XSF Discussion - 2021-05-13

  1. larma has left

  2. larma has joined

  3. karoshi has left

  4. alexbay218 has joined

  5. alameyo has joined

  6. emus has left

  7. emus has joined

  8. BASSGOD has left

  9. BASSGOD has joined

  10. Syndace has left

  11. Syndace has joined

  12. Kev has left

  13. Kev has joined

  14. pjn has joined

  15. debacle has left

  16. Syndace has left

  17. Syndace has joined

  18. BASSGOD has left

  19. Syndace has left

  20. Syndace has joined

  21. Adi has left

  22. BASSGOD has joined

  23. BASSGOD has left

  24. Adi has joined

  25. BASSGOD has joined

  26. Adi has left

  27. Syndace has left

  28. Syndace has joined

  29. Adi has joined

  30. stp has joined

  31. emus has left

  32. stp has left

  33. meetpal_sangra has joined

  34. Syndace has left

  35. Syndace has joined

  36. govanify has left

  37. govanify has joined

  38. andrey.g has left

  39. pjn has left

  40. alameyo has left

  41. alameyo has joined

  42. millesimus has left

  43. Kev has left

  44. Kev has joined

  45. pjn has joined

  46. millesimus has joined

  47. Yagiza has joined

  48. Adi has left

  49. Adi has joined

  50. alacer has joined

  51. arcxi has left

  52. Kev has left

  53. Kev has joined

  54. chronosx88 has left

  55. alacer has left

  56. govanify has left

  57. govanify has joined

  58. lorddavidiii has joined

  59. alacer has joined

  60. alacer has left

  61. mukt2 has joined

  62. ti_gj06 has joined

  63. peetah has left

  64. peetah has joined

  65. mukt2 has left

  66. andy has joined

  67. mukt2 has joined

  68. winfried has left

  69. winfried has joined

  70. paul has joined

  71. govanify has left

  72. govanify has joined

  73. bean has joined

  74. chronosx88 has joined

  75. alameyo has left

  76. alameyo has joined

  77. Seve has left

  78. meetpal_sangra has left

  79. meetpal_sangra has joined

  80. Tobias has joined

  81. mukt2 has left

  82. Seve has joined

  83. mukt2 has joined

  84. BASSGOD has left

  85. BASSGOD has joined

  86. Kev has left

  87. Kev has joined

  88. Seve has left

  89. chronosx88 has left

  90. chronosx88 has joined

  91. chronosx88 has left

  92. chronosx88 has joined

  93. chronosx88 has left

  94. chronosx88 has joined

  95. chronosx88 has left

  96. chronosx88 has joined

  97. mukt2 has left

  98. mukt2 has joined

  99. wurstsalat has left

  100. Seve has joined

  101. govanify has left

  102. govanify has joined

  103. floretta has left

  104. werdan has joined

  105. chronosx88 has left

  106. chronosx88 has joined

  107. werdan has left

  108. chronosx88 has left

  109. chronosx88 has joined

  110. croax has joined

  111. paul has left

  112. chronosx88 has left

  113. chronosx88 has joined

  114. alexbay218 has left

  115. chronosx88 has left

  116. chronosx88 has joined

  117. chronosx88 has left

  118. chronosx88 has joined

  119. chronosx88 has left

  120. chronosx88 has joined

  121. BASSGOD has left

  122. yushyin has left

  123. bean has left

  124. chronosx88 has left

  125. chronosx88 has joined

  126. Daniel has left

  127. Daniel has joined

  128. chronosx88 has left

  129. chronosx88 has joined

  130. LNJ has joined

  131. chronosx88 has left

  132. chronosx88 has joined

  133. chronosx88 has left

  134. chronosx88 has joined

  135. BASSGOD has joined

  136. chronosx88 has left

  137. chronosx88 has joined

  138. yushyin has joined

  139. Sam has left

  140. chronosx88 has left

  141. chronosx88 has joined

  142. mukt2 has left

  143. paul has joined

  144. mukt2 has joined

  145. BASSGOD has left

  146. chronosx88 has left

  147. chronosx88 has joined

  148. Sam has joined

  149. chronosx88 has left

  150. chronosx88 has joined

  151. wurstsalat has joined

  152. chronosx88 has left

  153. chronosx88 has joined

  154. alameyo has left

  155. Andrzej has joined

  156. peetah has left

  157. chronosx88 has left

  158. chronosx88 has joined

  159. BASSGOD has joined

  160. marc0s has left

  161. marc0s has joined

  162. arc has joined

  163. BASSGOD has left

  164. chronosx88 has left

  165. chronosx88 has joined

  166. chronosx88 has left

  167. chronosx88 has joined

  168. arc has left

  169. arc has joined

  170. arc has left

  171. arc has joined

  172. BASSGOD has joined

  173. chronosx88 has left

  174. chronosx88 has joined

  175. karoshi has joined

  176. Andrzej has left

  177. Andrzej has joined

  178. chronosx88 has left

  179. chronosx88 has joined

  180. chronosx88 has left

  181. chronosx88 has joined

  182. arc has left

  183. arc has joined

  184. arc has left

  185. arc has joined

  186. chronosx88 has left

  187. chronosx88 has joined

  188. Freddy has left

  189. Freddy has joined

  190. BASSGOD has left

  191. chronosx88 has left

  192. chronosx88 has joined

  193. BASSGOD has joined

  194. goffi has joined

  195. chronosx88 has left

  196. chronosx88 has joined

  197. chronosx88 has left

  198. chronosx88 has joined

  199. ti_gj06 has left

  200. chronosx88 has left

  201. chronosx88 has joined

  202. chronosx88 has left

  203. chronosx88 has joined

  204. peetah has joined

  205. Daniel has left

  206. Daniel has joined

  207. bean has joined

  208. Steve Kille has left

  209. nyco has joined

  210. Andrzej has left

  211. Andrzej has joined

  212. Andrzej has left

  213. Andrzej has joined

  214. BASSGOD has left

  215. nyco has left

  216. BASSGOD has joined

  217. xecks has joined

  218. stp has joined

  219. Andrzej has left

  220. alameyo has joined

  221. peetah has left

  222. alameyo has left

  223. Kev_ has joined

  224. Kev_ has left

  225. Kev__ has joined

  226. Kev__ has left

  227. govanify has left

  228. govanify has joined

  229. peetah has joined

  230. sebastian has left

  231. sebastian has joined

  232. debacle has joined

  233. arcxi has joined

  234. karoshi has left

  235. karoshi has joined

  236. arc has left

  237. arc has joined

  238. arc has left

  239. arc has joined

  240. stp has left

  241. BASSGOD has left

  242. BASSGOD has joined

  243. emus has joined

  244. ti_gj06 has joined

  245. peetah has left

  246. Daniel has left

  247. Daniel has joined

  248. chronosx88 has left

  249. chronosx88 has joined

  250. arc has left

  251. arc has joined

  252. chronosx88 has left

  253. chronosx88 has joined

  254. arc has left

  255. arc has joined

  256. x51 has joined

  257. alameyo has joined

  258. Daniel has left

  259. Daniel has joined

  260. chronosx88 has left

  261. chronosx88 has joined

  262. krauq has left

  263. alameyo has left

  264. krauq has joined

  265. lovetox has left

  266. BASSGOD has left

  267. chronosx88 has left

  268. chronosx88 has joined

  269. Steve Kille has joined

  270. chronosx88 has left

  271. chronosx88 has joined

  272. arc has left

  273. arc has joined

  274. arc has left

  275. Wojtek has joined

  276. arc has joined

  277. bean has left

  278. chronosx88 has left

  279. chronosx88 has joined

  280. BASSGOD has joined

  281. lovetox has joined

  282. chronosx88 has left

  283. chronosx88 has joined

  284. chronosx88 has left

  285. chronosx88 has joined

  286. chronosx88 has left

  287. chronosx88 has joined

  288. mukt2 has left

  289. chronosx88 has left

  290. chronosx88 has joined

  291. Alex has left

  292. Alex has joined

  293. ti_gj06 has left

  294. chronosx88 has left

  295. chronosx88 has joined

  296. Wojtek has left

  297. Wojtek has joined

  298. mathijs has left

  299. mathijs has joined

  300. Guus has joined

  301. Andrzej has joined

  302. Guus has left

  303. chronosx88 has left

  304. arc has left

  305. chronosx88 has joined

  306. arc has joined

  307. chronosx88 has left

  308. papatutuwawa has joined

  309. chronosx88 has joined

  310. millesimus has left

  311. mukt2 has joined

  312. Andrzej has left

  313. Andrzej has joined

  314. mathijs has left

  315. mathijs has joined

  316. stp has joined

  317. mdosch has left

  318. mdosch has joined

  319. mukt2 has left

  320. Kev has left

  321. Kev has joined

  322. ti_gj06 has joined

  323. Kev has left

  324. Kev has joined

  325. mukt2 has joined

  326. mdosch has left

  327. mdosch has joined

  328. chronosx88 has left

  329. chronosx88 has joined

  330. ti_gj06 has left

  331. BASSGOD has left

  332. Freddy has left

  333. BASSGOD has joined

  334. Freddy has joined

  335. Kev_ has joined

  336. Kev_ has left

  337. Kev_ has joined

  338. Kev_ has left

  339. BASSGOD has left

  340. serge90 has joined

  341. floretta has joined

  342. BASSGOD has joined

  343. Daniel has left

  344. Andrzej has left

  345. Andrzej has joined

  346. papatutuwawa has left

  347. mathijs has left

  348. govanify has left

  349. govanify has joined

  350. Andrzej has left

  351. Guus has joined

  352. BASSGOD has left

  353. eta has left

  354. APach has left

  355. eta has joined

  356. mukt2 has left

  357. Guus has left

  358. BASSGOD has joined

  359. Andrzej has joined

  360. mukt2 has joined

  361. BASSGOD has left

  362. BASSGOD has joined

  363. BASSGOD has left

  364. Andrzej has left

  365. Daniel has joined

  366. chronosx88 has left

  367. chronosx88 has joined

  368. BASSGOD has joined

  369. chronosx88 has left

  370. chronosx88 has joined

  371. chronosx88 has left

  372. chronosx88 has joined

  373. mukt2 has left

  374. govanify has left

  375. govanify has joined

  376. mathijs has joined

  377. papatutuwawa has joined

  378. BASSGOD has left

  379. BASSGOD has joined

  380. millesimus has joined

  381. mukt2 has joined

  382. Andrzej has joined

  383. BASSGOD has left

  384. BASSGOD has joined

  385. arc has left

  386. arc has joined

  387. arc has left

  388. arc has joined

  389. debacle has left

  390. Andrzej has left

  391. mukt2 has left

  392. pjn has left

  393. chronosx88 has left

  394. chronosx88 has joined

  395. moparisthebest has left

  396. moparisthebest has joined

  397. eta has left

  398. eta has joined

  399. arc has left

  400. arc has joined

  401. eta has left

  402. eta has joined

  403. lovetox has left

  404. mukt2 has joined

  405. karoshi has left

  406. papatutuwawa has left

  407. papatutuwawa has joined

  408. arc has left

  409. arc has joined

  410. andy has left

  411. papatutuwawa has left

  412. papatutuwawa has joined

  413. lovetox has joined

  414. arc has left

  415. arc has joined

  416. Andrzej has joined

  417. pjn has joined

  418. mukt2 has left

  419. karoshi has joined

  420. Steve Kille has left

  421. Kev has left

  422. Kev has joined

  423. Kev has left

  424. Kev has joined

  425. chronosx88 has left

  426. chronosx88 has joined

  427. BASSGOD has left

  428. millesimus has left

  429. BASSGOD has joined

  430. alameyo has joined

  431. arc has left

  432. arc has joined

  433. Wojtek has left

  434. Wojtek has joined

  435. mathieui has left

  436. mathieui has joined

  437. Andrzej has left

  438. Andrzej has joined

  439. chronosx88 has left

  440. chronosx88 has joined

  441. papatutuwawa has left

  442. andy has joined

  443. millesimus has joined

  444. alameyo has left

  445. Steve Kille has joined

  446. arc

    Almost board meeting time

  447. millesimus has left

  448. mukt2 has joined

  449. millesimus has joined

  450. arc

    Who is here?

  451. MattJ


  452. arc

    Okay so we technically have quorum

  453. arc

    We really need to move beyond having half the board every week

  454. millesimus has left

  455. millesimus has joined

  456. werdan has joined

  457. arc


  458. MattJ

    I'll send an email about some stuff, and this

  459. sebastian has left

  460. sebastian has joined

  461. arc

    Thanks. If we need to move to monthly, longer meetings so be it. Its just frustrating to set time aside every week and most of the time we don't have attendance

  462. dwd

    Ooops. I am here, too, just distracted by Something Interesting I FOund On The Internet.

  463. arc

    Ok so, agenda?

  464. dwd

    Agenda, I cannot help with. But:

  465. chronosx88 has left

  466. chronosx88 has joined

  467. arc

    Fiscal sponsorship update.. CoC..

  468. dwd

    * Financial Host stuff: I think we're waiting on Peter, though Sam has been pushing forward with draft policies etc.

  469. MattJ

    There is a pending PR for review

  470. dwd

    * CoC: I'm just coming to the end of my notice period, which has been pretty disruptive (and the job hunting bit beofrehand), so will get back onto this and the associated Provacy Policy I think we should have.

  471. MattJ

    I'd also like to work out what the next steps are on the CoC stuff

  472. MattJ


  473. MattJ


  474. dwd

    On a personal note, I will be changing employer at the end of the month. As part of this change, I'm dropping to 4 days a week, and I'm aiming to generally use that "extra" day for XSF and OSS stuff.

  475. MattJ

    Congratulations :)

  476. arc


  477. Kev has left

  478. arc

    Ok, aob?

  479. Kev has joined

  480. dwd

    No, though I do have some thoughts/research on CoC I'd like to discuss.

  481. MattJ

    I think that was everything

  482. ti_gj06 has joined

  483. arc

    Go ahead

  484. dwd

    Primarily, we previously talked about a CoC based aorund positive behaviour we wanted to see. However, the research I've managed to do so far actually recommends against this.

  485. dwd

    This is somewhat to my surprise, to be honest.

  486. Andrzej has left

  487. arc

    Why is that?

  488. dwd

    The argument is that it is easier for a bad actor to claim their behaviour is, for exampe, respectful ("But they're just deliberately taking it badly") than to argue it is not, for example, an ad-hominem attack.

  489. Kev has left

  490. Kev has joined

  491. arc

    I totally get that. But do we really want to be in a position to parent bad actors?

  492. dwd


  493. pjn has left

  494. dwd

    I'm merely saying that Codes of Conduct seem a lot more complicated than i'd hoped, and opnions seem generally divided on how to write them.

  495. arc


  496. BASSGOD has left

  497. dwd

    Anyway, it seems that any code of conduct we put in place is very likely to upset a bunch of people, and not only the people whose behaviour would be affected by a CoC.

  498. MattJ

    I've seen advocates of both styles. I can't claim to know the best option - I would personally prefer a positive-leading one, but I understand the concerns with that. My concern with a list of bad behaviours is that there is a potentially infinite list of such behaviours.

  499. dwd

    That's not to say we shouldn't put in place a CoC, but we need to manage the entire process carefully.

  500. arc has left

  501. arc has joined

  502. MattJ

    https://www.contributor-covenant.org/ (originally posted by Sam) seemed good to me at a first glance, it struck me as a decent balance of both

  503. dwd

    Yes, but it's been a focus of political ire as well. Broadly adopted as-is by the Linux kernel community, and that met with quite some resistance.

  504. dwd

    There's also the Debian one, which seems to have been mostly controversy-free, but might not have been as effective as people would have liked.

  505. BASSGOD has joined

  506. MattJ

    The Debian one controversy-free? :)

  507. Steve Kille has left

  508. dwd

    Anyway, I'm broadly leaning toward something like the FLOSSUK one - https://www.flossuk.org/about/code-of-conduct/- that seems to state aims in terms of positive behaviours, and then gives a non-exhuatsive list of bad behaviour.

  509. MattJ

    Not from the mailing lists I'm on

  510. Steve Kille has joined

  511. Steve Kille has left

  512. Steve Kille has joined

  513. MattJ

    I've yet to see a CoC adopted at any org without controversy

  514. meetpal_sangra has left

  515. MattJ

    But you know, we can be the first :)

  516. dwd

    MattJ, We can hope.

  517. arc has left

  518. arc has joined

  519. arc has left

  520. arc has joined

  521. arc has left

  522. arc has joined

  523. arc

    Sounds like we have reached the end of the meeting?

  524. Kev has left

  525. Kev has joined

  526. dwd

    Yes, sorry. Kind of rambling on a bit.

  527. arc

    These are important conversations

  528. arc

    But it sounds like we've come to a close so

  529. arc


  530. dwd

    Sounds good.

  531. pjn has joined

  532. arc

    Things the virtual gavel

  533. arc


  534. Kev has left

  535. Kev has joined

  536. arc

    I have been driving so I'm on voice and put

  537. meetpal_sangra has joined

  538. govanify has left

  539. govanify has joined

  540. govanify has left

  541. govanify has joined

  542. Kev has left

  543. papatutuwawa has joined

  544. Kev has joined

  545. arc


  546. arc

    I also serve on the board of the neighborhood community garden which meets every week at 10:00 a.m.! 😅

  547. BASSGOD has left

  548. govanify has left

  549. govanify has joined

  550. govanify has left

  551. govanify has joined

  552. arc

    Meetings here are far less exciting than XSF board meetings. I'm the youngest member of this board by about 20 years

  553. govanify has left

  554. govanify has joined

  555. BASSGOD has joined

  556. govanify has left

  557. govanify has joined

  558. govanify has left

  559. govanify has joined

  560. arc has left

  561. arc has joined

  562. govanify has left

  563. govanify has joined

  564. govanify has left

  565. govanify has joined

  566. wladmis has left

  567. pjn has left

  568. andrey.g has joined

  569. govanify has left

  570. govanify has joined

  571. pjn has joined

  572. meetpal_sangra has left

  573. Wojtek has left

  574. govanify has left

  575. govanify has joined

  576. debacle has joined

  577. govanify has left

  578. govanify has joined

  579. meetpal_sangra has joined

  580. wladmis has joined

  581. marc0s has left

  582. marc0s has joined

  583. govanify has left

  584. govanify has joined

  585. govanify has left

  586. govanify has joined

  587. govanify has left

  588. govanify has joined

  589. Yagiza has left

  590. wladmis has left

  591. Andrzej has joined

  592. moparisthebest

    so I accidentally discovered a DNS-only DOS against ejabberd, but also, my guess is, most other XMPP servers

  593. Yagiza has joined

  594. moparisthebest

    so here's the question, on outgoing S2S, if you don't *receive* anything over the connection, how can you be sure you are connected to what you should be ?

  595. xutaxkamay has left

  596. xutaxkamay has joined

  597. moparisthebest

    do you... try to receive data on the connection and if you receive anything at all, abort it and move onto the next SRV record ? or what ?

  598. moparisthebest

    how do you avoid the case where someone who only controls your DNS, or someone who only controls a route between you and 1 of the SRV records, can entirely block your ability to connect to the remote domain ?

  599. MattJ

    Mmm, that's not really preventable, is it? :)

  600. MattJ

    If they control it they can drop DNS/SYN

  601. moparisthebest

    yea possibly DNS isn't able to be worked around, what about the second case though ?

  602. moparisthebest

    you have 2 SRV targets in different locations, an attacker who controls only the route to the lowest priority one shouldn't be able to prevent you from falling back to the second, right ?

  603. BASSGOD has left

  604. arc has left

  605. arc has joined

  606. karoshi has left

  607. arc has left

  608. arc has joined

  609. moparisthebest

    right now, with ejabberd, and I suspect most other servers, if you redirect the first to an HTTPS server for instance, the second is never attempted

  610. moparisthebest

    (I accidentally broke all incoming federation from ejabberd servers to mine this way :))

  611. karoshi has joined

  612. pjn has left

  613. pjn has joined

  614. moparisthebest

    c2s doesn't suffer from this problem because it's bi-directional

  615. govanify has left

  616. govanify has joined

  617. Kev

    But C2S does suffer the same problem.

  618. Kev

    If you can drop someone’s connections, you can drop someone’s connections.

  619. BASSGOD has joined

  620. Kev

    Or I’ve not understood properly.

  621. moparisthebest

    dropping is easy, you can fallback to the next SRV record

  622. Kev

    When, though?

  623. moparisthebest

    and if you've validated the TLS properly, and get valid XMPP, you are connected to a c2s port

  624. Kev

    If you connect and authenticate to the server ok, and then it drops, you shouldn’t drop back to the other SRV should yoU?

  625. moparisthebest

    how do you determine if you've connected to a valid s2s port though

  626. Kev

    It doesn’t matter, does it?

  627. Kev

    If your transit is malicious, it will allow enough through to cause you to authenticate, and then terminate.

  628. Kev

    (Which is much easier with C2S than S2S, because of rountrip counting)

  629. Kev

    And because you had a live connection, you won’t fallback.

  630. Kev

    So even “If I didn’t manage to authenticate, fallback” doesn’t save you there.

  631. moparisthebest

    what's the point of SRV records if having the first one misbehave blocks you from trying the rest ?

  632. Kev

    What does ‘misbehave’ mean though?

  633. govanify has left

  634. govanify has joined

  635. moparisthebest

    so maybe it needs some consideration in c2s too "if the connection is "too flakey" (todo: define "too flakey") fallback"

  636. moparisthebest

    misbehave as in anything someone not in control of the TLS certificate can do

  637. Kev

    Flakiness protection is horrible, but it’s what you’d need here, yes.

  638. Kev

    (And the same for S2S)

  639. arc has left

  640. arc has joined

  641. govanify has left

  642. govanify has joined

  643. Kev

    We actually do have protection against this sort of thing for our X2X support, but less so for S2S.

  644. Kev

    (Because, as you noted, bidirectional)

  645. moparisthebest

    so what's a start for defense against this in S2S? only what I mentioned? > try to receive data on the connection and if you receive anything at all, abort it and move onto the next SRV record ?

  646. Kev

    afk sorry

  647. moparisthebest

    I guess that brings back my question from the other day, do any XMPP servers in the wild ever send anything over normal (non-bidi) incoming S2S connections ?

  648. BASSGOD has left

  649. BASSGOD has joined

  650. ti_gj06 has left

  651. Andrzej has left

  652. arc has left

  653. arc has joined

  654. arc has left

  655. arc has joined

  656. MattJ

    Except for stream header, stream errors, stream close, and potentially 198 or whitespace... no?

  657. ti_gj06 has joined

  658. chronosx88 has left

  659. chronosx88 has joined

  660. ti_gj06 has left

  661. mukt2 has left

  662. marc0s has left

  663. marc0s has joined

  664. marc0s has left

  665. marc0s has joined

  666. govanify has left

  667. govanify has joined

  668. govanify has left

  669. govanify has joined

  670. Kev

    Matt - I saw you removed dwd from Prosody, was that just getting rid of dialback stuff, or you found security issues, or …?

  671. Kev

    (Or did I misread the release notes)

  672. Zash

    Only the part that's mostly equivalent to SASL EXTERNAL

  673. Kev

    Hmm. Is it?

  674. dwd

    I kept calling it LUA.

  675. Zash

    Kev: It had a security issue, but we opted to remove it. We don't have any test coverage and poor confidence in it working correctly.

  676. moparisthebest

    MattJ, I think they only send pre-TLS stuff, after TLS is started it seems even stream errors are sent over the other connection ?

  677. Kev

    Stream errors always have to be sent over the stream they relate to.

  678. Zash

    And by "equivalent to SASL EXTERNAL" I mean that it could optionally check your dialback request against the cert and short-circuit it.

  679. govanify has left

  680. govanify has joined

  681. Zash

    It was disabled by default and I don't think I ever saw it used.

  682. moparisthebest

    I'll have to test again, I swear I saw them being sent over the other one...

  683. Zash

    Not sure if it was even documented.

  684. Kev

    I’m not going to say you didn’t see it - but you shouldn’t have :)

  685. Zash

    moparisthebest, dialback stuff too maybe, in addition to the stuff MattJ listed

  686. moparisthebest

    if there doesn't exist a way to *request* something back on the same connection (that won't terminate it, like a stream error), maybe that's the solution

  687. Kev

    198 can request traffic.

  688. moparisthebest

    a simple ping, but on this s2s connection

  689. MattJ

    moparisthebest: a solution, but I'm not sure I understand the problem

  690. chronosx88 has left

  691. chronosx88 has joined

  692. Kev

    I don’t think it’s a solution to the proposed problem, if we’re still on “transit terminates your connection as a DOS"

  693. moparisthebest

    the problem is, once an S2S connection is established, and TLS verified, how do you detect if you are actually connected to an XMPP server, or something else (like HTTPS)

  694. moparisthebest

    because if you aren't you need to fallback to the next SRV target

  695. Kev

    If you’re not connected to S2S you don’t get stream headers?

  696. Kev

    And if by ‘established’ you mean you’ve already authenticated, doesn’t that mean you already know you’re S2S?

  697. moparisthebest

    the pre-TLS ones ?

  698. Kev

    The post-TLS ones.

  699. mukt2 has joined

  700. Kev

    But the pre-TLS ones if you’re doing starttls mean you’re talking to XMPP too.

  701. BASSGOD has left

  702. APach has joined

  703. moparisthebest

    not necessarily

  704. moparisthebest

    an evil MITM in front of that target could fake XMPP before TLS, then just redirect traffic from an HTTPS server with the proper certificate

  705. Kev

    That would be why you bin everything once you start TLS.

  706. chronosx88 has left

  707. chronosx88 has joined

  708. Kev

    (Well, ‘that’ - that you can’t trust pre-TLS in general)

  709. moparisthebest

    it does protect against accidental misconfiguration, just not active attacks

  710. moparisthebest

    which is why I suspect this bug has lasted so long in SRV implementations, it's just easier to spot with direct TLS

  711. MattJ

    It's not really a bug, it's just the internet

  712. chronosx88 has left

  713. chronosx88 has joined

  714. APach has left

  715. pjn has left

  716. moparisthebest

    if your SRV implementation connects, tries to send a stanza, gets an HTTP response and the connection is closed, and it doesn't fallback to the next SRV target, that's a bug

  717. lorddavidiii has left

  718. pjn has joined

  719. BASSGOD has joined

  720. arc has left

  721. arc has joined

  722. arc has left

  723. arc has joined

  724. ti_gj06 has joined

  725. x51 has left

  726. MattJ

    It's suboptimal behaviour, yes :)

  727. Zash

    You're forgetting the stream header there

  728. mathijs has left

  729. mathijs has joined

  730. sebastian has left

  731. neshtaxmpp has left

  732. neshtaxmpp has joined

  733. BASSGOD has left

  734. arc has left

  735. arc has joined

  736. werdan has left

  737. werdan has joined

  738. marc0s has left

  739. marc0s has joined

  740. Zash has left

  741. Zash has joined

  742. BASSGOD has joined

  743. mukt2 has left

  744. Yagiza has left

  745. mukt2 has joined

  746. arc has left

  747. arc has joined

  748. marc0s has left

  749. marc0s has joined

  750. werdan has left

  751. mathieui has left

  752. marc0s has left

  753. eta has left

  754. jonas’ has left

  755. southerntofu has left

  756. goffi has left

  757. govanify has left

  758. jonas’ has joined

  759. alameyo has joined

  760. bean has joined

  761. bean has left

  762. mukt2 has left

  763. govanify has joined

  764. bean has joined

  765. bean has left

  766. bean has joined

  767. bean has left

  768. bean has joined

  769. bean has left

  770. stp has left

  771. arc has left

  772. arc has joined

  773. mukt2 has joined

  774. stp has joined

  775. BASSGOD has left

  776. mukt2 has left

  777. mukt2 has joined

  778. BASSGOD has joined

  779. xutaxkamay has left

  780. xutaxkamay has joined

  781. sebastian has joined

  782. stp has left

  783. BASSGOD has left

  784. stp has joined

  785. BASSGOD has joined

  786. mukt2 has left

  787. wladmis has joined

  788. stp has left

  789. arc has left

  790. arc has joined

  791. ti_gj06 has left

  792. stp has joined

  793. bean has joined

  794. bean has left

  795. bean has joined

  796. bean has left

  797. stp has left

  798. marc0s has joined

  799. wladmis has left

  800. lskdjf has left

  801. lskdjf has joined

  802. wladmis has joined

  803. Adi has left

  804. stp has joined

  805. arc has left

  806. lskdjf has left

  807. lskdjf has joined

  808. Tobias has left

  809. Kev has left

  810. Kev has joined

  811. Adi has joined

  812. wladmis has left

  813. LNJ has left

  814. edhelas has left

  815. edhelas has joined

  816. govanify has left

  817. govanify has joined

  818. alameyo has left

  819. alameyo has joined

  820. stp has left

  821. paul has left

  822. debacle has left

  823. marc0s has left

  824. marc0s has joined

  825. jcbrand has left

  826. pjn has left

  827. xecks has left

  828. xecks has joined

  829. Sam has left

  830. Sam has joined

  831. xecks has left

  832. papatutuwawa has left

  833. andy has left

  834. alexbay218 has joined

  835. arcxi has left