Link Mauve, I do not recall doing anything on the server around that time
Dele Olajidehas joined
jgarthas joined
Andrzej
but I might have an idea what is going on, thank you for reporting that
dwdhas joined
paulhas left
paulhas joined
millesimushas left
rafasaurushas joined
pasdesushihas joined
florettahas left
jgarthas left
jgarthas joined
jgarthas left
lskdjfhas joined
jgarthas joined
rafasaurushas left
rafasaurushas joined
kyemxdenhas joined
adiaholichas joined
florettahas joined
intosihas joined
xeckshas joined
florettahas left
florettahas joined
reimarhas joined
debaclehas left
adiaholichas left
intosihas left
arcxihas left
Matthew (away)has left
homebeachhas left
Rixon 👁🗨has left
Half-Shothas left
uhoreghas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
Paganinihas left
marc0shas left
marc0shas joined
intosihas joined
Alexhas left
Alexhas joined
debaclehas joined
stphas left
intosihas left
goffihas joined
millesimushas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
chronosx88has left
marc0shas left
marc0shas joined
djorzhas joined
xeckshas left
xeckshas joined
xeckshas left
Syndacehas left
Syndacehas joined
xeckshas joined
florettahas left
intosihas joined
marc0shas left
marc0shas joined
rafasaurushas left
florettahas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
adiaholichas joined
marc0shas left
marc0shas joined
rafasaurushas joined
ti_gj06has left
ti_gj06has joined
marc0shas left
marc0shas joined
intosihas left
marc0shas left
marc0shas joined
bunghas joined
Titihas left
marc0shas left
marc0shas joined
Danielhas left
Danielhas joined
marc0shas left
marc0shas joined
robertooohas joined
jgarthas left
florettahas left
florettahas joined
adiaholichas left
adiaholichas joined
debaclehas left
florettahas left
florettahas joined
adiaholichas left
adiaholichas joined
Matthew (away)has left
uhoreghas left
Rixon 👁🗨has left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
intosihas joined
gooyahas joined
adiaholichas left
adiaholichas joined
intosihas left
marc0shas left
marc0shas joined
djorzhas left
marc0shas left
marc0shas joined
intosihas joined
adiaholichas left
marc0shas left
marc0shas joined
adiaholichas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
marc0shas left
marc0shas joined
adiaholichas left
marc0shas left
marc0shas joined
adiaholichas joined
marc0shas left
marc0shas joined
intosihas left
wurstsalathas left
wurstsalathas joined
Titihas joined
dan.caseleyhas left
dan.caseleyhas joined
marc0shas left
marc0shas joined
Calvinhas joined
Titihas left
Paganinihas joined
andrey.ghas joined
Titihas joined
Dele Olajidehas left
marc0shas left
marc0shas joined
Mikaelahas left
Andrzejhas left
Calvinhas left
Calvinhas joined
atomicwatchhas joined
me9has joined
qwestionhas joined
adiaholichas left
Calvinhas left
qwestionhas left
birdwqhas joined
debaclehas joined
qwestionhas joined
wurstsalathas left
Samhas left
Samhas joined
wurstsalathas joined
intosihas joined
rafasaurushas left
Thilo Molitorhas left
rafasaurushas joined
Thilo Molitorhas joined
adiaholichas joined
Andrzejhas joined
guus.der.kinderenhas left
guus.der.kinderenhas joined
me9has left
intosihas left
intosihas joined
arcxihas joined
adiaholichas left
nicolahas joined
nicolahas left
nicolahas joined
xnamedhas joined
debaclehas left
nicolahas left
nicolahas joined
nicolahas left
nicolahas joined
nicolahas left
stphas joined
nicolahas joined
Titihas left
Andrzejhas left
florettahas left
Calvinhas joined
florettahas joined
stphas left
stphas joined
intosihas left
beanhas left
nicolahas left
edhelashas left
edhelashas joined
guus.der.kinderenhas left
edhelashas left
restive_monkhas left
edhelashas joined
andrey.ghas left
Matthew (away)has left
uhoreghas left
Rixon 👁🗨has left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
guus.der.kinderenhas joined
yushyinhas left
arcxihas left
arcxihas joined
yushyinhas joined
gooyahas left
adiaholichas joined
gooyahas joined
xnamedhas left
xnamedhas joined
chronosx88has joined
Titihas joined
Calvinhas left
wladmishas joined
dwdhas left
intosihas joined
marc0shas left
marc0shas joined
Tobiashas left
Tobiashas joined
goffihas left
chronosx88has left
chronosx88has joined
Mikaelahas joined
intosihas left
adiaholichas left
adiaholichas joined
restive_monkhas joined
goffihas joined
neshtaxmpphas left
neshtaxmpphas joined
adiaholichas left
adiaholichas joined
neshtaxmpphas left
neshtaxmpphas joined
Calvinhas joined
neshtaxmpphas left
neshtaxmpphas joined
mhhas joined
wladmishas left
Calvinhas left
adiaholichas left
debaclehas joined
neshtaxmpphas left
djorzhas joined
neshtaxmpphas joined
Andrzejhas joined
intosihas joined
marc0shas left
marc0shas joined
adiaholichas joined
neshtaxmpphas left
neshtaxmpphas joined
harry837374884has left
Calvinhas joined
wladmishas joined
Andrzejhas left
harry837374884has joined
intosihas left
restive_monkhas left
adiaholichas left
kyemxdenhas left
goffihas left
adiaholichas joined
kyemxdenhas joined
intosihas joined
restive_monkhas joined
neshtaxmpphas left
neshtaxmpphas joined
restive_monkhas left
wladmishas left
wladmishas joined
govanifyhas left
govanifyhas joined
intosihas left
robertooohas left
BASSGODhas left
harry837374884has left
wladmishas left
wladmishas joined
intosihas joined
reimarhas left
djorzhas left
reimarhas joined
harry837374884has joined
argentumhas left
argentumhas joined
BASSGODhas joined
adiaholichas left
adiaholichas joined
dan.caseleyhas left
dan.caseleyhas joined
Andrzejhas joined
neshtaxmpphas left
neshtaxmpphas joined
intosihas left
stphas left
florettahas left
BASSGODhas left
adiaholichas left
neshtaxmpphas left
Andrzejhas left
neshtaxmpphas joined
qwestionhas left
BASSGODhas joined
adiaholichas joined
neshtaxmpphas left
neshtaxmpphas joined
wladmishas left
wladmishas joined
robertooohas joined
kyemxdenhas left
kyemxdenhas joined
florettahas joined
bunghas left
me9has joined
adiaholichas left
pasdesushihas left
pasdesushihas joined
wladmishas left
wladmishas joined
harry837374884has left
harry837374884has joined
intosihas joined
wladmishas left
wladmishas joined
Andrzejhas joined
marc0shas left
marc0shas joined
jgarthas joined
mjkhas left
mjkhas joined
alacerhas left
alacerhas joined
intosihas left
djorzhas joined
ti_gj06has left
robertooohas left
debaclehas left
debaclehas joined
pasdesushihas left
eevvoorhas left
atomicwatchhas left
neshtaxmpphas left
Dele Olajidehas joined
neshtaxmpphas joined
mjkhas left
Dele Olajidehas left
intosihas joined
wladmishas left
wladmishas joined
mjkhas joined
wladmishas left
wladmishas joined
marc0shas left
marc0shas joined
alex11has left
Link Mauve
No worries, it just popped up in poezio and I thought you’d be interested. :)
atomicwatchhas joined
karoshihas left
ti_gj06has joined
wladmishas left
wladmishas joined
reimarhas left
beanhas joined
stphas joined
larmahas left
larmahas joined
karoshihas joined
intosihas left
wladmishas left
wladmishas joined
intosihas joined
wladmishas left
wladmishas joined
wladmishas left
wladmishas joined
me9has left
wladmishas left
wladmishas joined
moparisthebest
How would people feel if instead of migrating to srv2 we just crammed everything in host-meta over https ?
marc0shas left
marc0shas joined
Mikaelahas left
moparisthebest
Everything as in starttls, direct TLS, quic, posh replacement pinning keys instead of certs etc
Link Mauve
moparisthebest, and require an entire HTTP stack just for connecting?
Link Mauve
Nothanks.
adiaholichas joined
intosihas left
moparisthebest
Link Mauve: you already need a whole http stack
moparisthebest
Also I've given up hope in dnssec
Link Mauve
You don’t.
Link Mauve
I have written many clients and some servers without doing a single HTTP request.
Link Mauve
General-purpose clients will need that for HTTP File Upload, but that’s kind of the only one?
Matthew (away)has left
uhoreghas left
homebeachhas left
Rixon 👁🗨has left
Half-Shothas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
adiaholichas left
goffihas joined
Thilo Molitorhas left
xeckshas left
robertooohas joined
xnamedhas left
xeckshas joined
Matthew (away)has left
Rixon 👁🗨has left
uhoreghas left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
Thilo Molitorhas joined
marc0shas left
marc0shas joined
moparisthebest
Link Mauve: so how do you handle secure delegation for hosted XMPP without an http client for posh or widespread dnssec?
Link Mauve
How many clients do POSH?
Link Mauve
Last time I tried, it wasn’t worth it using for our hosted service.
flow
moparisthebest, I think one reason, if not the main reason, that DNSSEC did no see wide adoption in the last decade is that it does not provide much to closed-silo networks: if you control all clients and all servers, then you probably just pin the TLS certs (and maybe even the IPs)
mhhas left
moparisthebest
Link Mauve: right, it's not widely supported, and that's a problem
marc0shas left
Link Mauve
So instead we recommend our users to use a CNAME delegation, it creates worse-looking JIDs but that’s the safest way.
marc0shas joined
adiaholichas joined
moparisthebest
We can kill 8 birds with 1 https request here
Zash
Noooooooooooooooooooooooooooooooooooooooooooo
moparisthebest
flow: right I'm concerned with the open federated network
millesimushas left
Andrzejhas left
moparisthebest
Link Mauve: cname delegation is a hack that doesn't work for most of the names people want
Link Mauve
Do people care?
Andrzejhas joined
Link Mauve
Our users don’t seem to at least.
moparisthebest
I couldn't move my names to a hosted service for instance
moparisthebest
If they did do they have a choice?
Link Mauve
You could, by providing us your certificates.
marc0shas left
marc0shas joined
moparisthebest
You have an automated way to send you certificates every 60 days?
Link Mauve
They do have a choice, it’s only the automated setup which requires a CNAME, you can contact us for anything more specialised.
Link Mauve
It’d be a ssh away if anyone requested that.
Link Mauve
So far, none of our ~70 domain owners did.
flow
moparisthebest, personally, I am not willing to give up on DNSSEC, as I think it becomes more and more available. People just overestimated how fast it would be deployed and "replace" the existing status quo. That appears to be an pattern that repeats again and again in tech
moparisthebest
I'm not interested in XMPP for the status quo 20 years ago, I'm interested in XMPP for the real world of today
Link Mauve
Same.
moparisthebest
Today, when all certs are renewed every 60 days and you can't count on dnssec
Yagizahas left
moparisthebest
I think that paints us into a corner of using https for secure delegation
moparisthebest
But happy to have other alternatives
adiaholichas left
Zash
flow, did you say IPv6?
Link Mauve
moparisthebest, do you want to suddenly make all of our users unable to delegate to us, unless they change their DNS configuration? :)
flow
Zash, yep, another example was when the EU (or was it just germany?) tried to replace FM radio in cars with DAB ~10-15 years ago
moparisthebest
Link Mauve: why wouldn't that continue to work? But they could also let you host XMPP for their top level domain while still running their own https/email etc
Link Mauve
moparisthebest, and have to migrate their JID?
moparisthebest
Why would anyone have to change anything?
Link Mauve
Some of our users don’t even host an HTTP server.
moparisthebest
It opens it up to doing this with top level domains that is not available now
Tldr we need a way to advertise quic, we need a way to pin keys, we need secure delegation
moparisthebest
We can add another srv/srv2 record, and a replacement for posh, and end up with 4 https requests and 3 srv lookups for connection
moparisthebest
Or, we can decide existing host-meta is the way forward for new things and extend it
stphas joined
moparisthebest
Extending host-meta seems like the clear winner to me?
lskdjfhas left
lskdjfhas joined
flow
maybe, does one exclude the other?
flow
I'd treat is as everything tech related, experiment with it, and see how it works out
Andrzejhas left
millesimushas joined
adiaholichas joined
lskdjfhas left
lskdjfhas joined
larmahas left
larmahas joined
pjnhas left
pjnhas joined
larmahas left
lskdjfhas left
larmahas joined
lskdjfhas joined
pasdesushihas joined
florettahas left
Zash
Nooooooo, it'll catch on and then we're stuck with it forever
adiaholichas left
wladmishas left
wladmishas joined
wladmishas left
wladmishas joined
wladmishas left
wladmishas joined
marchas left
marchas joined
intosihas joined
marchas left
marchas joined
marchas left
marchas joined
marchas left
marchas joined
marchas left
Andrzejhas joined
marchas joined
dwdhas joined
marchas left
marchas joined
marchas left
Calvinhas left
marchas joined
marchas left
marchas joined
marchas left
marchas joined
marchas left
marchas joined
Matthew (away)has left
Rixon 👁🗨has left
uhoreghas left
homebeachhas left
Half-Shothas left
Half-Shothas joined
Matthew (away)has joined
Rixon 👁🗨has joined
uhoreghas joined
homebeachhas joined
marchas left
marchas joined
flow
ha, being stuck with a kindaish works thingy forever, even though better things are available, is also a repeating pattern: xep27 anyone? or old-omemo?
florettahas joined
marchas left
marchas joined
marchas left
marchas joined
marchas left
marchas joined
marchas left
marchas joined
flow
but you can't stop people from "experimenting" with stuff, and if it gets momentum and adoption, than it basically can't bet stopped (and also, why would you, if it remedies an itch ppl have?)
marchas left
marchas joined
marchas left
marchas joined
marchas left
wladmishas left
wladmishas joined
marchas joined
marchas left
marchas joined
dwdhas left
marchas left
marchas joined
marchas left
intosihas left
marchas joined
reimarhas joined
marchas left
marchas joined
marchas left
adiaholichas joined
marchas joined
moparisthebest
Well you really don't want both or everyone is stuck doing all the things forever
moparisthebest
But yea I'll probably experiment, that's what xmpp-proxy was built for