On 8 February 2018 at 08:31, Georg Lukas wrote:
> If you run a public server and are committed to fighting outbound and
> inbound spam, please review the text and let me know if you would agree
> to sign it. Please do not sign it *yet*, in case there is feedback
> requiring
+1. Also, bet on the one that can adapt stably. Matrix has already suffered
interop breaks and forklift upgrades, XMPP is much better in that regard.
One could even see it as the upside of the fragmentation that Matrix
complains of.
On 6 May 2017 08:54, "David Banes" wrote:
>
On 19 November 2016 at 12:52, David Banes wrote:
> How about following the very large email providers lead and do something like
> this;
>
> https://en.wikipedia.org/wiki/DMARC
> https://dmarc.org/2016/02/how-can-i-tell-who-is-using-dmarc/
As other point out, DMARC is about
On 20 July 2016 at 10:15, Dave Cridland <d...@cridland.net> wrote:
>
>
> On 20 July 2016 at 10:07, Simon Josefsson <si...@josefsson.org> wrote:
>
>> Sam Whited <s...@samwhited.com> writes:
>>
>> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josef
On 20 July 2016 at 10:07, Simon Josefsson wrote:
> Sam Whited writes:
>
> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
> wrote:
> >> I wonder if people really care about this usage any more -- it does not
> >> scale well (all
On 20 July 2016 at 08:58, Florian Schmaus wrote:
> For the near future, I hope that certificates using only srvNames will
> become more common. But if you want to stay super "compatible" with all
> sorts of XMPP software out there, then you probably want to put your
> XMPP
On 19 July 2016 at 17:36, Marvin Gülker wrote:
> Am Tue, 19 Jul 2016 16:15:40 +0200
> schrieb Florian Schmaus :
> > Isn't one problem that a cert with CN "example.org" will be valid for
> > all services found on example.org (simply speaking), whereas
On 13 January 2016 at 02:23, Kim Alvefur wrote:
> On 01/12/2016 06:55 PM, Peter Saint-Andre wrote:
> > Over the years we have discussed a number of potential methods for
> > mitigating (I do not say solving) the spam problem. For example:
> >
> >
On 24 Nov 2015 11:09 pm, "Arsimael Inshan" wrote:
>
> Hi there.
>
> When I created the DH Keys on my server, I generated 2k and 4k keys. I
was told the 4k keys shouldn't be used (yet) because of incompartibillities
and they wouldn't increase the security this much, but generate way
On 28 October 2015 at 21:32, Daniel Pocock wrote:
>
>
> We are just reviewing the final configuration before announcing
> debian.org XMPP
>
>
That's great news.
> Can anybody comment on DANE / TLSA? Should we only talk to servers
> supporting this?
>
>
Last time I looked,
On 15 October 2015 at 21:07, Finn Herzfeld wrote:
> That's pretty cool, but this whole mapping thing seems broken. Would
> there be a way for a server to probe another server over the clearnet
> for an onion address, then it can cache that and build it's own list? I
> don't know a
On 5 October 2015 at 14:22, Matthew Wild wrote:
> This is technically achievable using security labels
> (http://xmpp.org/extensions/xep-0258.html ), though it hasn't really
> been deployed that way on the public network, and not many clients
> support it (though Swift and
On 21 July 2015 at 08:44, David Banes da...@banes.org wrote:
On 20 Jul 2015, at 23:19, Jonathan Schleifer
js-xmpp-operat...@webkeks.org wrote:
Am 21.07.2015 um 00:10 schrieb David Banes da...@banes.org:
On 20 Jul 2015, at 23:07, Peter Kieser pe...@kieser.ca wrote:
On 2015-07-10 2:47
As sent to the jdev list:
-- Forwarded message --
From: Dave Cridland d...@cridland.net
Date: 21 January 2015 at 16:59
Subject: Openfire 3.10.0 Beta release
To: Jabber/XMPP software development list j...@jabber.org
Hey everyone,
Since I took on the role of Openfire project
On 31 August 2014 22:28, Evgeny Khramtsov xramt...@gmail.com wrote:
Sun, 31 Aug 2014 22:35:07 +0200
Jonas Wielicki xmpp-operat...@sotecware.net wrote:
I left the c2s-encryption-required switch in place (there would have been
out-of-band measures to reach me if that had been a problem)
A
On 1 September 2014 12:19, Evgeny Khramtsov xramt...@gmail.com wrote:
Mon, 1 Sep 2014 11:52:22 +0100
Dave Cridland d...@cridland.net wrote:
On 31 August 2014 22:28, Evgeny Khramtsov xramt...@gmail.com wrote:
Sun, 31 Aug 2014 22:35:07 +0200
Jonas Wielicki xmpp-operat...@sotecware.net
On 12 August 2014 12:22, Daniel Pocock dan...@pocock.pro wrote:
Can anybody comment on the current status of interop between Google
(gmail.com) users and the rest of the world?
The only people who can definitively comment are Google.
Personally, I have a Prosody server and various clients
Without an RSA cert at all, can a remote server with only RSA negotiate TLS?
On 5 August 2014 19:30, shm...@riseup.net shm...@riseup.net wrote:
?
shm...@riseup.net wrote:
hi,
i was testing an xmpp server and i believe its wrong to reduce the
score because of the cert which is
Folks,
I know quite a few of you are running Openfire - you may well have noticed,
but development has been ramping up again for some time. In light of this,
I've volunteered to act as Project Lead. While there's certainly plenty of
work left to be done, I'm keen to get a sense of the most
Taking this suggestion seriously for a moment:
If there's genuine interest, the XSF (or some other body) could do this. It
would mean a TLD that we controlled, allowing us to provide, and perhaps
even enforce, DNSSEC and things. But it would also have significant
operating costs beyond the
On 3 Feb 2014 16:44, Andreas Kuckartz a.kucka...@ping.de wrote:
Claudiu Curcă:
1. Why is that comment classified as XMPP bashing?
As far as I know Daniel is mostly an SIP guy and is trying to _help_ the
XMPP community by pointing to that comment. But I also do not think that
the comment is
This is possibly a better conversation to have on jdev@ or standards@
On Thu, Jan 23, 2014 at 10:27 AM, Daniel Pocock dan...@pocock.com.auwrote:
For example, many free software projects (Debian, Fedora) offer their
developers mail forwarding (poc...@debian.org-dan...@pocock.com.au)
without
On Thu, Jan 23, 2014 at 10:55 AM, Cesar Alcalde lambda...@gmail.com wrote:
Well, actually you could setup DNS SRV records pointing to a third party
server (like the MX record for mail).
So you can have a server example.org with a web server, a ftp server...
And xmpp accounts @example.org
On Sun, Jan 19, 2014 at 8:43 AM, Daniel Pocock dan...@pocock.com.au wrote:
As mentioned in the other email, FOSDEM is coming up, maybe that will be
an opportunity to discuss in person? (Please don't let my .au domain
deceive you, I'm based in central Europe)
Sadly, I don't think Matt is
On Sat, Jan 18, 2014 at 10:37 PM, Matthew Wild mwi...@gmail.com wrote:
Hi Daniel,
On 18 January 2014 21:50, Daniel Pocock dan...@pocock.com.au wrote:
Hi all,
We have just enabled federated SIP for debian.org. It is very basic,
just a SIP proxy and TURN server. People can register
On Tue, Jan 7, 2014 at 2:43 AM, Peter Saint-Andre stpe...@stpeter.imwrote:
And do please note that several weeks ago I updated both the manifesto
and draft-saintandre-xmpp-tls to no longer say that software MUST NOT
negotiate sslv3.
Hopelessly wrong mailing list, but:
Might be worth
On Mon, Jan 6, 2014 at 3:32 AM, Peter Saint-Andre stpe...@stpeter.imwrote:
- - Office365 deployments
Meaning the (irritatingly named) Lync? I believe that went through quite
extensive S2S/TLS/Auth interop work. Certainly it's now been put on the
DISA APL (as of September), and that mandates
On Sun, Jan 5, 2014 at 7:52 PM, Waqas Hussain waqa...@gmail.com wrote:
Prosody was the first server to allow multiple resources behind a
single nick (AFAIK, I implemented it in Prosody). I think the ejabberd
folks were looking into implementing that, but not sure what their
progress is.
On Sun, Jan 5, 2014 at 8:21 PM, Peter Saint-Andre stpe...@stpeter.imwrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On my personal server, I too plan to keep the encryption-required
setting in place.
I'm turning it off again, for S2S. C2S I had enabled anyway, but seeing as
it's just
Something to note; chatting with Jesse Thompson, we found that the errors
we were getting back simply didn't match the likely cases. I saw DNS
errors, he saw similar. I've not isolated the actual fault yet.
On Sat, Jan 4, 2014 at 2:25 PM, Valérian Saliou
valer...@valeriansaliou.name wrote:
I just switched my switch - requiring encryption everywhere for the next
day or so.
On Fri, Jan 3, 2014 at 8:56 PM, Mike Taylor b...@bear.im wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just a friendly note that the Security Test Day is tomorrow!
I'm cross posting this notice but
On Thu, Nov 21, 2013 at 7:26 PM, Matthew Wild mwi...@gmail.com wrote:
With all the talk about the details of the manifesto, one thing we
seem to mostly only mention in passing is federation with Google, and
I'm curious to gauge the opinion of people on this list.
We are going to affect a lot
On Fri, Nov 22, 2013 at 10:14 AM, Tim Schumacher
t...@bandenkrieg.hacked.jpwrote:
In the pastBjörn Kempén bu...@google.com wrote on this very list,
that he is one of the responsible for the federation stuff at Google
XMPP, btw at the beginning of this year, the TLS-issue was already a topic:
On Wed, Nov 20, 2013 at 9:16 AM, Matthias Wimmer m...@tthias.eu wrote:
Hi Dave,
El 2013-11-19 17:04:44, Dave Cridland escribió:
I dropped a mail to the Domicilium people who look after .im today asking
about DNSSEC, too.
Probably it's what you meant. I just want to point this out again
I found:
http://www.internetsociety.org/deploy360/resources/dnssec-registrars/
And also:
http://www.icann.org/en/news/in-focus/dnssec/deployment
On Wed, Nov 20, 2013 at 2:51 PM, Peter Saint-Andre stpe...@stpeter.imwrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/20/13 5:19 AM,
I dropped a mail to the Domicilium people who look after .im today asking
about DNSSEC, too.
On Tue, Nov 19, 2013 at 4:20 PM, Peter Saint-Andre stpe...@stpeter.imwrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It appears that more XMPP services are getting their DNS records
signed
On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner fedor.brun...@azet.skwrote:
For example the server jabber.ccc.de uses 2048 bit RSA public key, but
the length of the temporary key is only 1024 bit. The public key score
is 90, cipher score is 90
On 13 Nov 2013 17:01, Fedor Brunner fedor.brun...@azet.sk wrote:
There is good comparison website for key sizes recommendations:
http://www.keylength.com/en/compare/
Enter the year until when your system should be protected and see the
Discrete Logarithm Group column.
Yes, that site is very
On Wed, Nov 13, 2013 at 9:44 PM, Fedor Brunner fedor.brun...@azet.skwrote:
For detailed description of various attack scenarios with calculations
please read
ECRYPT II Yearly Report on Algorithms and Keysizes
(2011-2012)
http://www.ecrypt.eu.org/documents/D.SPA.20.pdf
Good link; though I
On Wed, Nov 13, 2013 at 10:41 PM, Thijs Alkemade th...@xnyhps.nl wrote:
On 13 nov. 2013, at 19:21, Dave Cridland d...@cridland.net wrote:
To decrypt all communications using 1024-bit DH over a year is likely to
be vastly bigger than for one conversation; the same isn't true for RSA
On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki
xmpp-operat...@sotecware.net wrote:
Will there be a reminder for the action days? Because I don't trust
myself to keep an electronic reminder actually functional until Jan 4th
(yeah I know). I'm only operating a small service though (20 users),
On Tue, Oct 29, 2013 at 10:21 PM, Peter Saint-Andre stpe...@stpeter.imwrote:
If the server you're using doesn't support XEP-0227 (Portable
Import/Export Format for XMPP-IM Servers), then I agree you might
have a problem.
http://xmpp.org/extensions/xep-0227.html
Kev knocked out a simple
On 23 Aug 2013 08:30, Evgeniy Khramtsov xramt...@gmail.com wrote:
On 22.08.2013 09:03, Phil Pennock wrote:
On 2013-08-21 at 12:52 -0600, Peter Saint-Andre wrote:
5. No server-to-server connections without TLS.
6. Require proper certificate checking (RFC 6120 / RFC 6125) for TLS
The XSF did some interop some time back to help test TLS interop, using a
custom CA. The CA software was from my previous employer, Isode.
We could look into setting up servers with those certs again, I imagine,
though the certs themselves would need recreating.
The rest is, as you say, just a
On Sat, Jun 15, 2013 at 3:00 AM, Jesse Thompson
jesse.thomp...@doit.wisc.edu wrote:
I'm looking for guidance.
Aren't we all?
Now that Google is transitioning to Hangouts, they're no longer supporting
XMPP federation.
Well. In principle. But it seems there's *some* federation, but it's
On Fri, May 24, 2013 at 12:25 AM, Peter Saint-Andre stpe...@stpeter.imwrote:
On 5/23/13 4:50 PM, Justin Uberti wrote:
I just realized my statement could be parsed 2 different ways. To
be clear: it is sad that spammers were more willing to adopt
XMPP*than other IM networks were willing to*.
On Thu, May 23, 2013 at 12:35 AM, Justin Uberti jube...@google.com wrote:
That seems like an overly cynical assessment of the situation. Speaking as
an individual, it is sad that spammers were more willing to adopt XMPP than
other IM networks, but so it goes.
I'm not sure sufficient
On Thu, May 23, 2013 at 4:36 PM, Kevin Smith ke...@kismith.co.uk wrote:
There are also likely options along these lines that involve less
privacy invasion than operators manually examining the accounts. A
captcha for every subscription request? Only one outstanding (not
reciprocated) roster
On Wed, May 22, 2013 at 5:32 PM, Kim Alvefur z...@zash.se wrote:
On 2013-05-22 18:22, Hannes Tschofenig wrote:
PS: I am wondering whether the claimed chat spam problems mentioned in
the press articles are actually true?
It matches what was said before, search this list for spammy invites.
On Wed, Mar 20, 2013 at 5:26 PM, Jesse Thompson
jesse.thomp...@doit.wisc.edu wrote:
Frankly, I wouldn't be aware if a public XMPP blacklist already exists,
since our university doesn't have the problem of XMPP spam. It seems that
the spammers are only targeting certain services, such as
On 20 Mar 2013 23:09, Peter Viskup skupko...@gmail.com wrote:
On 03/20/2013 07:03 PM, Dave Cridland wrote:
Peter mentioned ensuring that open registration is blocked - I think
that open registration has proved itself our equivalent of open relaying in
SMTP, and we need to campaign strongly
On 1 Mar 2013 17:03, Kevin Smith ke...@kismith.co.uk wrote:
This sounds very thorough (and entirely reasonable). Is your setup for
doing this generally available so other servers could take advantage
of similar systems?
I also wonder whether it'd be worthwhile restricting S2S traffic on new
On Fri, Jan 11, 2013 at 1:05 PM, Marco Cirillo mara...@lightwitch.org wrote:
I just pointed out that it's like this from 2006 which is when it was
implemented, perhaps it can't be suprising also stated it's rather an
inconveniency and that it's not compliant with the current RFC which
requires
If it's a JAR, it won't be human readable, but we might be able to look at
the files (it's a ZIP of Java object code), and get a list of targetted
servers.
Then we just disable IBR on the affected servers, or block them.
On Sep 16, 2012 12:33 AM, Peter Viskup skupko...@gmail.com wrote:
Dear
If you have concrete suggestions for what the XSF should be doing, and/or
how servers could defend themselves against spam and DDoS, I'd be
interested in hearing them.
My understanding is that they're both difficult problems to tackle without
a lot of data processing and analysis, but that a key
While I agree with much of what you're saying, making a public service
that's not the equivalent of an open relay is hard. Google has a lot of
code assigned at detecting abuse, and a lot of this works because of the
scale of their operation.
I think public servers are possible, but not as they
anything to do
with it beyond a background as to when Daniel noticed.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
, and then telling people about the conversations these
people were having.
On the other hand, by publishing the address, you've already breached
data confidentiality laws in some jurisdictions...
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap
On Tue Aug 16 09:47:35 2011, Kevin Smith wrote:
On Mon, Aug 15, 2011 at 8:44 AM, Dave Cridland d...@cridland.net
wrote:
On Sat Aug 13 23:34:56 2011, Josemar Müller Lohn wrote:
Is it valid to so:
_xmpp-client._tcp.alice.com. CNAME _xmpp-client.bob.com.
You can only get a CNAME answer when
. A
CNAME merely states to restart the resolution using the new name.
Specifically, the requirement that a name with a CNAME record MUST
NOT have any other records (aside from certain DNSSEC ones) would
appear to support that.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d
the client balance connections to the SRV targets,
but say nothing about multihomed hosts.
(If we're being pedantic, a single name can only have one A record,
but that record may have more than one RR).
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap
thankfully have quite a few options for serious
XMPP hosting, which is good - I think - for the operator community.
Us implementors actually have serious competition, and therefore
incentive to push our products, for one thing.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d
On Mon Jul 5 11:37:27 2010, Dave Cridland wrote:
On Mon Jul 5 10:59:43 2010, Nigel Kukard wrote:
If it was C, I would be hacking the code and adding debugging to
see
where the connection is terminating ... etc.
I'd be (secretly, of course) delighted if this were a reason to
move from
it for client-side (it doesn't help here), and work on
a fix. Thanks for the help in tracking it down.
The Openfire guys might want to work on a fix, though, since it's
quite useful to have server-side.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap
the priority 20 records listed at a non-zero
weight.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
On Tue Apr 28 15:30:31 2009, Jonathan Schleifer wrote:
Dave Cridland d...@cridland.net wrote:
it's unlikely that even if you're reasonably
proficient in, say, Java, you're unlikely to be able to dive into
Openfire or Tigase and fix some bug you've just run into.
I don't agree to that. Even
On Wed Oct 15 15:10:01 2008, Pedro Melo wrote:
Hi,
On Oct 15, 2008, at 12:41 AM, Dave Cridland wrote:
So today, out of probably hundreds of connections, one - aside
from other Isode M-Link deployments - offered my server SASL
EXTERNAL:
10/14 23:47:50 xmppd05979 (root) I-MBOX
not sure that's
actually working, as such. Ho hum.
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
On Wed Oct 15 09:51:06 2008, Norman Rasmussen wrote:
On Wed, Oct 15, 2008 at 1:41 AM, Dave Cridland [EMAIL PROTECTED]
wrote:
Anyone got any idea why this is behaving so weirdly? Does anyone
have
logging they could use?
Any ideas, or even better logging data, gratefully received.
BTW
69 matches
Mail list logo