Re: [Operators] Suspicion of Jabbim services being hacked

On 12/20/2014 04:15 AM, Phil Pennock wrote: > Probably because the Triple Handshakes Considered Harmful paper from > earlier this year showed that using only the final message for channel > binding was broken and vulnerable, so there are IETF drafts for fixes to > TLS to provide something which a

Re: [Operators] Suspicion of Jabbim services being hacked

SASL mechanism and client stats from the last two weeks on a small site I run: 87% PLAIN 10% SCRAM-SHA-1 3% SCRAM-SHA-1-PLUS 43% Pidgin version 2.10.9 (libpurple 2.10.9) 22% Adium version 1.5.10 (libpurple 2.10.9) 21% Gajim version 0.15.4 7% Jitsi version 2.2.4603.9615 3% Jitsi version

Re: [Operators] Suspicion of Jabbim services being hacked

El 19/12/14 a las 22:55, Waqas Hussain escribió: On Fri, Dec 19, 2014 at 3:18 PM, Kevin Smith > wrote: On 19 Dec 2014, at 19:36, Mathieu Pasquet mailto:mathi...@mathieui.net>> wrote: > > On Fri, Dec 19, 2014 at 06:48:44PM +, Dave Cridland wrote:

Re: [Operators] Suspicion of Jabbim services being hacked

On 2014-12-19 at 21:43 -0500, Sam Whited wrote: > Sounds good; step two is to convince TLS stack maintainers to actually > give us access to the client final message so we can do `tls-uniqe' > channel binding without resorting to bundling our own TLS stacks > (seriously; everything uses tls-unique