XSF Discussion - 2021-05-18

  1. marc has left
  2. marc has joined
  3. marc has left
  4. marc has joined
  5. marc has left
  6. marc has joined
  7. marc has left
  8. marc has joined
  9. marc has left
  10. marc has joined
  11. marc has left
  12. marc has joined
  13. marc has left
  14. marc has joined
  15. marc has left
  16. marc has joined
  17. marc has left
  18. marc has joined
  19. marc has left
  20. marc has joined
  21. marc has left
  22. marc has joined
  23. Seve has left
  24. marc has left
  25. marc has joined
  26. marc has left
  27. marc has joined
  28. marc has left
  29. Calvin has joined
  30. marc has joined
  31. marc has left
  32. marc has joined
  33. marc has left
  34. marc has joined
  35. marc has left
  36. marc has joined
  37. marc has left
  38. marc has joined
  39. marc has left
  40. marc has joined
  41. marc has left
  42. marc has joined
  43. marc has left
  44. marc has joined
  45. marc has left
  46. marc has joined
  47. marc has left
  48. marc has joined
  49. marc has left
  50. marc has joined
  51. marc has left
  52. marc has joined
  53. marc has left
  54. marc has joined
  55. marc has left
  56. BASSGOD has left
  57. marc has joined
  58. marc has left
  59. marc has joined
  60. marc has left
  61. marc has joined
  62. marc has left
  63. arc has left
  64. arc has joined
  65. marc has joined
  66. marc has left
  67. marc has joined
  68. arc has left
  69. arc has joined
  70. marc has left
  71. marc has joined
  72. marc has left
  73. marc has joined
  74. marc has left
  75. marc has joined
  76. marc has left
  77. BASSGOD has joined
  78. marc has joined
  79. marc has left
  80. marc has joined
  81. marc has left
  82. marc has joined
  83. marc has left
  84. marc has joined
  85. marc has left
  86. marc has joined
  87. BASSGOD has left
  88. marc has left
  89. marc has joined
  90. marc has left
  91. marc has joined
  92. marc has left
  93. moparisthebest qrpnxz: yes
  94. marc has joined
  95. marc has left
  96. qrpnxz I am severly confused by s2s comm. After a lot of reading, I think I'm close to understanding. RFC-6120 states that "foregoing considerations imply" that while completing STARTTLS and SASL negotiation two servers would use one TCP connection. Good. Therefore, bidi (XEP-0288) can be agreed upon during this period. The question is then how to do two connections. After negotiating the first connection, am I supposed to end the receiving server's stream, dial the initiator (with the same `id`?? seems illegal), and negotiate that connection, after which the initiator ends their stream on the second connection, and then we can talk to each other?
  97. qrpnxz Because that kind of seems insane.
  98. BASSGOD has joined
  99. Kev has left
  100. Kev has joined
  101. marc has joined
  102. marc has left
  103. marc has joined
  104. marc has left
  105. qrpnxz or i guess that the two streams are supposed to have different IDs and the second stream can reply to <iq/> from the first on the other connection without any problem just by having the id of that request?
  106. Kev has left
  107. Kev has joined
  108. BASSGOD has left
  109. sonny has left
  110. sonny has joined
  111. marc has joined
  112. marc has left
  113. marc has joined
  114. marc has left
  115. marc has joined
  116. marc has left
  117. marc has joined
  118. marc has left
  119. marc has joined
  120. Kev has left
  121. Kev has joined
  122. marc has left
  123. marc has joined
  124. qrpnxz ok so it looks like after SASL streams must be restarted. I suppose what you do is that the initiator starts a new stream, but the receiver instead goes and creates the second TCP conn?
  125. marc has left
  126. marc has joined
  127. marc has left
  128. marc has joined
  129. deuill has left
  130. marc has left
  131. marc has joined
  132. marc has left
  133. pjn has left
  134. marc has joined
  135. marc has left
  136. marc has joined
  137. marc has left
  138. Zash When you said bidi I thought of https://xmpp.org/extensions/xep-0288.html where there's no second connection.
  139. Kev has left
  140. Kev has joined
  141. BASSGOD has joined
  142. marc has joined
  143. marc has left
  144. Zash In standard xmpp without that, the other server creates their connection back whenever they want, usually when there's a reply or something to deliver. it's completely independent of any prior connection.
  145. marc has joined
  146. BASSGOD has left
  147. marc has left
  148. marc has joined
  149. Zash Unless you use Dialback, then there's a bunch of connections in every direction and everything is confusing and backwards.
  150. marc has left
  151. marc has joined
  152. qrpnxz Ok i think it should be as i now understand it then. Good.
  153. qrpnxz Thx
  154. marc has left
  155. marc has joined
  156. marc has left
  157. Zash Dialback being https://xmpp.org/extensions/xep-0220.html
  158. marc has joined
  159. marc has left
  160. marc has joined
  161. marc has left
  162. marc has joined
  163. marc has left
  164. Kev has left
  165. Kev has joined
  166. marc has joined
  167. marc has left
  168. marc has joined
  169. marc has left
  170. marc has joined
  171. pjn has joined
  172. qrpnxz dialback looks like something i never wanna implement
  173. marc has left
  174. marc has joined
  175. marc has left
  176. marc has joined
  177. adiaholic has joined
  178. marc has left
  179. BASSGOD has joined
  180. alexbay218 has joined
  181. marc has joined
  182. marc has left
  183. marc has joined
  184. marc has left
  185. arc has left
  186. arc has joined
  187. arc has left
  188. arc has joined
  189. marc has joined
  190. marc has left
  191. marc has joined
  192. adiaholic has left
  193. marc has left
  194. marc has joined
  195. marc has left
  196. adiaholic has joined
  197. marc has joined
  198. marc has left
  199. marc has joined
  200. marc has left
  201. marc has joined
  202. marc has left
  203. adiaholic has left
  204. marc has joined
  205. marc has left
  206. marc has joined
  207. BASSGOD has left
  208. stp has left
  209. marc has left
  210. marc has joined
  211. marc has left
  212. adiaholic has joined
  213. marc has joined
  214. marc has left
  215. marc has joined
  216. marc has left
  217. marc has joined
  218. marc has left
  219. marc has joined
  220. BASSGOD has joined
  221. marc has left
  222. marc has joined
  223. marc has left
  224. marc has joined
  225. marc has left
  226. marc has joined
  227. marc has left
  228. marc has joined
  229. makoto has left
  230. marc has left
  231. marc has joined
  232. marc has left
  233. marc has joined
  234. marc has left
  235. marc has joined
  236. marc has left
  237. marc has joined
  238. marc has left
  239. marc has joined
  240. marc has left
  241. adiaholic has left
  242. marc has joined
  243. marc has left
  244. marc has joined
  245. marc has left
  246. marc has joined
  247. marc has left
  248. marc has joined
  249. marc has left
  250. marc has joined
  251. marc has left
  252. marc has joined
  253. marc has left
  254. arc has left
  255. arc has joined
  256. marc has joined
  257. marc has left
  258. marc has joined
  259. marc has left
  260. marc has joined
  261. arc has left
  262. arc has joined
  263. marc has left
  264. marc has joined
  265. marc has left
  266. adiaholic has joined
  267. marc has joined
  268. marc has left
  269. arc has left
  270. arc has joined
  271. arc has left
  272. marc has joined
  273. BASSGOD has left
  274. arc has joined
  275. marc has left
  276. arc has left
  277. arc has joined
  278. marc has joined
  279. marc has left
  280. arc has left
  281. arc has joined
  282. marc has joined
  283. marc has left
  284. marc has joined
  285. arc has left
  286. arc has joined
  287. marc has left
  288. marc has joined
  289. marc has left
  290. marc has joined
  291. marc has left
  292. marc has joined
  293. marc has left
  294. marc has joined
  295. marc has left
  296. BASSGOD has joined
  297. marc has joined
  298. marc has left
  299. Calvin has left
  300. BASSGOD has left
  301. marc has joined
  302. marc has left
  303. marc has joined
  304. marc has left
  305. marc has joined
  306. marc has left
  307. adiaholic has left
  308. marc has joined
  309. marc has left
  310. adiaholic has joined
  311. marc has joined
  312. marc has left
  313. BASSGOD has joined
  314. marc has joined
  315. marc has left
  316. marc has joined
  317. marc has left
  318. Sam We should consider obsoleting dialback again.
  319. marc has joined
  320. marc has left
  321. moparisthebest Why? DNSSEC adoption keeps going up
  322. BASSGOD has left
  323. marc has joined
  324. moparisthebest And does anyone validate TLS certificates when doing dialback? That seems to work fine
  325. marc has left
  326. marc has joined
  327. marc has left
  328. qrpnxz it's the other way around mate, who'd wanna do dialback after validating TLS
  329. marc has joined
  330. arc has left
  331. marc has left
  332. arc has joined
  333. moparisthebest I mean when you connect to bob.com's server, you validate it has a valid cert for bob.com before sending anything
  334. marc has joined
  335. marc has left
  336. marc has joined
  337. arc has left
  338. arc has joined
  339. qrpnxz Right, with TLS
  340. marc has left
  341. arc has left
  342. arc has joined
  343. marc has joined
  344. marc has left
  345. moparisthebest Yes, dialback is still needed for validation the other direction, to prove to bob.com who you are
  346. marc has joined
  347. marc has left
  348. arc has left
  349. arc has joined
  350. qrpnxz That's also with TLS
  351. BASSGOD has joined
  352. arc has left
  353. arc has joined
  354. moparisthebest With sasl external it is, but dialback also works fine in the absence of that I guess
  355. marc has joined
  356. marc has left
  357. marc has joined
  358. marc has left
  359. marc has joined
  360. marc has left
  361. marc has joined
  362. marc has left
  363. marc has joined
  364. marc has left
  365. BASSGOD has left
  366. marc has joined
  367. marc has left
  368. marc has joined
  369. marc has left
  370. marc has joined
  371. marc has left
  372. marc has joined
  373. marc has left
  374. marc has joined
  375. marc has left
  376. marc has joined
  377. BASSGOD has joined
  378. marc has left
  379. arc has left
  380. arc has joined
  381. marc has joined
  382. marc has left
  383. marc has joined
  384. marc has left
  385. marc has joined
  386. marc has left
  387. marc has joined
  388. marc has left
  389. marc has joined
  390. meetpal_sangra has joined
  391. marc has left
  392. marc has joined
  393. marc has left
  394. marc has joined
  395. marc has left
  396. marc has joined
  397. marc has left
  398. marc has joined
  399. marc has left
  400. adiaholic has left
  401. marc has joined
  402. marc has left
  403. marc has joined
  404. arc has left
  405. arc has joined
  406. marc has left
  407. marc has joined
  408. marc has left
  409. marc has joined
  410. marc has left
  411. adiaholic has joined
  412. marc has joined
  413. marc has left
  414. marc has joined
  415. marc has left
  416. arc has left
  417. arc has joined
  418. marc has joined
  419. Kev has left
  420. Kev has joined
  421. marc has left
  422. marc has joined
  423. marc has left
  424. marc has joined
  425. marc has left
  426. qrpnxz has left
  427. marc has joined
  428. marc has left
  429. marc has joined
  430. marc has left
  431. marc has joined
  432. marc has left
  433. marc has joined
  434. marc has left
  435. marc has joined
  436. marc has left
  437. Yagiza has joined
  438. marc has joined
  439. marc has left
  440. marc has joined
  441. marc has left
  442. marc has joined
  443. marc has left
  444. marc has joined
  445. marc has left
  446. marc has joined
  447. marc has left
  448. marc has joined
  449. marc has left
  450. marc has joined
  451. marc has left
  452. marc has joined
  453. marc has left
  454. marc has joined
  455. marc has left
  456. marc has joined
  457. marc has left
  458. marc has joined
  459. marc has left
  460. marc has joined
  461. marc has left
  462. marc has joined
  463. marc has left
  464. marc has joined
  465. marc has left
  466. marc has joined
  467. marc has left
  468. marc has joined
  469. marc has left
  470. marc has joined
  471. marc has left
  472. marc has joined
  473. marc has left
  474. marc has joined
  475. marc has left
  476. marc has joined
  477. Seve has joined
  478. marc has left
  479. marc has joined
  480. marc has left
  481. marc has joined
  482. marc has left
  483. marc has joined
  484. marc has left
  485. marc has joined
  486. marc has left
  487. marc has joined
  488. marc has left
  489. marc has joined
  490. marc has left
  491. marc has joined
  492. marc has left
  493. marc has joined
  494. marc has left
  495. marc has joined
  496. marc has left
  497. marc has joined
  498. marc has left
  499. marc has joined
  500. marc has left
  501. marc has joined
  502. marc has left
  503. marc has joined
  504. marc has left
  505. marc has joined
  506. marc has left
  507. marc has joined
  508. marc has left
  509. marc has joined
  510. marc has left
  511. marc has joined
  512. marc has left
  513. marc has joined
  514. marc has left
  515. marc has joined
  516. marc has left
  517. marc has joined
  518. winfried has left
  519. marc has left
  520. marc has joined
  521. winfried has joined
  522. winfried has left
  523. winfried has joined
  524. marc has left
  525. adiaholic has left
  526. marc has joined
  527. lorddavidiii has joined
  528. marc has left
  529. marc has joined
  530. Andrzej has joined
  531. marc has left
  532. marc has joined
  533. marc has left
  534. marc has joined
  535. marc has left
  536. marc has joined
  537. marc has left
  538. marc has joined
  539. marc has left
  540. marc has joined
  541. marc has left
  542. marc has joined
  543. marc has left
  544. marc has joined
  545. marc has left
  546. marc has joined
  547. marc has left
  548. marc has joined
  549. marc has left
  550. marc has joined
  551. marc has left
  552. marc has joined
  553. marc has left
  554. marc has joined
  555. andy has joined
  556. marc has left
  557. marc has joined
  558. marc has left
  559. marc has joined
  560. marc has left
  561. marc has joined
  562. marc has left
  563. marc has joined
  564. marc has left
  565. marc has joined
  566. marc has left
  567. menel has joined
  568. moparisthebest has left
  569. Andrzej has left
  570. marc has joined
  571. marc has left
  572. marc0s has left
  573. marc0s has joined
  574. marc has joined
  575. marc has left
  576. arcxi has left
  577. marc has joined
  578. marc has left
  579. marc has joined
  580. marc has left
  581. marc has joined
  582. marc has left
  583. adiaholic has joined
  584. marc has joined
  585. marc has left
  586. marc has joined
  587. marc has left
  588. mimi89999 has left
  589. mimi89999 has joined
  590. marc has joined
  591. marc has left
  592. adiaholic has left
  593. chronosx88 has left
  594. chronosx88 has joined
  595. adiaholic has joined
  596. marc has joined
  597. marc has left
  598. alacer has left
  599. alacer has joined
  600. marc has joined
  601. marc has left
  602. marc has joined
  603. Adi has left
  604. marc has left
  605. Kev has left
  606. Kev has joined
  607. Adi has joined
  608. marc has joined
  609. marc has left
  610. marc has joined
  611. marc has left
  612. marc has joined
  613. marc has left
  614. marc has joined
  615. marc has left
  616. marc has joined
  617. marc has left
  618. marc has joined
  619. marc has left
  620. marc has joined
  621. byan has joined
  622. marc has left
  623. marc has joined
  624. marc has left
  625. arc has left
  626. arc has joined
  627. marc has joined
  628. marc has left
  629. paul has joined
  630. marc has joined
  631. marc has left
  632. marc has joined
  633. arc has left
  634. arc has joined
  635. marc has left
  636. marc has joined
  637. marc has left
  638. marc has joined
  639. marc has left
  640. marc has joined
  641. marc has left
  642. marc has joined
  643. marc has left
  644. marc has joined
  645. marc has left
  646. marc has joined
  647. marc has left
  648. marc has joined
  649. marc has left
  650. marc has joined
  651. marc has left
  652. alexbay218 has left
  653. marc has joined
  654. lskdjf has joined
  655. marc has left
  656. marc has joined
  657. marc has left
  658. marc has joined
  659. marc has left
  660. marc has joined
  661. byan has left
  662. Kev has left
  663. marc has left
  664. Kev has joined
  665. marc has joined
  666. marc has left
  667. marc has joined
  668. marc has left
  669. marc has joined
  670. marc has left
  671. marc has joined
  672. marc has left
  673. marc has joined
  674. marc has left
  675. marc has joined
  676. marc has left
  677. marc has joined
  678. marc has left
  679. marc has joined
  680. marc has left
  681. marc has joined
  682. marc has left
  683. marc has joined
  684. marc has left
  685. marc has joined
  686. marc has left
  687. marc has joined
  688. deuill has joined
  689. marc has left
  690. marc has joined
  691. marc has left
  692. marc has joined
  693. marc has left
  694. marc has joined
  695. marc has left
  696. wendy has left
  697. marc has joined
  698. marc has left
  699. marc has joined
  700. marc has left
  701. marc has joined
  702. marc has left
  703. marc has joined
  704. marc has left
  705. marc has joined
  706. marc has left
  707. marc has joined
  708. marc has left
  709. marc has joined
  710. wurstsalat has joined
  711. marc has left
  712. marc has joined
  713. marc has left
  714. marc has joined
  715. marc has left
  716. marc has joined
  717. marc has left
  718. marc has joined
  719. marc has left
  720. marc has joined
  721. ti_gj06 has joined
  722. marc has left
  723. marc has joined
  724. marc has left
  725. marc has joined
  726. marc has left
  727. marc has joined
  728. marc has left
  729. marc has joined
  730. marc has left
  731. marc has joined
  732. marc has left
  733. marc has joined
  734. Kev has left
  735. Kev has joined
  736. marc has left
  737. marc has joined
  738. marc has left
  739. marc0s has left
  740. marc0s has joined
  741. nyco has joined
  742. adiaholic has left
  743. adiaholic has joined
  744. qrpnxz has joined
  745. nyco has left
  746. adiaholic has left
  747. marc has joined
  748. marc has left
  749. marc has joined
  750. marc has left
  751. adiaholic has joined
  752. marc has joined
  753. marc has left
  754. marc has joined
  755. marc has left
  756. marc has joined
  757. marc has left
  758. marc has joined
  759. marc has left
  760. marc has joined
  761. marc has left
  762. marc has joined
  763. marc has left
  764. marc has joined
  765. marc has left
  766. marc has joined
  767. marc has left
  768. menel has left
  769. marc has joined
  770. marc has left
  771. adiaholic has left
  772. marc has joined
  773. marc has left
  774. marc has joined
  775. menel has joined
  776. adiaholic has joined
  777. marc has left
  778. mathijs has left
  779. marc has joined
  780. marc has left
  781. marc has joined
  782. marc has left
  783. arc has left
  784. arc has joined
  785. arc has left
  786. arc has joined
  787. marc has joined
  788. marc has left
  789. marc has joined
  790. marc has left
  791. marc has joined
  792. marc has left
  793. marc has joined
  794. marc has left
  795. marc has joined
  796. marc has left
  797. marc has joined
  798. marc has left
  799. marc has joined
  800. marc has left
  801. marc has joined
  802. winfried has left
  803. winfried has joined
  804. marc has left
  805. marc has joined
  806. nyco has joined
  807. marc has left
  808. marc has joined
  809. marc has left
  810. marc has joined
  811. marc has left
  812. marc has joined
  813. marc has left
  814. marc has joined
  815. marc has left
  816. marc has joined
  817. emus has joined
  818. marc has left
  819. marc has joined
  820. LNJ has joined
  821. Andrzej has joined
  822. chronosx88 has left
  823. marc has left
  824. chronosx88 has joined
  825. marc has joined
  826. marc has left
  827. marc has joined
  828. marc has left
  829. marc has joined
  830. marc has left
  831. marc has joined
  832. marc has left
  833. marc has joined
  834. marc has left
  835. marc has joined
  836. marc has left
  837. marc has joined
  838. marc has left
  839. marc has joined
  840. marc has left
  841. marc has joined
  842. marc has left
  843. marc has joined
  844. marc has left
  845. marc has joined
  846. marc has left
  847. chronosx88 has left
  848. chronosx88 has joined
  849. marc has joined
  850. marc has left
  851. marc has joined
  852. menel has left
  853. marc has left
  854. marc has joined
  855. adiaholic has left
  856. marc has left
  857. adiaholic has joined
  858. chronosx88 has left
  859. chronosx88 has joined
  860. marc has joined
  861. marc has left
  862. croax has joined
  863. marc has joined
  864. marc has left
  865. marc has joined
  866. marc has left
  867. goffi has joined
  868. marc has joined
  869. marc has left
  870. adiaholic has left
  871. menel has joined
  872. marc has joined
  873. marc has left
  874. menel has left
  875. adiaholic has joined
  876. menel has joined
  877. marc has joined
  878. marc has left
  879. marc has joined
  880. marc has left
  881. marc has joined
  882. marc has left
  883. marc has joined
  884. marc has left
  885. marc has joined
  886. marc has left
  887. marc has joined
  888. marc has left
  889. Tobias has joined
  890. marc has joined
  891. debacle has joined
  892. marc has left
  893. marc has joined
  894. menel has left
  895. marc has left
  896. menel has joined
  897. marc has joined
  898. marc has left
  899. marc has joined
  900. marc has left
  901. karoshi has joined
  902. marc has joined
  903. marc has left
  904. marc has joined
  905. marc has left
  906. marc has joined
  907. adiaholic has left
  908. marc has left
  909. marc has joined
  910. marc has left
  911. mukt2 has joined
  912. marc has joined
  913. marc has left
  914. marc has joined
  915. marc0s has left
  916. marc0s has joined
  917. marc has left
  918. marc has joined
  919. Andrzej has left
  920. adiaholic has joined
  921. marc has left
  922. jcbrand has joined
  923. marc has joined
  924. marc0s has left
  925. marc0s has joined
  926. marc has left
  927. marc has joined
  928. marc has left
  929. marc has joined
  930. marc has left
  931. marc has joined
  932. marc has left
  933. marc has joined
  934. marc has left
  935. marc has joined
  936. marc has left
  937. marc has joined
  938. marc has left
  939. marc has joined
  940. marc has left
  941. marc has joined
  942. marc has left
  943. marc has joined
  944. marc has left
  945. marc has joined
  946. marc has left
  947. marc has joined
  948. marc has left
  949. marc has joined
  950. xecks has joined
  951. qrpnxz TLS and SASL support is required, and SASL EXTERNAL is also required for servers. So there's just about zero reason to do dialback afaict
  952. meetpal_sangra has left
  953. mathijs has joined
  954. Sam has left
  955. floretta has left
  956. Sam has joined
  957. marc0s has left
  958. marc0s has joined
  959. Zash There's some servers that run with self-signed certs, some with expired certs...
  960. chronosx88 has left
  961. chronosx88 has joined
  962. bean has joined
  963. mukt2 has left
  964. marc0s has left
  965. marc0s has joined
  966. marc0s has left
  967. marc0s has joined
  968. qrpnxz cron to the rescue
  969. MattJ I would strongly urge anyone implementing s2s today to just not implement dialback
  970. marc has left
  971. BASSGOD has left
  972. marc has joined
  973. mdosch > There's some servers that run with self-signed certs, some with expired certs... Expired certs are probably just caused by mistakes, but why would you use self signed certs nowadays?
  974. stp has joined
  975. qrpnxz In case the domain is irrelevant.
  976. qrpnxz and you don't need hierarchy
  977. marc has left
  978. adiaholic has left
  979. marc has joined
  980. adiaholic has joined
  981. mdosch What do you mean by irrelevant?
  982. marc has left
  983. marc has joined
  984. qrpnxz not applicable or pertinent
  985. mdosch If you want to do s2s with others I think it's relevant.
  986. marc has left
  987. qrpnxz yes for s2s it's very relevant
  988. marc has joined
  989. qrpnxz thought you were asking in general
  990. qrpnxz for things using tls
  991. marc has left
  992. mdosch It was about s2s afaiu.
  993. marc has joined
  994. marc has left
  995. marc has joined
  996. marc has left
  997. marc has joined
  998. marc has left
  999. marc has joined
  1000. marc has left
  1001. marc has joined
  1002. marc has left
  1003. marc has joined
  1004. marc has left
  1005. marc has joined
  1006. marc has left
  1007. babacb has left
  1008. babacb has joined
  1009. menel has left
  1010. menel has joined
  1011. marc has joined
  1012. marc has left
  1013. wendy has joined
  1014. Kev Dialback’s pretty convenient for testing, mind.
  1015. qrpnxz for testing what
  1016. Kev For quickly running up a bunch of servers without having to generate a root, trust it in all the configs, issue certs etc.
  1017. Kev For testing the server.
  1018. qrpnxz sounds like you can also just whitelist these
  1019. marc has joined
  1020. Zash I found it easier to get certs for my testing servers.
  1021. marc has left
  1022. marc has joined
  1023. marc has left
  1024. flow plus, at some point you may want to test the code involving certs anyway :)
  1025. Kev You *can* do it by generating a CA, committing configs with that trusted and issued certs in etc., but...
  1026. Kev flow: Are you genuinely going to suggest that we don’t test our EXTERNAL paths?
  1027. flow hehe
  1028. menel has left
  1029. flow anyhow, all that talk about dialback being so complex actually makes me want to implement it
  1030. flow of course, I first would need to implement an XMPP server
  1031. flow not sure if I am up to that challenge, I like my life as client library dev very much
  1032. Kev But tests involving TLS are desperately slow, so being able to test with dialback is quite desirable (or you can use null cyphers in TLS or something, but we compile with those disabled).
  1033. marc has joined
  1034. marc has left
  1035. qrpnxz i want to implement a server and client rn. So far I've not been discouraged. XMPP is rather straightforward for the most part.
  1036. marc has joined
  1037. flow rn?
  1038. qrpnxz right now
  1039. Kev So our S2S tests don’t do TLS except those that test TLS.
  1040. marc has left
  1041. adiaholic has left
  1042. Kev (Well, our in-process tests. Our integration test suite uses TLS)
  1043. flow qrpnxz, implementing client *and* server is a huge task, fwiw
  1044. qrpnxz i'm starting with server
  1045. flow I was suggesting to start with the client side of things
  1046. menel has joined
  1047. flow I was about to suggest to start with the client side of things
  1048. flow but go for it, you can only learn from it
  1049. qrpnxz so XMPP: Core AND XMPP: IM AND i have to learn GUI? no way lol
  1050. qrpnxz how about just XMPP: Core server and done
  1051. flow sure, that's the nice thing about XMPP, you can implement a very basic server
  1052. marc has joined
  1053. marc has left
  1054. marc has joined
  1055. qrpnxz Clients not even required really. You can just make the server if you don't plan on having other users LOL
  1056. qrpnxz Client's not even required really. You can just make the server if you don't plan on having other users LOL
  1057. qrpnxz hmm, i don't see a way to make TLS optional without having a dummy feature...
  1058. adiaholic has joined
  1059. Kev In what sense?
  1060. Kev You just don’t mark it as required.
  1061. Kev Or if you mean optional to have configured, rather than optional to negotiate, you don’t advertise when it’s not configured.
  1062. arcxi has joined
  1063. MattJ Basic messaging between clients in Prosody was working in just a few days. It's everything after that that's the difficult part :)
  1064. qrpnxz > You just don’t mark it as required. Kev: Core says that if it's by itself then it's mandatory by default
  1065. dwd flow, I've implemented dialback from scratch once, and fixed it at least twice. Don't recommend... it's simple enough to start with, then gets horrendously complex as you add in TLS, BiDi, etc.
  1066. MattJ I also think I discovered a bug in the XEP the other day
  1067. MattJ But I haven't reported it because I can't even be sure it's a bug in the XEP, or my understanding of it
  1068. qrpnxz dwd, basically anything that touches DNS makes me sad
  1069. dwd qrpnxz, Yes, you have to implement, and negotiate, TLS to be standards compliant. But you can deliberately choose not to.
  1070. dwd qrpnxz, Actually DNS is the easy bit. Unless you're talking DNSSEC, which then becomes complicated again.
  1071. qrpnxz MattJ, i'm writing something about a problem in XEP-0288 as well, but first i'm making sure it's actually a problem and/or proposing solution ;)
  1072. qrpnxz dwd, i see, ew
  1073. dwd qrpnxz, Especially when deriving candidate subject names.
  1074. dwd qrpnxz, And most interested in fixes for XEP-0288, of course.
  1075. qrpnxz > implement, and negotiate, TLS to be standards compliant serveral places in the standard hint at situation in which you get to, for example SASL, and tls is not negotiated yet. And indeed if you you have both tls feature and something else, tls is optional.
  1076. adiaholic has left
  1077. qrpnxz but i don't see a way to only have tls feature, and have it be optional, yet you have to show tls feature, so... a pickle
  1078. qrpnxz well, i do see a way: a dummy feature. But kind of ugly
  1079. MattJ If you don't have any other features how is it optional?
  1080. MattJ The stream wouldn't be able to proceed
  1081. dwd qrpnxz, You just don't advertise TLS, and do advertise SASL.
  1082. qrpnxz i just specifically said that if it's the only one std says that it's mandatory by default so idk where you are getting i said that
  1083. qrpnxz not advertising tls is not the same as optional tls, also you cannot NOT advertise tls
  1084. qrpnxz you must advertize tls if you support it, which you must support because of the std as well
  1085. MattJ You're saying you want a scenario where you advertise only TLS, but you want it to be optional
  1086. dwd qrpnxz, You really can. You're no longer standards compliant, because we think you should do TLS. But if you have a compelling reason not to be standards compliant, then go for it.
  1087. qrpnxz mattj, it's not necessary that i want such a scenario, but that it's kind of ugly the way you have to do it (dummy feature)
  1088. dwd qrpnxz, I don't get where you're coming from with this "dummy feature".
  1089. Kev It’s not a dummy feature.
  1090. qrpnxz if i have tls feature, and another feature that is not tls, and tls does not have <require/>, then tls is optional
  1091. Kev It’s an alternative mechanism.
  1092. qrpnxz hence if i wanted to make tls optional, and i didn't have a legitimate feature to advertize alongside tls, then i'd have to create a dummy feature that doesn't exist to put along with tls, and then not mask tls as <require/>
  1093. dwd qrpnxz, If a server doesn't advertise TLS at all - and structurally, it need not - then a compliant client might refuse to continue. But a client that *also* doesn't mandate TLS (which is most of them with non-default configuration) will happily continue without. If you have an alternate stream encryption (or similar), then a client which understands that might negotiate it in preference to TLS.
  1094. wladmis has left
  1095. wladmis has joined
  1096. qrpnxz A server that doesn't advertize tls is not compliant, to start. A client that does mandate tls simply doesn't use the feature *if it's voluntary-to-negotiate*.
  1097. qrpnxz A server that doesn't advertize tls is not compliant, to start. A client that doesn't mandate tls simply doesn't use the feature *if it's voluntary-to-negotiate*.
  1098. adiaholic has joined
  1099. dwd qrpnxz, Have you noted the last bit of https://datatracker.ietf.org/doc/html/rfc6120#section-5.4.1
  1100. dwd qrpnxz, So if the server doesn't consider TLS to be mandatory but does support it, just don't include <required/> in the stream feature.
  1101. qrpnxz right, that adds to the brainfuck. That means that there should never be the case that TLS is the only feature and it doesn't have <require/>
  1102. dwd qrpnxz, I don't understand why this is confusing. And yes, you're right (though <required/> would be redudant in that case).
  1103. andrey.g has joined
  1104. qrpnxz it's redundant, but it's required. They should have just writ it so that without required it's optional to be consistent
  1105. dwd qrpnxz, Well, sure, and it is. But if the only thing the stream is offering is to negotiate TLS, and you choose not to, then you can't do anything else.
  1106. qrpnxz it's not optional in that case.
  1107. Sam has left
  1108. dwd qrpnxz, What difference does it make?
  1109. adiaholic has left
  1110. flow MattJ> But I haven't reported it because I can't even be sure it's a bug in the XEP, or my understanding of it
  1111. flow standards@ it maybe?
  1112. dwd qrpnxz, I mean, sure, if TLS is the only thing offered, it follows that it *is* mandatory to negotiate, and therefore the server MUST include <required/>. But in practice, what cases fail to interoperate if it's not included?
  1113. Kev required only really matters so you know why you can’t continue, rather than aiding interop.
  1114. qrpnxz none, yet the server is not compliant ;) And if you want to make it optional you have to add a dummy. Not a helpful special case.
  1115. Zash I don't understand where you got 'dummy' from?
  1116. qrpnxz do you know what a dummy is
  1117. Zash Yes.
  1118. Kev Because no-one who wants to do tls is going to decide they’re not going to do it because it’s not marked as required. And similarly if it’s required you’re not going to be able to continue without it. It’s just useful for debug when things don’t work.
  1119. Zash Maybe the missing piece is that if you are only offered TLS, the only way to not do TLS would be to do Dialback, which is advertised differently because hysterical raisins.
  1120. qrpnxz perhaps you missed my message where i explain i copy here: ``` hence if i wanted to make tls optional, and i didn't have a legitimate feature to advertize alongside tls, then i'd have to create a dummy feature that doesn't exist to put along with tls, and then not mark tls as <require/> ```
  1121. dwd qrpnxz, Why do you think you need this dummy feature?
  1122. qrpnxz you need it to mark tls as optional if tls is the only legitimate feature
  1123. dwd qrpnxz, Why do you think that?
  1124. qrpnxz because that's what the standard says. If it's on it's own, it's required. Period. So if it's gonna be optional, there needs to be another feature.
  1125. dwd qrpnxz, Ah, I see. So you want a client to go straight to SASL?
  1126. Zash But how would you SASL without TLS?
  1127. dwd qrpnxz, If so... advertise SASL.
  1128. Zash And that's where in practice you'd do Dialback.
  1129. qrpnxz Not personally, but i'm just saying that's what you'd have to do. You can't advertize SASL before TLS, and you have to advertise TLS
  1130. dwd qrpnxz, And why do you think you can't advertise SASL alongside TLS?
  1131. flow Why can't I advertize SASL before TLS?
  1132. menel has left
  1133. qrpnxz standard says so
  1134. flow ref or it didn't say so ;)
  1135. qrpnxz i will look :)
  1136. Daniel has left
  1137. menel has joined
  1138. flow we should take notes how different people interpret the standard text and see if we can clarify this in a future revision of the text
  1139. qrpnxz you are right you can do them at the same time, thought if you didn't do SASL either then you'd need a dummy again
  1140. dwd qrpnxz, So you want to not do SASL *or* Dialback *or* TLS? What is it that you *do* want to do?
  1141. qrpnxz you are right you can do them at the same time, though if you didn't do SASL either then you'd need a dummy again
  1142. dwd qrpnxz, And shouldn't you advertise *that*?
  1143. qrpnxz I don't want to do anything like I said. Just commenting on the standard.
  1144. menel has left
  1145. Zash And then?
  1146. Daniel has joined
  1147. qrpnxz one min
  1148. menel has joined
  1149. qrpnxz and nothing
  1150. Zash I'm lost.
  1151. qrpnxz how can i help
  1152. dwd qrpnxz, So you're saying that a thing you don't want to do can't be done? And this annoys you because?
  1153. Sam has joined
  1154. qrpnxz no, it can be done. Just you have to use a dummy maybe.
  1155. qrpnxz the annoying part is that there's an unnecessary special case of tls being required if it's the only thing.
  1156. adiaholic has joined
  1157. qrpnxz whereas it could just be required if you put <required/>, which you must do if you consider it required anyway
  1158. flow I think you maybe reading to much into "TLS required" in the standards text
  1159. flow it basically says that an implementation can only claim standards compliance if it implements TLS
  1160. flow not that you have to jump through loops in the protocol, not offering TLS is perfectly fine from a protocol perspective
  1161. qrpnxz it says a lot of things
  1162. dwd qrpnxz, OK. So you want the client to negotiate something which is unadvertised?
  1163. qrpnxz no
  1164. dwd qrpnxz, So what do you want the client to do?
  1165. qrpnxz > not offering TLS is perfectly fine from a protocol perspective no, std requires you offer tls
  1166. qrpnxz i don't want the client to do anything dwd
  1167. dwd qrpnxz, Then what on earth is the problem?
  1168. qrpnxz i've already said to you multiple times idk what you want from me
  1169. dwd qrpnxz, Give me an example of the thing you don't want to do but think is impossible.
  1170. qrpnxz i already told you multiple times there is no impossible thing
  1171. dwd qrpnxz, So why do you thinka dummy feature is needed?
  1172. flow maybe slow down a bit and see if we can steer this into a productive and helpful direction
  1173. qrpnxz i will tell you one more time: because if it's by itself and it doesn't say required it is still required, if you want to make it not required and there's no other legitimate feature, you must have a dummy feature
  1174. dwd qrpnxz, OK. And what would the client do at this point?
  1175. qrpnxz if it were optional? idk, w/e the client wanna do, or negotiate a mandatory feature.
  1176. flow that would be SASL or dialback at this point, right?
  1177. qrpnxz sure, if that were a feature
  1178. flow so why not, instead of a dummy feature, announce SASL and/or dialback?
  1179. adiaholic has left
  1180. dwd qrpnxz, OK, so there'd be another, non-dummy, feature for it to negotiate then. Where does the dummy feature come in?
  1181. qrpnxz yes we already established this is also an option. That's why i said "if there's no other legitimate feature"
  1182. qrpnxz yes we already established this is also an option. That's why i said *"if there's no other legitimate feature"*
  1183. flow ok, we are going circles :)
  1184. qrpnxz If there is another feature, then TLS feature comes back to the world of mortals and behaves normally. Only if it would otherwise be the only feature, do you need a dummy to make it optional.
  1185. qrpnxz If there is another feature, then TLS feature comes back to the world of mortals and behaves normally. Only if it would otherwise be the only feature, then you need a dummy to make it optional.
  1186. dwd Why would it be the only feature?
  1187. dwd Because if you want the client to do "something else", then the server needs to advertise the feature is available at that point.
  1188. qrpnxz it's almost always the only feature. I don't know all the XEPs though.
  1189. Andrzej has joined
  1190. floretta has joined
  1191. qrpnxz the dummy is not for when you want to do something else, it's for when you want to do nothing.
  1192. MattJ If you want to do nothing the stream can't proceed, that's the point
  1193. qrpnxz it can if it's optional
  1194. MattJ It can't, there's nothing else to do
  1195. qrpnxz there is, if they are optional it's stanza time
  1196. dwd MattJ, Maybe it's the equivalent of just holding hands.
  1197. MattJ It's not stanza time until it's authenticated, which requires SASL
  1198. MattJ (let's put dialback aside...)
  1199. qrpnxz sasl is not required afaict
  1200. MattJ You can't send stanzas without authentication
  1201. qrpnxz but if it is then you put sasl next to tls, which like i said, is ofc not a situation in which you need the dummy
  1202. dwd qrpnxz, RFC 6120 says SASL is both required and mandatory-to-negotiate.
  1203. qrpnxz required to support, and mandatory-to-negotiate when advertized
  1204. Zash It is a bit awkward that there's no explicit "you're done, feel free to send stanzas now"
  1205. menel has left
  1206. Zash Also awkward that an empty `<stream:features/>` means exactly that...
  1207. dwd Zash, Well, for C2S you could advertise <bind/>.
  1208. qrpnxz if all features are optional and there's nothing you want to negotiate, you just go ahead. I think it's for the best. Saves a message
  1209. Zash dwd, thought we were mostly discussing s2s
  1210. Zash but yeah
  1211. dwd But there *is* XEP-0361 for the oddball cases where you need that.
  1212. qrpnxz nice
  1213. qrpnxz it's def expensive to start xmpp conn with all those stream restarts and feature lists
  1214. menel has joined
  1215. qrpnxz for contrained environments. Desktops no problem ofc
  1216. flow that negotiation ping-pong is also old-fashioned when it comes to protocol design. these days you want to just send all the stuff you want to do in a single step, e.g. bind2
  1217. flow but I guess the negotation ping-pong is less of an issue in s2s
  1218. Kev Depends on the environment. But yes, generally.
  1219. ti_gj06 has left
  1220. adiaholic has joined
  1221. qrpnxz On a related note, I may have found a problem in XEP-0288. XMPP: Core states: ``` A <features/> element that contains both mandatory-to-negotiate and voluntary-to-negotiate features indicates that the negotiation is not complete but that the initiating entity MAY complete the voluntary- to-negotiate feature(s) before it attempts to negotiate the mandatory-to-negotiate feature(s). ``` However, XEP-0288 states: ``` If a server supports bidirectional server-to-server streams, it should inform the connecting entity when returning stream features during the stream negotiation process (both before and after TLS negotiation). [...] If the initiating entity chooses to use TLS, STARTTLS negotiation MUST be completed before enabling bidirectionality. ``` Now consider I serve the following: ``` <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'> <required/> </starttls> <bidi xmlns='urn:xmpp:features:bidi'/> </stream:features> ``` Core says that I MAY negotiate bidi first, but 0288 says that I MUST do STARTTLS first. 0288 should allow you to enable bidi before TLS to defuse this situation. I can't think of why that should be disallowed.
  1222. Kev Central to a lot of how XEPs work is that any behaviour can be overriden by negotiation.
  1223. Kev Central to a lot of how XEPs work is that any behaviour can be overridden by negotiation.
  1224. Kev So if core says something and 288 says “But when doing 288 you should do this instead”, that is fine.
  1225. Kev E.g. core says “There’s just <message/> <presence/> and <iq/>” and 198 says “but if you’re doing 198 there’s <a/> and <r/> too”, and that’s fine.
  1226. dwd What Kev says, but also bidi is predicated on mutual authentication, so it'd be a bit weird to negotiate that before you decide if the other side is who it says it is.
  1227. qrpnxz I see yeah cool np
  1228. dwd But maybe weird is OK.
  1229. qrpnxz i don't see how bidi is predicated on authentication, it just means says "dont' bother with another conn"
  1230. qrpnxz in fact, it's perfectly ok to do bidi but not TLS in the XEP
  1231. dwd Sending stanzas in general is predicated on mutual authentication. Even XEP-0361 uses out of band authentication.
  1232. neshtaxmpp has left
  1233. Kev And if you do TLS, pre-TLS state is tainted.
  1234. Kev So you couldn’t negotiate bidi before doing TLS and continue using it afterwards.
  1235. dwd Kev, That's a good point.
  1236. qrpnxz i don't see such predicate in 0361, it merely recommends it
  1237. Kev 361 definitely only works bilaterally :)
  1238. qrpnxz oh i think ik what you are talking about kev, gonna look up the quote in the std
  1239. Andrzej has left
  1240. adiaholic has left
  1241. qrpnxz here: ``` The initiating entity MUST discard any information transmitted in layers above TCP that it obtained from the receiving entity in an insecure manner before TLS took effect (e.g., the receiving entity's 'from' address or the stream ID and stream features received from the receiving entity). ```
  1242. qrpnxz bidi would be such an information
  1243. qrpnxz therefore if you do bidi first, no more tls
  1244. Zash You'd get another set of stream features after TLS and the stream restart
  1245. qrpnxz and contraversly, if you do tls, it must be first
  1246. qrpnxz right
  1247. qrpnxz *contrapositively lol
  1248. adiaholic has joined
  1249. dwd However, you may have a point - it's useful for the receiving entity to know if bidi is intended as early as possible, ebcause otherwise it'll start to open connections. (Or might do; Metre certainly will).
  1250. Zash I think in Prosody bidi is not even advertised until after TLS and certificates have been verified and such
  1251. qrpnxz 0288 doesn't require it do advertise before tls, only recommends it
  1252. Kev dwd: But if you’re making such decisions, they have to be reversible, right?
  1253. Kev Because the bidi before TLS is tainted.
  1254. dwd Kev, Yes, but you could at least hold off on opening return sessions.
  1255. Kev Although I’m not sure what decision you’d make based on an *outbound* session having bidi advertised.
  1256. qrpnxz but you really gotta do it before sasl, because after sasl it's assumed you aren't gonna send anything else on that conn
  1257. Kev As on an outgoing session it’s the other end that can elide the second stream because of bidi, not you.
  1258. Zash What's all this about opening return sessions early?
  1259. Zash That sounds like a Dialback thing
  1260. qrpnxz uhh, not sure
  1261. dwd Zash, It's a non-bidi-thing.
  1262. Zash Hm, without dialback, something to verify that bidirectional connectivity is possible would be good...
  1263. qrpnxz that's what XEP-0288 does
  1264. Zash One-way s2s is a bit annoying when it happens
  1265. dwd Kev, Yes. So, you're a server. You get an inbound session claiming to be from example.org. You're advertising bidi. Until the inbound session has negotiated bidi, then you can save some time by initiating an outbound session to example,org. This is safe (in terms of auth, etc) even if the inbound session cannot authenticate.
  1266. Zash XEP-0288 isn't all that widely deployed
  1267. dwd Kev, But, if the inbound session then negotiates bidi, it was a waste of effort.
  1268. qrpnxz no way i personally waste time on outbound connection before auth, and bidi has to happen before auth, so problem solved for me lol
  1269. adiaholic has left
  1270. Kev dwd: Yes, but I don’t know what advertising bidi does here. Because it’s you that’s advertising it on the inbound session, so you don’t know if the other end is going to use it later to determine whether to open the return session or not.
  1271. andrey.g has left
  1272. dwd Kev, Right, because we don't negotiate until later. If, as qrpnxz says, we negotiate early, then this changes.
  1273. dwd Kev, Even if we'd *later* have to renegotiate...
  1274. dwd qrpnxz, It's very rarely a waste of time, and often makes things significantly faster to get to stanza exchange.
  1275. qrpnxz if you advertise bidi with tls, you can do bidi and no tls (unless TLS is required, then you must do TLS first). If you advertise bidi with SASL, then you can enable bidi, and after SASL you will have a bidi connection. Or if you don't enable it and then do SASL, then it's one way
  1276. qrpnxz dwd, yeah it's a tradeoff of waste of resources on non-auth and time save for successful auth. I choose not letting people waste my time without auth every time tho
  1277. stp has left
  1278. adiaholic has joined
  1279. eevvoor has left
  1280. adiaholic has left
  1281. adiaholic has joined
  1282. adiaholic has left
  1283. menel has left
  1284. adiaholic has joined
  1285. menel has joined
  1286. eevvoor has joined
  1287. chronosx88 has left
  1288. chronosx88 has joined
  1289. marc0s has left
  1290. marc0s has joined
  1291. marc0s has left
  1292. marc0s has joined
  1293. adiaholic has left
  1294. adiaholic has joined
  1295. moparisthebest has joined
  1296. Wojtek has joined
  1297. floretta has left
  1298. menel has left
  1299. wendy has left
  1300. menel has joined
  1301. moparisthebest .onion domains are a widely deployed reason to still support dialback I think
  1302. MattJ Prosody's mod_onions just accepts any *.onion certificate
  1303. qrpnxz onion does touch dns though, and i cant think of you you wouldmt trust that conn
  1304. qrpnxz *doesn't
  1305. qrpnxz jesus i rly messed up that msg
  1306. qrpnxz h8 typing on phone
  1307. Andrzej has joined
  1308. qrpnxz ok on computer now. Onion addr is based on pub key crypto iirc, so if you connected to it, I think you are fine, but not sure tbh will have to look into it.
  1309. adiaholic has left
  1310. qrpnxz rly need to go to bed rn tho
  1311. adiaholic has joined
  1312. adiaholic has left
  1313. moparisthebest qrpnxz, right, but then how do you validate the connection coming *from* something claiming to be a .onion ?
  1314. adiaholic has joined
  1315. Andrzej has left
  1316. millesimus has left
  1317. millesimus has joined
  1318. moparisthebest MattJ, wait for incoming SASL auth too? or how do you validate incoming .onion streams ?
  1319. menel has left
  1320. Zash It accepts any certificate, in that it doesn't reject them. But it doesn't use certs for authentication either. Still need to do Dialback.
  1321. menel has joined
  1322. moparisthebest ah ok, good
  1323. moparisthebest I suppose the dreaded "raw IP" requires dialback too
  1324. Zash You can get certs for IP addresses actually...
  1325. mukt2 has joined
  1326. Zash Prosody can't federate with bare IPs tho, so glhf
  1327. Zash (depending on version and whether it's the future yet)
  1328. hamish has joined
  1329. dib has joined
  1330. alacer has left
  1331. alacer has joined
  1332. mukt2 has left
  1333. chronosx88 has left
  1334. chronosx88 has joined
  1335. larma has left
  1336. ti_gj06 has joined
  1337. adiaholic has left
  1338. adiaholic has joined
  1339. Kev has left
  1340. Kev has joined
  1341. Calvin has joined
  1342. Kev has left
  1343. Kev has joined
  1344. floretta has joined
  1345. nyco has left
  1346. nyco has joined
  1347. stp has joined
  1348. Kev It wasn’t then, but it is now.
  1349. Zash IP address SAN is newer than XMPP?
  1350. marc0s has left
  1351. marc0s has joined
  1352. dib has left
  1353. dwd The SAN existed, it's part of X.509v3, IIRC. But whether any CA would sign such a cert is another matter.
  1354. lskdjf has left
  1355. Zash Will any now?
  1356. Zash has one
  1357. dwd I have this vision of you deciding to work through all the IP addresses and being lucky the first one hit.
  1358. eta please federate with 2a0d:1a40:7553:beef:5054:ff:fe62:dd16, kthxbai
  1359. Andrzej has joined
  1360. Zash Next up, can haz raw public keys?
  1361. Zash Raw all the things
  1362. Zash And like ... in-addr.arpa DANE something something
  1363. dwd I'd never suggest "raw public keys", because the logistics are a pain, but Metre does allow preconfigured self-signed certs.
  1364. eta also see https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/JFwqZx7RLL0
  1365. mdosch has left
  1366. Zash DANE + raw public keys would be nice tho
  1367. mdosch has joined
  1368. stp has left
  1369. stp has joined
  1370. dib has joined
  1371. paul has left
  1372. Andrzej has left
  1373. mukt2 has joined
  1374. x51 has joined
  1375. wendy has joined
  1376. mukt2 has left
  1377. papatutuwawa has joined
  1378. wladmis has left
  1379. arc has left
  1380. arc has joined
  1381. wladmis has joined
  1382. arc has left
  1383. arc has joined
  1384. wladmis has left
  1385. wladmis has joined
  1386. wladmis has left
  1387. Andrzej has joined
  1388. papatutuwawa has left
  1389. hamish has left
  1390. Andrzej has left
  1391. dib has left
  1392. babacb has left
  1393. babacb has joined
  1394. wladmis has joined
  1395. Andrzej has joined
  1396. Andrzej has left
  1397. mukt2 has joined
  1398. Andrzej has joined
  1399. arc has left
  1400. arc has joined
  1401. arc has left
  1402. arc has joined
  1403. arc has left
  1404. arc has joined
  1405. wurstsalat has left
  1406. mukt2 has left
  1407. paul has joined
  1408. hamish has joined
  1409. ti_gj06 has left
  1410. adiaholic has left
  1411. wurstsalat has joined
  1412. adiaholic has joined
  1413. Chan Shen has joined
  1414. arc has left
  1415. arc has joined
  1416. Chan Shen is it possible to add voice chat to xmpp ??
  1417. Zash Yes, commonly called Jingle
  1418. Zash https://xmpp.org/uses/webrtc.html might be enlightening
  1419. arc has left
  1420. Zash or https://xmpp.org/about/technology-overview.html#jingle
  1421. Zash or both
  1422. arc has joined
  1423. Chan Shen >Yes, commonly called Jingle is it something like group chat of telegram ??
  1424. Chan Shen >Yes, commonly called Jingle is it something like group voice chat of telegram ??
  1425. Zash Never used Telegram, can't answer that.
  1426. emus has left
  1427. Chan Shen >Never used Telegram, can't answer that. i mean is it possible to have a voice chat (up to 100 person) with group members in xmpp ?
  1428. Zash Daniel, distinct lack of mention of calls on https://conversations.im/ 🙂
  1429. Zash Mostly 1-to-1 calls at this time, altho things like Jitsi Meet does video conferencing with some XMPP behind the scenes.
  1430. pjn has left
  1431. mathijs has left
  1432. LNJ has left
  1433. adiaholic has left
  1434. Chan Shen i think it is called multiparty jingle (muji). https://xmpp.org/extensions/xep-0272.html
  1435. andrey.g has joined
  1436. floretta has left
  1437. floretta has joined
  1438. stp has left
  1439. pjn has joined
  1440. APach has left
  1441. emus has joined
  1442. adiaholic has joined
  1443. ti_gj06 has joined
  1444. LNJ has joined
  1445. Freddy has left
  1446. APach has joined
  1447. Kev has left
  1448. adiaholic has left
  1449. Kev has joined
  1450. arc has left
  1451. arc has joined
  1452. arc has left
  1453. arc has joined
  1454. arc has left
  1455. arc has joined
  1456. adiaholic has joined
  1457. adiaholic has left
  1458. Daniel has left
  1459. Daniel has joined
  1460. L29Ah has left
  1461. arc has left
  1462. arc has joined
  1463. arc has left
  1464. arc has joined
  1465. arc has left
  1466. arc has joined
  1467. emus has left
  1468. emus has joined
  1469. BASSGOD has joined
  1470. pjn has left
  1471. Kev has left
  1472. Kev has joined
  1473. Kev has left
  1474. Kev has joined
  1475. Freddy has joined
  1476. Kev has left
  1477. Kev has joined
  1478. marc0s has left
  1479. marc0s has joined
  1480. L29Ah has joined
  1481. mathijs has joined
  1482. pasdesushi has joined
  1483. wladmis has left
  1484. Kev has left
  1485. Kev has joined
  1486. pasdesushi has left
  1487. Kev has left
  1488. Kev has joined
  1489. Tobias has left
  1490. Tobias has joined
  1491. Kev has left
  1492. Kev has joined
  1493. Kev has left
  1494. Kev has joined
  1495. marc has left
  1496. marc has joined
  1497. adiaholic has joined
  1498. arc has left
  1499. arc has joined
  1500. arc has left
  1501. arc has joined
  1502. pjn has joined
  1503. marc has left
  1504. marc has joined
  1505. marc has left
  1506. marc has joined
  1507. marc has left
  1508. marc has joined
  1509. marc has left
  1510. marc has joined
  1511. marc has left
  1512. marc has joined
  1513. marc has left
  1514. marc has joined
  1515. Wojtek has left
  1516. Wojtek has joined
  1517. Wojtek has left
  1518. arc has left
  1519. arc has joined
  1520. arc has left
  1521. arc has joined
  1522. arc has left
  1523. arc has joined
  1524. arc has left
  1525. arc has joined
  1526. wladmis has joined
  1527. Wojtek has joined
  1528. Wojtek has left
  1529. adiaholic has left
  1530. adiaholic has joined
  1531. jonas’ https://github.com/xsf/xeps/pull/1059 flow, don’t you think this has privacy implications?
  1532. Chan Shen has left
  1533. Chan Shen has joined
  1534. pasdesushi has joined
  1535. adiaholic has left
  1536. mukt2 has joined
  1537. andrey.g has left
  1538. arc has left
  1539. arcxi has left
  1540. adiaholic has joined
  1541. papatutuwawa has joined
  1542. mathijs has left
  1543. mathijs has joined
  1544. papatutuwawa has left
  1545. Seve has left
  1546. Seve has joined
  1547. papatutuwawa has joined
  1548. Daniel has left
  1549. mathijs has left
  1550. adiaholic has left
  1551. wladmis has left
  1552. Daniel has joined
  1553. mukt2 has left
  1554. flow jonas’, well yes, I still would recommend that. that said, if someoe would write a disclaimer, then this would be fine by me
  1555. adiaholic has joined
  1556. ti_gj06 has left
  1557. stpeter has joined
  1558. stpeter has left
  1559. stp has joined
  1560. adiaholic has left
  1561. pjn has left
  1562. arcxi has joined
  1563. adiaholic has joined
  1564. stp has left
  1565. pasdesushi has left
  1566. Andrzej has left
  1567. adiaholic has left
  1568. pjn has joined
  1569. Wojtek has joined
  1570. Wojtek has left
  1571. Wojtek has joined
  1572. Wojtek has left
  1573. lorddavidiii has left
  1574. mathijs has joined
  1575. chronosx88 has left
  1576. dwd Chan Shen, Unfortunately the Jitsi Meet people haven't put their solution through standardisation, which is a shame. I should have a chat with Emil and co about that. But there are a number of solutions for video conferencing based on XMPP as the signalling layer, including Jitsi Meet, and also Zoom and possibly still Google Meet.
  1577. Chan Shen > dwd wrote: > Chan Shen, Unfortunately the Jitsi Meet people haven't put their solution through standardisation, which is a shame. I should have a chat with Emil and co about that. But there are a number of solutions for video conferencing based on XMPP as the signalling layer, including Jitsi Meet, and also Zoom and possibly still Google Meet. Jitsi is the best choice for me right now , i dont like Telegram nor Google Meet.
  1578. chronosx88 has joined
  1579. dwd Chan Shen, There is also Openfire Meetings and Padmé as well, on the open source front, but I don't know how well those scale.
  1580. dwd Chan Shen, You did stipulate voice only - most recent work has been around video, which may or may not mean some interesting large-scale voice stuff has gone unnoticed by me.
  1581. Zash Does anyone know any details about how Mumble works?
  1582. moparisthebest also https://bigbluebutton.org/ which I don't think is XMPP but at least open source and supposedly works pretty well
  1583. pasdesushi has joined
  1584. dwd Zash, Oh, yeah, Mumble.
  1585. jonas’ Zash, barely
  1586. dwd Zash, Voice go in one end. Voice come out the other.
  1587. jonas’ with mixing on the server
  1588. jonas’ I think anyway
  1589. Yagiza has left
  1590. Chan Shen I just dont like facebook , whatsapp , telegram. I tried to invite my friends to xmpp & matrix , but they say telegram is 100% secure and its features are not implemented in other IM apps.
  1591. emus Hello everyone, as I just wrote an email to members@ - I would also point you from here to the work I am doing here: https://github.com/xsf/xmpp.org/issues/920 It is an overview of the XSF, its organization and resources, as a organizational chart or organigram. I am convinced this can be a really helpful tool for overview purposes, especially to newcomers or people who are interested in the XSF and XMPP. Let me know you feedback and if you think something is missing! @board, @council (just imaging I ping you guys 😛)
  1592. deuill has left
  1593. deuill has joined
  1594. dib has joined
  1595. LNJ has left
  1596. adiaholic has joined
  1597. Andrzej has joined
  1598. BASSGOD has left
  1599. deuill has left
  1600. pasdesushi has left
  1601. adiaholic has left
  1602. deuill has joined
  1603. adiaholic has joined
  1604. BASSGOD has joined
  1605. x51 has left
  1606. adiaholic has left
  1607. Andrzej has left
  1608. werdan has joined
  1609. debacle has left
  1610. debacle has joined
  1611. mukt2 has joined
  1612. pasdesushi has joined
  1613. alacer has left
  1614. alacer has joined
  1615. stp has joined
  1616. LNJ has joined
  1617. adiaholic has joined
  1618. bean has left
  1619. adiaholic has left
  1620. adiaholic has joined
  1621. bean has joined
  1622. mukt2 has left
  1623. chronosx88 has left
  1624. adiaholic has left
  1625. chronosx88 has joined
  1626. pasdesushi has left
  1627. pjn has left
  1628. pasdesushi has joined
  1629. pasdesushi has left
  1630. pjn has joined
  1631. papatutuwawa has left
  1632. pasdesushi has joined
  1633. pasdesushi has left
  1634. goffi has left
  1635. pasdesushi has joined
  1636. Calvin has left
  1637. pasdesushi has left
  1638. pasdesushi has joined
  1639. Zash has left
  1640. marc has left
  1641. marc has joined
  1642. marc has left
  1643. marc has joined
  1644. marc has left
  1645. adiaholic has joined
  1646. marc has joined
  1647. marc has left
  1648. Calvin has joined
  1649. Zash has joined
  1650. marc has joined
  1651. marc has left
  1652. andy has left
  1653. marc has joined
  1654. marc has left
  1655. marc has joined
  1656. wendy has left
  1657. marc has left
  1658. pasdesushi has left
  1659. marc has joined
  1660. marc has left
  1661. mathijs has left
  1662. marc has joined
  1663. marc has left
  1664. marc has joined
  1665. marc has left
  1666. marc has joined
  1667. adiaholic has left
  1668. marc has left
  1669. marc has joined
  1670. marc has left
  1671. marc has joined
  1672. marc has left
  1673. marc has joined
  1674. marc has left
  1675. marc has joined
  1676. marc has left
  1677. marc has joined
  1678. marc has left
  1679. wgreenhouse what is the software behind logs.xmpp.org?
  1680. bean has left
  1681. Chan Shen has left
  1682. marc has joined
  1683. mathijs has joined
  1684. marc has left
  1685. marc has joined
  1686. marc has left
  1687. marc has joined
  1688. marc has left
  1689. BASSGOD has left
  1690. marc has joined
  1691. marc has left
  1692. marc has joined
  1693. marc has left
  1694. marc has joined
  1695. marc has left
  1696. marc has joined
  1697. marc has left
  1698. marc has joined
  1699. marc has left
  1700. marc has joined
  1701. marc has left
  1702. menel I think this: https://modules.prosody.im/mod_http_muc_log.html
  1703. BASSGOD has joined
  1704. Tobias has left
  1705. moparisthebest has left
  1706. marc has joined
  1707. marc has left
  1708. Kev has left
  1709. marc has joined
  1710. Kev has joined
  1711. marc has left
  1712. marc has joined
  1713. marc has left
  1714. wgreenhouse menel: looks like it, thank you
  1715. marc has joined
  1716. marc has left
  1717. marc has joined
  1718. marc has left
  1719. Kev has left
  1720. Kev has joined
  1721. marc has joined
  1722. marc has left
  1723. jcbrand has left
  1724. marc has joined
  1725. marc has left
  1726. marc has joined
  1727. marc0s has left
  1728. marc0s has joined
  1729. marc has left
  1730. wendy has joined
  1731. marc has joined
  1732. marc has left
  1733. marc has joined
  1734. marc has left
  1735. marc has joined
  1736. marc has left
  1737. marc has joined
  1738. marc has left
  1739. marc has joined
  1740. marc has left
  1741. marc has joined
  1742. marc has left
  1743. marc has joined
  1744. marc has left
  1745. Kev has left
  1746. marc has joined
  1747. Kev has joined
  1748. marc has left
  1749. alameyo has left
  1750. marc has joined
  1751. marc has left
  1752. marc has joined
  1753. marc has left
  1754. alameyo has joined
  1755. marc has joined
  1756. adiaholic has joined
  1757. marc has left
  1758. marc has joined
  1759. marc has left
  1760. marc has joined
  1761. marc has left
  1762. marc has joined
  1763. deuill has left
  1764. marc has left
  1765. marc has joined
  1766. marc has left
  1767. marc has joined
  1768. marc has left
  1769. marc has joined
  1770. marc has left
  1771. marc has joined
  1772. marc has left
  1773. marc has joined
  1774. wurstsalat has left
  1775. marc has left
  1776. marc has joined
  1777. marc has left
  1778. marc has joined
  1779. marc has left
  1780. marc has joined
  1781. marc has left
  1782. marc has joined
  1783. adiaholic has left
  1784. marc has left
  1785. marc has joined
  1786. marc has left
  1787. marc has joined
  1788. marc has left
  1789. deuill has joined
  1790. marc has joined
  1791. karoshi has left
  1792. marc has left
  1793. marc has joined
  1794. marc has left
  1795. marc has joined
  1796. Sam has left
  1797. marc has left
  1798. marc has joined
  1799. marc has left
  1800. marc has joined
  1801. marc has left
  1802. menel has left
  1803. marc has joined
  1804. marc has left
  1805. Sam has joined
  1806. marc has joined
  1807. marc has left
  1808. marc has joined
  1809. marc has left
  1810. marc has joined
  1811. marc has left
  1812. marc has joined
  1813. marc has left
  1814. marc has joined
  1815. marc has left
  1816. marc has joined
  1817. marc has left
  1818. marc has joined
  1819. marc has left
  1820. marc has joined
  1821. marc has left
  1822. marc has joined
  1823. marc has left
  1824. marc has joined
  1825. marc has left
  1826. adiaholic has joined
  1827. marc has joined
  1828. marc has left
  1829. marc has joined
  1830. croax has left
  1831. marc has left
  1832. marc has joined
  1833. marc has left
  1834. marc has joined
  1835. marc has left
  1836. marc has joined
  1837. marc has left
  1838. marc has joined
  1839. marc has left
  1840. marc has joined
  1841. marc has left
  1842. marc has joined
  1843. adiaholic has left
  1844. marc has left
  1845. marc has joined
  1846. marc has left
  1847. marc has joined
  1848. marc0s has left
  1849. marc0s has joined
  1850. marc has left
  1851. marc has joined
  1852. marc has left
  1853. marc has joined
  1854. marc has left
  1855. marc has joined
  1856. marc has left
  1857. marc has joined
  1858. wladmis has joined
  1859. marc has left
  1860. stp has left
  1861. marc has joined
  1862. marc has left
  1863. adiaholic has joined
  1864. marc has joined
  1865. marc has left
  1866. marc has joined
  1867. marc has left
  1868. marc has joined
  1869. marc has left
  1870. marc has joined
  1871. marc has left
  1872. LNJ has left
  1873. marc has joined
  1874. marc has left
  1875. marc has joined
  1876. marc has left
  1877. marc has joined
  1878. marc has left
  1879. adiaholic has left
  1880. arcxi has left
  1881. werdan has left
  1882. marc has joined
  1883. marc has left
  1884. marc has joined
  1885. marc has left
  1886. marc has joined
  1887. marc has left
  1888. marc has joined
  1889. lovetox has left
  1890. marc has left
  1891. marc has joined
  1892. marc has left
  1893. adiaholic has joined
  1894. marc has joined
  1895. lorddavidiii has joined
  1896. marc has left
  1897. marc has joined
  1898. marc has left
  1899. marc has joined
  1900. marc has left
  1901. marc has joined
  1902. marc has left
  1903. marc has joined
  1904. marc has left
  1905. marc has joined
  1906. marc has left
  1907. marc has joined
  1908. marc has left
  1909. elliot020 has joined
  1910. marc has joined
  1911. marc has left
  1912. marc has joined
  1913. marc has left
  1914. adiaholic has left
  1915. marc has joined
  1916. marc has left
  1917. marc has joined
  1918. marc has left
  1919. marc has joined
  1920. marc has left
  1921. marc has joined
  1922. marc has left
  1923. marc has joined
  1924. marc has left
  1925. marc has joined
  1926. marc has left
  1927. marc has joined
  1928. marc has left
  1929. marc has joined
  1930. marc has left
  1931. BASSGOD has left
  1932. marc has joined
  1933. marc has left
  1934. marc has joined
  1935. marc has left
  1936. marc has joined
  1937. marc has left
  1938. marc has joined
  1939. marc has left
  1940. marc has joined
  1941. marc has left
  1942. winfried has left
  1943. marc has joined
  1944. paul has left
  1945. Calvin has left
  1946. marc has left
  1947. marc has joined
  1948. marc has left
  1949. marc has joined
  1950. BASSGOD has joined
  1951. marc has left
  1952. marc has joined
  1953. adiaholic has joined
  1954. marc has left
  1955. marc has joined
  1956. marc has left
  1957. marc has joined
  1958. marc has left
  1959. marc has joined
  1960. marc has left
  1961. marc has joined
  1962. marc has left
  1963. marc has joined
  1964. winfried has joined
  1965. marc has left
  1966. marc has joined
  1967. marc has left
  1968. xecks has left
  1969. marc has joined
  1970. adiaholic has left
  1971. marc has left
  1972. marc has joined
  1973. marc has left
  1974. Calvin has joined
  1975. marc has joined
  1976. moparisthebest has joined
  1977. marc has left
  1978. marc has joined
  1979. marc has left
  1980. marc has joined
  1981. marc has left
  1982. govanify has left
  1983. govanify has joined
  1984. marc has joined
  1985. marc has left
  1986. marc has joined
  1987. lorddavidiii has left
  1988. marc has left
  1989. marc has joined
  1990. marc has left
  1991. marc has joined
  1992. marc has left
  1993. marc has joined
  1994. wendy has left
  1995. marc has left
  1996. marc has joined
  1997. marc has left
  1998. marc has joined
  1999. marc has left
  2000. marc has joined
  2001. marc has left
  2002. winfried has left
  2003. winfried has joined
  2004. marc has joined
  2005. marc has left
  2006. marc has joined
  2007. marc has left
  2008. marc has joined
  2009. marc has left
  2010. marc has joined
  2011. marc has left
  2012. winfried has left
  2013. winfried has joined
  2014. winfried has left
  2015. winfried has joined
  2016. marc has joined
  2017. marc has left
  2018. marc has joined
  2019. marc has left
  2020. marc has joined
  2021. marc has left
  2022. Kev has left
  2023. Kev has joined
  2024. marc has joined
  2025. marc has left
  2026. marc has joined
  2027. marc has left
  2028. marc has joined
  2029. marc has left
  2030. marc has joined
  2031. marc has left
  2032. marc has joined
  2033. marc has left
  2034. marc has joined
  2035. marc has left
  2036. marc has joined
  2037. marc has left
  2038. marc has joined
  2039. marc has left
  2040. marc has joined
  2041. marc has left
  2042. marc has joined
  2043. marc has left
  2044. marc has joined
  2045. marc has left
  2046. marc has joined
  2047. marc has left
  2048. marc has joined
  2049. marc has left
  2050. marc has joined
  2051. marc has left
  2052. marc has joined
  2053. marc has left
  2054. marc has joined
  2055. marc has left
  2056. marc has joined
  2057. marc has left
  2058. marc has joined
  2059. marc has left
  2060. marc has joined
  2061. marc has left
  2062. marc has joined
  2063. marc has left
  2064. marc has joined
  2065. marc has left
  2066. marc has joined
  2067. lovetox has joined
  2068. marc has left
  2069. marc has joined
  2070. marc has left
  2071. marc has joined
  2072. marc has left
  2073. marc has joined
  2074. marc has left
  2075. marc has joined
  2076. marc has left
  2077. marc has joined
  2078. marc has left
  2079. marc has joined
  2080. marc has left
  2081. marc has joined
  2082. marc has left
  2083. marc has joined
  2084. marc has left
  2085. BASSGOD has left
  2086. marc has joined
  2087. marc has left
  2088. marc has joined
  2089. marc has left
  2090. BASSGOD has joined
  2091. marc has joined
  2092. marc has left
  2093. marc has joined
  2094. marc has left
  2095. marc has joined
  2096. marc has left
  2097. marc has joined
  2098. debacle has left
  2099. marc has left
  2100. marc has joined
  2101. marc has left
  2102. marc has joined
  2103. marc has left
  2104. marc has joined
  2105. Kev has left
  2106. adiaholic has joined
  2107. marc has left
  2108. marc has joined
  2109. marc has left
  2110. marc has joined
  2111. marc has left
  2112. emus has left