@eyedeekay
&zzz
+R4SAS
+RN
+StormyCloud
+T3s|4
+acetone
+altonen
+dr|z3d
+hk
+lbt
+orignal
+postman
+radakayot
+snex
+weko
+wodencafe
Arch
BravoOreo
Dann
FreeB
FreefallHeavens_
Irc2PGuest11045
Irc2PGuest27999
Irc2PGuest28584
Irc2PGuest3338
Irc2PGuest59134
Irc2PGuest82579
Onn4l7h
Onn4|7h
Sleepy_
Soni
T3s|4_
Teeed_
aeiou_
aisle1
ardu
b3t4f4c3___
bak83
dickless
dr4wd3
enoxa
eyedeekay_bnc
hagen_
not_bob_afk
phil
plap
poriori_
profetikla
qend-irc2p
rapidash
solidx66_
u5657
uop23ip
w8rabbit
x74a6h
orignal
I intentinally try it using curl
dr|z3d
well, anyways, you don't want to strip all the X-I2P request headers, they're useful.
orignal
what if I need to because my http is shit?
orignal
http server
dr|z3d
then fix your http.
orignal
there are different situation
snex
how can a server crash because a header lol
orignal
say, I'm running on a router or kettle
orignal
or something like this
orignal
it doesn't crash
RN
privoxy is on the wrong end of this, if I get what you mean...
orignal
it closes connection
dr|z3d
sure, then you'd use lighthttpd or nginx.
orignal
because it thinks it's malformed request
dr|z3d
then it's broken.
dr|z3d
or you've configured it wrong.
orignal
well it handles regular http requests
snex
submit github issue to their repo. their shit is broken
orignal
ofc
orignal
but again say if I meet such shit somewhere else?
snex
uninstall things that dont work
orignal
actually it doesn't like X-I2P-DestB64 because it's length
dr|z3d
you might be able to bump up the header buffers.
orignal
512 bytes max
dr|z3d
bump them up to 4K or more.
orignal
nope. it should be unlimited
dr|z3d
no, not unlimited. if a client's sending huge headers, they're up to no good. 32K if you want to be super generous, factoring in cookie support and whatever else.
zzz
8K is a typ. limit. 512 is bananas. PQ b64 could be up to 3500. stackoverflow.com/questions/686217/maximum-on-http-header-values
zzz
we use 8K internally and will respond with a 431 error
zzz
we also limit total headers size
zzz
if i2pd is unlimimted, that's a possible remote crash vulnerability
orignal
8K now
zzz
there's no standardized config. Just do: if (os == "haiku") sendb64 = false;
zzz
or, wait until you get the 431 response back, and resend the request without the b64
zzz
orignal, SSU2 question:
zzz
Have you fully implemented SSU2 connection migration (path challenge/response)? I'm getting a lot of failed migrations from i2pd routers
zzz
gah, retested type 5, I broke it, have to figure out where
zzz
ok, back working again, phew
orignal
it should be fully implmeneted
orignal
but it might be implemented wrong
orignal
tell me the secenario and will take a look
orignal
for haiku it's just one http server. ofc it's fine with nginx
zzz
ok I'll have to research migration more, I'll get back to you
orignal
thanks
zzz
doing more research on MLDSA adoption
zzz
I think it's right that we put it last on the priority list
zzz
nobody's going to do much until the CA/Browser Forum sets requirements for MLDSA X.509 certs
zzz
and the CAs can't do anything until there's hardware security modules (HSMs) that support MLDSA, so the can generate MLDSA root certs
zzz
that's all a ways out
orignal
zzz, nonce=1 for zero lentgh secotion in NSR?
orignal
well we don't care abouyt x.509
zzz
yeah we don't but out in the real world that's the use case
zzz
orignal, no, n = 0 for the zero length section, because the section before was ekem1, which does a mixKey(), which resets n to 0
orignal
thanks
zzz
:)
orignal
implemented outgoing session with type 5
zzz
nice, baby steps
orignal
I doubt about "baby"
orignal
for incmoing I guess you verify ML-KEM section Poly1305 hash and if it doesn't match you try 4
zzz
I think that's right. I don't think it makes a difference if you use different static keys for 4 and 5? not sure
orignal
I use different keys for 4 and 5