[01:22] <teward> mdeslaur: RE: CVE-2021-3618, for NGINX, it looks like only released mitigations for the mail proxy mechanisms.  These are shipped as available by default, but the default nginx.conf does not include them anywhere.
[01:22] <ubottu> ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the auth... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618>
[01:22] <teward> just for you to make some notes on that CVE in the tracker
[01:22] <teward> (if necessary)
[10:41] <mdeslaur> teward: thanks, I added a note
[16:14] <hallyn> hm, anyone here know where to find Balint (debian shadow maintainer) on irc?  His email address is bouncing...
[18:41] <sarnold> hallyn: I haven't seen him on irc in ages; there's a few email addresses on launchpad, and I'm 90% sure I saw him leave a comment on a bug report in the last week, so probably one of them still works ;)  https://launchpad.net/~rbalint
[19:34] <hallyn> sarnold: thanks.  i have a feeling they all redirect to his gmail account :(
[19:40] <hallyn> but i guess i'd misread - i thought that gmail account was gone, but i guess gmail is just not happy with the message.  Maybe because it was forwarded?  I can email my own gmail account from my personal email just fine.
[19:41] <teward> hallyn: if you're sending from @ubuntu.com or @canonical.com redirects break hard
[19:41] <teward> that's a known issue IS is working on trying to solve with some kind of SMTP server with auth for those of us using @ubuntu.com aliases
[19:41] <teward> just an FYI ;)
[19:41] <teward> (Google blocks emails from @ubuntu.com because there's zero authentication/authorization controls on it)
[19:50] <hallyn> teward: no i sent it from my firstname at lastname dot com home account, and to his advertised .hu email.  maybe google got angry at .hu?  i dunno
[19:50] <teward> *shrugs* they probably don't like any redirects that are blind redirects
[19:51] <hallyn> what's great though is that i know most ppl would say that the obvious answer is for me to use a largecorp email like gmail, rather than for others to use non-largecorp-controlled emails :)
[19:51] <hallyn> pretty sure he's had this mail fwd in place for a long time, so this is some kind of change over at gmail
[19:52] <hallyn> i mean, for the better,of course.  no doubt.  
[21:35] <jdstrand> a /win 12