#i2p-dev (irc2p) | 2.8.0-7-rc | Checkin deadline Fri. Mar. 14 | ACTION REQUIRED git.idk.i2p account deletion http://i2pforum.i2p/viewtopic.php?t=1312 | Upcoming reviews Tuesdays 8 PM UTC #ls2: prop 169 Mar. 18; prop. 167 Apr 1; prop. 163 Apr. 15

#i2p-dev

/2025/01/28

Online: 59

@eyedeekay

&eche|on

&kytv

&zzz

+R4SAS

+RN

+StormyCloud

+T3s|4

+acetone

+dr|z3d

+hagen

+hk

+lbt

+postman

+segfault

+wodencafe

Arch

Danny

DeltaOreo

FreefallHeavens_

Irc2PGuest10722

Irc2PGuest16699

Irc2PGuest27222

Irc2PGuest316

Irc2PGuest39482

Irc2PGuest59134

Irc2PGuest95432

Nausicaa

Onn4l7h

Onn4|7h

Sisyphus

Sleepy

Soni

T3s|4_

Teeed

aeiou

aisle1

ardu

b3t4f4c3__

bak83_

boonst

carried6590

cumlord

dickless

dr4wd3_

eyedeekay_bnc

orignal_

poriori

profetikla

qend-irc2p

radakayot_

rapidash

shiver_

solidx66

thetia

u5657

uop23ip_

w8rabbit

x74a6

RN hey mareki2p they're looking for more info from you

mareki2p I'm back, reading past conversation. The problem was that I wanted to send the CreateSession I2CP message, it contains destination, destination contains certificate. I attached type 5 certificate with zero/empty content. The i2pd worked just fine, java did not. This is my mistake. I should attach type 0 certificate instead. Maybe the docs is not comprehensive enough. Maybe I can not read the docs properly. I

mareki2p definitely don't think that "if it works on i2pd and not on java it must be my bug" as zzz said. My pull request improves this situation and allows type 5 certificate with zero/empty content with elgamal+dsa destinations. This is not bug fix, but improvement/enhancement.

zzz I added a note to the spec saying 'dont do that'

dr|z3d :)

RN isn't elgamal+dsa deprecated anyway?

dr|z3d DSA is only there to support legacy services.

dr|z3d ElGamal isn't yet deprecated, but orignal's pushing for deprecation.

RN ahh, that must be what I recall reading

StormyCloud zzz reseed is good. LetsEncrypt moved their signing provider which caused certbot to fail.

dr|z3d running python3-certbot-nginx StormyCloud?

mareki2p So if i2pd is accepting such I2CP messages (with type 5 certificate and zero bytes following) is i2pd wrong? Should new issue be raised against it?

StormyCloud No using acme

dr|z3d is nginx handling the server?

dr|z3d mareki2p: orignal's been told, but feel free to file a bug just to bring the message home :)

StormyCloud No haproxy is in front of everything

dr|z3d webserver is nginx or apache?

StormyCloud Neither? Just have haproxy infront of the reseed tools package.

dr|z3d ok

mareki2p I also noticed that if you have no I2CP username/password set on the server, the client can supply any name+pwd and everything succeeds. Is that intentional?

RN if the name is not registered by anyone then it just ingores the pw you are sending

RN you can for example try that with dr|z3d and a made up password. It will turn you into Irc2PGuest####

RN because dr|z3d is a registered nick, so the random password you provide won't likely match the one he chose

dr|z3d I2CP, not I2PIRC...

RN oh, oopsie

RN s/I2PIRC/IRC2P/

RN nevermind me mareki2p, I missread

RN ardu has a deepseek-abliterated model, I think that is same without the guardrails

RN oops, wrong window

RN *** should go take a break ***

orignal i2pd considers signature type 0 in cert as valid

orignal well ElGamal should be deprecated at lease on servers

mareki2p My issue is that I sent certificate type 5 with zero payload and i2pd accepted it, java did not. Java requires certificate type 0.

zzz wrong, his bug is that cert type 5 min payload is 4

zzz it would have worked if he got the payload right. but it still should be type 0

orignal if you send cert 5 with zero payload it's i2pd's bug

orignal it must be 4

zzz I didn't really catch it either, it just failed in a weird way

orignal muformaed certificate is another story

zzz guy still doesn't get it that it has to be 4

orignal *malformed

zzz so I just stick to short answer 'use type 0'

orignal he is right

orignal SigningKeyType IdentityEx::GetSigningKeyType () const

orignal {

orignal if (m_StandardIdentity.certificate[0] == CERTIFICATE_TYPE_KEY && m_ExtendedLen >= 2)

orignal return bufbe16toh (m_ExtendedBuffer); // signing key

orignal return SIGNING_KEY_TYPE_DSA_SHA1;

orignal }

orignal I do it this way, but it's not right

orignal e.g. if type is 5 and length is zero I will handle it as DSA

zzz yeah. but there's no requirement to catch every wrong thing, I wouldn't worry about it

orignal right

eyedeekay zzz merge 226 when you're ready