XMPP Council - 2019-04-03

.

,

There we go. For some reason I can't join with my usual account.

I repeat my question that didn't get through six hours ago - do we have agendums? :)

Hello, and no. But I don't think we have any agendums not to have.

Kev_: I think your servers cert expired, but that might be unrelated

The account that can't join is isode.com's - I think you mean doomsong's expired?

Kev_: Correct

'tis time?

Tis indeed.

1) Roll Call

Ge0rG, Link Mauve jonas’ ?

Bacon

.

Defintely a bacon day for me, as well.

tomorrow is bacon day

Hi, I’m here.

And I'm sorry for so much absense recently, life has been ... busy.

Kev_, Brown sauce?

Only if you're broken.

Ketchup all the way.

Stokes, if I get the choice.

Kev_, Philistine.

OK, assuming a lack of Ge0rG.

2) Agenda Bashing

I'm blissfully unaware of anything requiring a vote.

But that is in part because of Stuff Happening, which means I've not really had the time or head-space to go look.

Hi

dwd, I’m not aware of anything either

Awesome.

3) Matter for a vote [Nothing]

4) Outstanding Votes

I think everyone's got some.

I'd like to gently encourage people to let that 308 PR through, given I think we've more or less got agreement that it's what the XEP intended to say, and future changes don't need to be blocked on this.

I think I've got nothing outstanding, and went through everything not-expired the other day, but I could be wrong.

I'd like to hear more voices on 0308 from Council

I’m changing my vote on this one to +1, on the basis that once we reach the MAM companion table we discussed at the Summit, every correction does indeed pertain to the original message and not to a following correction.

Kev_, Did you vote on 412, ATT, and 308? If so I missed these.

I need to dig through the huge amount of emails you folks wrote on that. I read many of them, but I still don’t fully get the consequences of either choice

but I think there was nothing in it which’d change my +1

dwd: I did, yes. I -0d 412, -1d ATT (with justification) and +1d 308.

(the +1 I gave last week already)

Ah, yes, I see the email now, Kev_

Kev_: do you have a solution for correction receipts already?

On the topic of 412, I'd quite like a serious discussion about the proposal I made yesterday, long before the next year's suite comes into being - maybe an agendum for next week?

Kev_, SOunds good.

I'll move on for now.

5) AOB

yes, please put that on the Agenda

AOB

the ominous "things" I’ve been working on go better than I expected them to go, so here’s a glimpse

Ge0rG: I'm happy to put some text in there about content vs ephemeral stuff, with the example of receipts, such that you don't put a receipt on for replacing the original, but for a receipt of the correction itself. Which I think addresses everything.

AOB: correction receipts

https://sotecware.net/files/noindex/xeptest/xep-0030.html (note that this is not pointing to xmpp.org)

after being a little underwhelmed with the readability of our documents on mobile this morning I thought I’d give this a shot

this is massively WIP

(and I found scrary^Wwonderful things when looking into the XSL) ✏

Kev_: will it also address MAM IDs?

Kev_: and the fact that the most delayed correction "wins"?

Oh, crap. One thing at a time, please.

I guess Ge0rG was delayed and so we ran into a race condition

Ge0rG: I think so (MAM). I propose you give a tentative +0 or +1 to the PR, with the proviso that it not be merged until a subsequent PR doing receipt etc. stuff is written. For missing corrections, you can't avoid that, I think, if you allow multi-client edits simultaneously.

Ge0rG, Kev_ : Delighted to have a conversation about general 308 improvements, but perhaps taken offline? I don't think it's a Council matter (beyond acknowledging they're coming and approving them when they do)

jonas’: What would you like discussed on this?

Kev_, I’m just throwing this in here, and I probably could’ve done this right after End-Of-Meeting

dwd: I wanted to hear Council voices in context of the list discussion of 0308 and data vs meta data

In that case, I'm supportive of better stylesheets. ALthough not entirely sold on this one yet :)

jonas’, I think giving our XEP rendering a massive overhaul is a good thing, and thoroughly support it. I think you should come up with a proposal with Editor hat on, and run it past members, Council, and probably approval by Board.

dwd, that sounds like a reasonable course of action

I'm not sure that's even needed, I think Editors could probably come up with something themselves.

Discussion is sensible, but I don't see any reason it should need Board approval.

I'm not sure it does, but the decision on whether it needs Board approval probably rests with Board, so...

OK.

Nothing in our bylaws suggests that Board owns the styling of the XEP series.

Kev_, No, but nothing in our bylaws suggests anything about the styling of the XEP series.

(Although removing idiot Editors does like with Board, IIRC)

In any case, the decision on styling doesn't rest with Council, for sure. :-)

Next: 308 strategy.

+1 to jonas’ for picking up the ball on CSS

(sorry to everyone)

308 strategy: I've written a very very long mail to standards@ outlinig why I think that correction of correction is superior to multiple competing corrections to one original.

The more I've looked into '308, the more I think this is a bit of a storm in a teacup. A strict interpretation of the rules is pretty difficult, but modulo which message you correct for multiple corrections, I don't think there's much conflict in interop terms, is there?

Ge0rG, I read your message. Not sure I agree - when correcting a message which you don't have twice, you'll still correct the same message either way.

Ge0rG, There's an interesting point over whether a correction of a correction means the original correction (eek) is formally superceded, but I think we're deep into philosophical questions.

dwd: yes. the point is rather about making a sequence of edits from different devices that get reordered

I suggest we just implement vector clocks for 308 and be done with it.

Ge0rG, "Doctor, it hurts when I..."?

dwd: I'd like to get philosophy out of the way and make the XEP explain the right way to do it, whatever we as Council decide is more right.

Kev_, That is, in effect, what correcting-the-correction does. But again, I'm nto sure it matters in any practical sense.

if my arguments are considered as unconvincing, and we have wording in the XEP that excludes MAM IDs and receipts from the "all child elements" initial rationale, I'll change to -0

Ge0rG, I'm happy for such clarifications to appear as a new PR, personally. I don't think they alter the need for clarification.

we could also move forward with a spec that supports both ways.

I'm convinced that there are race conditions if you edit the same message from multiple devices at once, irrespective of whether you multi-correct one id, or correct a stream of ids.

So I think really that's a not entirely unrelated issue, but also not a core issue.

Kev_: yes, but which ID you correct influences how the race condition is resolved

Plus, some amount of Dave's "Doctor it hurts when..." does apply.

Given we've got three +1s now, I'd go with the compromise of a -0 from Ge0rG in exchange for the MAM ID/Receipt thing, which I'm willing to write.

Cool.

Any Other AOB?

Acceptable.

Thus I Formally Change My Vote on the 0308 PR to -0.

Ta. Editor please don't merge it until my follow-up PR is in, to avoid two version pushes :)

Well, actually, I don't care, but it'd be more seemly to do it that way.

(it also looks like we lost two council members)

Kev_: we will have to vote on the new PR anyway?

I'll try to do various other editorial text cleanups at the same time.

Ge0rG, Attrition via detail.

Ge0rG: Yes.

6) Next Meeting

Next week, same time?

+1W WFM

I’m still here ✏

+1 wfm

7) Ite Meeting Est

Thanks all.

SBTSBC should work for me, as long as I don't decide to retire so I can spend 6 months constantly playing the Borderlands remaster :)

Kev_: would you also volunteer to remove the full-JID-must-match rule out of 0308?

Ah, the good old times of Borderlands coop.

Can we have a distinct discussion on that one, please?

WHat, on Borderlands?

Yes. BL1 was awesome and we should have it as AOB.

Or even ALB (all the business)

+1

I'd be generally up for a suggestion that Council Meetings should occur on Borderlands.

claptrap will agree.

This ATT thing seems to be heavily broken to me. Not just a little bit, but completely.

I think it's not broken per se, it is merely operating under the constraints that were set up by the broken OMEMO

Unless I completely don't understand it, it treats a web of trust as completely flat.

Brokenness all the way down

Ge0rG: I might be misreading it, but as far as I can see, a revoked device will be re-added across the tree again automatically.

Kev_: it does. That can be fixed by requiring auth messages to be either from your own JID or from the JID that is authenticated (and obviously to cross-check the signing identity with those JIDs)

And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre.

Kev_: good point. I was going to complain about a single auth operation merging two meshes into one, and the revocation of that link only removing one device.

Yes, only allowing an entity to effectively cross-sign their own devices would help greatly.

Kev_, I don't think it allows that.

Although you /still/ have an issue with revoked devices being re-added to the tree.

but your point one-ups that.

also xmpp: URIs in the body payload make my eyes hurt.

dwd: I may have completely missed the point where it doesn't. I did find the bit where you can't cross sign my devices for me, but not the bit where you can't Cath's.

Kev_, I think you can have your devices "authenticating" your other devices to your contact, and your contact's device to your other devices.

dwd: yes, but there are no constraints on who may authenticate whose devices.

That would be a significant improvement over my reading. I didn't see that.

"who's"?

whose, yes.

also there is no strong coupling between devices and JIDs.

But I think that even with that, the lack of a chain is broken.

Let's assume that the reason you steal someone's device is precisely so you can communicate as them, the first thing you do is cross-sign another key.

And in a cryptographically sane protocol, I'd require a more explicit bond between the signing key and the signed message than the fact that a JID is in the body.

The user then revokes the stolen device's key. Oh well, who cares?

So this Dot of Trust thing seems to fundamentally not work, to me.

I was joking about vector clocks earlier, but in this case something like that seems needed for the sync issues, and trust chains seem needed for the other issue.

"End-to-end encryption is based on the assumption that the devices are not compromised."

That is literally the funniest thing I've ever read.

Hm, I wonder what's most likely, my server gets broken into or I forget my phone somewhere...

Zash: You don't even need to forget it. You only need to look away long enough to cross-sign :)

Zash, Device security is pretty good, these days, in fairness.

(I realise it isn't technically cross-signing, but the end effect works)

cross-signing happens by scanning a QR code, right? What if I pretend that you cross-sign me, but then inject a device-key for your identity through your compromised server?

"I followed the current version of the XEP. Thus, it is possible to implement the XEP by following it." - this would be a lot more convincing if it were not the author of the ProtoXEP writing this...

There are very many mails on the list about ATT, and it is -1, so I feel very inclined to just 'D' the whole thread

also the fact that it involves OMEMO, with which I have a beef of my own.

But maybe the least destructive way forward is to put SEX into the XEP template.

"Kev_> And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre." ATT doesn't allow Dave to tell you anything about Cath's device

pep.: where is that restriction?

Because I am apparently not the only one to have missed it

In the XEP I don't remember, I get my info from the source, and I agree it's confusing and can be improved greatly. The intent of ATT is to authenticate your own devices, and the devices or your contacts (only one hop away from you, as in your contact and all their devices are one hop)

pep.: if Berlin isn't written down, it hasn't happened.

Ge0rG, that's why I sent all of that on the list :)

Damn.

pep.: in the ATT thread?

And as I understand the author is currently replying to all the thread

yeah

This precision that I made above isn't said by me in the list. I only complaining about stuff in the body.

Yes, I'd also prefer to read your feedback on the list, rather than in this muc where the author isnt even joined, Ge0rG ;)

Also there is another issue with revocation that daniel mentions

vanitasvitae: it would be unwise to send my feedback before reading all the thread.

Not exactly the same as Kev, but similar

Ge0rG, :p

vanitasvitae: and I barely got through the XEP in the last week

Ge0rG, see we're slowly improving in trying to include people that are not in sprints :)

pep.: that's a great thing, although the cynic in me wonders whether this is praise-worthy.

;)

It's not always easy to stir people that way, they're all excited about actually doing things

:D

I'm also excited about actually doing things without telling anybody what or why or how.

I think there is a pseudo-medicinal term for that.

xsf@ maybe?