by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    HearthSim Bot
    @hsimbot
    binki If you’re doing dynamic idP lookup, the security problems all lie with the idP itself
    binki Ah
    Stavros Korokithakis
    @skorokithakis
    they do, i'm just not sure how that case is handled
    HearthSim Bot
    @hsimbot
    binki So we have to decide what values a WebFinger impelmentation is allowed to have authority over
    Stavros Korokithakis
    @skorokithakis
    possibly, but it's a bit more than that, because i can't believe that the standard is so badly written that it would allow evildomain.com to authenticate for gmail.com
    HearthSim Bot
    @hsimbot
    callahad Ugh. You're right.
    onli like not changing the domain
    binki I think we could do something similar to rDNS verification: evil.com/.well-known/ returns @mozilla.com, you just now do a lookup mozilla.com/.well-known/webfinger?resource=email@mozilla.com and see if you get the same answer
    Stavros Korokithakis
    @skorokithakis
    binki: i think the standard will specify something like that
    already, i mean
    HearthSim Bot
    @hsimbot
    callahad I think that's still an unfixed bug in Persona. The whole frontend just locks up if you get a different address back
    binki OK
    Stavros Korokithakis
    @skorokithakis
    callahad: i seem to recall doing that and Persona working fine, but i'm not sure
    HearthSim Bot
    @hsimbot
    binki skorokithakis: I need to read the specs more fully before going ahead because I wasn’t looking for that sort of thing
    callahad I'd like to maintain our V1 milestone as just Gmail + SMTP, since we fully understand those
    callahad But I'd love to have a well thought out plan for V2 regarding webfinger / oidc discovery / whatever. binki, sounds like you're well on that path :)
    binki ^^
    onli But if it proves to be easy and overseeable enough, I don't see much harm in adding the webfingers discovery
    onli yes, the issue mentioned, btu that is defineable
    HearthSim Bot
    @hsimbot
    callahad Yep! We can always start with a restricted set
    callahad But, I wouldn't block release on that, if we can get Gmail + SMTP solid
    onli agreed
    onli (I just mainly don'T want to block blinki to commit something to the daemon if he has soemthign that works)
    callahad +1
    onli okay. I'll try to make the demo a bit rounder
    HearthSim Bot
    @hsimbot
    onli I pinged a friend of mine who wanted to get more into OSS to make a modul, but he just left for a holiday
    onli we will maybe need to do some mroe on our own
    callahad The more the merrier at this point
    callahad I'll spend the rest of the day on the renaming + GH issuing
    onli :)
    HearthSim Bot
    @hsimbot
    onli some small modifications because of the renaming are done in the demo, have alook at http://46.101.233.179:9000/
    HearthSim Bot
    @hsimbot
    binki Err, I set channel #portier to have same founders as this one. Probably a bit forward of me, but should stop squatters/avoid need for freenode staff help
    onli good thinking
    HearthSim Bot
    @hsimbot
    callahad binki++
    HearthSim Bot
    @hsimbot
    jleclanche callahad: i missed it, i thought we were going with resona ;p
    jleclanche portier sounds fine too i suppose :)
    callahad jleclanche: Enough people weren't super excited about Resona ;)
    jleclanche psht ):
    callahad jleclanche: I also like the idea of portierd as the daemon. It's 8 characters, ends with a "d". Classic *nix naming, right there.
    jleclanche hehe
    HearthSim Bot
    @hsimbot
    jleclanche callahad: did LE get back to you on Lets Auth?
    callahad jleclanche: Yeah, they weren't too jazzed about that, either ;)
    callahad Let me find the quote
    callahad jleclanche: "We very strongly prefer that you not call it Let's Auth."
    jleclanche fair enough
    onli
    @onli
    I created a new gitter org and channel: https://gitter.im/portier/Lobby
    HearthSim Bot
    @hsimbot
    onli hm
    HearthSim Bot
    @hsimbot
    jleclanche onli: im here
    jleclanche onli: see my email reply