Logs for jdev
[01:53:01] * Tobias_ joined the chat.
[01:58:32] * Tobias left the chat.
[02:04:48] * boothj5 joined the chat.
[02:05:34] * boothj5 left the chat.
[03:40:36] * psa joined the chat.
[04:14:53] * MattJ left the chat.
[04:36:05] * psa left the chat.
[05:57:43] * deryni left the chat.
[06:31:04] * Asterix joined the chat.
[06:49:21] * Asterix left the chat.
[07:25:57] * Alex joined the chat.
[07:28:27] * Alex left the chat.
[07:29:08] * Alex joined the chat.
[07:49:54] * Asterix joined the chat.
[07:52:59] * Tobias_ left the chat.
[07:53:01] * Tobias joined the chat.
[08:43:03] * luca tagliaferri joined the chat.
[09:45:55] * Tobias left the chat.
[10:13:01] * Tobias joined the chat.
[11:01:01] * Tobias left the chat.
[11:45:07] * Tobias joined the chat.
[12:28:36] * Neustradamus left the chat.
[12:29:39] * Neustradamus joined the chat.
[12:36:18] * waloo joined the chat.
[12:37:01] * waloo left the chat.
[13:55:25] * Tobias left the chat.
[14:00:35] * naw joined the chat.
[14:04:05] * guus joined the chat.
[14:33:58] * naw left the chat.
[14:40:56] * Tobias joined the chat.
[15:03:57] * guus left the chat.
[15:16:45] * psa joined the chat.
[15:24:52] * Alex left the chat.
[15:37:54] * MattJ joined the chat.
[15:46:50] * deryni joined the chat.
[15:56:37] * Flow joined the chat.
[16:13:48] * deryni left the chat.
[16:24:07] <Tobias> psa, the E2E crypto proposals for XMPP, have they covered any MUC scenarios?
[16:24:26] * Tobias left the chat.
[16:24:58] * Tobias joined the chat.
[16:31:38] <psa> Tobias: multi-user encryption is *hard* :(
[16:32:08] <Tobias> psa, yeah...so i've found out ^^
[16:32:13] <psa> it's possible that the stuff Matt Miller has been working on could be extended to multi-user scenarios, and the OTR team has
been working on that a bit, too, but it's not easy
[16:34:29] <Tobias> has the OTR team been working on multi-user support?
[16:34:35] <psa> somewhat
[16:37:59] <psa> brb
[16:50:48] * deryni joined the chat.
[16:56:53] <Tobias> found a paper "Multi-party Off-the-Record Messaging" from ACM's 2009er CCS conference
[16:59:10] * Asterix left the chat.
[17:24:59] * luca tagliaferri left the chat.
[18:07:28] <Neustradamus> psa: hard but important :)
[18:08:48] * guus joined the chat.
[18:26:51] * Kenan¢ joined the chat.
[18:28:28] * Kenan¢ left the chat.
[18:37:42] * Asterix joined the chat.
[18:57:05] <guus> psa: about a week ago I asked a question in here on the order of certificates in a chain. I poked you via e-mail as well,
with a similar question. Did you have time to read that / did it make sense to you / what are your insights?
[18:57:39] * Treebilou left the chat.
[18:58:28] <Tobias> guus, you mean order on the wire or what exactly? i mean the certificate have IDs of the certs who signed them, so by those
you can already generate a chain with a defined order
[19:00:57] <guus> Tobias, I'm the first to admit that I know precious little about these things. What I see in our code is that to verify the
chain, the issuer of the first certificate should be the subject of the next chain (lather, rince repeat)
[19:01:24] <guus> I noticed that for hermes.jabber.org, our code fails to verify the chain, as the certificates are not processed in the correct
order
[19:01:48] <guus> my question being: is that a problem in our code or in the way the certificates are exposed?
[19:09:34] * naw joined the chat.
[19:12:42] <guus> Does the last bit of http://tools.ietf.org/html/rfc4346#section-7.4.2 apply?
[19:13:44] <guus> "The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding
it."
[19:21:05] <Tobias> if it states it that way, sure
[19:21:22] <Tobias> wonder if openssl warns if it's in the wrong order, guess not
[19:26:14] <psa> guus: yes I need to fix this
[19:26:48] <psa> I was busy at the IETF meeting last week, and this week I'm slammed with day-job work, but I will make it a priority to fix
one evening this week
[19:27:44] <guus> oh, no worries - I'm not trying to get you to fix this within any sort of time-constraint. I was simply wondering if the issue
might be in our code.
[19:28:52] <psa> guus: did you have this problem before, or only recently?
[19:30:01] <guus> well, I only noticed it recently, as I was digging in the code as a result of the issue you reported with S2S / DNS SRV
[19:30:37] <psa> aha ok
[19:30:58] <Kev> guus: Do you happen to know what the current order is vs. the right order?
[19:31:01] <guus> our code has been like this forever, but I do not know since when the certificate order as presented by jabber.org was this
way. I never bother the register if I've ever seen a S2S connection to jabber.org being secured
[19:31:16] <guus> Kev, let me put this on pastebin
[19:31:20] <guus> one sec
[19:31:26] <Kev> Presumably if I knew that, I could just edit the .pem file blind.
[19:31:45] <MattJ> Except it's not PEM afai
[19:31:48] <MattJ> k
[19:31:56] <guus> http://pastebin.com/6gegDq5r
[19:32:07] <guus> that's how I process the certificates now
[19:32:13] <guus> the last two should be reversed
[19:33:35] <Kev> Nevermind. If it's pkcs#12 silliness, I can't fix it :)
[19:33:43] <psa> yeah
[19:44:25] * guus left the chat.
[19:45:20] <psa> bbiaf
[19:49:30] * guus joined the chat.
[19:51:28] <guus> hey, you fixed the cert chain?
[19:55:07] <guus> ah, no - only the outgoing stream works fine (which makes a little security sign show up in my console if that's the only
stream that's established.
[20:05:14] * guus left the chat.
[20:09:46] * guus joined the chat.
[21:20:16] * luca tagliaferri joined the chat.
[21:45:17] * guus left the chat.
[22:20:23] * boothj5 joined the chat.
[22:20:55] * boothj5 left the chat.
[22:24:58] * Tobias left the chat.
[22:26:17] * Tobias joined the chat.
[22:32:02] * Kenan¢ joined the chat.
[22:33:03] * Kenan¢ left the chat.
[22:36:08] * Asterix left the chat.
[22:57:21] * Tobias_ joined the chat.
[22:59:02] * Tobias_ left the chat.
[22:59:20] * Tobias_ joined the chat.
[23:01:44] * Tobias left the chat.
[23:20:25] * deryni left the chat.
[23:33:22] * luca tagliaferri left the chat.
[23:40:37] * Flow left the chat.
[23:41:22] * naw left the chat.