Logs for jdev
[05:04:56] * elmex joined the chat.
[05:14:30] * teo1 left the chat.
[05:14:33] * teo1 joined the chat.
[06:06:16] * mlundblad_laptop joined the chat.
[06:22:08] * waqas joined the chat.
[06:30:24] * Alex joined the chat.
[06:36:58] * nabatt joined the chat.
[06:41:11] * Alex left the chat.
[06:52:07] * Alex joined the chat.
[07:02:40] * McKael joined the chat.
[07:13:34] * Asterix left the chat.
[07:13:41] * Asterix joined the chat.
[07:20:56] * Kev left the chat.
[07:21:11] * Kev joined the chat.
[07:23:14] * Guus joined the chat.
[07:52:46] * luca tagliaferri joined the chat.
[08:05:48] * jprieur joined the chat.
[08:05:50] * jprieur left the chat.
[09:10:20] * waqas left the chat.
[09:38:19] * dwd joined the chat.
[10:09:24] * julm joined the chat.
[10:11:47] * julm left the chat.
[10:24:35] * scippio_netbook joined the chat.
[10:43:37] * MattJ joined the chat.
[10:45:33] * waqas joined the chat.
[11:09:08] * Treebilou left the chat.
[11:20:59] * Florob joined the chat.
[11:33:26] * smoku joined the chat.
[11:36:38] * Guus left the chat.
[11:37:10] * Guus joined the chat.
[12:04:05] * Tobias joined the chat.
[12:31:09] * Neustradamus left the chat.
[12:37:05] * Neustradamus joined the chat.
[12:51:14] <Florob> Hmm... If I covered SASL, TLS/SSL and E2EE did I forget to tell people anything important about XMPP security?
[12:52:26] <Tobias> maybe the fact that there's no real certificate checking in the wilderness out there might be notable
[12:52:31] <Tobias> at least in current open federation
[12:53:14] <Florob> yes, I was going to mention that as part of TLS
[12:53:19] <Tobias> k
[12:53:29] <Florob> But that reminds me I wanted to say some words about Dialback
[12:53:34] <Kev> Florob: sasl anonymous is worth a note, versus dialback.
[12:53:51] <Kev> And also for c2s, I guess.
[12:53:57] <Kev> depends what you're talking about :)
[12:54:12] <Tobias> Kev: sasl anoynmous for s2s?
[12:54:39] <Florob> Kev, It's mostly a 101 style talk, so I'm just going to scratch on most things.
[12:54:56] <Florob> XMPP 101 that is not XMPP Security 101
[12:55:06] <Kev> Tobias: Yes, I typod anonymous for external.
[12:55:22] <Kev> I was going to say anon for c2s, then thought of saying external for both c2s and s2s, and everything went wrong from there.
[12:55:26] <Tobias> ahh :)
[12:55:47] <Florob> Okay, I thought I'd missed something there too
[12:56:01] <Kev> anonymous is worth mentioning on c2s, though.
[12:56:11] <Kev> As that makes it moderately IRC-like.
[12:56:43] <Florob> Sure. though that's all within SASL and TLS. There is nothing really separate I missed?
[12:57:14] <Kev> Security Labels? :D
[12:57:45] <Florob> Okay, if that's all you can come up with I'm good ;)
[12:58:14] <dwd> Well, Fippo's more or less convinced me that SASL EXTERNAL is just dialback-without-dialback except worse.
[12:58:16] <Kev> Nothing's jumping to mind.
[12:58:23] <dwd> But that's a small point.
[12:58:48] <dwd> Florob, You might find some security primers for XMPP around on the isode.com website, actually.
[13:00:43] <Tobias> SASL EXTERNAL using certs is worse than dialback which uses the domain name to check back?
[13:00:47] <Tobias> @ dwd
[13:02:02] <Florob> Isn't that certificate authority vs. DNS?
[13:02:30] <Tobias> yeah
[13:03:36] <dwd> Tobias, No, if you react to an inbound db:result by looking to see if the requested domain is authenticated by the cert rpesented
by the peer in TLS, and if so, just saying <db:result type=valid/>, then that's just as good as EXTERNAL.
[13:03:55] <dwd> Tobias, Except now, you can have piggybacking.
[13:04:27] <Florob> dwd, that's not dialback though. That is pseudo EXTERNAL
[13:04:51] <dwd> Florob, Same syntax. And the sender of the db:result doesn't even need to know what you're doing to authenticate it.
[13:06:39] <Florob> True, it's still not what most people understand as dialback though. Just because the XMPP part is the same doesn't mean it's
the same. You could have interesting Jingle implementations then...
[13:07:57] * Zash joined the chat.
[13:08:42] * dwd left the chat.
[13:09:34] * dwd joined the chat.
[14:20:10] * Alex left the chat.
[14:36:19] * jprieur joined the chat.
[14:36:19] * jprieur left the chat.
[14:47:17] * waqas left the chat.
[14:54:10] * stpeter joined the chat.
[15:01:48] * nabatt left the chat.
[15:08:27] * hawke joined the chat.
[15:09:58] <dwd> Zash, Your MUC post is interesting.
[15:10:16] <Zash> :)
[15:10:39] * mlundblad_laptop left the chat.
[15:11:04] <dwd> Zash, It'd be possible, potentially, to limit history to the point that a user became a user. It's also possible to simply
wipe history on affiliation changes.
[15:13:08] <dwd> Zash, It's actually a TOCTOU problem, in a lot of respects. I wonder if our customers might find it important.
[15:13:25] <Zash> TOCTOU?
[15:13:45] <MattJ> Config option!
[15:15:35] * Florob left the chat.
[15:22:11] <dwd> MattJ, I was thinking that. But I was also thinking that you'd need to then find all matching affiliations, and know when
they matched.
[15:22:35] <dwd> MattJ, For group-based affiliations, that might be "interesting". For domain/user it's not so bad.
[15:23:11] <dwd> MattJ, However, it's still adding a bunch of lookups. That kind of thing sends performance-related shivers up my spine.
[15:24:40] * teo1 left the chat.
[15:37:00] <Zash> Can't be worse than maxchars? :P
[15:39:19] * Lance Stout joined the chat.
[15:39:36] <dwd> Hey, I support maxchars.
[15:39:40] <dwd> If it's 0.
[15:41:22] <dwd> Zash, TOCTOU is "Time Of Check, Time Of Use". Basically in this instance, the expectation might be that a message to a MUC
goes to anyone currently authenticated, whereas the time of use differs when history replay comes into effect.
[15:42:37] <Zash> Ah, yes. I found a wp article but didn't think of the check as when the message is first posted
[15:42:47] <dwd> http://en.wikipedia.org/wiki/TOCTOU
[15:42:59] <dwd> Zash, Yeah, it's a stretch of the term, certainly.
[15:45:21] <dwd> Mind you, that page doesn't mention the HTTP/TLS renegotation bug, which is arguably quite a good example.
[16:03:19] * teo1 joined the chat.
[16:21:23] * smoku left the chat.
[16:33:10] * Guus left the chat.
[16:48:10] * scippio_netbook left the chat.
[17:11:53] * Link Mauve left the chat.
[17:24:06] * luca tagliaferri left the chat.
[17:25:56] * Link Mauve joined the chat.
[17:49:00] * Guus joined the chat.
[18:03:10] * Guus left the chat.
[18:08:50] * wiretap joined the chat.
[18:13:13] * wiretap left the chat.
[18:13:15] * wiretap joined the chat.
[18:26:07] * Treebilou joined the chat.
[18:28:51] * smoku joined the chat.
[18:35:31] * wiretap left the chat.
[18:35:32] * wiretap joined the chat.
[18:46:12] * mlundblad joined the chat.
[19:35:46] * Alex joined the chat.
[19:55:51] * ermine left the chat.
[20:19:57] * Lance Stout left the chat.
[20:41:36] * hawke left the chat.
[20:41:38] * hawke joined the chat.
[20:53:38] * Zash left the chat.
[20:54:04] * Zash joined the chat.
[20:57:43] * Lance Stout joined the chat.
[21:01:11] * Alex left the chat.
[21:12:11] * mlundblad left the chat.
[21:30:42] * stpeter left the chat.
[21:45:09] * johnny left the chat.
[22:00:51] * johnny joined the chat.
[22:02:50] * tofu left the chat.
[22:04:03] * Lirodon joined the chat.
[22:04:23] <Lirodon> Do we have a public inituvive for promoting xmpp or no?
[22:10:13] <Zash> Lirodon: http://xmpp.org/ ?
[22:10:46] <Lirodon> I read it and to me, it seems a little too "developer" oriented
[22:11:13] <Lirodon> Its like the difference between mozilla.org and mozilla.com
[22:12:06] <Lirodon> a little more like what every other messenger site has
[22:12:33] <Zash> It was recently redesigned to be more .com-ish, but I guess it's mostly used by devs
[22:13:10] <Lirodon> I was thinking of starting work on a more user-oriented site to further emphasize the xmpp "brand"
[22:15:28] <Lirodon> just look at the WLM site http://explore.live.com/windows-live-messenger?os=other
[22:19:17] <johnny> jabber.org had one
[22:19:27] <johnny> not as fancy obviousy
[22:19:36] <johnny> but it did have info as to what are the actual benefits to a user
[22:24:12] <Zash> Since XMPP Is a protocol, it's not directly of that much consern for users..
[22:24:34] <Zash> but iduno
[22:24:58] <Tobias> yeah..i thing such site as the last link is more something for client websites
[22:25:33] <Zash> and services
[22:25:38] <Zash> eg jabber.org :)
[22:26:10] <Lirodon> like, just let me whip up a front page alpha
[22:33:45] * johnny left the chat.
[22:42:59] <Lirodon> I don't want the description to sound complex, but I want to emphasis on the key points (open, decentralized, everywhere)
[22:44:02] * smoku left the chat.
[22:49:50] <Zash> Whatup with http://tech.slashdot.org/story/10/09/30/1930239/Facebook-Skype-Getting-Really-Friendly
[23:03:08] <Lirodon> I don't know.
[23:21:47] * Lance Stout left the chat.
[23:26:03] <Lirodon> hmm, <strong>XMPP</strong> is tan <em>open</i> messaging platform. What does this mean? Anyone can use and implement XMPP
...
[23:26:35] <Lirodon> XMPP ready software? software that utilizes XMPP? XMPP compatible software?
[23:27:45] <Zash> hah, wat <em></i>
[23:28:04] <Lirodon> I know, focusing on content. Whoops :D
[23:28:22] <Lirodon> also clearly going to be using CSS 3/HTML 5 gimmickery on this page
[23:29:10] <Zash> GLHF
[23:29:16] <Zash> /me goes to sleep
[23:51:39] * hawke left the chat.
[23:52:14] * Lirodon left the chat.
[00:22:01] * Tobias left the chat.
[00:36:42] * Florob joined the chat.
[00:47:36] * zanchin left the chat.
[00:53:25] * zanchin joined the chat.
[01:03:42] * Zash left the chat.
[01:04:47] * tofu joined the chat.
[01:15:08] * johnny joined the chat.
[01:42:55] * MattJ left the chat.
[01:47:14] * Treebilou left the chat.
[02:00:53] * Lance Stout joined the chat.
[02:02:19] * Florob left the chat.
[02:26:44] * Neustradamus left the chat.
[02:43:02] * Lance Stout left the chat.
[02:45:36] * Lance Stout joined the chat.
[03:19:58] * Lance Stout left the chat.
[04:15:59] * jkhii left the chat.
[04:51:51] * Treebilou joined the chat.
[04:52:46] * Treebilou left the chat.
[04:52:48] * Treebilou joined the chat.