IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2025/03/27
@eyedeekay
&zzz
+R4SAS
+RN
+StormyCloud
+T3s|4
+acetone
+altonen
+dr|z3d
+hk
+lbt
+orignal
+postman
+radakayot
+snex
+weko
+wodencafe
Arch
BravoOreo
Dann
FreeB
FreefallHeavens_
Irc2PGuest11045
Irc2PGuest27999
Irc2PGuest28584
Irc2PGuest3338
Irc2PGuest59134
Irc2PGuest82579
Onn4l7h
Onn4|7h
Sleepy_
Soni
T3s|4_
Teeed_
aeiou_
aisle1
ardu
b3t4f4c3___
bak83
dickless
dr4wd3
enoxa
eyedeekay_bnc
hagen_
not_bob_afk
phil
plap
poriori_
profetikla
qend-irc2p
rapidash
solidx66_
u5657
uop23ip
w8rabbit
x74a6h
orignal I intentinally try it using curl
dr|z3d well, anyways, you don't want to strip all the X-I2P request headers, they're useful.
orignal what if I need to because my http is shit?
orignal http server
dr|z3d then fix your http.
orignal there are different situation
snex how can a server crash because a header lol
orignal say, I'm running on a router or kettle
orignal or something like this
orignal it doesn't crash
RN privoxy is on the wrong end of this, if I get what you mean...
orignal it closes connection
dr|z3d sure, then you'd use lighthttpd or nginx.
orignal because it thinks it's malformed request
dr|z3d then it's broken.
dr|z3d or you've configured it wrong.
orignal well it handles regular http requests
snex submit github issue to their repo. their shit is broken
orignal but again say if I meet such shit somewhere else?
snex uninstall things that dont work
orignal actually it doesn't like X-I2P-DestB64 because it's length
dr|z3d you might be able to bump up the header buffers.
orignal 512 bytes max
dr|z3d bump them up to 4K or more.
orignal nope. it should be unlimited
dr|z3d no, not unlimited. if a client's sending huge headers, they're up to no good. 32K if you want to be super generous, factoring in cookie support and whatever else.
zzz 8K is a typ. limit. 512 is bananas. PQ b64 could be up to 3500. stackoverflow.com/questions/686217/maximum-on-http-header-values
zzz we use 8K internally and will respond with a 431 error
zzz we also limit total headers size
zzz if i2pd is unlimimted, that's a possible remote crash vulnerability
orignal 8K now
zzz there's no standardized config. Just do: if (os == "haiku") sendb64 = false;
zzz or, wait until you get the 431 response back, and resend the request without the b64
zzz orignal, SSU2 question:
zzz Have you fully implemented SSU2 connection migration (path challenge/response)? I'm getting a lot of failed migrations from i2pd routers
zzz gah, retested type 5, I broke it, have to figure out where
zzz ok, back working again, phew
orignal it should be fully implmeneted
orignal but it might be implemented wrong
orignal tell me the secenario and will take a look
orignal for haiku it's just one http server. ofc it's fine with nginx
zzz ok I'll have to research migration more, I'll get back to you
orignal thanks
zzz doing more research on MLDSA adoption
zzz I think it's right that we put it last on the priority list
zzz nobody's going to do much until the CA/Browser Forum sets requirements for MLDSA X.509 certs
zzz and the CAs can't do anything until there's hardware security modules (HSMs) that support MLDSA, so the can generate MLDSA root certs
zzz that's all a ways out
orignal zzz, nonce=1 for zero lentgh secotion in NSR?
orignal well we don't care abouyt x.509
zzz yeah we don't but out in the real world that's the use case
zzz orignal, no, n = 0 for the zero length section, because the section before was ekem1, which does a mixKey(), which resets n to 0
orignal thanks
orignal implemented outgoing session with type 5
zzz nice, baby steps
orignal I doubt about "baby"
orignal for incmoing I guess you verify ML-KEM section Poly1305 hash and if it doesn't match you try 4
zzz I think that's right. I don't think it makes a difference if you use different static keys for 4 and 5? not sure
orignal I use different keys for 4 and 5