XMPP Council - 2017-01-25

  1. SamWhited has left

  2. SamWhited has joined

  3. Lance has joined

  4. jayaura has joined

  5. SamWhited has left

  6. SamWhited has joined

  7. Lance has left

  8. jayaura has left

  9. jayaura has joined

  10. jayaura has left

  11. Tobias has left

  12. jayaura has joined

  13. psa has left

  14. jayaura has left

  15. SamWhited has left

  16. jere has joined

  17. jere has left

  18. Neustradamus has left

  19. SamWhited has left

  20. Tobias has left

  21. daniel has left

  22. ralphm has left

  23. daniel has joined

  24. Flow has joined

  25. Flow has left

  26. Flow has joined

  27. Flow has left

  28. Flow has joined

  29. Flow has left

  30. Zash has left

  31. Flow has joined

  32. Flow has left

  33. daniel has left

  34. daniel has joined

  35. Flow has joined

  36. Tobias has joined

  37. Flow has left

  38. Flow has joined

  39. ralphm has left

  40. daniel has left

  41. daniel has joined

  42. Holger has left

  43. Link Mauve has joined

  44. Zash has joined

  45. daniel has left

  46. Link Mauve has joined

  47. jere has joined

  48. Zash has joined

  49. SamWhited has left

  50. SamWhited has joined

  51. SamWhited has left

  52. SamWhited has joined

  53. SamWhited has left

  54. SamWhited has joined

  55. Tobias has joined

  56. Holger has left

  57. SamWhited has left

  58. SamWhited has joined

  59. ralphm has left

  60. Holger has joined

  61. jere has left

  62. jere has joined

  63. daniel has left

  64. SamWhited has left

  65. Holger has left

  66. Holger has joined

  67. daniel has left

  68. SamWhited has left

  69. moparisthebest

    I figured I should show up for this council meeting since you'll be discussing advancing XEP-0368, I'll just stay quiet unless someone highlights me :)

  70. Tobias

    seems it's about time

  71. Tobias

    1) Roll call

  72. daniel


  73. Dave Cridland

    Here, but not be for long.

  74. Dave Cridland

    (Daughter has a doctor's appt)

  75. Kev has left

  76. Tobias

    Link Mauve, SamWhited?

  77. Tobias

    maybe they'll join later

  78. Tobias

    2) Minute taker

  79. Tobias

    I offer to do it, if nobody else wants

  80. Link Mauve

    I’m here.

  81. daniel

    i was just about to say that it's my turn again. but I can do it next time

  82. daniel

    oh no actually I can't because i'm probably going to be on a train to brussels

  83. Tobias

    ok..last week we didn't clearly indicate that we wanted to vote on things..so here explitily again

  84. Tobias

    3) Voting to Advance XEP-0333 to Last Call

  85. SamWhited

    Sorry, here

  86. Tobias


  87. daniel


  88. SamWhited


  89. Link Mauve


  90. Tobias

    Dave Cridland, still there?

  91. Dave Cridland

    Yes, sorry. +1.

  92. Tobias


  93. Tobias

    4) Voting to Advance XEP-0233 to Last Call

  94. Tobias


  95. daniel

    on list

  96. Dave Cridland


  97. Dave Cridland

    Still confused as to why Mili Verma's not listed as an author, mind.

  98. Kev has joined

  99. Link Mauve

    On list too, I started reading the referenced specifications but I still don’t grasp all of the mechanisms there.

  100. SamWhited

    +1; Mind you, I don't feel that I have enough knowledge of Kerberos to know if this is a valid way to do things, or if it's used anywhere or if there have been deployment issues, etc. but I figure that's what LC is for.

  101. Dave Cridland

    SamWhited, Mili's edits basically were in response to developing this on WIndows and UNIX.

  102. Dave Cridland

    SamWhited, So I think it's well past ready.

  103. Kev has left

  104. Tobias

    5) Voting on moving XEP-0368 forward (issuing LC)

  105. Link Mauve


  106. Kev has joined

  107. Tobias


  108. daniel


  109. SamWhited


  110. Kev has left

  111. Dave Cridland


  112. Kev has joined

  113. Kev has left

  114. Kev has joined

  115. Tobias

    6) Short update on XEP-0300 fixing

  116. Tobias

    I've updated XEP-0300 https://github.com/xsf/xeps/commit/2f21fbef22d484d1651596aeb279b3386398c183 would be nice if people could give a quick overview sometime if they see issues with that, if not we can issue an LC to move that to draft in a couple weeks

  117. Kev has left

  118. Kev has joined

  119. Kev has left

  120. Kev has joined

  121. Kev has left

  122. Kev has joined

  123. Kev has left

  124. Tobias

    7) Voting on moving 2010 compliance suites to obsolete to prevent confusion while we work on the 2017 ones

  125. Tobias


  126. SamWhited


  127. daniel


  128. SamWhited

    for background, I plan on writing the 2017 ones on the flight to Brussels and withdrawing the 2016 ones

  129. Link Mauve

    I’ve read it earlier, I was wondering whether making sha3-256 and blake2b-256 mandatory is that sensible before every crypto library is well updated to support them.

  130. Kev has joined

  131. Link Mauve

    Re: 6)

  132. Link Mauve

    Tobias, +1.

  133. Link Mauve

    Tobias, also obsoleting the 2012 ones.

  134. Dave Cridland


  135. SamWhited

    Oh are there 2012 ones too? Yah, +1 to obsoleting both of them.

  136. Dave Cridland

    I don't really care, but I'm not sure it's worth the effort.

  137. Dave Cridland

    But absolutely not a hill for me to die on.

  138. Tobias

    Link Mauve, something for the next meeting to vote on then...don't want the topics/voting issues to change mid-meeting, especially not mid-voting

  139. Link Mauve


  140. Tobias

    8) Date of next

  141. ralphm has left

  142. Tobias

    Does next week work for everyone, or do we want to skip a week?

  143. Link Mauve

    I won’t be here next week, I’ll be on the train to Brussels.

  144. Dave Cridland

    I'm not here next week.

  145. daniel

    i have to check my train schedule again. but i'm fairly certain i'm on a train at 1600Z

  146. SamWhited

    We could have a small impromptu meeting a little bit later in the day next week

  147. Dave Cridland

    I'll be driving to Bristol. To take a plane to Amsterdam. To take a train to Brussels.

  148. SamWhited

    Or on the 2nd

  149. Tobias

    right, so it'll probably make sense to skip a week

  150. Dave Cridland

    How many of us are in Brussels on Thursday?

  151. daniel

    either move it back a couple of hours or skip it

  152. daniel

    Thursdays yes. also wednesday

  153. Tobias

    Dave Cridland, i guess everyone

  154. Holger has joined

  155. Dave Cridland

    We have had a Council meeting in the Summit before, could be fun to do again - might get someone else to take minutes.

  156. Link Mauve

    Finally! \o/

  157. SamWhited

    Find a pub and rope someone in to take minutes with the promise that I'll buy them a beer :)

  158. Tobias

    sure..so sometime thursdays next week?

  159. Link Mauve


  160. daniel


  161. Tobias

    great...even if we fail to arrange it, there'll still be a week afterwards :)

  162. Tobias

    9) AOB

  163. Tobias

    doesn't look like it

  164. Tobias bangs the gavel

  165. SamWhited


  166. Tobias

    thanks everyone

  167. daniel

    thank you

  168. Link Mauve

    Thank you.

  169. SamWhited

    Tobias: RE 0300, I had the same thought as Link Mauve — how wide spread is sha3? I know the Go standard library has an implementation, but it tends to be ahead of other things. Eg. does Java have one? I don't think Rust does yet (not that that's very relavant, but it's the only other thing I really pay attention too)

  170. Tobias

    Link Mauve, what environments do you know of with bad sha3 support?

  171. Link Mauve

    None actually, but probably older openssl don’t have it yet.

  172. Tobias

    for anything C/C++ related it's probably a little issue as there's ready to use reference impementation code for sha3 and blake

  173. SamWhited

    Does stable Debian OpenSSL?

  174. Zash

    OpenSSL doesn't

  175. Zash

    There's code, but it's not exposed

  176. Tobias

    recent openssl has blake, they should have sha3 too, not?

  177. SamWhited

    Oh hey, I lied, Rust has sha3 in the standard library already.

  178. Tobias

    bouncycastle also has SHA3

  179. SamWhited

    or rather, it has an implementation already.

  180. Link Mauve

    OpenSSL apparently still doesn’t have it, according to https://github.com/openssl/openssl/issues/439

  181. SamWhited

    Personally I think it would be good to leave it as a SHOULD at least until OpenSSL has it.

  182. Tobias

    Oracle Java seems to have it since, earlier this month https://bugs.openjdk.java.net/browse/JDK-8004078 ^^

  183. Zash

    There's a keccak1600.c in the sources, however it's not used by anything

  184. Link Mauve

    daniel, any information about Android?

  185. daniel

    Link Mauve, not from the top of my head

  186. SamWhited

    If bouncy castle has it would it not work on Android?

  187. daniel

    SamWhited, if bc has it everything is fine

  188. Link Mauve


  189. Link Mauve

    Fyi, Python got both sha3 and blake2 only in 3.6.

  190. Tobias

    also the idea was having multiple algorithms set to MUST, so implementations strive to support as many of the MUST ones as possible...the it's more likely that there is matching support between two entities

  191. Link Mauve

    I’m not against it, I was just wondering whether it wouldn’t be a bit too early.

  192. Tobias

    Link Mauve, considering how rarely we seem to have updated XEP-0300 the idea was to make it more future proof :) but happy either way...but we should at least aggree on it before voting on it to LC

  193. SamWhited

    Hmm, I could go either way now. Future proof sounds good; I wouldn't want to block either way.

  194. Link Mauve

    Same, I’m fine with LC as is.

  195. Zash

    Isn't there some RFC / BCP you can point to for recommendations, so we don't need to update it as best practices change?

  196. Tobias

    great...also added a table for the textual names of the new hashes...IANA is a bit slow there, as their table was last updated 2006

  197. Tobias

    Zash, i don't know of one

  198. Kev has left

  199. Tobias

    Zash, I imagine the TLS spec has hash recommendations

  200. Tobias

    Zash, then again, RFCs don't get updated..only replaced by other RFCs

  201. Flow has joined

  202. ralphm has joined

  203. Kev has joined

  204. moparisthebest has left

  205. jere has left

  206. jere has joined

  207. SamWhited has left

  208. daniel has left

  209. daniel has left

  210. daniel has joined

  211. Tobias has joined

  212. SamWhited has left

  213. Zash has joined

  214. Lance has joined

  215. moparisthebest has left

  216. Dave Cridland has left

  217. Lance has joined

  218. Zash has left

  219. ralphm has joined

  220. Lance has joined

  221. Lance has left

  222. Zash has left

  223. Zash has joined

  224. Flow has left

  225. moparisthebest has joined

  226. Zash has left

  227. SamWhited has left

  228. SamWhited has left

  229. SamWhited has joined

  230. daniel has left

  231. Zash has joined