[Ach] Removed prosody

Matthew Wild mwild1 at gmail.com
Mon Mar 2 20:43:35 CET 2015


On 2 March 2015 at 18:20, micah <micah at riseup.net> wrote:
>
> Matthew Wild <mwild1 at gmail.com> writes:
>
> > And the other problem is... even though they appear to be the
> > defaults, Pepi's configuration has a mistake in it.
>
> What is that mistake?


I intentionally didn't say, as the point of my post is that it's a
general mistake to try specifying those options in the first place.

However since you asked, it's that the curve parameter is not quoted.
It makes no difference to security in this case (if it did I would
have certainly let Pepi know privately), because it is set to the
default anyway.

> For additional security, I recommend disabling the 'version' module
> (people dont need to determine the operating system version of the xmpp
> server), 'time' (especially when running a tor hidden service), and
> 'pep' modules (this sends special XMPP messages that aren't being
> handled by OTR, has potential for leaks).

Just so you know, the version module in Prosody doesn't report the OS
version (I've seen servers that return the kernel version and all
kinds of weird info). We just say "Linux", "Windows", etc. which is
generally discoverable via other means anyway.

The time module, I'm curious to hear your thoughts on. We always
return the time in UTC, so timezone should not be leaked if the OS is
properly configured. It's also only accurate to 1s. Do you think this
is a problem?

PEP isn't covered by OTR, but it was designed as an alternative to
clients putting the same data into their presence (which also isn't
covered by OTR). Not sure what you're worried about leaking via PEP,
but maybe we could fix those specific things? Otherwise I think it's a
backwards step for the protocol. PEP is also used as the basis for
some "post OTR" end-to-end encryption protocols that are being
proposed.

Obviously if security is your only objective, sure... I definitely
agree with the general principle of disabling as much as you can. This
is one reason for why we keep Prosody strictly modular (as well as
being able to build stripped configurations to run on low-resource
systems).

Regards,
Matthew



More information about the Ach mailing list