-
dwd
In my view, you can't add a bunch of stuff about SRV fallback into XEP-0368.
-
jonasw
dwd, not even if it defines new SRV records?
-
moparisthebest
dwd, the thing is, the SRV fallback, uh, algorithm?, affects how a server admin MUST set up their records
-
moparisthebest
as I found out the hard way, dino tries xep-368, doesn't do alpn, and does not fall back if the TCP connection succeeds
-
moparisthebest
no one using dino can use my server then
-
jonasw
moparisthebest, I’m not sure why a server operator would give ALPN-requiring SRV records high priroity though
-
jonasw
that is, preference
-
dwd
Sure, but those records are defined in RFC 6120, and not in XEP-0368. Ideally, we'd merge '368 into an RFC update, mind, but the SRV fallback strategy applies to any SRV records, not just ;368 ones.
-
moparisthebest
because I prefer them to connect that way first, it works in all my other clients :)
-
jonasw
putting them with low preference in the list would work for the case where 5222 is filtered, wouldn’t it?
-
moparisthebest
dwd, well sure but more to say 'if you implement 368, you MUST implement SRV fallback like so...'
-
moparisthebest
that wouldn't be appropriate?
-
moparisthebest
and I agree re: RFC update, but until then, it should be specified *somewhere*
-
Zash
Is there not precedent in writing down things in XEPs that are later rolled into RFC updates?
-
Kev
There is, but in this case it's something that implementing just the RFC won't be able to connect to at all.
-
Kev
We can't really have things in SRV records that connect ok at the TCP level but then fail for 6120.
-
jonasw
Kev, they don’t fail for rfc6120
-
jonasw
because RFC 6120 doesn’t konw a thing about TLS over XMPP
-
Kev
> as I found out the hard way, dino tries xep-368, doesn't do alpn, and does not fall back if the TCP connection succeeds > no one using dino can use my server then
-
Kev
Ah, ok.
-
Kev
So this isn't SRV fallback, it's 368 fallback.
-
jonasw
Kev, yeah, but that’s because dino fails to implement xep-0368 (by adding ALPN) but still tries XEP-0368 records first.
-
dwd
Welcome to write a SRV fallback strategy in a new XEP. Just not in '368.
-
moparisthebest
Kev, no it's SRV fallback in general, the rules are not defined
-
jonasw
moparisthebest, but technically there would be no issue to let clients prefer the 5222 method, would there?
-
dwd
Kev: It's not specific to '368 direct TLS SRV records.
-
Holger
jonasw: ALPN is a SHOULD in 0368.
-
moparisthebest
other than then they would try that first, might be a bit slower, I wouldn't prefer it
-
jonasw
moparisthebest, okay, so it’s actually a configuration issue at your side, IMO
-
moparisthebest
all I'm saying is the way you set up records depends on SRV fallback behavior, 368 or not, it just happens to matter more with 368
-
moparisthebest
or be more visible
-
jonasw
preferring a 443-multiplexing-hack over something which works with all clients seems broken to me.
-
moparisthebest
so I'd probably want to put this in 368, or create a new SRV fallback XEP, and make 368 depend on it
-
moparisthebest
would the second be ok if you don't like the first?
-
Holger
Why not make ALPN a MUST?
-
moparisthebest
various reasons, still support isn't widespread, but also privacy reasons
-
Holger
(I don't like ALPN at all, but that SRV fallback seems even uglier to me.)
-
moparisthebest
ALPN support is far better in 2018 than it was in 2015
-
moparisthebest
well again SRV fallback is an issue without 368/alpn too
-
dwd
moparisthebest: Not sure that 368 needs to depend on it at all, really.
-
jonasw
moparisthebest, how is it an issue without 368/alpn?
-
moparisthebest
just one example of many, you have multiple servers for redundancy
-
moparisthebest
and your top priority one messes up, has wrong certificate, accepts the connection but the xmpp server is messed up, any number of ways
-
moparisthebest
now nothing falls back to the other ones, oops you actually have no redundancy
-
Holger
Should we fall back if everything succeeds up to the bind request?
-
moparisthebest
I think I covered a few such scenarios in my email, I remember the BGP one :P
-
Kev
As I mentioned on list, I think, things can go wrong post-bind too.
-
dwd
Fair warning: I'm going to shut you all up in fifteen for the Council meeting, BTW.
-
Kev
Yay.
-
moparisthebest
yea I don't know the exact point we define as 'no more fallback', it seems clearer on c2s to me than s2s
-
dwd
But if somebody wants to hang about and do the minutes...
-
dwd
(Since you're all here).
-
moparisthebest
but right now it's totally ambiguous/wrong in the RFC
-
SamWhited
Please hang around and do the minutes; live minutes are the best minutes!
-
dwd
I can't do them this time; I'm on a train - and since this train gets into Paddington at 16:30, I'm on a hard stop for the meeting.
-
moparisthebest
but the general council consensus seems to be defining SRV fallback should be new xep?
-
moparisthebest
if so, I'll try to find time to work on that
-
Kev
I think a new XEP seems most appropriate here.
-
moparisthebest
that's fair, will be easiest to work out the details there too
-
SamWhited
Having it in 0368 seems fine to me, but we probably want to work out the details somewhere else first.
-
SamWhited
Since 0368 is in draft.
-
moparisthebest
at a basic level, if you stop at TCP connection, or any place before at least validating the certificate, an attacker controlling a path to any higher priority server can prevent a successful connection, and that's wrong
-
dwd
Oooh, every device I have just told me Council's in ten minutes. How exciting.
-
dwd
SamWhited: I'd actually like to get everything sorted in XEPs, and we'll gather them into an RFC to update RFC 6120. (As in, an RFC that updates, not an RFC that obsoletes, unless the mythic XMPP2 stuff actually happens)
-
SamWhited
That makes sense too
-
SamWhited
We could also combine with 0368 if/when the SRV fallback one goes to draft if it doesn't look like an RFC is going to happen.
-
dwd
It might *even* be worth doing this straight into an Internet Draft... We'd get review from the IETF folks on this. I was chatting to Chris Newman at the weekend about XEP-0368 anyway. (Chris did STARTTLS back in the day, and now leans toward direct TLS).
-
Ge0rG
STARTTLS always felt like a hack to me.
-
Zash
Direct TLS is the hack! :(
-
MattJ
What would you have done at the time?
-
MattJ
HTTPS spent a long time with the IP-per-host situation
-
Ge0rG
MattJ: what HTTPS did. One certificate per IP address.
-
dwd
Ge0rG: There were lots of reasons behind STARTTLS. None of them apply anymore (or the arguments are massively weakened)
-
SamWhited
Direct TLS just makes sense now that everything should be TLS… why use application level protocol negotiation to negotiate something at a lower level in the stack? Just do the lower level thing first, then do the application level thing.
-
Ge0rG
dwd: I know
-
dwd
SamWhited: Sure... But back in the day, there was also Kerberos etc. It's just that now, Kerberos runs over TLS, instead of doing its own crypto.
-
Ge0rG
Now let me get started about how the CA industry and the NSA lobbied us security folks into believing that no security is better than opportunistic security.
-
Ge0rG
Or maybe we skip that for the Council meeting.
-
Kev
'tis time.
-
dwd
'tis time.
-
dwd
So I should warn you all that I'm on a train, therefore on a number of G's hopefully more than 3.
-
dwd
Ouch, lag.
-
Zash
Relativistic G-forces? Ouch indeed
-
Ge0rG
dwd: I can't imagine regular trains exceeding something like 1.5G
-
dwd
1) Roll Call:
-
dwd
I'm for bacon and cheese, myself.
-
Ge0rG
bacon and cheese rolls? I'm in!
-
dwd
SamWhited, daniel?
-
SamWhited
I thought I was supposed to be the one to ask for cheese? We put cheese on (or in) everything.
-
Kev
I'm here, obviously.
-
SamWhited
I guess I'll have to ask for kippers just to even things out.
-
dwd
OK, I don't see daniel but maybe he'll join us later.
-
dwd
2) Advance XEP-0066 to Final
-
Ge0rG
It looks like there was some major resistance to that.
-
Kev
It's not clear to me that we have satisfied the implementation requirements, even ignoring all the other issues onlist :)
-
dwd
I think I'm -1 on this, I don't think it meets the implementation criteria.
-
Kev
So I don't think it even needs a Council vote, I don't think it meets requirements for us to vote.
-
dwd
Votes, please?
-
Kev
But if it did, I'd be -1.
-
Ge0rG
-1
-
Ge0rG
I still think 66 is a good candidate for the "take the best parts and run" approach suggested some Meetings ago
-
dwd
Kev: I'm actually unclear who decides the implementation criteria, so I shall assume that's for us to veto if we believe it doesn't.
-
dwd
SamWhited: Any vote?
-
SamWhited
It seems "good enough" to me, I'm +1. Although with the note that there is a bit of awkwardness and I agree that "take the best parts and run" sounds good too.
-
dwd
3) Advance XEP-0048 to Final
-
Ge0rG
-1
-
dwd
Note there is a competing proposal in bookmarks2, we're voting on that later.
-
dwd
I'm -1 to advance, I'd rather move this to historical again.
-
SamWhited
+1 to freeze 0048 and new work can go into bookmarks2
-
Kev
Again, this wasn't clear that there are two independent implementations of what's specced in this version. Plus assorted issues with it.
-
Kev
(-1)
-
SamWhited
Although I also agree that this could be historical.
-
Ge0rG
SamWhited: freeze as final or as historical?
-
SamWhited
Freeze as in final, but if we want to have a historical vote I'd +1 that either way.
-
dwd
4) Adopt Proposal "Bookmarks 2 (This Time it's Serious)"
-
Ge0rG
I'd like to see where Bookmarks2TTiS leads
-
Kev
Aside: I'd be in favour of revert 48 to iq:private, and make it Historical, and advance bookmarks2 in PIP.
-
SamWhited
+1 assuming "adopt" means "accept as experimental"
-
Kev
+1
-
Ge0rG
+1 to what Sam said
-
dwd
For the record, I'm happy if this changes title, but it'd be good if we changed '48's title at the same time...
-
dwd
ALso +1.
-
dwd
(Obv)
-
Kev
Suggestion: Change 48 to Bookmarks in Private Storage, and change TTiF to Bookmarks in Pubsub or something.
-
Kev
If we want to change titles.
-
SamWhited
I would be -1 to reverting it to private storage.
-
Kev
Even while also changing it to historical (documenting what's in place), when it's what's in place and PIP isn't?
-
dwd
SamWhited: Seems that's what's implemented, mind.
-
dwd
5) XEP-0050 Ad-Hoc Commands: Clarify 'execute' actions equivalence.
-
Kev
There is a fundamental choice her.✎ -
Kev
There is a fundamental choice here. ✏
-
dwd
This is PR #591 by the way.
-
dwd
And there is *also* #598 which competes.
-
Kev
Either change the text to be clear that there's a bad state, which is a clarification, or change the text to be sensible and avoid the bad state.
-
Kev
Flow's is the technically better change, I think, but is a breaking change to xep50.
-
Kev
Mine is just clarifying that if you do something in particular, you're being stupid.
-
dwd
Kev: Breaking in theory or practise?
-
Kev
dwd: This conversation came about because of people doing silly things. So I think in practice.
-
Kev
Although possibly not in an untenable way.
-
Ge0rG
Wouldn't it be better to fix things in practice then?
-
Kev
Ge0rG: Well, that's why my text explains that doing this is broken. Which it always has been, people just don't realise.
-
Kev
I'm -1 on Flow's PR as-is, because I think it needs to explain the breaking change, but I could be persuaded either way on the basic approach. Noting that breaking changes to Draft XEPs we should be trying to avoid.
-
Ge0rG
Kev: if people didn't realize that, they probably never ran into the issue so fixing the XEP to have a better behavior won't make them run into even more things?
-
SamWhited
I'm +1 to flows change, but also agree that an explanation would be useful.
-
Kev
SamWhited: What's the justification here for a breaking change to a Draft XEP?
-
dwd
Hmmm. So I think I'm +1 on one of these, but I'm not sure I care which...
-
Kev
I think I can be persuaded about making the breaking change, but I don't think I am yet.
-
dwd
Kev: I'm not sure what this change is breaking. I mean, it means something works which previously did not.
-
Kev
dwd: It means behaviour will change.
-
Ge0rG
dwd: people following the "new" XEP could run into broken servers
-
dwd
Ge0rG: Ah, good point.
-
Kev
Where previously an illegal state would prevent you doing anything other than cancel, now it'll silently succeed in doing something that it wouldn't before.
-
Ge0rG
so I'm +1 if we add a note similar to what we did in 0045 last week
-
Ge0rG
I'm not insisting on a feature though.
-
dwd
Kev: I think that's a stretch for a claim this is breaking, though.
-
Kev
I think if you change the required behaviour of entities, that's a breaking change.
-
dwd
Yeah, I think I'm +1 on both of these.
-
SamWhited
It seems worth cleaning this up, and since it doesn't seem like it would be the end of the world we might as well do it right.
-
Kev
Oh, wait wait.
-
Kev
I think both PRs might actually be wrong.
-
dwd
I'm waiting.
-
Kev
Because execute is used for setting a default.
-
dwd
You're going to veto your own PR?
-
Kev
So in Flow's case, I think this change means that where it was previously possible to set 'no default', now it forces a default to be set.
-
Kev
And in my case where I claim it's not a legal state, actually it is saying that there's no default action.
-
Kev
Except that's also contradictory.
-
dwd
Hmmmm.
-
Ge0rG
Now I'm completely lost.
-
Kev
Ge0rG: exactly
-
Kev
I propose
-
dwd
So in this case I'll change my vote to no vote, and can you take this to the list.
-
dwd
Anyone voting on this one?
-
Ge0rG
Kev: ELI5 on-list please.
-
Kev
We -1 both of these PRs now, and we each commit to reading this bit of the XEP *in detail* until we understand it properly, and then discuss properly next week.
-
SamWhited
yah, I'll also go on list since this wasn't my understanding
-
SamWhited
I'll re-read and make sure I didn't interpret something wrong.
-
Kev
Because I spent a good chunk of time on this and I think I got it slightly wrong last time.
-
Ge0rG
Kev: feel free to collaborate with flow so that you prepare a single PR :)
-
dwd
Ge0rG: SamWhited: You vetoing or what? I'm completely lost now.
-
Kev
This is a badly defined bit of spec.
-
Kev
I am -1 to both for now.
-
dwd
Kev: Badly specified bit of definition.
-
SamWhited
dwd: I am on list.
-
Ge0rG
dwd: on-list as well
-
dwd
Cool. For the next one too?
-
Ge0rG
Yes.
-
SamWhited
Yes, sorry, for both of these PRs.
-
Kev
Yes, on-list might work for me too, I guess, default to -1 if I don't reply :)
-
Ge0rG
Kev: is that a -0.5?
-
dwd
7) XEP-0223: Add a warning about publish-options support https://github.com/xsf/xeps/pull/608
-
Kev
Peter always liked it when Isode folks disagreed on list. I wonder what he thinks of Isode folks disagreeing with their own PRs :)
-
Kev
+1
-
dwd
This seems like a +1
-
Ge0rG
the PR comes with a notice about making discovery a MUST.
-
Ge0rG
Can we vote on that too?
-
dwd
Kev: I've rejected my own protoXEP once. I think I beat you. (So has Peter, mind)
-
SamWhited
+1
-
Ge0rG
+1
-
Kev
dwd: Yes, but that was a protoXEP, I don't remember anyone doing it for a PR (but might have).
-
Kev
As a note to Editor, PEP needs to change to Pubsub in this PR before merge, I think.
-
Kev
This isn't storing anything in PEP.
-
SamWhited
oh good point; add a note on the PR?
-
jonasw
Kev: put that on the pr please
-
Kev
(Meaning is clear, but terminology is wrong, commenting now)
-
dwd
OK, I'm changing my mind and vetoing - yeah, I prefer MUST check discovery and I'm find with changing it to Pubsub.
-
Kev
I'm fine with just giving a provisional +1 to the PR after SHOULD/MUST and PEP/Pubsub, if that speeds things along.
-
Kev
dwd: You?
-
Ge0rG
dwd: couldn't you "+1 under the following conditions" instead?
-
dwd
Well, probably. But I'll hold a veto on it to make sure it happens. :-)
-
SamWhited
I also prefer MUST, I figured we might as well go ahead and merge this, but if a pr changing the wording can happen quickly that's fine too.
-
dwd
But yeah, I'll change to a +1 the moment the MUST happens.
-
dwd
8) Next Meeting
-
Ge0rG
+1W?
-
dwd
I have a feeling that Europe changes timezone at the weekend, is that right?
-
Zash
Yes
-
Ge0rG
rumors!
-
Kev
Yes, Sunday at 1AM
-
Kev
Which is great news for those of us running a 10K Sunday morning.
-
dwd
Shall we shift it to 1500Z in that case for next week? (Sorry SamWhited).
-
Kev
Yes, please.
-
Ge0rG
So it will "move" to 1700 CEST?
-
dwd
Everyone else in agreement? (Just keeping it at the same time next week for Europeans, and messing Sam about)
-
dwd
Ge0rG: Erm. Yes?
-
SamWhited
I will most likely be getting off the bus at that time, so I'll be late probably
-
Ge0rG
+1
-
SamWhited
15:15Z would probably be better, if we could do that.
-
Kev
That'd work for me next week.
-
dwd
OK, 1515Z then. I'm fine with that.
-
dwd
9) AOB
-
dwd
Hopefully not because we're coming into Paddington.
-
Ge0rG
+1 for 1515Z
-
Ge0rG
I wanted to vote on abolishing Pidgin.
-
dwd
Ge0rG: Hmmm.
-
jonasw
ceterum pidgin delendam esse
-
jonasw
*ceterum censeo
-
dwd
Assuming none, or at least nothing serious...
-
dwd
10) Ite, Meeting Est.
-
dwd
Thanks all.
-
Kev
Thanks all.
-
Ge0rG
I feel cheated now. I was told we can vote on *anything*!
-
dwd
(If nobody else is writing minutes, I'll get to them... eventually.)
-
dwd
Ge0rG: Yes, but not every vote will have any effect...
-
Ge0rG
dwd: sometimes it is purely about the signals we send and not about actual actions.
-
Ge0rG
Thanks, though :)
-
SamWhited
Motion for all XSF business to be conducted in Latin from now on.
-
Ge0rG
Motion to change "Latin" to "Latin-15"✎ -
Ge0rG
Motion to change "Latin" to "Latin-9" ✏
-
moparisthebest
utf-16 with a BOM ?
-
Zash
Motion to deprecate the letter U
-
Zash
No need for U when we have V
-
moparisthebest
ooh can you abolish BOMs
-
Zash
Don't yov agree?
-
Kev
Zash: But we don't have V.
-
Ge0rG
Obligatory reference to http://grammar.ccc.commnet.edu/grammar/twain.htm
-
Kev
(Welsh doesn't have K, V, X or Z)
-
SamWhited
Or vowels, apparently.
-
Ge0rG
Now someone needs to make a cheap pun on the pronunciation of I, U and V.
-
moparisthebest
but re: starttls discussion I missed pre-meeting, it was 100% the correct way to go at the time, in my opinion
-
SamWhited
I love that possibly-Twin thing, I wonder if that was the inspiration for Guy Steel's "Growing a Language" talk (which is fantastic and you should watch it): https://www.youtube.com/watch?v=_ahvzDzKdB0
-
moparisthebest
in fact it seems to me IANA basically required it at the time for port assignments and such?
-
SamWhited
possibly-Twain, even.
-
moparisthebest
and today, it's worse than useless and everything should just be direct TLS, just something that changed meh
-
Ge0rG
moparisthebest: STARTTLS always was a dirty hack. It just happened to be the only viable dirty hack for some years
-
moparisthebest
yes, the only viable and officially IANA/IETF sanctioned hack
-
Dave
I'm actually sitting next to its author now.
-
Dave
Chris recently wrote an I-D saying its time was passed, I think.
-
Zash
Wait wasn't IETF last week? Or is it now?
-
Dave
Now. I'm in the plenary.
-
Zash
My sense of time is weird.
-
Dave
Started last Saturday, mind.
-
moparisthebest
I thought I read that but can't find it now, all I can find is a lone blog post https://www.agwa.name/blog/post/starttls_considered_harmful