Logs for jdev
[00:15:02] * darkrain_ left the chat.
[00:53:29] * Tobias_ joined the chat.
[01:00:00] * Tobias left the chat.
[03:02:41] * jcea left the chat.
[03:58:09] * darkrain joined the chat.
[05:35:45] * guus joined the chat.
[05:43:32] * Tobias_ left the chat.
[06:24:24] * Tobias joined the chat.
[06:32:02] * harrykar left the chat.
[07:28:00] * harrykar joined the chat.
[07:28:17] * harrykar left the chat.
[07:28:39] * harrykar joined the chat.
[07:31:16] * harrykar left the chat.
[07:31:39] * harrykar joined the chat.
[07:41:40] * luca tagliaferri joined the chat.
[08:17:56] * Flow joined the chat.
[08:20:37] * Xificurk left the chat.
[08:20:42] * Xificurk joined the chat.
[08:40:27] * luca tagliaferri left the chat.
[08:40:35] * luca tagliaferri joined the chat.
[08:44:02] * Alex joined the chat.
[09:15:49] * Tobias left the chat.
[09:20:02] * Flow left the chat.
[09:20:02] * Flow joined the chat.
[09:41:53] * Alex left the chat.
[10:38:14] * Asterix joined the chat.
[11:01:16] * Tobias joined the chat.
[11:07:19] * jcea joined the chat.
[11:22:08] * louiz’_ joined the chat.
[11:25:36] * louiz’_ left the chat.
[11:26:37] * louiz’_ joined the chat.
[11:32:06] * louiz’_ left the chat.
[11:32:17] * louiz’_ joined the chat.
[11:52:15] * louiz’_ left the chat.
[12:43:27] * MattJ joined the chat.
[12:50:19] * jcea left the chat.
[12:51:16] * jcea joined the chat.
[12:53:21] * naw joined the chat.
[12:53:49] * guus left the chat.
[13:33:38] * Florob joined the chat.
[13:42:26] * naw left the chat.
[14:18:56] * Asterix left the chat.
[14:19:14] * Asterix joined the chat.
[14:26:47] * Flow left the chat.
[14:31:12] * deryni left the chat.
[14:39:28] * guus joined the chat.
[14:45:03] * darkrain_ joined the chat.
[15:09:54] * psa joined the chat.
[15:11:38] * Tobias left the chat.
[15:24:44] * psa left the chat.
[15:28:40] * deryni joined the chat.
[15:42:43] * psa joined the chat.
[15:45:30] * Tobias joined the chat.
[16:00:32] * luca tagliaferri left the chat.
[16:30:04] * jonkri joined the chat.
[16:31:34] <jonkri> rfc 6120 states that "[w]hether or not the 'from' attribute is included, each entity MUST verify the identity of the other
entity before exchanging XML stanzas with it". to what degree should an xmpp library verify the address stated by the receiving
entity (server)?
[16:32:19] <jonkri> the same section mentions sasl for peer authentication, but i'm not sure how that relates here
[16:33:56] * Lance joined the chat.
[16:33:56] * Lance left the chat.
[16:34:00] <psa> hi jonkri
[16:34:23] <psa> basically, the client verifies the server during TLS negotiation
[16:34:55] * Lance joined the chat.
[16:34:55] * Lance left the chat.
[16:34:58] <psa> there might be other ways to verify server identity (e.g., secure DNS)
[16:35:15] <psa> in fact, Matt Miller and I are working on a document about that, which we'll publish as an Internet-Draft soon
[16:36:49] <jonkri> thank you, stpeter. what if neither tls or secure dns is used?
[16:37:48] <Kev> Then you fail the MUST.
[16:37:49] <psa> well, it depends on how much you trust DNS :)
[16:37:50] <Kev> :)
[16:38:05] <Kev> But yes, typically clients just rely on DNS.
[16:38:32] <Kev> Although smart ones will do cert/mech pinning. Maybe I should add that to Swift.
[16:39:15] <jonkri> Kev: what is that?
[16:39:36] <Kev> Remember the server's profile so you can detect future downgrade attacks.
[16:40:16] <jonkri> what is a server profile?
[16:40:29] <Kev> The properties of the server.
[16:40:42] <Kev> Whether it has a cert, what SASL mechs it offers, that kind of thing.
[16:41:17] <jonkri> ah, thanks
[16:41:40] <psa> Kev: sounds like a good idea, yes
[16:42:13] <Kev> So if your client sees that a server that previously offered starttls now doesn't, it seems likely it's a MITM attack.
[16:42:36] <Kev> Or if it used to offer SCRAM but now only offers PLAIN, you'd probably want to flag this to the user too.
[16:44:14] <deryni> Requires the client to have mech strength preferences to do downgrade-only notification on mechs but yeah.
[16:44:15] <jonkri> secure dns = dnssec?
[16:44:28] <psa> jonkri: yes
[16:44:32] <psa> RFC 4033 and friends
[16:44:36] <Kev> deryni: Yes, but the obvious attack is trivial to rank.
[16:44:51] <Kev> Anything hashed->PLAIN = downgrade.
[16:45:16] <psa> jonkri: http://datatracker.ietf.org/doc/draft-miller-xmpp-dnssec-prooftype/ is a start toward what Matt and I are working
on, but we have a more comprehensive document on the way
[16:45:45] <jonkri> thanks
[16:46:23] <deryni> Kev: Sure.
[16:46:51] <Kev> I grant that "It used to offer Kerberos and now it offers SCRAM" isn't exactly trivial to rank.
[16:49:34] * Tobias left the chat.
[16:53:10] <jonkri> should a client xmpp library be liberal in accepting incoming streams without an id by default?
[16:53:58] * Flow joined the chat.
[16:56:55] <psa> jonkri: do you mean the stream response header? I hope that client's aren't accepting inbound TCP connections ;-)
[16:57:13] <psa> erk, s/client's/clients/
[16:57:39] <psa> the extraneous apostrophe is a pet peeve of mine :)
[16:57:49] <jonkri> stpeter: yes, that is what i mean :)
[16:58:08] <Kev> psa: Mine to.
[16:58:30] <psa> jonkri: ok, just checking ;-)
[17:01:14] <psa> /me gets on the phone to talk with Adam Brault about the Keeping It Real Time conference :)
[17:01:56] <jonkri> that's a nice name for a conference :)
[17:12:28] * Lance joined the chat.
[17:23:28] <psa> ok, I'm stoked :)
[17:23:40] <psa> /me pokes the XSF Board and gets busy
[17:42:59] <psa> hmph, I get a "gateway timeout" message at http://blog.krtconf.com/post/24012727201/krtconf-2012-call-for-speakers
[17:43:02] <psa> /me double-checks
[17:44:38] <psa> temporary glitch, it seems
[18:15:09] * jonkri left the chat.
[18:15:59] * Alex joined the chat.
[18:25:57] * Flow left the chat.
[18:25:57] * Flow joined the chat.
[18:39:44] * Alex left the chat.
[18:53:26] * misha joined the chat.
[19:22:51] * jcea left the chat.
[20:17:56] * naw joined the chat.
[20:42:49] * deryni left the chat.
[21:11:57] * smoku joined the chat.
[21:22:23] * Asterix left the chat.
[21:29:28] * Flow left the chat.
[21:31:00] * deryni joined the chat.
[21:31:53] * guus left the chat.
[21:32:23] * Tobias joined the chat.
[22:26:29] * psa left the chat.
[22:34:00] * Flow joined the chat.
[22:34:05] * naw left the chat.
[22:34:14] * smoku left the chat.
[22:45:19] * Florob left the chat.
[23:15:59] * Treebilou left the chat.