Re: [jdev] How do I know when a MUC server restarts?

> On 3 mrt. 2016, at 14:19, Stephen Paul Weber > wrote: > > I am writing a external component (using it with Prosody right now) that > allows users to join MUCs on other servers. When a remote server restarts, I > see this is my prosody log: > > infooutgoing

Re: [jdev] Threema using XMPP

On 24 jul. 2014, at 13:32, Simon Tennant si...@buddycloud.com wrote: Threema is a very popular and [claimed to be] secure messaging service in the German speaking countries. It was just pointed out to me that it's also using XMPP and has 2.8 million users. Does anyone have contacts to

Re: [jdev] Threema using XMPP

On 24 jul. 2014, at 17:32, Ashley Ward ashley.w...@surevine.com wrote: On 24 Jul 2014, at 16:22, Simon Tennant si...@buddycloud.com wrote: Agree on 5222. But it smells like XMPP according to https://www.os3.nl/_media/2013-2014/courses/ssn/projects/threema_report.pdf They seem pretty

Re: [jdev] Checking the from of iq replies

On 4 mrt. 2014, at 10:24, Lars Noschinski l...@public.noschinski.de wrote: Signed PGP part On 04.03.2014 11:12, Lars Noschinski wrote: The following table shows the IQ-replies accepted by P(i)dgin[1], P(s)i (Task::iqVerify) and P(y)XMPP. From\to| e | l | bl | dl+s | o

Re: [jdev] Checking the from of iq replies

On 4 mrt. 2014, at 11:08, Lars Noschinski l...@public.noschinski.de wrote: Hi Thijs, On 04.03.2014 11:36, Thijs Alkemade wrote: On 4 mrt. 2014, at 10:24, Lars Noschinski l...@public.noschinski.de Legend e: empty l: local (client) jid bl: bare local jid dl: domainpart of local jid s

Re: [jdev] [Security] Spoofing of iq ids and misbehaving servers

I've filed tickets today for: XMPPFramework: https://github.com/robbiehanson/XMPPFramework/issues/300 Strophe.js: https://github.com/strophe/strophejs/issues/56 SleekXMPP: https://github.com/fritzy/SleekXMPP/issues/278 Miranda-NG: http://trac.miranda-ng.org/ticket/569 A ticket for SMACK already

Re: [jdev] [Security] Spoofing of iq ids and misbehaving servers

On 1 feb. 2014, at 10:47, Alexander Holler hol...@ahsoftware.de wrote: Am 31.01.2014 22:51, schrieb Thijs Alkemade: These use an incrementing counter to generate ids, starting from 0. This means that, for example, roster retrieval always gets the same id and could be spoofed by a fast

Re: [jdev] [Security] Spoofing of iq ids and misbehaving servers

On 1 feb. 2014, at 12:54, Alexander Holler hol...@ahsoftware.de wrote: Am 01.02.2014 12:46, schrieb Thijs Alkemade: On 1 feb. 2014, at 10:47, Alexander Holler hol...@ahsoftware.de wrote: Am 31.01.2014 22:51, schrieb Thijs Alkemade: These use an incrementing counter to generate ids

Re: [jdev] [Security] Spoofing of iq ids and misbehaving servers

To see which clients are vulnerable, I spent some time looking over the source code of various libraries and clients. For most of these it was the first time I've looked at the source (or even that programming language), so I may have overlooked something. Every single one of them had a way to

Re: [jdev] [Security] Spoofing of iq ids and misbehaving servers

On 30 jan. 2014, at 16:36, Alexander Holler hol...@ahsoftware.de wrote: Am 30.01.2014 13:49, schrieb Thijs Alkemade: Then we have Facebook. All replies to iqs without 'to' have from='chat.facebook.com': C: iq type='get' id='purple3a6232a6'ping xmlns='urn:xmpp:ping'//iq S: iq from

Re: [jdev] manifesto DANE does not cut it

On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote: Hi On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si...@buddycloud.com wrote: I don't think anyone here is advocating for downgrading security or not respecing human rights. I do think that we're being pretty

Re: [jdev] manifesto DANE does not cut it

On 19 nov. 2013, at 14:07, Ralf Skyper Kaiser sky...@thc.org wrote: Hi, On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade th...@xnyhps.nl wrote: On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser sky...@thc.org wrote: Hi On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant si

Re: [jdev] manifesto 0.4

On 7 nov. 2013, at 20:50, Alexander Holler hol...@ahsoftware.de wrote: up to date is the keyword here. E.g. squeeze is still supported but it's openssl doesn't support TLSv1.2. And even if it would be EOL, I would like it, if I would have the freedom to choose myself, when I stop using it.

Re: [jdev] manifesto 0.4

On 6 nov. 2013, at 21:23, Philipp Hancke fi...@goodadvice.pages.de wrote: Am 06.11.2013 21:02, schrieb Alexander Holler: Not exactly the same, but I don't like the part or require cipher suites that enable forward secrecy for the same reason. OpenSSL 1.x isn't around that long, and there

Re: [jdev] manifesto 0.4

On 30 okt. 2013, at 15:53, Tomasz Sterna to...@xiaoka.com wrote: Dnia 2013-10-30, śro o godzinie 01:21 +0100, Mathieu Pasquet pisze: Dropping SSLv2 is all good and I’m not even sure why SSLv2 was supported initially (doesn’t xmpp appear after SSLv3 was standardized?), but dropping SSLv3,

Re: [jdev] manifesto 0.4

On 30 okt. 2013, at 11:42, Dave Cridland d...@cridland.net wrote: On Wed, Oct 30, 2013 at 12:44 AM, Thijs Alkemade th...@xnyhps.nl wrote: So far, two tests have shown a server supported SSLv3 but not TLS 1.0, both for c2s to palemoon.net: Drifting from the topic, I know, but just

Re: [jdev] manifesto 0.4

On 30 okt. 2013, at 01:21, Mathieu Pasquet mathi...@mathieui.net wrote: Dropping SSLv2 is all good and I’m not even sure why SSLv2 was supported initially (doesn’t xmpp appear after SSLv3 was standardized?), but dropping SSLv3, while also a good idea, might cause issues with lots of servers

Re: [jdev] Securing XMPP

On 6 sep. 2013, at 20:04, Peter Saint-Andre stpe...@stpeter.im wrote: On 9/6/13 10:40 AM, Peter Saint-Andre wrote: On 8/28/13 10:14 AM, Simon Tennant wrote: I'm attempting to gather the details in one place on how to secure XMPP servers C2S and S2S traffic:

Re: [jdev] Securing XMPP

On 6 sep. 2013, at 22:24, Dave Cridland d...@cridland.net wrote: I may be talking rubbish, but shouldn't the server be overriding the client's order by default anyway? Practically no server overrides the client's preference. I noticed only ~3 non-public servers do it. I'm really not sure

Re: [jdev] Securing XMPP

On 28 aug. 2013, at 18:33, Peter Saint-Andre stpe...@stpeter.im wrote: On 8/28/13 10:28 AM, Matthew Wild wrote: On 28 August 2013 17:14, Simon Tennant si...@buddycloud.com wrote: I'm attempting to gather the details in one place on how to secure XMPP servers C2S and S2S traffic:

Re: [jdev] js library for client side XMPP and DNS SRV

On 3 apr. 2012, at 18:38, Kevin Smith wrote: On Tue, Apr 3, 2012 at 5:27 PM, bear bea...@gmail.com wrote: The Mozilla folks are testing an addon to Thunderbird that will allow IM capabilities (see http://blog.instantbird.org/ for info) While that alone is a good reason for me to post here

[jdev] XEP 0172 in MUCs

Hello, As a client developer, I'm a bit confused about how XEP 0172 (User Nickname) is intended to be used with MUCs. From the XEP: A user MAY specify his or her persistent nickname as well. This may be desirable because the user's preferred room nickname is already taken or because the