XSF Discussion - 2019-08-20

pep.: he's still doing stuff, as he's always been.

What I mean he doesn't frequent this room, which I thought was what pep. was asking.

yeah

flow why not XMPP for activists? which alternative is there?

Of course I would use XMPP if I would like to protect myself.

By the why, activists already use(d) mail :D. Snowden did, and DeltaChat popped up for activist usecase. ^^

all the metadata

It's too hard to use properly if your life depends on it

That's because "we know". I'm sure others "who know" in other protocols would have other concerns about their solutions :x

Indeed, other protocols have other issues

until now I cannot see a better protocol than XMPP. Thus I would use it despite my concerns.

There exists no perfect solution until now.

Anyhow, you can always loose your life if your an activist. ✏

The enemy comes from all directions. I was always surprised when they appeared.

:D

I do think that you'd want full control over your server.

https://mail.jabber.org/pipermail/standards/2017-August/033123.html is a 401?!

Fun

intosi, Kev, MattJ?

That'll probably be because of the OS upgrade at a guess.

I believe a strict reading of 612[01] would lead to a server rejecting a stanza of <message from='...' to='...'><body un-namespaced-attribute="blah>...</body></message> because of the attribute. I'm currently looking at a patch to M-Link to enforce this. Anyone see issues with enforcing that?

https://opensource.wearespindle.com/ seems interesting

Kev, I’m not so sure servers restricting the content of stanzas being routed is a good thing

It is what 6120 says though - that no entity should be sending out syntactically invalid stanzas.

Kev, a pointer to the relevant parts of the RFCs would be good idea…

Kev: do you mean unknown namespace prefixes, or unknown attributes without one?

And I suspect you would expect the server to be e.g. bouncing other types of invalid syntax - like message type="nope", for example.

ralphm: Unknown attributes without one.

Kev, content vs. headers

I don't see how that's a syntax violation.

well message type="nope" is valid IIRC

that, too

although I would not recommend it

Huh

flow: no, 6121 enumerates the allowed types.

(And 'nope' isn't one of them) ✏

Kev, and entities which see an unknown type must (or SHOULD?) treat it as "normal" ✏

jonas’: No, that's not right.

An entity that chooses not to implement support for all the defined types should treat any of the defined types that it doesn't have explicit support for as the default.

Server rejecting `<message><body foo="bar">blah</body></message>` seems totally fine to me.

Not that it should accept ones with an invalid type.

Kev, right, I misread that

type='nope' is *not* invalid for Core?

ralphm: 6120 references 6121 for its rules.

for IM purposes, yes

I always read If an application receives a message with no 'type' attribute or the application does not understand the value of the 'type' attribute provided, it MUST consider the message to be of type "normal" (i.e., "normal" is the default). as "nope" become "normal"

flow, above the enumeration, there is "type MUST have one of those values"

flow: You should read the stuff a paragraph or so before as well, which explains it further.

6120 without 6121 is a valid use case. Even XEP-0060 doesn't inherently depend on 6121

Kev, I’m inclined to say, aside from @to and @from, the server should leave routed stanzas alone.

Well it says something about "if included" the type MUST be one of the following ;)

flow, yes

so it’s either one of the defined ones, or absent. absent defaults to normal.

ralphm: That's a good point, thanks.

however, 6120 does have a schema with a restricted list of values

I think the RFC could be better writen/more clear about that, but I am happy to hear that there appears to be a common ground that "type" sould not carry custom values

(non-normative schema?)

flow, MUST NOT ;)

jonas’: Incidentally (I'd previously missed this) it's OPTIONAL whether a server does the validation.

But type on stanza aside, the earlier example is about unknown attributes on the body element. I think that's totally valid. If servers would block that, it might be a problem for forward compatibility.

Kev, I still miss the part in the RFC which forbids additional custom unqualified attributes in <body/>

ralphm: What about the other cases, like an iq that has three payloads? I had previously believed that a server should be not allowing those through, but as of about 3 minutes ago I no longer think that.

(FWIW, I would be happy if such a part exists)

flow: "There are no attributes defined for the <body/> element, with the exception of the 'xml:lang' attribute." is the text in question. I think reading that to say that there are no further attributes allowed in the default namespace would be reasonable. But I was sufficiently unsure as to bring it up here :)

I don't know, think that 8.2.3 ad 5 is pretty convincingly a MUST.

and to me 'not defined' does definitely not mean 'not allowed'

Otherwise the whole idea of ignore what you don't know about, goes out the window.

And rejecting unknown stanza type values is arguably of a different order than unknown attributes.

Well, we've always assumed that 'what you don't know about' will be namespaced.

But this is all getting a lot muddier than I'd thought it would when I added a ticket for validating syntax.

Kev: I haven't and there are many specs where new attributes, all not namespaced, were added.

which?

pubsub is one

I couldn't immediately think of any when I was trying earlier, but thought someone else might be able to, thus asking heer.

What does pubsub add?

I mean new attributes compared to earlier versions of the spec

e.g. the publisher attribute

Ah. That's somewhat different.

why?

They're not adding attributes to RFC-defined elements.

So what if we at some point have a cis and add an attribute to body?

We'd have a mess of older servers that just won't route?

I think the argument against blocking the attributes is strong.

I missed the argument?

You just made one aspect of it :)

But we'd also have to not to anything in cis that was illegal in bis, unless we negotiated cis.

Because validation is allowed under bis.

So where is the part that says you can't have other attributes?

There isn't one. There is one that say they're not defined, and another that says you're allowed to validate.

The text you quoted doesn't convince me and is not in Core.

So it's a little wooly.

It's not, but it's referenced from core saying "the rules for this are in -im", or somesuch.

I'm sold on not blocking the attributes, though.

wooly indeed

I was kinda curious about the threat model, though.

So, different question.

Given than 6120 clearly says that servers are allowed to validate syntax, what /would/ be fair game for validation.

It seems to be saying you're allowed to validate explicitly against the 6120 schema.

Well, at the very least defined attributes and their values, and indeed things like number of child elements in iq

Kev, @to, @from (including stringprep!), @type on all stanzas, presence of @id on IQs(?), number of children in IQs, structure of the <error/> child if present

I think the schema in 6120 is reasonable to check against

Oh, this gets messy. If I'm reading it right, the schema is more restrictive than the text, but is normative.

how is the schema more restrictive?

Ah, no, this is stream errors, not stanza errors, ignore.

if the schema is normative: absence of any unspecified jabber:client/jabber:server namespaced children

that would show those folks who think they can just drop their XML in there

Ah, interesting, so message types are defined in the 6120 schema. Making them restricted even for non-IM.

jonas’: I think the schema language had no way to express this

ralphm, I’m pretty sure that anything which isn’t allowed explicitly in the schema is forbidden?

Including undefined attributes? :)

jonas’: why?

that’s how XML schema works?

Kev: on the type values and schema, I mentioned that earlier

Sorry Ralph, I can't quite parse what you're saying there. Are you saying you /do/ think that the schema in 6120 restricts undefined attributes on defined elements, and therefore e.g. rejecting ...<body blah='eee'>... is 'ok'?

No. I think that checking what's in the schema is fair game, but I don't think we should disallow what's not mentioned

Is that more clear?

That's clear, ta. But isn't that not how schemas work?

Unless the schema defines an extension point (which it does all over the place for namespaced child elements), you're not allowed to extend it.

Hence not normative, IMO

It's explicitly normative for 6120, though.

Hmm

Because it says that you're allowed to validate against it and reject what doesn't match.

Then I was wrong.

And I'm unsure if you can add even namespaced attributes to body

Indeed, I think you can't.

Which I was /not/ expecting.

There's also a question of what 6120 says you can do, and what is sensible to do.

Right. But on the other hand a much simpler processing model

Personally, I'd hate seeing new attributes of any kind on elements defined in these schemas

I also think the schema is more restrictive than the text, on allowable stanza errors. IIRC (haven't double checked, but read it earlier) you're allowed your own stanza error elements, but in the schema you have to choose one of the 6120 defined ones.

But up till now thought it might be ok

At least if I'm reading the schema correctly (not my speciality

). ✏

Ooh, that needs an erratum

I also haven't checked the errata. Maybe I should.

Application specific conditions should definitely be allowed.

Yeah. But a server is allowed to drop stanzas that contain them :D

I'm not sure if <sequence/> disallows other namespaced elements

But I think we should have this explicit.

https://www.arcgames.com/en/forums/startrekonline/#/discussion/1250600/xmpp-sunset 😭 wiki to rectify soon

It doesn't say they don't use XMPP going forward, does it?

Just that they have issues with their c2s causing spam etc.

They're dropping

Support on sept. 19th

Yeah I read it

I agree just running XMPP internally isn't so interesting

Spam is killing xmpp everywhere. Sigh..

Lot of negative, insightful, responses

“This is a feature that enhances many peoples' gameplay, a feature that larger fleets and chat channels are absolutely dependent on, and terminating it demonstrates that Cryptic is shockingly out of touch with the way the players who spend money on their game play it. Don't remove XMPP. Take it out of beta and monetize it instead. Charge $10 or $25 for access if you have to.”

> So that excuse doesn't make sense. Indeed, that looks like an excuse.

By the way it is for all arcgames properties

Yes

Ge0rG: if Google can use that excuse, anyone can

ralphm: it didn't make sense back when Google used it.

My point

Their chat system platform is shared across all games originally from Cryptic afair ✏

Yes

> Don't remove XMPP. Take it out of beta and monetize it instead. Charge $10 or $25 for access if you have to.” It's a beta that lasts from 10 years

Not tested enough? :D

That's sad though :(

Perfect World never expanded or finalised it when they took Cryptic Studios assets

Seve: indeed

Alex, memberbot does not reply to me

jonas’: can you ping it?

oh dear

now it does

it also appears to have restarted

jonas’: it will restart your "session" if you send presence unavailable or somesuch

voted \o/

👍

now that bitbucket is sunsetting mercurial, do we need to take action for anything related to xmppoke? or is that fully migrated to github?

jonas’: I think that is all here now, but I'd love for someone with access to the deployment to verify that. https://github.com/xmpp-observatory

mail.jabber.org is still Forbidden.

Kev said there's been an upgrade, and I think nobody's actually looked into it yet

So did anything happen on the send-presence vs. fetch-MAM vs. receive-offline-messages vs. delete-all-offline-messages front?