Logs for jdev@conference.jabber.org
[00:22:28] * Zash left the chat.
[00:41:15] * Zash joined the chat.
[00:41:27] * naw left the chat.
[01:36:46] * waqas left the chat.
[01:36:46] * waqas joined the chat.
[01:41:45] * Zash left the chat.
[01:43:29] * darkrain joined the chat.
[03:12:21] * Tobias joined the chat.
[03:17:42] * Tobias left the chat.
[03:50:34] * dezant joined the chat.
[05:14:44] * MattJ left the chat.
[05:35:09] * waqas left the chat.
[05:46:04] * Alex joined the chat.
[05:54:12] * Alex joined the chat.
[05:54:12] * Alex left the chat.
[05:57:49] * aRyo joined the chat.
[06:19:56] * Asterix joined the chat.
[06:36:44] * bear joined the chat.
[06:57:23] * kevin joined the chat.
[06:58:27] * edwinm joined the chat.
[07:08:27] * ermine joined the chat.
[07:14:00] * Asterix left the chat.
[07:14:07] * dwd joined the chat.
[07:17:19] * aRyo left the chat.
[07:17:21] * aRyo joined the chat.
[07:22:11] * bear left the chat.
[07:27:02] * kevin left the chat.
[07:28:54] * kevin joined the chat.
[07:45:15] * Flow joined the chat.
[08:18:35] * aRyo left the chat.
[08:18:37] * aRyo joined the chat.
[08:20:51] * 1213 joined the chat.
[08:21:00] * 1213 left the chat.
[08:27:41] * 0xAFFE joined the chat.
[08:30:55] * aRyo left the chat.
[08:30:57] * aRyo joined the chat.
[08:47:15] * Lloyd joined the chat.
[08:47:22] * Kev joined the chat.
[08:48:46] * 0xAFFE left the chat.
[08:50:32] * 0xAFFE joined the chat.
[08:50:54] * Lance joined the chat.
[09:04:07] * Kev joined the chat.
[09:10:31] * Zash joined the chat.
[09:17:51] * Kev left the chat.
[09:38:17] * edwinm left the chat.
[09:40:31] * edwinm joined the chat.
[09:45:07] * ralphm left the chat.
[10:04:37] * KevWalke left the chat.
[10:29:36] * Kev joined the chat.
[10:35:45] * Kev left the chat.
[10:36:26] * Kev left the chat.
[10:37:40] * aRyo left the chat.
[10:37:43] * aRyo joined the chat.
[10:45:45] * Lance left the chat.
[11:02:02] * aRyo left the chat.
[11:02:04] * aRyo joined the chat.
[11:05:05] * ralphm joined the chat.
[11:11:07] * aRyo left the chat.
[11:19:33] * Maranda joined the chat.
[11:34:54] * Tobias left the chat.
[12:01:31] * Maranda left the chat.
[12:09:28] * kevin left the chat.
[12:11:46] * kevin joined the chat.
[12:27:33] * Tobias joined the chat.
[13:12:40] * Tobias left the chat.
[13:12:47] * Tobias joined the chat.
[13:24:42] * Florob joined the chat.
[13:28:50] * Flow left the chat.
[13:30:42] * Kev joined the chat.
[13:30:42] * Flow joined the chat.
[13:32:46] <> Should I use the XMPP domain or the hostname of the system running the xmpp service when creating TLS certificates?
[13:32:55] <> Or should I use '*.example.com'?
[13:33:25] <> *eyetwitch*
[13:33:37] <> The domain.
[13:34:11] <> so just the domain, no matter if i use DNS SRV records and the actual host is different?
[13:35:12] <> What happens if you validate the certificate against the SRV target?
[13:35:34] <> Dunno, that was just a 'what's the best practice' question
[13:35:39] <> And someone hands you a forged SRV record pointing to a server they have a valid certificate for
[13:36:13] <> well I hade the same thought. just wanted to make sure :)
[13:36:31] <> Unless the SRV record is signed with DNSSEC :)
[13:36:40] <> But very few servers support that
[13:37:20] <> dwd: Link!
[13:37:35] <> Flow: https://plus.google.com/+DaveCridland/posts/fAdAUa62rse :)
[13:37:54] <> as an example, my domain has a cert for ik.nu and pubsub.ik.nu, but is hosted on a machine called mag.ik.nu
[13:38:18] <> Mmmm? Oh, that, yes.
[13:38:56] <> ALso https://prosody.im/doc/certificates#which_domain
[13:39:41] <> ralphm: My XMPP server is hosted on a machine called sphyrna.zash.se, which has a certificate with CN=sphyrna.zash.se :)
[13:40:41] <> why!
[13:40:59] <> Depends on what *else* the certificate is for...
[13:41:10] <> I have doen the same as Zash ;-)
[13:41:11] <> For the lulz! It has the actual domain in subjectAltNames tho.
[13:41:13] <> Zash, I'm assuming that's not the complete Subject.
[13:42:37] <> dwd: Indeed
[13:43:08] <> There's actually an XMPP host called sphyrna.zash.se, acting as a proxy.
[13:49:14] * naw joined the chat.
[14:12:37] * Irdis joined the chat.
[14:15:07] <> The proper CN is "Zash's awesome server for things" anyway. You know, human readable and all...
[14:16:19] <> * for crazy things
[14:25:24] * naw left the chat.
[14:27:41] * Flow left the chat.
[14:35:16] * Asterix joined the chat.
[14:35:18] * sad joined the chat.
[14:43:43] * aRyo joined the chat.
[14:50:17] * sad left the chat.
[14:59:14] * stpeter joined the chat.
[14:59:14] * stpeter left the chat.
[15:03:23] * waqas joined the chat.
[15:08:47] * MattJ joined the chat.
[15:24:48] * stpeter joined the chat.
[15:30:53] * Tobias left the chat.
[15:36:07] * Flow joined the chat.
[15:39:00] * Zash left the chat.
[15:52:04] * kevin left the chat.
[15:58:35] * Tobias joined the chat.
[16:00:08] * deryni left the chat.
[16:00:52] * Lance joined the chat.
[16:04:50] * Zash joined the chat.
[16:12:19] * jabberjocke joined the chat.
[16:42:15] * Flow left the chat.
[16:54:21] * bear joined the chat.
[16:56:37] * deryni joined the chat.
[17:02:27] * kevin joined the chat.
[17:02:57] * Lloyd left the chat.
[17:03:13] * kevin left the chat.
[17:03:17] * kevin joined the chat.
[17:14:31] * stpeter left the chat.
[17:26:18] * Irdis left the chat.
[17:26:40] * Irdis joined the chat.
[17:27:17] * 0xAFFE left the chat.
[17:31:16] * Florob left the chat.
[17:40:10] * Florob joined the chat.
[17:41:13] * Lance left the chat.
[17:55:28] * Flow joined the chat.
[17:57:32] <> Can someone explain to me xmpp.net's IM Obvervatories "Trusted root certificate is included in the chain." warning?
[17:58:08] <> Flow: Means that the server sent the root CA certificate. If you trust that CA, you already have it, so it is redundant.
[17:58:58] <> Zash: So it's not really are warning but more a notice?
[18:00:09] <> It's potentially problematic, as it makes the handshake larger.
[18:00:26] <> I did not explictly add the CA cert. Is it something that is a default?
[18:00:48] <> erm, wait
[18:00:53] <> No. It was probably in your intermediate cert bundle.
[18:01:07] <> tkabber 1.0 finally enables TLSv1, but still only on the legacy port, and no starttls?
[18:01:42] <> deryni: "intermediate cert bundle" as in the text I used pasted in CAcert to create my signed certificate?
[18:02:14] <> i'm using it right now. seems good
[18:05:33] <> Flow: No, a .crt (or similar) file you got back from them with the intermediate CA that signed your certificate.
[18:09:06] <> mathieui: Wait what?
[18:09:18] <> Zash, from my testing, at least
[18:09:49] <> my server offers starttls, and it does not use it and fails to login because I offer no plaintext
[18:10:10] <> on a server with allowed plaintext & starttls, it chooses to use plaintext
[18:10:11] <> so…
[18:10:45] <> either there is some invisible wizardry I am missing, or it does not handle starttls
[18:10:57] <> Flow: This is not a problem in any meaningful sense, though (and is arguably beneficial).
[18:15:11] <> Unless the handshake gets larger than the x bytes of buffer that various silly TLS implementations have
[18:15:42] <> One never knows
[18:15:43] * stpeter joined the chat.
[18:15:44] * stpeter left the chat.
[18:15:44] * stpeter joined the chat.
[18:15:47] <> well, I tested it against jabber.fr which afaik still doesn’t have hardened its policy
[18:16:05] <> well, I tested it against jabber.fr which afaik still hasn’t hardened its policy
[18:16:18] * Irdis left the chat.
[18:20:21] <> Kev: The arguable benefit to having the root CA in the chain is?
[18:20:48] <> Pinning.
[18:21:08] <> deryni: DANE CA constraints
[18:21:21] <> (Pinning the root, rather than the cert, where you don't trust the root)
[18:22:56] <> Zash, https://xmpp.net/result.php?domain=jabber.fr&type=client the handshake shouldn’t cause a problem, it can even negociate
SSLv2 if it has issues!
[18:24:20] <> You have to pin to something in the chain you send? And pinning to the root in that case helps because ... ? (I have only
the most minimal understanding of all this DANE/etc. stuff. I haven't really followed it much.)
[18:24:54] <> deryni: Then you can renew your cert, I guess
[18:25:00] <> without updating the pins
[18:27:10] * stpeter left the chat.
[18:27:16] * stpeter joined the chat.
[18:37:55] * Philonous left the chat.
[18:40:31] * Philonous joined the chat.
[18:45:34] * stpeter left the chat.
[18:47:48] * stpeter joined the chat.
[19:02:37] * stpeter left the chat.
[19:25:08] * kevin left the chat.
[19:39:44] * edhelas joined the chat.
[19:50:29] * ermine left the chat.
[19:52:02] * bear left the chat.
[19:52:45] <> mathieui: is tkabber really still a thing?
[19:53:24] <> well, the version 1.0 was published the 01-01-2014
[19:53:34] <> so I guess it still is worked on
[19:53:43] <> (with apparently much rewritten internals)
[19:54:04] <> what's next? jarl?
[19:54:33] <> O.o
[19:59:44] <> Zash: I suppose you weren't around back then?
[20:00:21] <> Not in jabber, no.
[20:00:52] <> heh
[20:06:25] * edhelas left the chat.
[20:06:27] * edhelas joined the chat.
[20:07:22] * edhelas left the chat.
[20:07:25] * edhelas joined the chat.
[20:09:18] * edhelas left the chat.
[20:23:59] * edhelas joined the chat.
[20:44:32] * stpeter joined the chat.
[20:52:49] * boothj5 joined the chat.
[20:54:19] * boothj5 left the chat.
[21:00:49] * Tobias left the chat.
[21:02:40] * Tobias joined the chat.
[21:08:53] <stpeter> Hi Peter, it is strange (not about blacklist) but I have received one two email from ML but not all...
[21:13:47] <Neustradamus> no idea
[21:17:24] <stpeter> I will send you an email with previous requests like WordPress plugin (table)
jabber.org/xmpp.org/cisco? (xmpp.net) improvements
[21:18:39] * Alex left the chat.
[21:18:42] <stpeter> there are lot of XEPs (released) in inbox (not redirected) but I have lost all that I have sent you :/
[21:19:11] * Zash left the chat.
[21:21:12] <Neustradamus> the new Editorial Team can fix that up :-)
[21:21:52] <stpeter> who are in this team?
[21:22:05] <stpeter> the issue tracker is alive?
[21:22:06] <Neustradamus> not formed yet
[21:22:27] <stpeter> :D
[21:22:49] <Neustradamus> I need to write the charter and then the Board can approve it
[21:22:54] <stpeter> :)
[21:23:22] * Lance joined the chat.
[21:23:40] <Neustradamus> brb
[21:24:10] <stpeter> About jabber.org/xmpp.org email server, it is not possible to have a really good system for unlock blacklist of the server?
DKIM or other? What do you think?
[21:24:34] <stpeter> "Apache/1.3.34 Server at mail.jabber.org Port 80"
[21:24:38] <stpeter> very old...
[21:26:32] <Neustradamus> I need to log off for a while, bbiab
[21:26:37] * stpeter left the chat.
[21:42:18] <> I wonder if Gabber supports starttls :)
[21:46:46] * Asterix left the chat.
[22:17:23] * boothj5 joined the chat.
[22:17:32] * naw joined the chat.
[22:18:20] * boothj5 left the chat.
[22:21:51] * boothj5 joined the chat.
[22:30:25] * Flow left the chat.
[22:37:35] * Tobias left the chat.
[22:40:01] * Tobias joined the chat.
[22:41:54] * Flow joined the chat.
[22:43:36] * aRyo left the chat.
[22:44:56] * Flow left the chat.
[22:46:14] * deryni left the chat.
[22:57:14] * stpeter joined the chat.
[22:57:15] * stpeter left the chat.
[22:57:15] * stpeter joined the chat.
[23:03:55] * stpeter left the chat.
[23:08:52] * boothj5 left the chat.
[23:10:37] * bear joined the chat.
[23:22:43] * dezant left the chat.
[23:22:47] * dezant joined the chat.
[23:24:11] * Lance left the chat.
[23:25:34] * edhelas left the chat.
[23:31:13] * Lance joined the chat.