headers
Soumyadipta De | 1 Aug 12:06

Check out my photos on Facebook

facebook
Soumyadipta De has:
11 friends
0 photos
0 notes
0 wall posts
0 groups

Check out my photos on Facebook


Hi jdev <at> jabber.org,

I set up a Facebook profile where I can post my pictures, videos and events and I want to add you as a friend so you can see it. First, you need to join Facebook! Once you join, you can also create your own profile.

Thanks,
Soumyadipta

To sign up for Facebook, follow the link below:
http://www.facebook.com/p.php?i=618585920&k=Z3FTY3PXV52NUDC1RB5UX4&r

See who else has invited you to Facebook:
Syed Hammad Ahmed
507 friends
3 photos		 Mike Mendel
11 friends
 Leonardo Vanegas
257 friends
25 photos
jdev <at> jabber.org was invited to join Facebook by Soumyadipta De. If you do not wish to receive this type of email from Facebook in the future, please click here to unsubscribe.
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304		 
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 0 comments |
headers
Jonathan Dickinson | 3 Aug 22:21
Picon
Gravatar

Re: Check out my photos on Facebook

Seems a little desperate/lonely... Opted out from Facebook notifications - shouldn't happen again.

From: Soumyadipta De <invite+m~hw3mwi <at> facebookmail.com>
Sent: Saturday, August 01, 2009 12:06 PM
To: Jdev <at> jabber.org <jdev <at> jabber.org>
Subject: [jdev] Check out my photos on Facebook

facebook
Soumyadipta De has:
11 friends
0 photos
0 notes
0 wall posts
0 groups

Check out my photos on Facebook


Hi jdev <at> jabber.org,

I set up a Facebook profile where I can post my pictures, videos and events and I want to add you as a friend so you can see it. First, you need to join Facebook! Once you join, you can also create your own profile.

Thanks,
Soumyadipta

To sign up for Facebook, follow the link below:
http://www.facebook.com/p.php?i=618585920&k=Z3FTY3PXV52NUDC1RB5UX4&r

See who else has invited you to Facebook:
Syed Hammad Ahmed
507 friends
3 photos		 Mike Mendel
11 friends
 Leonardo Vanegas
257 friends
25 photos
jdev <at> jabber.org was invited to join Facebook by Soumyadipta De. If you do not wish to receive this type of email from Facebook in the future, please click here to unsubscribe.
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 0 comments |
headers
Ilya Braude | 12 Aug 20:41

PubSub spec clarification

I am looking closely at the XEP-0060 spec's feature listings: 
http://xmpp.org/extensions/xep-0060.html#registrar-features

Should '#manage-subscription' be '#manage-subscriptions' (note the extra 
's' in the end) the following?

<var>
  <name>http://jabber.org/protocol/pubsub#manage-subscription</name>
  <desc>Node owners may manage subscriptions.</desc>
  <doc>XEP-0060</doc>
</var>

Ilya
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 1 comment |
headers
Peter Saint-Andre | 12 Aug 20:59
Favicon

Re: PubSub spec clarification


On 8/12/09 12:41 PM, Ilya Braude wrote:
> I am looking closely at the XEP-0060 spec's feature listings:
> http://xmpp.org/extensions/xep-0060.html#registrar-features
> 
> Should '#manage-subscription' be '#manage-subscriptions' (note the extra
> 's' in the end) the following?
> 
> <var>
>  <name>http://jabber.org/protocol/pubsub#manage-subscription</name>
>  <desc>Node owners may manage subscriptions.</desc>
>  <doc>XEP-0060</doc>
> </var>

Correct. Fixed in my working copy.

Peter

--
Peter Saint-Andre
https://stpeter.im/
Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 13 Aug 18:42
Favicon

[Fwd: [Members] Board and Council Elections]


FYI.

-------- Original Message --------
Subject: [Members] Board and Council Elections
Date: Thu, 13 Aug 2009 09:42:05 -0600
From: Peter Saint-Andre <stpeter <at> stpeter.im>
Reply-To: XSF Members <members <at> xmpp.org>
To: XSF Members <members <at> xmpp.org>

In the member meeting last week, we decided on the following schedule
for the upcoming Board and Council elections:

Now - September 11: accept candidates via
http://wiki.xmpp.org/web/Board_and_Council_Elections_2009

September 14 - 30: proxy voting via memberbot

October 1: hold official member meeting in
xmpp:foundation <at> conference.jabber.org

I shall blog about this at http://blog.xmpp.org/ on August 31 or
thereabouts.

Peter
Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 26 Aug 22:31
Favicon

wildcards vs. multiple certs


Recently I have been working with StartCom regarding the XMPP ICA, and
an issue has arisen regarding the representation of multiple domain
names (e.g., the bare domain and various subdomains) in certificates.
Traditionally we have allowed wildcards in the Class 1 certificates
issued by the ICA. However, more and more attacks have been observed in
the HTTP world with wildcard certs (cf. the recent Black Hat
conference). Although such attacks have not yet been observed in the
XMPP world, it is likely that we will end the practice of issuing Class
1 wildcard certificates (however they might be issued for Class 2 certs,
which require stronger validation of the requesting entity).

As a result, it is possible that admins might feel the need to request
multiple Class 1 certs in order to deploy an XMPP service (if they are
not able to obtain a Class 2 certificate). For example, at the
jabber.org service we might use one Class 1 certificate for the domain
name "jabber.org" and another Class 1 certificate for the domain name
"conference.jabber.org". This would require our XMPP server software to
present the "jabber.org" certificate when a peer server attempts to open
an s2s connection to the jabber.org domain, whereas it would present the
"conference.jabber.org" certificate when someone from a peer server
attempts to join a chatroom at the conference.jabber.org MUC service. I
do not know of any XMPP server software that can present two (or more)
different certs for s2s connections depending on the domain name
specified by the peer server.

How would current servers handle this? Do we really need to worry about
this problem, or shall we just tell administrators of XMPP services that
host multiple domain names to obtain Class 2 certificates (at least from
the XMPP ICA)? Clearly DNA [1] would help here but it's not close to done.

Peter

[1] http://xmpp.org/extensions/inbox/dna.html
Permalink | Reply | 5 comments |
headers
Justin Karneges | 26 Aug 22:39
Favicon
Gravatar

Re: wildcards vs. multiple certs

On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
> As a result, it is possible that admins might feel the need to request
> multiple Class 1 certs in order to deploy an XMPP service (if they are
> not able to obtain a Class 2 certificate). For example, at the
> jabber.org service we might use one Class 1 certificate for the domain
> name "jabber.org" and another Class 1 certificate for the domain name
> "conference.jabber.org". This would require our XMPP server software to
> present the "jabber.org" certificate when a peer server attempts to open
> an s2s connection to the jabber.org domain, whereas it would present the
> "conference.jabber.org" certificate when someone from a peer server
> attempts to join a chatroom at the conference.jabber.org MUC service. I
> do not know of any XMPP server software that can present two (or more)
> different certs for s2s connections depending on the domain name
> specified by the peer server.

You can put many names into one cert.  For a short set of domains, this ought 
to be practical.

-Justin
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 1 comment |
headers
Stardock Technical Support | 26 Aug 22:40
Favicon

[#EIU-300999]: wildcards vs. multiple certs

Jabber/XMPP software development list,
Your Ticket has been received and a member of our staff will review it and reply accordingly.

Important! Please be aware of the following criteria while utilizing Stardock's technical support system:
  • To expedite attention to your inquiry, refrain from submitting additional emails prior to receiving a response from our technical support staff.
  • Ensure the Ticket ID remains in the email's SUBJECT LINE at all times
  • Please allow up to two business days for a response.
You can always visit our forums and FAQ portions of our website for additional information found at:
http://www.stardock.com/forums
http://forums.wincustomize.com/
http://forums.impulsedriven.com/
http://esupport.stardock.com/index.php?_m=knowledgebase&_a=view


Listed below are details of this Ticket.

   Ticket ID: EIU-300999
   Subject: [jdev] wildcards vs. multiple certs
   Department: Support - General
   Priority: Received
   Status: Open

You can check the status or reply to this ticket online at: http://esupport.stardock.com/
   Email: jdev <at> jabber.org
   Password: 88268d2d

Please do let us know if we can assist you any further,

Stardock Corporation
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 0 comments |
headers
Peter Saint-Andre | 26 Aug 22:50
Favicon

Re: wildcards vs. multiple certs


On 8/26/09 2:39 PM, Justin Karneges wrote:
> On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
>> As a result, it is possible that admins might feel the need to request
>> multiple Class 1 certs in order to deploy an XMPP service (if they are
>> not able to obtain a Class 2 certificate). For example, at the
>> jabber.org service we might use one Class 1 certificate for the domain
>> name "jabber.org" and another Class 1 certificate for the domain name
>> "conference.jabber.org". This would require our XMPP server software to
>> present the "jabber.org" certificate when a peer server attempts to open
>> an s2s connection to the jabber.org domain, whereas it would present the
>> "conference.jabber.org" certificate when someone from a peer server
>> attempts to join a chatroom at the conference.jabber.org MUC service. I
>> do not know of any XMPP server software that can present two (or more)
>> different certs for s2s connections depending on the domain name
>> specified by the peer server.
> 
> You can put many names into one cert.  For a short set of domains, this ought 
> to be practical.

True, as long as your CA honors the CSR you provide. So perhaps this is
a non-issue...

Peter

--
Peter Saint-Andre
https://stpeter.im/
Permalink | Reply | 0 comments |
headers
Philipp Hancke | 27 Aug 07:14
Picon

Re: wildcards vs. multiple certs

Peter Saint-Andre wrote:
[...]
> As a result, it is possible that admins might feel the need to request
> multiple Class 1 certs in order to deploy an XMPP service (if they are
> not able to obtain a Class 2 certificate). For example, at the
> jabber.org service we might use one Class 1 certificate for the domain
> name "jabber.org" and another Class 1 certificate for the domain name
> "conference.jabber.org". This would require our XMPP server software to
> present the "jabber.org" certificate when a peer server attempts to open
> an s2s connection to the jabber.org domain, whereas it would present the
> "conference.jabber.org" certificate when someone from a peer server
> attempts to join a chatroom at the conference.jabber.org MUC service. I
> do not know of any XMPP server software that can present two (or more)
> different certs for s2s connections depending on the domain name
> specified by the peer server.

This is how Matthias implemented s2s TLS in jabberd.

> How would current servers handle this? Do we really need to worry about

Nobody cares about the content of s2s certificates when connecting to a
remote domain. Therefore nobody bothers to present the right certificate.

philipp

_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe <at> jabber.org
_______________________________________________
Permalink | Reply | 1 comment |

Gmane