Nginx Konfiguration

Nur ein kleiner Hinweis für alle, die schon mal beim Aufruf einer Webseite über einen


Error im Browser gestolpert sind. Ich habe jetzt schon mehrfach feststellen müssen, dass der folgende Nginx-Konfigurationsparameter

ssl_session_tickets off;

der Auslöser dieses Übels ist. Kurioserweise kommt Safari damit klar, Firefox, Chrome und Vivaldi scheitern daran aber mit obiger Fehlermeldung.

[ #nginx #error #webserver #konfiguration #protocol #ssl ]


De protocolos y alianzas en las redes sociales libres

À propos des protocoles et des alliances des réseaux sociaux libres

About protocols and alliances in free social networks

ES: Quién "habla" qué protocolo y quién está federado con quién. FR: Qui "parle" quel protocole et qui est fédéré avec qui. EN: Who's "speaking" what protocols and who's federated with whom.

Source: Mike Macgirvin in RedMatrix https://macgirvin.com/channel/mike/?f=&mid=a167ea295beeca0389a34a97c94c987765375a31fc49a090d8602278dbc319fc@macgirvin.com

#protocolo #protocolos #protocol #protocols #protocole #protocoles #internet #redessociales #redes-sociales #redsocial #red-social #socialmedia #social-media #social-networks #social-network #socialnetworks #socialnetwork #réseaux-sociaux #reseaux-sociaux #réseauxsociaux #reseauxsociaux #réseau-social #réseausocial #reseausocial #fediverse #federación #lafederación #thefederation #the-federation #federation #fédération #la-fédération #lafédération #GNUSocial #GNU-Social #Pleroma #postActiv #Quitter #Mastodon #Friendica #Hubzilla #RedMatrix #Diaspora #SocialHome #GangGo #NextCloud #IndieWeb #MediaGoblin #Pumpio #Pump-io


Introducing (n+1)sec – a #protocol for distributed multiparty chat #encryption


Jason Robinson

Introducing (n+1)sec – a protocol for distributed multiparty chat encryption


Today we present (n+1)sec, a free (libre), end-to-end secure, synchronous protocol for group chat developed by eQualit.ie with support from the Open Technology Fund. After 2 years of design, development and testing, we are releasing the (n+1)sec protocol and library for securing group conversations on various messaging systems, like Jabber/XMPP or IRC. Following a protocol and cryptographic review by the NCC Group, we are looking forward to its implementation in as many chat clients as possible.

Distributed encryption for federated group chat

Considering the times we live in, people tend to rely more and more on encrypted chat for communicating securely with their friends and colleagues. Some of the most secure communication tools have been conceived for this kind of interaction online, including the widespread OTR (off-the-record) and Signal protocols. Our aim was to complement and build on these technologies, offering communication and privacy properties to which these protocols currently did not cater. For example, OTR has been around for over a decade and is built into many desktop and mobile messaging platforms. Its encryption capabilities however are limited to conversations between two people, and cannot be used for a group of three or more. The Signal protocol has been implemented in Signal, WhatsApp, Facebook messenger and many other tools, reaching over a billion users. It is an incredibly powerful solution but it is reliant on asynchronous communication and is therefore also dependent on the messaging platform — a central server that can become a single point of failure (or metadata collection).

These were the starting points for eQualit.ie when considering the (n+1)sec design – we wanted a tool as flexible as OTR that could offer groups and organizations a secure way of communicating and coordinating, respecting federation for messaging protocols and adhering to end-to-end encryption properties for privacy. Our final protocol has the following security properties for group messaging:

  • Confidentiality: the conversation is not readable to an outsider
  • Forward secrecy: conversation history remains unreadable to an outsider even if participants’ encryption keys are compromised
  • Deniable authentication: Nobody can prove your participation in a chat
  • Authorship: A message recipient can be assured of the sender’s authenticity even if other participants in the room try to impersonate the sender
  • Room consistency: Group chat participants are confident that they are in the same room
  • Transcript consistency: Group chat participants are confident that they are seeing the same sequence of messages

Can i test it?

To be sure that (n+1)sec did what we wanted it to do, we have developed an internal dogfooding client in the form of a Pidgin plugin. It is experimental and you shouldn’t rely on it for security – or even stable communications – but it is a good demonstration of how (n+1)sec works. There is a public server set-up for testing it with your friends and colleagues. You can also run the software with any Jabber/XMPP server you already have.

We also wrote a command line client, called Jabberite. It’s in the main (n+1)sec repository and can be used, for instance, with EchoChamber, a testing platform for the (n+1)sec protocol that simulates network conditions and peer behaviour to produce programmer-friendly benchmark data.

How can I help?

Now that a first protocol for secure distributed multiparty chat exists, we would love to see it implemented and used! If you are interested in making this happen, you can give us a precious hand: testing, bugtracking, and of course further development are welcome. The code is out there — just check it out! And of course if you have any feedback you don’t think fits in a public Github repository, you can always write to us through our contact form https://equalit.ie/#contact.

MORE: https://github.com/equalitie/np1sec https://github.com/equalitie/np1sec-test-client


Представлен (n+1)sec, протокол для создания защищённых децентрализованных чатов

После двух лет проектирования, разработки и тестирования прототипов представлен новый протокол для создания защищённых групповых чатов - (n+1)sec. Библиотека с эталонной реализаций протокола распространяется под лицензией LGPLv3. Для тестирования предлагается экспериментальное клиентское ПО, которое оформлено в виде плагина для системы мгновенного обмена сообщениями Pidgin и может работать с любым сервером Jabber/XMPP. Дополнительно предоставляется простой клиент Jabberite, работающий в режиме командной строки, и симулятор EchoChamber.

Протокол обеспечивает оконечное шифрование (end-to-end, вся информация шифруется на стороне клиента), обеспечивает синхронный режим передачи сообщений и по решаемым задачам во многом напоминает протоколы OTR (Off-the-Record Messaging) и Signal:

Как и OTR протокол (n+1)sec также ориентирован на создание защищённых коммуникаций поверх существующих инфраструктур чатов, таких как XMPP, что позволяет интегрировать поддержку (n+1)sec в любое клиентское ПО на базе данных систем. Ключевое отличие заключается в том, что OTR рассчитан на обмен сообщениями между двумя участниками, в то время как (n+1)sec нацелен на создание децентрализованных чатов, в которых может общаться произвольное число людей.

Протокол Signal поддерживает групповые чаты с end-to-end шифрованием, но позволяет передавать сообщения только в асинхронном режиме и привязан к централизованным серверам платформ обмена сообщениями в которых он используется, что создаёт единую точку отказа и может использоваться для сбора метаданных о пользователях.

Ключевые возможности протокола (n+1)sec:

  • Конфиденциальность - содержимое доступно только участникам чата. Сторонний наблюдатель не может прочитать сообщения;
  • Совершенная прямая секретность (Forward secrecy) - перехваченный трафик с прошлой перепиской нельзя расшифровать даже после получения закрытых ключей участников чата;
  • Аутентификация с отречением (Deniable authentication) - во время чата обеспечивается проверка подлинности сообщений, но после чата третье лицо не имеет возможность доказать авторство сообщений участников;
  • Подтверждение авторства - получатель сообщения может быть уверен в подлинности отправителя, не допуская ситуации, когда кто-то другой попытается выдать себя за отправителя;
  • Целостность комнат для чата - участники группового чата могут быть уверены, что они находятся в одной комнате чата;
  • Единый порядок сообщений - участники группового чата могут быть уверены, что всем сообщения приходят в том же порядке.


#internet #web #protocol #security #privacy #xmpp #jabber #chat #multichat #otr #pidgin

np1sec - A library for off-the-record (deniable authenticated forward secure confidential) multiparty messaging

Rami Rosenfeld

federation v0.14.1 released

This release includes an important #Diaspora #protocol related #security fix adding checks so that payloads cannot be sent with objects referencing another identity. Basically this means that a post payload has to have the same author in the object as it has as the sender. The exception is relayables, which are commonly sent by someone else and authored by another person. This the patch release since the latter had to be fixed due to regression.

federation is a #Python library that offers the Diaspora protocol via an opinionated API, aiming to combine multiple protocols under one API in the future.



[0.14.1] - 2017-08-06


  • Fix regression in handling Diaspora relayables due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.

[0.14.0] - 2017-08-06


  • Add proper checks to make sure Diaspora protocol payload handle and entity handle are the same. Even though we already verified the signature of the sender, we didn't ensure that the sender isn't trying to fake an entity authored by someone else.

    The Diaspora protocol functions message_to_objects and element_to_objects now require a new parameter, the payload sender handle. These functions should normally not be needed to be used directly.


  • Breaking change. The high level federation.outbound functions handle_send and handle_create_payload signatures have been changed. This has been done to better represent the objects that are actually sent in and to add an optional parent_user object.

    For both functions the from_user parameter has been renamed to author_user. Optionally a parent_user object can also be passed in. Both the user objects must have private_key and handle attributes. In the case that parent_user is given, that user will be used to sign the payload and for Diaspora relayables an extra parent_author_signature in the payload itself.

#thefederation #federation

Python library for abstracting social federation protocols

Jason Robinson

Social-Relay version 1.4.0 released

This release adds compatibility with the latest #Diaspora #protocol changes. Also now Social-Relay will verify received payloads to ensure receivers get payloads from only resolvable valid senders.


What is the relay system?

The #relay system handles distribution of public content using the #Diaspora protocol. This helps new nodes get into the network and allows subscribing to hashtags from around the network. This is an unofficial network addition not directly related to the Diaspora protocol or project itself.

If as a #podmin you want to hook up to the relay system, do as follows:

  • Enable your outbound/inbound relay configuration in your Diaspora pod settings or for #Friendica / #Hubzilla check your own settings/documentation on how to do it.
  • Ensure your node is registered at The-Federation.info. The relay system polls this list for nodes to check.
  • Profit within one hour!

Discuss and improve

Let me know if you have ideas for improving the relay system or just questions about it. Contact me here, GitHub issues or via IRC.



  • Accept new style Diaspora public payloads without xml=payload form data.
  • Add profile model. Store remote profile handle + public key for later use, since we don't want to always fetch them.
  • Start validating signatures in sent payloads. This requires fetching remote profiles. Closes #31.

Ping @{David Morley; davidmorley@diasp.org}

social-relay - Public post relay for the Diaspora federated social network protocol

Jason Robinson