XSF Discussion - 2021-05-13

  1. larma has left
  2. larma has joined
  3. karoshi has left
  4. alexbay218 has joined
  5. alameyo has joined
  6. emus has left
  7. emus has joined
  8. BASSGOD has left
  9. BASSGOD has joined
  10. Syndace has left
  11. Syndace has joined
  12. Kev has left
  13. Kev has joined
  14. pjn has joined
  15. debacle has left
  16. Syndace has left
  17. Syndace has joined
  18. BASSGOD has left
  19. Syndace has left
  20. Syndace has joined
  21. Adi has left
  22. BASSGOD has joined
  23. BASSGOD has left
  24. Adi has joined
  25. BASSGOD has joined
  26. Adi has left
  27. Syndace has left
  28. Syndace has joined
  29. Adi has joined
  30. stp has joined
  31. emus has left
  32. stp has left
  33. meetpal_sangra has joined
  34. Syndace has left
  35. Syndace has joined
  36. govanify has left
  37. govanify has joined
  38. andrey.g has left
  39. pjn has left
  40. alameyo has left
  41. alameyo has joined
  42. millesimus has left
  43. Kev has left
  44. Kev has joined
  45. pjn has joined
  46. millesimus has joined
  47. Yagiza has joined
  48. Adi has left
  49. Adi has joined
  50. alacer has joined
  51. arcxi has left
  52. Kev has left
  53. Kev has joined
  54. chronosx88 has left
  55. alacer has left
  56. govanify has left
  57. govanify has joined
  58. lorddavidiii has joined
  59. alacer has joined
  60. alacer has left
  61. mukt2 has joined
  62. ti_gj06 has joined
  63. peetah has left
  64. peetah has joined
  65. mukt2 has left
  66. andy has joined
  67. mukt2 has joined
  68. winfried has left
  69. winfried has joined
  70. paul has joined
  71. govanify has left
  72. govanify has joined
  73. bean has joined
  74. chronosx88 has joined
  75. alameyo has left
  76. alameyo has joined
  77. Seve has left
  78. meetpal_sangra has left
  79. meetpal_sangra has joined
  80. Tobias has joined
  81. mukt2 has left
  82. Seve has joined
  83. mukt2 has joined
  84. BASSGOD has left
  85. BASSGOD has joined
  86. Kev has left
  87. Kev has joined
  88. Seve has left
  89. chronosx88 has left
  90. chronosx88 has joined
  91. chronosx88 has left
  92. chronosx88 has joined
  93. chronosx88 has left
  94. chronosx88 has joined
  95. chronosx88 has left
  96. chronosx88 has joined
  97. mukt2 has left
  98. mukt2 has joined
  99. wurstsalat has left
  100. Seve has joined
  101. govanify has left
  102. govanify has joined
  103. floretta has left
  104. werdan has joined
  105. chronosx88 has left
  106. chronosx88 has joined
  107. werdan has left
  108. chronosx88 has left
  109. chronosx88 has joined
  110. croax has joined
  111. paul has left
  112. chronosx88 has left
  113. chronosx88 has joined
  114. alexbay218 has left
  115. chronosx88 has left
  116. chronosx88 has joined
  117. chronosx88 has left
  118. chronosx88 has joined
  119. chronosx88 has left
  120. chronosx88 has joined
  121. BASSGOD has left
  122. yushyin has left
  123. bean has left
  124. chronosx88 has left
  125. chronosx88 has joined
  126. Daniel has left
  127. Daniel has joined
  128. chronosx88 has left
  129. chronosx88 has joined
  130. LNJ has joined
  131. chronosx88 has left
  132. chronosx88 has joined
  133. chronosx88 has left
  134. chronosx88 has joined
  135. BASSGOD has joined
  136. chronosx88 has left
  137. chronosx88 has joined
  138. yushyin has joined
  139. Sam has left
  140. chronosx88 has left
  141. chronosx88 has joined
  142. mukt2 has left
  143. paul has joined
  144. mukt2 has joined
  145. BASSGOD has left
  146. chronosx88 has left
  147. chronosx88 has joined
  148. Sam has joined
  149. chronosx88 has left
  150. chronosx88 has joined
  151. wurstsalat has joined
  152. chronosx88 has left
  153. chronosx88 has joined
  154. alameyo has left
  155. Andrzej has joined
  156. peetah has left
  157. chronosx88 has left
  158. chronosx88 has joined
  159. BASSGOD has joined
  160. marc0s has left
  161. marc0s has joined
  162. arc has joined
  163. BASSGOD has left
  164. chronosx88 has left
  165. chronosx88 has joined
  166. chronosx88 has left
  167. chronosx88 has joined
  168. arc has left
  169. arc has joined
  170. arc has left
  171. arc has joined
  172. BASSGOD has joined
  173. chronosx88 has left
  174. chronosx88 has joined
  175. karoshi has joined
  176. Andrzej has left
  177. Andrzej has joined
  178. chronosx88 has left
  179. chronosx88 has joined
  180. chronosx88 has left
  181. chronosx88 has joined
  182. arc has left
  183. arc has joined
  184. arc has left
  185. arc has joined
  186. chronosx88 has left
  187. chronosx88 has joined
  188. Freddy has left
  189. Freddy has joined
  190. BASSGOD has left
  191. chronosx88 has left
  192. chronosx88 has joined
  193. BASSGOD has joined
  194. goffi has joined
  195. chronosx88 has left
  196. chronosx88 has joined
  197. chronosx88 has left
  198. chronosx88 has joined
  199. ti_gj06 has left
  200. chronosx88 has left
  201. chronosx88 has joined
  202. chronosx88 has left
  203. chronosx88 has joined
  204. peetah has joined
  205. Daniel has left
  206. Daniel has joined
  207. bean has joined
  208. Steve Kille has left
  209. nyco has joined
  210. Andrzej has left
  211. Andrzej has joined
  212. Andrzej has left
  213. Andrzej has joined
  214. BASSGOD has left
  215. nyco has left
  216. BASSGOD has joined
  217. xecks has joined
  218. stp has joined
  219. Andrzej has left
  220. alameyo has joined
  221. peetah has left
  222. alameyo has left
  223. Kev_ has joined
  224. Kev_ has left
  225. Kev__ has joined
  226. Kev__ has left
  227. govanify has left
  228. govanify has joined
  229. peetah has joined
  230. sebastian has left
  231. sebastian has joined
  232. debacle has joined
  233. arcxi has joined
  234. karoshi has left
  235. karoshi has joined
  236. arc has left
  237. arc has joined
  238. arc has left
  239. arc has joined
  240. stp has left
  241. BASSGOD has left
  242. BASSGOD has joined
  243. emus has joined
  244. ti_gj06 has joined
  245. peetah has left
  246. Daniel has left
  247. Daniel has joined
  248. chronosx88 has left
  249. chronosx88 has joined
  250. arc has left
  251. arc has joined
  252. chronosx88 has left
  253. chronosx88 has joined
  254. arc has left
  255. arc has joined
  256. x51 has joined
  257. alameyo has joined
  258. Daniel has left
  259. Daniel has joined
  260. chronosx88 has left
  261. chronosx88 has joined
  262. krauq has left
  263. alameyo has left
  264. krauq has joined
  265. lovetox has left
  266. BASSGOD has left
  267. chronosx88 has left
  268. chronosx88 has joined
  269. Steve Kille has joined
  270. chronosx88 has left
  271. chronosx88 has joined
  272. arc has left
  273. arc has joined
  274. arc has left
  275. Wojtek has joined
  276. arc has joined
  277. bean has left
  278. chronosx88 has left
  279. chronosx88 has joined
  280. BASSGOD has joined
  281. lovetox has joined
  282. chronosx88 has left
  283. chronosx88 has joined
  284. chronosx88 has left
  285. chronosx88 has joined
  286. chronosx88 has left
  287. chronosx88 has joined
  288. mukt2 has left
  289. chronosx88 has left
  290. chronosx88 has joined
  291. Alex has left
  292. Alex has joined
  293. ti_gj06 has left
  294. chronosx88 has left
  295. chronosx88 has joined
  296. Wojtek has left
  297. Wojtek has joined
  298. mathijs has left
  299. mathijs has joined
  300. Guus has joined
  301. Andrzej has joined
  302. Guus has left
  303. chronosx88 has left
  304. arc has left
  305. chronosx88 has joined
  306. arc has joined
  307. chronosx88 has left
  308. papatutuwawa has joined
  309. chronosx88 has joined
  310. millesimus has left
  311. mukt2 has joined
  312. Andrzej has left
  313. Andrzej has joined
  314. mathijs has left
  315. mathijs has joined
  316. stp has joined
  317. mdosch has left
  318. mdosch has joined
  319. mukt2 has left
  320. Kev has left
  321. Kev has joined
  322. ti_gj06 has joined
  323. Kev has left
  324. Kev has joined
  325. mukt2 has joined
  326. mdosch has left
  327. mdosch has joined
  328. chronosx88 has left
  329. chronosx88 has joined
  330. ti_gj06 has left
  331. BASSGOD has left
  332. Freddy has left
  333. BASSGOD has joined
  334. Freddy has joined
  335. Kev_ has joined
  336. Kev_ has left
  337. Kev_ has joined
  338. Kev_ has left
  339. BASSGOD has left
  340. serge90 has joined
  341. floretta has joined
  342. BASSGOD has joined
  343. Daniel has left
  344. Andrzej has left
  345. Andrzej has joined
  346. papatutuwawa has left
  347. mathijs has left
  348. govanify has left
  349. govanify has joined
  350. Andrzej has left
  351. Guus has joined
  352. BASSGOD has left
  353. eta has left
  354. APach has left
  355. eta has joined
  356. mukt2 has left
  357. Guus has left
  358. BASSGOD has joined
  359. Andrzej has joined
  360. mukt2 has joined
  361. BASSGOD has left
  362. BASSGOD has joined
  363. BASSGOD has left
  364. Andrzej has left
  365. Daniel has joined
  366. chronosx88 has left
  367. chronosx88 has joined
  368. BASSGOD has joined
  369. chronosx88 has left
  370. chronosx88 has joined
  371. chronosx88 has left
  372. chronosx88 has joined
  373. mukt2 has left
  374. govanify has left
  375. govanify has joined
  376. mathijs has joined
  377. papatutuwawa has joined
  378. BASSGOD has left
  379. BASSGOD has joined
  380. millesimus has joined
  381. mukt2 has joined
  382. Andrzej has joined
  383. BASSGOD has left
  384. BASSGOD has joined
  385. arc has left
  386. arc has joined
  387. arc has left
  388. arc has joined
  389. debacle has left
  390. Andrzej has left
  391. mukt2 has left
  392. pjn has left
  393. chronosx88 has left
  394. chronosx88 has joined
  395. moparisthebest has left
  396. moparisthebest has joined
  397. eta has left
  398. eta has joined
  399. arc has left
  400. arc has joined
  401. eta has left
  402. eta has joined
  403. lovetox has left
  404. mukt2 has joined
  405. karoshi has left
  406. papatutuwawa has left
  407. papatutuwawa has joined
  408. arc has left
  409. arc has joined
  410. andy has left
  411. papatutuwawa has left
  412. papatutuwawa has joined
  413. lovetox has joined
  414. arc has left
  415. arc has joined
  416. Andrzej has joined
  417. pjn has joined
  418. mukt2 has left
  419. karoshi has joined
  420. Steve Kille has left
  421. Kev has left
  422. Kev has joined
  423. Kev has left
  424. Kev has joined
  425. chronosx88 has left
  426. chronosx88 has joined
  427. BASSGOD has left
  428. millesimus has left
  429. BASSGOD has joined
  430. alameyo has joined
  431. arc has left
  432. arc has joined
  433. Wojtek has left
  434. Wojtek has joined
  435. mathieui has left
  436. mathieui has joined
  437. Andrzej has left
  438. Andrzej has joined
  439. chronosx88 has left
  440. chronosx88 has joined
  441. papatutuwawa has left
  442. andy has joined
  443. millesimus has joined
  444. alameyo has left
  445. Steve Kille has joined
  446. arc Almost board meeting time
  447. millesimus has left
  448. mukt2 has joined
  449. millesimus has joined
  450. arc Who is here?
  451. MattJ o/
  452. arc Okay so we technically have quorum
  453. arc We really need to move beyond having half the board every week
  454. millesimus has left
  455. millesimus has joined
  456. werdan has joined
  457. arc Ralph?
  458. MattJ I'll send an email about some stuff, and this
  459. sebastian has left
  460. sebastian has joined
  461. arc Thanks. If we need to move to monthly, longer meetings so be it. Its just frustrating to set time aside every week and most of the time we don't have attendance
  462. dwd Ooops. I am here, too, just distracted by Something Interesting I FOund On The Internet.
  463. arc Ok so, agenda?
  464. dwd Agenda, I cannot help with. But:
  465. chronosx88 has left
  466. chronosx88 has joined
  467. arc Fiscal sponsorship update.. CoC..
  468. dwd * Financial Host stuff: I think we're waiting on Peter, though Sam has been pushing forward with draft policies etc.
  469. MattJ There is a pending PR for review
  470. dwd * CoC: I'm just coming to the end of my notice period, which has been pretty disruptive (and the job hunting bit beofrehand), so will get back onto this and the associated Provacy Policy I think we should have.
  471. MattJ I'd also like to work out what the next steps are on the CoC stuff
  472. MattJ :)
  473. MattJ Thanks!
  474. dwd On a personal note, I will be changing employer at the end of the month. As part of this change, I'm dropping to 4 days a week, and I'm aiming to generally use that "extra" day for XSF and OSS stuff.
  475. MattJ Congratulations :)
  476. arc Nice
  477. Kev has left
  478. arc Ok, aob?
  479. Kev has joined
  480. dwd No, though I do have some thoughts/research on CoC I'd like to discuss.
  481. MattJ I think that was everything
  482. ti_gj06 has joined
  483. arc Go ahead
  484. dwd Primarily, we previously talked about a CoC based aorund positive behaviour we wanted to see. However, the research I've managed to do so far actually recommends against this.
  485. dwd This is somewhat to my surprise, to be honest.
  486. Andrzej has left
  487. arc Why is that?
  488. dwd The argument is that it is easier for a bad actor to claim their behaviour is, for exampe, respectful ("But they're just deliberately taking it badly") than to argue it is not, for example, an ad-hominem attack.
  489. Kev has left
  490. Kev has joined
  491. arc I totally get that. But do we really want to be in a position to parent bad actors?
  492. dwd No.
  493. pjn has left
  494. dwd I'm merely saying that Codes of Conduct seem a lot more complicated than i'd hoped, and opnions seem generally divided on how to write them.
  495. arc 100%
  496. BASSGOD has left
  497. dwd Anyway, it seems that any code of conduct we put in place is very likely to upset a bunch of people, and not only the people whose behaviour would be affected by a CoC.
  498. MattJ I've seen advocates of both styles. I can't claim to know the best option - I would personally prefer a positive-leading one, but I understand the concerns with that. My concern with a list of bad behaviours is that there is a potentially infinite list of such behaviours.
  499. dwd That's not to say we shouldn't put in place a CoC, but we need to manage the entire process carefully.
  500. arc has left
  501. arc has joined
  502. MattJ https://www.contributor-covenant.org/ (originally posted by Sam) seemed good to me at a first glance, it struck me as a decent balance of both
  503. dwd Yes, but it's been a focus of political ire as well. Broadly adopted as-is by the Linux kernel community, and that met with quite some resistance.
  504. dwd There's also the Debian one, which seems to have been mostly controversy-free, but might not have been as effective as people would have liked.
  505. BASSGOD has joined
  506. MattJ The Debian one controversy-free? :)
  507. Steve Kille has left
  508. dwd Anyway, I'm broadly leaning toward something like the FLOSSUK one - https://www.flossuk.org/about/code-of-conduct/- that seems to state aims in terms of positive behaviours, and then gives a non-exhuatsive list of bad behaviour.
  509. MattJ Not from the mailing lists I'm on
  510. Steve Kille has joined
  511. Steve Kille has left
  512. Steve Kille has joined
  513. MattJ I've yet to see a CoC adopted at any org without controversy
  514. meetpal_sangra has left
  515. MattJ But you know, we can be the first :)
  516. dwd MattJ, We can hope.
  517. arc has left
  518. arc has joined
  519. arc has left
  520. arc has joined
  521. arc has left
  522. arc has joined
  523. arc Sounds like we have reached the end of the meeting?
  524. Kev has left
  525. Kev has joined
  526. dwd Yes, sorry. Kind of rambling on a bit.
  527. arc These are important conversations
  528. arc But it sounds like we've come to a close so
  529. arc +1w?
  530. dwd Sounds good.
  531. pjn has joined
  532. arc Things the virtual gavel
  533. arc Bangs
  534. Kev has left
  535. Kev has joined
  536. arc I have been driving so I'm on voice and put
  537. meetpal_sangra has joined
  538. govanify has left
  539. govanify has joined
  540. govanify has left
  541. govanify has joined
  542. Kev has left
  543. papatutuwawa has joined
  544. Kev has joined
  545. arc Input
  546. arc I also serve on the board of the neighborhood community garden which meets every week at 10:00 a.m.! 😅
  547. BASSGOD has left
  548. govanify has left
  549. govanify has joined
  550. govanify has left
  551. govanify has joined
  552. arc Meetings here are far less exciting than XSF board meetings. I'm the youngest member of this board by about 20 years
  553. govanify has left
  554. govanify has joined
  555. BASSGOD has joined
  556. govanify has left
  557. govanify has joined
  558. govanify has left
  559. govanify has joined
  560. arc has left
  561. arc has joined
  562. govanify has left
  563. govanify has joined
  564. govanify has left
  565. govanify has joined
  566. wladmis has left
  567. pjn has left
  568. andrey.g has joined
  569. govanify has left
  570. govanify has joined
  571. pjn has joined
  572. meetpal_sangra has left
  573. Wojtek has left
  574. govanify has left
  575. govanify has joined
  576. debacle has joined
  577. govanify has left
  578. govanify has joined
  579. meetpal_sangra has joined
  580. wladmis has joined
  581. marc0s has left
  582. marc0s has joined
  583. govanify has left
  584. govanify has joined
  585. govanify has left
  586. govanify has joined
  587. govanify has left
  588. govanify has joined
  589. Yagiza has left
  590. wladmis has left
  591. Andrzej has joined
  592. moparisthebest so I accidentally discovered a DNS-only DOS against ejabberd, but also, my guess is, most other XMPP servers
  593. Yagiza has joined
  594. moparisthebest so here's the question, on outgoing S2S, if you don't *receive* anything over the connection, how can you be sure you are connected to what you should be ?
  595. xutaxkamay has left
  596. xutaxkamay has joined
  597. moparisthebest do you... try to receive data on the connection and if you receive anything at all, abort it and move onto the next SRV record ? or what ?
  598. moparisthebest how do you avoid the case where someone who only controls your DNS, or someone who only controls a route between you and 1 of the SRV records, can entirely block your ability to connect to the remote domain ?
  599. MattJ Mmm, that's not really preventable, is it? :)
  600. MattJ If they control it they can drop DNS/SYN
  601. moparisthebest yea possibly DNS isn't able to be worked around, what about the second case though ?
  602. moparisthebest you have 2 SRV targets in different locations, an attacker who controls only the route to the lowest priority one shouldn't be able to prevent you from falling back to the second, right ?
  603. BASSGOD has left
  604. arc has left
  605. arc has joined
  606. karoshi has left
  607. arc has left
  608. arc has joined
  609. moparisthebest right now, with ejabberd, and I suspect most other servers, if you redirect the first to an HTTPS server for instance, the second is never attempted
  610. moparisthebest (I accidentally broke all incoming federation from ejabberd servers to mine this way :))
  611. karoshi has joined
  612. pjn has left
  613. pjn has joined
  614. moparisthebest c2s doesn't suffer from this problem because it's bi-directional
  615. govanify has left
  616. govanify has joined
  617. Kev But C2S does suffer the same problem.
  618. Kev If you can drop someone’s connections, you can drop someone’s connections.
  619. BASSGOD has joined
  620. Kev Or I’ve not understood properly.
  621. moparisthebest dropping is easy, you can fallback to the next SRV record
  622. Kev When, though?
  623. moparisthebest and if you've validated the TLS properly, and get valid XMPP, you are connected to a c2s port
  624. Kev If you connect and authenticate to the server ok, and then it drops, you shouldn’t drop back to the other SRV should yoU?
  625. moparisthebest how do you determine if you've connected to a valid s2s port though
  626. Kev It doesn’t matter, does it?
  627. Kev If your transit is malicious, it will allow enough through to cause you to authenticate, and then terminate.
  628. Kev (Which is much easier with C2S than S2S, because of rountrip counting)
  629. Kev And because you had a live connection, you won’t fallback.
  630. Kev So even “If I didn’t manage to authenticate, fallback” doesn’t save you there.
  631. moparisthebest what's the point of SRV records if having the first one misbehave blocks you from trying the rest ?
  632. Kev What does ‘misbehave’ mean though?
  633. govanify has left
  634. govanify has joined
  635. moparisthebest so maybe it needs some consideration in c2s too "if the connection is "too flakey" (todo: define "too flakey") fallback"
  636. moparisthebest misbehave as in anything someone not in control of the TLS certificate can do
  637. Kev Flakiness protection is horrible, but it’s what you’d need here, yes.
  638. Kev (And the same for S2S)
  639. arc has left
  640. arc has joined
  641. govanify has left
  642. govanify has joined
  643. Kev We actually do have protection against this sort of thing for our X2X support, but less so for S2S.
  644. Kev (Because, as you noted, bidirectional)
  645. moparisthebest so what's a start for defense against this in S2S? only what I mentioned? > try to receive data on the connection and if you receive anything at all, abort it and move onto the next SRV record ?
  646. Kev afk sorry
  647. moparisthebest I guess that brings back my question from the other day, do any XMPP servers in the wild ever send anything over normal (non-bidi) incoming S2S connections ?
  648. BASSGOD has left
  649. BASSGOD has joined
  650. ti_gj06 has left
  651. Andrzej has left
  652. arc has left
  653. arc has joined
  654. arc has left
  655. arc has joined
  656. MattJ Except for stream header, stream errors, stream close, and potentially 198 or whitespace... no?
  657. ti_gj06 has joined
  658. chronosx88 has left
  659. chronosx88 has joined
  660. ti_gj06 has left
  661. mukt2 has left
  662. marc0s has left
  663. marc0s has joined
  664. marc0s has left
  665. marc0s has joined
  666. govanify has left
  667. govanify has joined
  668. govanify has left
  669. govanify has joined
  670. Kev Matt - I saw you removed dwd from Prosody, was that just getting rid of dialback stuff, or you found security issues, or …?
  671. Kev (Or did I misread the release notes)
  672. Zash Only the part that's mostly equivalent to SASL EXTERNAL
  673. Kev Hmm. Is it?
  674. dwd I kept calling it LUA.
  675. Zash Kev: It had a security issue, but we opted to remove it. We don't have any test coverage and poor confidence in it working correctly.
  676. moparisthebest MattJ, I think they only send pre-TLS stuff, after TLS is started it seems even stream errors are sent over the other connection ?
  677. Kev Stream errors always have to be sent over the stream they relate to.
  678. Zash And by "equivalent to SASL EXTERNAL" I mean that it could optionally check your dialback request against the cert and short-circuit it.
  679. govanify has left
  680. govanify has joined
  681. Zash It was disabled by default and I don't think I ever saw it used.
  682. moparisthebest I'll have to test again, I swear I saw them being sent over the other one...
  683. Zash Not sure if it was even documented.
  684. Kev I’m not going to say you didn’t see it - but you shouldn’t have :)
  685. Zash moparisthebest, dialback stuff too maybe, in addition to the stuff MattJ listed
  686. moparisthebest if there doesn't exist a way to *request* something back on the same connection (that won't terminate it, like a stream error), maybe that's the solution
  687. Kev 198 can request traffic.
  688. moparisthebest a simple ping, but on this s2s connection
  689. MattJ moparisthebest: a solution, but I'm not sure I understand the problem
  690. chronosx88 has left
  691. chronosx88 has joined
  692. Kev I don’t think it’s a solution to the proposed problem, if we’re still on “transit terminates your connection as a DOS"
  693. moparisthebest the problem is, once an S2S connection is established, and TLS verified, how do you detect if you are actually connected to an XMPP server, or something else (like HTTPS)
  694. moparisthebest because if you aren't you need to fallback to the next SRV target
  695. Kev If you’re not connected to S2S you don’t get stream headers?
  696. Kev And if by ‘established’ you mean you’ve already authenticated, doesn’t that mean you already know you’re S2S?
  697. moparisthebest the pre-TLS ones ?
  698. Kev The post-TLS ones.
  699. mukt2 has joined
  700. Kev But the pre-TLS ones if you’re doing starttls mean you’re talking to XMPP too.
  701. BASSGOD has left
  702. APach has joined
  703. moparisthebest not necessarily
  704. moparisthebest an evil MITM in front of that target could fake XMPP before TLS, then just redirect traffic from an HTTPS server with the proper certificate
  705. Kev That would be why you bin everything once you start TLS.
  706. chronosx88 has left
  707. chronosx88 has joined
  708. Kev (Well, ‘that’ - that you can’t trust pre-TLS in general)
  709. moparisthebest it does protect against accidental misconfiguration, just not active attacks
  710. moparisthebest which is why I suspect this bug has lasted so long in SRV implementations, it's just easier to spot with direct TLS
  711. MattJ It's not really a bug, it's just the internet
  712. chronosx88 has left
  713. chronosx88 has joined
  714. APach has left
  715. pjn has left
  716. moparisthebest if your SRV implementation connects, tries to send a stanza, gets an HTTP response and the connection is closed, and it doesn't fallback to the next SRV target, that's a bug
  717. lorddavidiii has left
  718. pjn has joined
  719. BASSGOD has joined
  720. arc has left
  721. arc has joined
  722. arc has left
  723. arc has joined
  724. ti_gj06 has joined
  725. x51 has left
  726. MattJ It's suboptimal behaviour, yes :)
  727. Zash You're forgetting the stream header there
  728. mathijs has left
  729. mathijs has joined
  730. sebastian has left
  731. neshtaxmpp has left
  732. neshtaxmpp has joined
  733. BASSGOD has left
  734. arc has left
  735. arc has joined
  736. werdan has left
  737. werdan has joined
  738. marc0s has left
  739. marc0s has joined
  740. Zash has left
  741. Zash has joined
  742. BASSGOD has joined
  743. mukt2 has left
  744. Yagiza has left
  745. mukt2 has joined
  746. arc has left
  747. arc has joined
  748. marc0s has left
  749. marc0s has joined
  750. werdan has left
  751. mathieui has left
  752. marc0s has left
  753. eta has left
  754. jonas’ has left
  755. southerntofu has left
  756. goffi has left
  757. govanify has left
  758. jonas’ has joined
  759. alameyo has joined
  760. bean has joined
  761. bean has left
  762. mukt2 has left
  763. govanify has joined
  764. bean has joined
  765. bean has left
  766. bean has joined
  767. bean has left
  768. bean has joined
  769. bean has left
  770. stp has left
  771. arc has left
  772. arc has joined
  773. mukt2 has joined
  774. stp has joined
  775. BASSGOD has left
  776. mukt2 has left
  777. mukt2 has joined
  778. BASSGOD has joined
  779. xutaxkamay has left
  780. xutaxkamay has joined
  781. sebastian has joined
  782. stp has left
  783. BASSGOD has left
  784. stp has joined
  785. BASSGOD has joined
  786. mukt2 has left
  787. wladmis has joined
  788. stp has left
  789. arc has left
  790. arc has joined
  791. ti_gj06 has left
  792. stp has joined
  793. bean has joined
  794. bean has left
  795. bean has joined
  796. bean has left
  797. stp has left
  798. marc0s has joined
  799. wladmis has left
  800. lskdjf has left
  801. lskdjf has joined
  802. wladmis has joined
  803. Adi has left
  804. stp has joined
  805. arc has left
  806. lskdjf has left
  807. lskdjf has joined
  808. Tobias has left
  809. Kev has left
  810. Kev has joined
  811. Adi has joined
  812. wladmis has left
  813. LNJ has left
  814. edhelas has left
  815. edhelas has joined
  816. govanify has left
  817. govanify has joined
  818. alameyo has left
  819. alameyo has joined
  820. stp has left
  821. paul has left
  822. debacle has left
  823. marc0s has left
  824. marc0s has joined
  825. jcbrand has left
  826. pjn has left
  827. xecks has left
  828. xecks has joined
  829. Sam has left
  830. Sam has joined
  831. xecks has left
  832. papatutuwawa has left
  833. andy has left
  834. alexbay218 has joined
  835. arcxi has left