https://logs.xmpp.org/council/2020-06-24?p=h#2020-06-24-6e8f090f197f854e
1) Roll Call Present: Zash, Georg, Daniel, Jonas, Dave 2) Agenda Bashing No changes. 3) Editor's Update * Calls in progress - LC for XEP-0338 (ends on 2020-06-30) 4) PR #963 (XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails) - https://github.com/xsf/xeps/pull/963 Jonas notes a concern raised on the mailing list about this opening up a downgrade attack vector [1], but hasn't had time to look into that yet. Georg thinks "MUC reflection" is relevant - Jonas doesn't think it helps if there is a very unequally distributed S2S failure. Georg would appreciate input from people who are into server development and SASL and Dialback things - Zash supposes it reflects reality, except that Dialback is rare these days given the success of Let's Encrypt (and their verification is somewhat equivalent to Dialback, so doesn't really think it's a downgrade attack). Georg thinks both methods fail if one assumes the attacker is on the network path between you and the server. Georg suggests moving this discussion to the list and explicitly asking for input from server developers - Jonas agrees, and thinks it would be great if somebody could start that thread right away. Dave doesn't think it's a downgrade attack and will start a thread explaining why in more detail. Jonas: [on-list] Zash: [on-list] Georg: [on-list] Dave: +1 Daniel: [pending] 5) Outstanding Votes Everyone is up-to-date - back-pats all round! 6) Date of Next 2020-07-01 1500 UTC 7) AOB Jonas asks Dave for news on the much anticipated Mandatory Fun Council Team-Building Exercise video call - Dave remembers having scribbled down a reminder to arrange it. 8) Close Thank you everyone, Jonas, Tedd, everyone, all, Jonas, and Tedd. [1] https://mail.jabber.org/pipermail/standards/2020-June/037592.html
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
