to E2E encryption across platforms some day.

  38. edhelas

    so Moxie is planning to open Signal, implement the IETF standard and allow connection with other protocols ? 🤔

  39. Zash

    No, completely impossible for </> to interop with {""} !!!!111!eleventy

  40. deuill

    So long is it moves the ecosystem amirite

  41. dwd

    MLS could be done badly with PEP. It's fundamentally a multiparty key derivation protocol, so like OMEMO but with more than two parties involved.

  42. dwd

    (When I say badly, I mean like OMEMO is done now. Functional, but lots of ikky.)