Re: [Standards] XEP-0156 _xmppconnect is vulnerable to MITM

2022-02-09 Thread Travis Burtrum
PR implementing my proposal https://github.com/xsf/xeps/pull/1158 ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___

Re: [Standards] Danish chains too short

2022-02-09 Thread Travis Burtrum
On 1/30/22 11:38, Dave Cridland wrote: But the default choice to maximize interop should be to include the trust anchor. 1) Do people agree? No. Because... 2) If so, where on earth should we specify this? (A Best Practice doc on PKIX/DANE?) We should instead specify in a best practice doc

Re: [Standards] XEP-0156 _xmppconnect is vulnerable to MITM

2022-02-09 Thread Travis Burtrum
Issues I know about right now: https://github.com/processone/docs.ejabberd.im/issues/113 https://github.com/JustOxlamon/TwoRatChat/issues/2 https://github.com/poVoq/converse_wp/issues/2 https://github.com/BombusMod/BombusMod/issues/130 https://github.com/hesa2020/Twitch-To-League-by-Hesa/issues/1

[Standards] XEP-0156 _xmppconnect is vulnerable to MITM

2022-02-09 Thread Travis Burtrum
Hi all, The long story short (is outside of DNSSEC) it's impossible to use _xmppconnect TXT records to securely connect to BOSH or WebSockets. Every client I've been able to find that supported this is vulnerable to trivial MITM (Man-In-The-Middle) via DNS spoofing.  If you have a client that

Re: [Standards] XEP-0060: PubSub events with multiple "item" and "retract" elements

2022-02-09 Thread Ralph Meijer
On 09/02/2022 16.56, Melvin Keskin wrote: Thanks for the history! I think that there are two main questions: 1. Should it be possible to publish or retract multiple items within one request? 2. May event notifications contain multiple items (if batch processing is possible or if the server cac

Re: [Standards] XEP-0060: PubSub events with multiple "item" and "retract" elements

2022-02-09 Thread Melvin Keskin
Thanks for the history! I think that there are two main questions: 1. Should it be possible to publish or retract multiple items within one request? 2. May event notifications contain multiple items (if batch processing is possible or if the server caches multiple requests)? Even if multiple ite

Re: [Standards] XEP-0060: PubSub events with multiple "item" and "retract" elements

2022-02-09 Thread Ralph Meijer
On 09/02/2022 12.17, Melvin Keskin wrote: Hi, I am wondering why the XML schema for PubSub events ( https://xmpp.org/extensions/xep-0060.html#schemas-event) specifies that the "items" element of events may contain multiple "item" and "retract" elements:

[Standards] XEP-0060: PubSub events with multiple "item" and "retract" elements

2022-02-09 Thread Melvin Keskin
Hi, I am wondering why the XML schema for PubSub events ( https://xmpp.org/extensions/xep-0060.html#schemas-event) specifies that the "items" element of events may contain multiple "item" and "retract" elements: While https://xmpp.org/extensions/xep-0060.htm