XSF Discussion - 2020-12-18

Good news, ejabberd, the last big XMPP server has now all SCRAM: - https://www.process-one.net/blog/ejabberd-20-12/ - https://www.reddit.com/r/xmpp/comments/kewccb/ejabberd_2012_processone/

Must you spam this in every friggen channel?

Neustradamus, cool, now think of a good way to make use of that because migration is actually impossible.

I’m sure you thought about that before nagging every developer into spending time on implementing that.

Can someone suggest a font that has good Unicode coverage, that has a open source style license?

(oh and looks nice too 😉 )

Guus, the Noto family is nice imo

other than that, DejaVu (but only Sans or Mono, I don’t like the normal serif)

Thanks jonas’ - I was just looking at Noto

also check google fonts, lots of stuff there, need to check the license of course

Real announcement is important ;)

When I speak about your projects, no problem guys ;)

jonas’: Please note that I have already given the strategy to devs.

All clients and servers implement SCRAM-SHA-9999 today, problem solved.

Done. Solves a lot of other issues as well, my roster is now empty.

Oh and all users re-set their password, of course. Today evening.

https://social.uhoreg.ca/display/11447bcd-115f-dd01-012f-58e085780932 Apparently there are some MLS experiments happening over at the matrix

extremely early stages

Bad gateway it tells me :|

The server it's on is kind of terrible. Here's the image from the post: https://synapse.uhoreg.ca/_matrix/media/r0/download/uhoreg.ca/LgeHUUScConcPTMXcdKcobow

What's the state of MLS implementations? Are there libraries yet?

There are some in go I guess?

MLS itself isn't finalized, but it's around last-call stage. There are a few libraries in different languages (Rust, C++, TypeScript (the one I'm working on)). I don't think there has been any interoperability testing on the latest drafts yet.

Oh, there is one in Go too. https://github.com/mlswg/mls-implementations/blob/master/implementation_list.md is the list of implementations.

For Matrix, we won't be able to use MLS as-is, because it depends on a central server for the room, so we'll need to figure out how to modify it. But it might be doable for XMPP.

Long since I glanced at MLS, I was under the impression that PEP would be enough.

If not, and it requires storage attached to the room, then MIX should be able to do it.

Given https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture-05#section-1 says > intended to be embedded in a concrete protocol such as XMPP I'd assume it to be possible

I don't think it should require storage attached to rooms. It requires each user to publish a set of "init keys", which in Matrix we can use (almost) the same mechanism for one-time-keys in olm, and I believe OMEMO has something similar. It also requires some mechanism to make sure that handshake messages in the room don't collide.

Unless olm diverged waaaaaaay furher from axolotl than omemo, similar principles should apply.

What is MLS ?

The IETF's group end-to-end encryption standard

Is it close to Axolotl/omemo ?

I believe overall goals are not too far apart, tho I think MLS aims for better scalability

Okay. :)

https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture-05 might be of interest

Might even lead to E2E encryption across platforms some day.

so Moxie is planning to open Signal, implement the IETF standard and allow connection with other protocols ? 🤔

No, completely impossible for </> to interop with {""} !!!!111!eleventy

So long is it moves the ecosystem amirite

MLS could be done badly with PEP. It's fundamentally a multiparty key derivation protocol, so like OMEMO but with more than two parties involved.

(When I say badly, I mean like OMEMO is done now. Functional, but lots of ikky.)