XMPP Council - 2020-01-08


  1. jonas’

    ’tis time

  2. jonas’

    Let’s get started.

  3. jonas’

    1) Roll Call

  4. jonas’ obviously

  5. dwd

    Me!

  6. daniel

    hi

  7. Zash

    hello

  8. ralphm waves

  9. jonas’

    (I’m also going to implement a 1 minute timeout in this session. Unfortunately, my client doesn’t show typing notifications, so if you need more time to write a reply to an open question like "Anything else?", please send a dot or something first.)

  10. jonas’

    that’s a quorum

  11. jonas’

    2) Agenda Bashing

  12. pep.

    (here too.)

  13. jonas’

    we’ve got a ProtoXEP and the OMEMO thing on the list, is there anything I missed?

  14. larma

    also here if needed

  15. jonas’

    Alright, moving on 3) Items for a vote

  16. jonas’

    3a) Proposed XMPP Extension: Special Interests Group End to End Encryption URL: https://xmpp.org/extensions/inbox/sige2ee.html Abstract: This document proposes the formation of a Special Interest Group (SIG) within the XSF devoted to the development of end-to-end encryption within the context of XMPP.

  17. jonas’

    3a) Proposed XMPP Extension: Special Interests Group End to End Encryption URL: https://xmpp.org/extensions/inbox/sige2ee.html Abstract: This document proposes the formation of a Special Interest Group (SIG) within the XSF devoted to the development of end-to-end encryption within the context of XMPP.

  18. jonas’

    so first of all, it turns out that SIG formations/proposals have their own XEP type, so that’ll have to be adjusted by the editor

  19. Zash

    And this is approved by Council?

  20. jonas’

    yes

  21. pep.

    (I wasn't entirely sure about that, and I didn't take the time to look it up properly)

  22. jonas’

    > A Special Interest Group (SIG) is a working group approved by the XMPP Council to address specific areas of growth or concern within the Jabber/XMPP developer community, usually by means of developing and publishing XMPP Extension Protocols (XEPs).

  23. jonas’

    https://xmpp.org/extensions/xep-0002.html

  24. jonas’

    nobody knew, which is why we didn’t vote on this last week

  25. dwd

    Generally in favour. I had some comments around the second bullet point, but assuming this goes to Experimental before a LC and Active, I'm +1

  26. ralphm

    Also noted in our Bylaws

  27. jonas’

    I’m not sure if this is supposed to be a SIG Formation or a SIG Proposal

  28. ralphm

    Section 8.2

  29. jonas’

    I’m going to be on-list, because the procedure is unclear to me

  30. jonas’

    anyone else who wants to cast votes in this meeting?

  31. Ge0rG

    Hi! Sorry for being late.

  32. ralphm

    jonas’, which part is unclear?

  33. dwd

    I did cast a vote.

  34. jonas’

    ralphm, - Is this a SIG Proposal or a SIG Formation? - If SIG Formation, does the XEP need to specify who is part of the SIG leadership? If not, where is this recorded? - Is it even legitimate for a SIG to be open for non-XSF members? (It isn’t for SIG leadership)

  35. Ge0rG

    3a( +1

  36. jonas’

    ralphm, but I think this isn’t the right venue to figure this out, since all of this should be documented somewhere I can read it. If I’m missing info, I’ll probably head to other council members or board as required.

  37. daniel

    sorry i haven’t had time to read the final draft; i assuming that i'm going to be +1 ; but on list for now

  38. ralphm

    SIGs are open by nature, however, its leaders must be members

  39. dwd

    I would assume a SIG Proposal, and needs to be Active for a Formation.

  40. pep.

    §8.2 of the bylaws says: "Because a SIG is an open forum, participation in a SIG shall not be limited to elected Members of the Corporation, and shall be open to any interested individual. Leadership and direction for a SIG shall be provided by the members (and in particular by the Chair) of the relevant XSF Work Team or the XMPP Council."

  41. jonas’

    dwd, things in the past have used SIG Proposal and SIG Formation type of XEPs

  42. dwd

    jonas’, Oh.

  43. jonas’

    dwd, see, it’s complicated, and I don’t want to waste time in this meeting while I read up on things :)

  44. jonas’

    I expect the next point to be more contentious.

  45. jonas’

    3b) Do something about the OMEMO XEP Dave suggested that we try to get OMEMO into Rejected state (which may meean moving it via Proposed or asking Board for assistance).

  46. jonas’

    dwd, do you want to summarise what this is about?

  47. dwd

    I think we have already, but it's not clear that OMEMO can (or, possibly, should) be made Draft.

  48. dwd

    The "can" relates to whether OMEMO can be implemented without the use of a GPL library. There are people arguing both ways on this.

  49. jonas’

    dwd, though that’s not a strict requirement for Draft, is it?

  50. dwd

    jonas’, https://xmpp.org/extensions/xep-0001.html#objectives argues otherwise, since GPL would could as an "encumberance".

  51. Zash

    Can you implement it based on only specifications or not?

  52. ralphm

    As stated on list, I believe that in its current form, this XEP violates Objective 4 of XEP-0001, and can therefore not move forward.

  53. jonas’

    right, true

  54. dwd

    Any particular license would, in fact.

  55. dwd

    Zash, I have been told both yes and no.

  56. Zash

    Ugh

  57. jonas’

    so, I think the ambiguity alone is sufficent

  58. pep.

    Sufficient to do what?

  59. ralphm

    Indeed, the (legal) ambiguity alone is an "encumbrance".

  60. jonas’

    while normally we don’t require proof (except in form of the IPR) that a protocol is not under any restrictive license, the uncertainty about the signal protocol requires extra proof to let this move forward, IMO

  61. dwd

    I mean, absolutely not right now, because the specification doesn't reference the libsignal docs. Whether the libsignal docs are sufficient to implement a non-GPL clone of libsignal is the ambiguous question.

  62. jonas’

    and the proof might be hard to bring, since I feel that this is a grey area of copyright law (akin to the still-ongoing API debate between google and oracle) which needs to be fought out over courts, and that’s not a good standing for an open standard

  63. larma

    OMEMO lacks a lot of specification / documentation and that is a reason to not move it to Draft. Unfortunately so far, nobody ever tried to gather a conclusive list of what is missing (because everyone just uses libsignal)

  64. jonas’

    (and this is all in addition to the issues with the "shady" practices around this XEP)

  65. Zash

    copyright lawyering doesn't sound like a job for Council :|

  66. ralphm

    It doesn't.

  67. dwd

    larma, I know of at least one effort to make a non-GPL client using OMEMO failed with the author deciding it wasn't possible given available information. I know of other people who claim it is, but there is very little evidence either way.

  68. larma

    dwd, can you point me their? would like to read/hear reasoning

  69. jonas’

    so my concrete suggestion would be to: - Change XEP-0384 to historical type and lock it update-wise - If the community wants to pursue signal-ish E2EE under the umbrella of the XSF, they need to provide a proper (and I think this time we should require "as few references as possible") document to describe how to do it from basic principles

  70. jonas’

    And on the long-term, we should probably pursue MLS

  71. ralphm

    If an actual protocol specifications would exist, we could point to it, and would have a lot less discussion on hypotheticals. Also, prior legal posturing by the Signal authors doesn't help this situation.

  72. Zash

    jonas’: sounds sensible

  73. jonas’

    we probably need Boards OK for changing a XEP type after acceptance

  74. dwd

    ralphm, Do we need Board here?

  75. Zash

    Wasn't the current version meant to be what amounts to Historical anyways?

  76. larma

    jonas’, I think everyone is happy with longterm MLS replacing OMEMO

  77. jonas’

    larma, that’s at least something

  78. Ge0rG

    don't we have a SIG for that?

  79. ralphm

    I'm not sure how changing to historical is addressing the concern.

  80. jonas’

    Ge0rG, not yet

  81. pep.

    And SIGs don't have that authority do they

  82. Ge0rG

    would it make sense to postpone those hairy questions for the SIG?

  83. jonas’

    Ge0rG, I’d rather not until it is clear to me how SIG leadership works.

  84. daniel

    > Wasn't the current version meant to be what amounts to Historical anyways? iirc that was the intent; but was deemed impossible to switch tracks

  85. jonas’

    ralphm, https://xmpp.org/extensions/xep-0001.html#types-Historical I think historical (while you need to stretch the definition of "before" a bit) fits this quite nicely and would be loopholey enough to look in a different direction when someone talks about objective #4

  86. jonas’

    (to me anyways)

  87. ralphm

    dwd: I think the Editor can change the type at the instruction of Council as long as Council remains its approving body.

  88. ralphm

    SIGs don't have any authority, in principle.

  89. ralphm

    jonas’, I think this spec doesn't meet the definition of historical, and as I mentioned above, I'm not sure how it addresses Objective 4.

  90. dwd

    Speaking of Board and remits and so on, it may be that violating Objectives is something that only Board can decide anyway, which neatly makes it someone else's problem.

  91. jonas’

    ralphm, my point being: It is clearly unfit for Standards Track, mainly for the license reason. However, it’s worthwhile to document what’s currently going on in the XMPP ecosystem. Especially in the case of OMEMO, which is a PITA when you don’t have it.

  92. Zash

    I'd happily +1 shuffling this over to Board :)

  93. jonas’

    It doesn’t 100% fit the definition of Historical, but if we want to have this still as a XEP (and I think we should), Historical is probably the best place. Informational may work too, but only if Informational has some type of Deprecated state

  94. jonas’

    it does, so I’d also be fine with Informational+Deprecated

  95. ralphm

    Council itself can perfectly decide on what violates the objectives on its own.

  96. Zash

    I wouldn't oppose tweaking the definition of Historical

  97. jonas’

    (we’re heading towards the magic :30 mark, and I have a quick AOB, so I’ll terminate this discussion at about :27)

  98. ralphm

    I would object to tweaking our process just to accomodate the fact that people want to have a specification like OMEMO

  99. daniel

    yeah i also like 'historical' (mostly for what jonas’ said)

  100. dwd

    I'd be fine with any status that does not make any suggestion that this is a recommended protocol by the XSF.

  101. Ge0rG

    I'm fine with either Historical or Informational+Deprecated, with a slight preference to the former.

  102. Ge0rG

    Maybe we also need a blog post explaining the rationale.

  103. ralphm

    IMO, you can 1) decide to not move it forward until the objective is met, e.g. by switching back to the previous protocol or forward to MLS, 2) dismiss the XEP is unacceptable.

  104. jonas’

    Ge0rG, I think daniel volunteered to do that last week

  105. daniel

    (and again; historical was i believe my original preference before we put in the siacs namespaces; however that wasn’t possible and thus we ended up with the 'compromise' that we have now)

  106. jonas’

    I propose we instruct the Editor to create a patch which: - Moves to Informational - Changes to Deprecated - Adds necessary rewording to make it clear that this is an embedding of the Signal protocol and not a generally preferred and open E2EE scheme

  107. ralphm

    My opinion is that both historical and informational+deprecated don't carry the right message.

  108. pep.

    I'm not entirely fine with Deprecated while we don't have a replacement

  109. pep.

    Informational is probably ok

  110. Zash

    ralphm: Rejected?

  111. ralphm

    Yes

  112. pep.

    (nor Rejected)

  113. jonas’

    Rejected would work too for me

  114. jonas’

    though technically rejected would have to go through Proposed

  115. Ge0rG

    I have a feeling that either change will cause contention outside of the XSF membership

  116. ralphm

    arguably dwd proposed it to be rejected, so there's that

  117. pep.

    What's the message we're sending doing this?

  118. jonas’

    okay, instead of a vote, can we have a quick show of hands from council members: Do you agree that OMEMO as it stands currently should be demoted from its current position and put in a dead end?

  119. Zash

    pep.: "This isn't the Right Way"

  120. jonas’

    (if we agree on this, we can figure out the specifics later)

  121. daniel

    > What's the message we're sending doing this? that the xsf doesn’t care about e2ee

  122. ralphm

    pep., that we don't base our standards on libraries

  123. pep.

    daniel, that, exactly

  124. dwd

    I'm actually fine with putting it through a Last Call, which would then allow us to declare it counter to the objectives and then Rejected.

  125. Ge0rG

    that the xsf is hostile towards E2EE

  126. daniel

    (not objecting the proposed changes; but that is the message)

  127. pep.

    If you're all fine with this then good for you. I'm not

  128. Zash

    The XSF likes surveilance!!!11!1eleven /s

  129. ralphm

    In the same blog post, you could mention that we (Dave and I) have reached out to the MLS WG to offer our assistence.

  130. pep.

    ralphm, so it's ready in 5 years instead of 10?

  131. Ge0rG

    jonas’: +1 on the general demotion

  132. pep.

    And in implementations in ~7

  133. larma

    if you put it to last call, please make the last call more than 2 weeks so that people have the time to extend the specification to make the whole reason to reject it invalid

  134. Zash

    jonas’: hand

  135. ralphm

    pep., this is not a great argument. Have you even looked at what's there?

  136. jonas’

    larma, that sohuld happen BEFORE last call

  137. jonas’

    the XEP has been inactive for a looong while

  138. Ge0rG

    ..in the last year or so, actually

  139. jonas’

    okay, we’re running out of time

  140. jonas’

    I see that this clearly needs more discussion. I encourage you to take it to the list or to xsf@.

  141. dwd

    "hand", BTW.

  142. larma

    jonas’, yes, it didn't happen, I agree, but what do we do with all the other XEPs that are not maintained?

  143. pep.

    ralphm, it's not even a XEP yet. is there even an implementation outside of XMPP at all (that works with proper chat solutions).

  144. jonas’

    4) Date of next

  145. jonas’

    +1w wfm

  146. pep.

    The XSF is not really a symbol of swiftness

  147. jonas’

    pep., please, outside of this meeting

  148. dwd

    jonas’, +1

  149. pep.

    k

  150. ralphm

    pep. indeed swiftness is not a goal, you may disagree, of course

  151. Zash

    jonas’: +1 +1w

  152. Ge0rG

    I might be in an overrunning meeting in +1W, so I excuse myself in advance

  153. jonas’

    alright

  154. jonas’

    5) AOB

  155. jonas’

    5a) Editor Mishap Report

  156. jonas’

    I accidentally merged https://github.com/xsf/xeps/pull/870 which should’ve been Needs Author. I reverted the change just before the meeting and published Version 0.4.0 without the changes from #870

  157. jonas’

    this is mostly an FYI

  158. jonas’

    (changing the existing version would be confusing and cover-up-ish, so I decided to instead publish a new one)

  159. Ge0rG

    related to this, the author asked for XSF / Council feedback on the proposed change.

  160. Zash

    Ack.

  161. jonas’

    also, what Ge0rG says.

  162. jonas’

    Ge0rG, can you please re-do your MR on top of current master?

  163. dwd

    Seems like a good fix.

  164. jonas’

    should be as simple as a cherry pick

  165. jonas’

    then you can post to list asking for feedback

  166. Ge0rG

    Alright, I'll try to do it when I have some more time

  167. jonas’

    Ge0rG, thanks

  168. jonas’

    and since we’re already over time

  169. jonas’

    6) Ite Meeting Est

  170. jonas’

    Thanks everyone

  171. jonas’

    please carry any further technical or procedural discussion about OMEMO to xsf@, where more stakeholders are present and which is more discoverable to the community in general

  172. dwd

    Thanks jonas’!

  173. Zash

    Thanks jonas’

  174. flow

    Ge0rG> Maybe we also need a blog post explaining the rationale. A disclaimer, potentially linking to the blog post, in xep-omemo would probably be also a good idea

  175. jonas’

    flow, -> xsf@

  176. jonas’

    (where I already proposed that)