pep.: I don't understand how clients negotiate it. I think it should be users negotiating it. Maybe like OTR in Pidgin worked, where you got a message "user x wants to start an OTR session" and if you also wanted to use OTR you started the session.
mhhas left
mhhas joined
florettahas left
mjkhas left
ti_gj06has left
Yagizahas left
beanhas left
Yagizahas joined
ti_gj06has joined
nicolahas joined
antranigvhas left
nicolahas left
beanhas joined
nicolahas joined
eabhas joined
L29Ahhas left
nicolahas left
nicolahas joined
ti_gj06has left
restive_monkhas joined
kurisuhas joined
Neustradamus
OTR plugin exists in Psi/Psi+
mjkhas joined
nicolahas left
restive_monkhas left
wgreenhousehas joined
archas left
archas joined
Rixon 👁🗨has left
uhoreghas left
homebeachhas left
Matthewhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
pep.
Neustradamus, I'm sure you mean well, but this is not the point.
florettahas joined
adiaholichas left
pep.
mdosch, I don't have an answer right now. I don't think I'm really fond of exposing it this way to the user. Also that doesn't solve my problem anyway. A user/client can still miss the negotiation message
archas left
archas joined
edhelashas left
edhelashas joined
BASSGODhas left
BASSGODhas joined
edhelashas left
edhelashas joined
restive_monkhas joined
qyhas joined
BASSGODhas left
edhelashas left
edhelashas joined
adiaholichas joined
wgreenhousehas left
edhelashas left
edhelashas joined
Maranda[x]has left
Maranda[x]has joined
adiaholichas left
edhelashas left
edhelashas joined
adiaholichas joined
BASSGODhas joined
millesimushas left
millesimushas joined
ti_gj06has joined
COM8has joined
COM8has left
ti_gj06has left
Neustradamushas left
adiaholichas left
millesimushas left
adiaholichas joined
emushas joined
Neustradamushas joined
edhelashas left
edhelashas joined
raghavgururajanhas left
Rixon 👁🗨has left
uhoreghas left
homebeachhas left
Matthewhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
kyemxdenhas left
kyemxdenhas joined
adiaholichas left
norkkihas joined
norkkihas left
qrpnxzhas left
qrpnxzhas joined
florettahas left
harry837374884has left
harry837374884has joined
adiaholichas joined
gooyahas joined
ti_gj06has joined
florettahas joined
restive_monkhas left
kurisuhas left
harry837374884has left
harry837374884has joined
restive_monkhas joined
adiaholichas left
rafasaurushas left
rafasaurushas joined
stphas left
msavoritiashas left
msavoritiashas joined
Sevehas joined
msavoritiashas left
msavoritiashas joined
msavoritiashas left
msavoritiashas joined
goffihas left
ti_gj06has left
kyemxdenhas left
kyemxdenhas joined
Titihas left
robertooohas left
archas left
archas joined
msavoritiashas left
restive_monkhas left
adiaholichas joined
gooyahas left
gooyahas joined
papatutuwawahas joined
harry837374884has left
harry837374884has joined
lovetoxhas left
restive_monkhas joined
msavoritiashas joined
lovetoxhas joined
kurisuhas joined
msavoritiashas left
msavoritiashas joined
rafasaurushas left
antranigvhas joined
debaclehas left
wgreenhousehas joined
dwd
flow, All domains of a server *can* use the same s2s connection via multiplexing (aka piggybacking), but it's broken in several servers. Openfire, I think, gets it right, as does Metre. But Metre has to have an explicit switch to turn it off for some/all peers because some servers just get confused.
Zash
Read: Yes, but actually no.
dwd
Zash, Well, I was being diplomatic. I only know of one popular server that can't do it properly.
flow
dwd, you sure have a pointer where this behavior is specified :)
flow
care to share?
dwd
flow, Well, XEP-0220 covers it in https://xmpp.org/extensions/xep-0220.html#multiplex
flow
thanks!
Marandathinks Metronome has always supported stream multiplexing (at least for incoming streams)
Maranda
... but never found actual implementations that used it.
goffihas joined
Maranda
So hard to know if there're any related bugs to it.
Maranda
The only one using it was gmail (and it worked), but that's long gone.
dwd
Maranda, Openfire always has, and sometimes quite aggressively multiplexes. Metre, equally, agressively multiplexes if the option's enabled. ejabberd appears to handle inbound multiplexing fine, but I can't actually recall if it does outbound, and if so whether it's doing source or target or both.
rafasaurushas joined
Danielhas left
dwd
Maranda, But Prosody can't handle some cases of inbound multiplexing because of the assumptions around routing of some responses - so unless you've rewritten that part I'd expect Metronome to be similarly affected.
Maranda
dwd: don't recall any Openfire actually ever multiplexing but good to know
Maranda
dwd: I rewrote most of dialback code, and multiplexing case handling in s2s.
Zash
I don't recall ever seeing multiplexing used by anything or anyone other than dwd, so all the multiplexing code is mostly dead and likely full of bugs by now.
Maranda
(Also for BIDI handling of dialback verification)
Zash
The intersection of bidi and dialback ... I don't even know
dwd
The reason Metre actively tries to multiplex if possible (and as a general reason I think it's valuable) is not only that it saves some resource on the servers but also that it makes association of network traffic with specific domains harder to a passive observer.
Zash
How many virtual hosts really share the same physical host? Plz can haz research 🙂
dwd
I suspect it also helps if you've got unusual transports in play, like XEP-0365.
Danielhas joined
Matthewhas left
Rixon 👁🗨has left
homebeachhas left
uhoreghas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
dwd
Zash, Well, for hosts that have both popular MUCs and lots of users, I think that's significant, as well as the mass hosting providers like conversations.im.
Zash
As I may have said before, I think XEP-0288 gives more benefit for less complexity than full on multiplexing.
debaclehas joined
goffihas left
goffihas joined
adiaholichas left
goffihas left
goffihas joined
Paganinihas joined
goffihas left
goffihas joined
rumin-millerhas joined
rumin-millerhas left
florettahas left
kyemxdenhas left
kyemxdenhas joined
florettahas joined
gooyahas left
gooyahas joined
adiaholichas joined
inkyhas left
qwestionhas left
Titihas joined
Tobiashas left
Tobiashas joined
rafasaurushas left
florettahas left
rafasaurushas joined
florettahas joined
qwestionhas joined
restive_monkhas left
archas left
archas joined
archas left
archas joined
Mikaelahas left
msavoritiashas left
pjnhas left
papatutuwawahas left
kyemxdenhas left
kyemxdenhas joined
restive_monkhas joined
florettahas left
florettahas joined
wladmishas joined
Maranda[x]has left
Marandahas left
Mjolnir Archonhas left
ti_gj06has joined
florettahas left
archas left
archas joined
moparisthebest
dwd: I brought this up in here the other day, do you have any thoughts on multiplexing with certificate auth instead of dialback?
Titihas left
Zash
moparisthebest: Are you aware of the thing called "dialback-without-dialback" (dwd for short)
moparisthebest
And a different but related question, do you know of any implementations of mux
florettahas joined
kyemxdenhas left
kyemxdenhas joined
moparisthebest
Zash: yep which is ideal but requires all domains under 1 certificate
Zash
Which makes it equivalent to an SASL EXTERNAL exchange, except not limited to the start of the session.
antranigvhas left
rafasaurushas left
Marandahas joined
Mjolnir Archonhas joined
Maranda[x]has joined
moparisthebest
Yes, but can't handle multiple certs
COM8has joined
COM8has left
Zash
Praise TLS 1.3 and the removal of renegotiation (which could let you show a different cert)!
vanitasvitaehas left
vanitasvitaehas joined
moparisthebest
Again I would have thought something like this already existed, but if not... Couldn't server A say "hey I'm bob.com and I'd like to multiplex" and server B could say "ok here's a random value, sign it with your private key and send it back to me with your certificate" ?
stphas joined
wladmishas left
rafasaurushas joined
beanhas left
antranigvhas joined
beanhas joined
xnamedhas joined
harry837374884has left
harry837374884has joined
millesimushas joined
Zash
moparisthebest, fwiw what you ask for does not exist because of the web, where application servers rarely have access to the tls certificate keys. instead they often use what amounts to dialback, or some other key that you need to fetch (whops, dialback with extra steps)
APachhas left
moparisthebest
Seems plausible
Matthewhas left
Rixon 👁🗨has left
uhoreghas left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthewhas joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
Zash
WebSub (formerly PubSubHubbub - federated push for RSS and Atom which OStatus used) does Dialback over HTTP (but it seems they purged the XEP-0220 reference)
I'm unable to navigate the ActivityPub specification so I can't find where it was I saw PEM certificates embedded in JSON.
Matrix has https://spec.matrix.org/v1.1/server-server-api/#retrieving-server-keys
dwd
moparisthebest, What Zash says, plus DANE. I did wonder about having Metre try the same endpoint to get a different cert, and then if the cert passed to try something clever with dialback, but the problem is I couldn't work out a something clever, and in any case the bulk of the time (CPU and wall-clock) is in the session start anyway. By the time you've identified that the new session is OK, you may as well just use it.
Zash
This^
dwd
moparisthebest, But yes, you could just exchange signed nonces with a certificate chain to do the same. I think TLSv1.3 would ordinarily encrypt the certificate exchange anyway, otherwise it might even offer some advantages.
moparisthebest
Not sure what you mean, I'm saying a method where you could use existing connections instead of start new ones would be preferable, no?
Zash
It would.
Thilo Molitorhas left
goffihas left
goffihas joined
Zash
This does mean you need access to the key outside of the code that initializes the TLS stack.
moparisthebest
Right, is there a problem with that?
robertooohas joined
Neustradamushas left
Zash
Not a problem, but friction.
millesimushas left
moparisthebest
Yea, I tend to think it'd be simpler overall though
kurisuhas left
archas left
archas joined
Zash
In Prosody, we don't really have much crypto stuff beyond simple hash functions. The TLS stack is fairly self-contained, we just figure out which cert and key files to use and hand those off to OpenSSL and off it goes.
Titihas joined
Zash
The API we use doesn't really let us sign arbitrary blobs or use the keys or certs for anything other than name checks.
Zash
This is why the crypto stuff that the Tigase push extensions needs is provided by a different OpenSSL wrapper 🙂