Recent searches
Search options
#XSF Announcement
Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.
To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: https://certwatch.xmpp.net/
Many thanks to Stephen P. Weber (@singpolyma)!
Read two related blog posts:
http://blog.jmp.chat/b/certwatch/certwatch
@xmpp @singpolyma seems it does not follow cname? or it does not tell if domain is ok already?
@ruff
It should work, could you tell me what name you are trying to check for debugging? (as DM of you wish)
@xmpp @singpolyma
@Menel @xmpp @singpolyma ok perhaps it's caching more agressively than SOA TTL, I just set tlsa and checked - it was saying i should set tlsa, waited for ttl time, rechecked - still said I need to set tlsa. But today it's ok, shows green.
@xmpp @singpolyma An alternative form of MitM is Manipulator-in-the-middle.
I prefer it as it is (1) more accurate and (2) less focused on a gender („man“ being ambiguous in English here).
#XMPP #CertWatch said that »[My] settings are correct and no MITM was detected.« That's great.
It then continued with some #PubSub stuff and finally said »If you do not have a pubsub-capable client you can subscribe for text notifications by opening a chat with certwatch.xmpp.net and sending the message “subscribe <my xmpp server>”«.
My question is now: How do I open a chat with a hostname and not a JID?
My clients are #Gajim resp. #Conversations / #BlabberIM.
Anyone?
@kas
With my clients (#profanity and #conversations) I just open the chat the same way I would do it with a user@example.org JID. I just have to confirm that I really want to do this in conv.
@xmpp
@kas The hostname is also a valid JID.
@xmpp @singpolyma It throws a 504 error if your c2s ports aren’t open to all IP addresses. But once I relaxed my server’s firewall, it was fine.