- debacle has left
- lnj has left
- lnj has joined
- lnj has left
- lnj has joined
- debacle has joined
- lnj has left
- lnj has joined
- Zash has left
- Zash has joined
-
dwd
.
-
Zash
,
- Kev_ has joined
-
Kev_
There we go. For some reason I can't join with my usual account.
-
Kev_
I repeat my question that didn't get through six hours ago - do we have agendums? :)
-
dwd
Hello, and no. But I don't think we have any agendums not to have.
-
Zash
Kev_: I think your servers cert expired, but that might be unrelated
-
Kev_
The account that can't join is isode.com's - I think you mean doomsong's expired?
-
Zash
Kev_: Correct
-
Kev_
'tis time?
-
dwd
Tis indeed.
-
dwd
1) Roll Call
-
dwd
Ge0rG, Link Mauve jonas’ ?
-
Kev_
Bacon
-
jonas’
.
-
dwd
Defintely a bacon day for me, as well.
-
jonas’
tomorrow is bacon day
-
Link Mauve
Hi, I’m here.
-
Kev_
And I'm sorry for so much absense recently, life has been ... busy.
-
dwd
Kev_, Brown sauce?
-
Kev_
Only if you're broken.
-
Kev_
Ketchup all the way.
-
Kev_
Stokes, if I get the choice.
-
dwd
Kev_, Philistine.
-
dwd
OK, assuming a lack of Ge0rG.
-
dwd
2) Agenda Bashing
-
dwd
I'm blissfully unaware of anything requiring a vote.
-
dwd
But that is in part because of Stuff Happening, which means I've not really had the time or head-space to go look.
- Ge0rG has joined
-
Ge0rG
Hi
-
jonas’
dwd, I’m not aware of anything either
-
dwd
Awesome.
-
dwd
3) Matter for a vote [Nothing]
-
dwd
4) Outstanding Votes
-
dwd
I think everyone's got some.
-
Kev_
I'd like to gently encourage people to let that 308 PR through, given I think we've more or less got agreement that it's what the XEP intended to say, and future changes don't need to be blocked on this.
-
Kev_
I think I've got nothing outstanding, and went through everything not-expired the other day, but I could be wrong.
-
Ge0rG
I'd like to hear more voices on 0308 from Council
-
Link Mauve
I’m changing my vote on this one to +1, on the basis that once we reach the MAM companion table we discussed at the Summit, every correction does indeed pertain to the original message and not to a following correction.
-
dwd
Kev_, Did you vote on 412, ATT, and 308? If so I missed these.
-
jonas’
I need to dig through the huge amount of emails you folks wrote on that. I read many of them, but I still don’t fully get the consequences of either choice
-
jonas’
but I think there was nothing in it which’d change my +1
-
Kev_
dwd: I did, yes. I -0d 412, -1d ATT (with justification) and +1d 308.
-
jonas’
(the +1 I gave last week already)
-
dwd
Ah, yes, I see the email now, Kev_
-
Ge0rG
Kev_: do you have a solution for correction receipts already?
-
Kev_
On the topic of 412, I'd quite like a serious discussion about the proposal I made yesterday, long before the next year's suite comes into being - maybe an agendum for next week?
-
dwd
Kev_, SOunds good.
-
dwd
I'll move on for now.
-
dwd
5) AOB
-
Ge0rG
yes, please put that on the Agenda
-
jonas’
AOB
-
jonas’
the ominous "things" I’ve been working on go better than I expected them to go, so here’s a glimpse
-
Kev_
Ge0rG: I'm happy to put some text in there about content vs ephemeral stuff, with the example of receipts, such that you don't put a receipt on for replacing the original, but for a receipt of the correction itself. Which I think addresses everything.
-
Ge0rG
AOB: correction receipts
-
jonas’
https://sotecware.net/files/noindex/xeptest/xep-0030.html (note that this is not pointing to xmpp.org)
-
jonas’
after being a little underwhelmed with the readability of our documents on mobile this morning I thought I’d give this a shot
-
jonas’
this is massively WIP
-
jonas’
and I found scray^Wwonderful things when looking into the XSL✎ -
jonas’
(and I found scrary^Wwonderful things when looking into the XSL) ✏
-
Ge0rG
Kev_: will it also address MAM IDs?
-
Ge0rG
Kev_: and the fact that the most delayed correction "wins"?
-
dwd
Oh, crap. One thing at a time, please.
-
jonas’
I guess Ge0rG was delayed and so we ran into a race condition
-
Kev_
Ge0rG: I think so (MAM). I propose you give a tentative +0 or +1 to the PR, with the proviso that it not be merged until a subsequent PR doing receipt etc. stuff is written. For missing corrections, you can't avoid that, I think, if you allow multi-client edits simultaneously.
-
dwd
Ge0rG, Kev_ : Delighted to have a conversation about general 308 improvements, but perhaps taken offline? I don't think it's a Council matter (beyond acknowledging they're coming and approving them when they do)
-
Kev_
jonas’: What would you like discussed on this?
-
jonas’
Kev_, I’m just throwing this in here, and I probably could’ve done this right after End-Of-Meeting
-
Ge0rG
dwd: I wanted to hear Council voices in context of the list discussion of 0308 and data vs meta data
-
Kev_
In that case, I'm supportive of better stylesheets. ALthough not entirely sold on this one yet :)
-
dwd
jonas’, I think giving our XEP rendering a massive overhaul is a good thing, and thoroughly support it. I think you should come up with a proposal with Editor hat on, and run it past members, Council, and probably approval by Board.
-
jonas’
dwd, that sounds like a reasonable course of action
-
Kev_
I'm not sure that's even needed, I think Editors could probably come up with something themselves.
-
Kev_
Discussion is sensible, but I don't see any reason it should need Board approval.
-
dwd
I'm not sure it does, but the decision on whether it needs Board approval probably rests with Board, so...
-
dwd
OK.
-
Kev_
Nothing in our bylaws suggests that Board owns the styling of the XEP series.
-
dwd
Kev_, No, but nothing in our bylaws suggests anything about the styling of the XEP series.
-
Kev_
(Although removing idiot Editors does like with Board, IIRC)
-
dwd
In any case, the decision on styling doesn't rest with Council, for sure. :-)
-
dwd
Next: 308 strategy.
-
Ge0rG
+1 to jonas’ for picking up the ball on CSS
- Ge0rG is heavily delayed today
-
Ge0rG
(sorry to everyone)
-
Ge0rG
308 strategy: I've written a very very long mail to standards@ outlinig why I think that correction of correction is superior to multiple competing corrections to one original.
-
dwd
The more I've looked into '308, the more I think this is a bit of a storm in a teacup. A strict interpretation of the rules is pretty difficult, but modulo which message you correct for multiple corrections, I don't think there's much conflict in interop terms, is there?
-
dwd
Ge0rG, I read your message. Not sure I agree - when correcting a message which you don't have twice, you'll still correct the same message either way.
-
dwd
Ge0rG, There's an interesting point over whether a correction of a correction means the original correction (eek) is formally superceded, but I think we're deep into philosophical questions.
-
Ge0rG
dwd: yes. the point is rather about making a sequence of edits from different devices that get reordered
-
Kev_
I suggest we just implement vector clocks for 308 and be done with it.
-
dwd
Ge0rG, "Doctor, it hurts when I..."?
-
Ge0rG
dwd: I'd like to get philosophy out of the way and make the XEP explain the right way to do it, whatever we as Council decide is more right.
-
dwd
Kev_, That is, in effect, what correcting-the-correction does. But again, I'm nto sure it matters in any practical sense.
-
Ge0rG
if my arguments are considered as unconvincing, and we have wording in the XEP that excludes MAM IDs and receipts from the "all child elements" initial rationale, I'll change to -0
-
dwd
Ge0rG, I'm happy for such clarifications to appear as a new PR, personally. I don't think they alter the need for clarification.
-
Ge0rG
we could also move forward with a spec that supports both ways.
-
Kev_
I'm convinced that there are race conditions if you edit the same message from multiple devices at once, irrespective of whether you multi-correct one id, or correct a stream of ids.
-
Kev_
So I think really that's a not entirely unrelated issue, but also not a core issue.
-
Ge0rG
Kev_: yes, but which ID you correct influences how the race condition is resolved
-
Kev_
Plus, some amount of Dave's "Doctor it hurts when..." does apply.
-
Kev_
Given we've got three +1s now, I'd go with the compromise of a -0 from Ge0rG in exchange for the MAM ID/Receipt thing, which I'm willing to write.
-
dwd
Cool.
-
dwd
Any Other AOB?
-
Ge0rG
Acceptable.
-
Ge0rG
Thus I Formally Change My Vote on the 0308 PR to -0.
-
Kev_
Ta. Editor please don't merge it until my follow-up PR is in, to avoid two version pushes :)
-
Kev_
Well, actually, I don't care, but it'd be more seemly to do it that way.
-
Ge0rG
(it also looks like we lost two council members)
-
Ge0rG
Kev_: we will have to vote on the new PR anyway?
-
Kev_
I'll try to do various other editorial text cleanups at the same time.
-
dwd
Ge0rG, Attrition via detail.
-
Kev_
Ge0rG: Yes.
-
dwd
6) Next Meeting
-
dwd
Next week, same time?
-
jonas’
I’m still heer✎ -
Ge0rG
+1W WFM
-
jonas’
I’m still here ✏
-
jonas’
+1 wfm
-
dwd
7) Ite Meeting Est
-
dwd
Thanks all.
-
Kev_
SBTSBC should work for me, as long as I don't decide to retire so I can spend 6 months constantly playing the Borderlands remaster :)
-
Ge0rG
Kev_: would you also volunteer to remove the full-JID-must-match rule out of 0308?
-
Ge0rG
Ah, the good old times of Borderlands coop.
-
Kev_
Can we have a distinct discussion on that one, please?
-
dwd
WHat, on Borderlands?
-
Kev_
Yes. BL1 was awesome and we should have it as AOB.
-
Kev_
Or even ALB (all the business)
-
Ge0rG
+1
-
dwd
I'd be generally up for a suggestion that Council Meetings should occur on Borderlands.
-
Ge0rG
claptrap will agree.
-
Kev_
This ATT thing seems to be heavily broken to me. Not just a little bit, but completely.
-
Ge0rG
I think it's not broken per se, it is merely operating under the constraints that were set up by the broken OMEMO
-
Kev_
Unless I completely don't understand it, it treats a web of trust as completely flat.
-
Zash
Brokenness all the way down
-
Kev_
Ge0rG: I might be misreading it, but as far as I can see, a revoked device will be re-added across the tree again automatically.
-
Ge0rG
Kev_: it does. That can be fixed by requiring auth messages to be either from your own JID or from the JID that is authenticated (and obviously to cross-check the signing identity with those JIDs)
-
Kev_
And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre.
-
Ge0rG
Kev_: good point. I was going to complain about a single auth operation merging two meshes into one, and the revocation of that link only removing one device.
-
Kev_
Yes, only allowing an entity to effectively cross-sign their own devices would help greatly.
-
dwd
Kev_, I don't think it allows that.
-
Kev_
Although you /still/ have an issue with revoked devices being re-added to the tree.
-
Ge0rG
but your point one-ups that.
-
Ge0rG
also xmpp: URIs in the body payload make my eyes hurt.
-
Kev_
dwd: I may have completely missed the point where it doesn't. I did find the bit where you can't cross sign my devices for me, but not the bit where you can't Cath's.
-
dwd
Kev_, I think you can have your devices "authenticating" your other devices to your contact, and your contact's device to your other devices.
-
Ge0rG
dwd: yes, but there are no constraints on who may authenticate whose devices.
-
Kev_
That would be a significant improvement over my reading. I didn't see that.
-
Ge0rG
"who's"?
-
Kev_
whose, yes.
-
Ge0rG
also there is no strong coupling between devices and JIDs.
-
Kev_
But I think that even with that, the lack of a chain is broken.
-
Kev_
Let's assume that the reason you steal someone's device is precisely so you can communicate as them, the first thing you do is cross-sign another key.
-
Ge0rG
And in a cryptographically sane protocol, I'd require a more explicit bond between the signing key and the signed message than the fact that a JID is in the body.
-
Kev_
The user then revokes the stolen device's key. Oh well, who cares?
-
Kev_
So this Dot of Trust thing seems to fundamentally not work, to me.
-
Kev_
I was joking about vector clocks earlier, but in this case something like that seems needed for the sync issues, and trust chains seem needed for the other issue.
-
dwd
"End-to-end encryption is based on the assumption that the devices are not compromised."
-
dwd
That is literally the funniest thing I've ever read.
-
Zash
Hm, I wonder what's most likely, my server gets broken into or I forget my phone somewhere...
-
Kev_
Zash: You don't even need to forget it. You only need to look away long enough to cross-sign :)
-
dwd
Zash, Device security is pretty good, these days, in fairness.
-
Kev_
(I realise it isn't technically cross-signing, but the end effect works)
- Kev has left
- Kev_ has left
-
Ge0rG
cross-signing happens by scanning a QR code, right? What if I pretend that you cross-sign me, but then inject a device-key for your identity through your compromised server?
-
dwd
"I followed the current version of the XEP. Thus, it is possible to implement the XEP by following it." - this would be a lot more convincing if it were not the author of the ProtoXEP writing this...
-
Ge0rG
There are very many mails on the list about ATT, and it is -1, so I feel very inclined to just 'D' the whole thread
-
Ge0rG
also the fact that it involves OMEMO, with which I have a beef of my own.
-
Ge0rG
But maybe the least destructive way forward is to put SEX into the XEP template.
-
pep.
"Kev_> And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre." ATT doesn't allow Dave to tell you anything about Cath's device
-
Ge0rG
pep.: where is that restriction?
-
Ge0rG
Because I am apparently not the only one to have missed it
-
pep.
In the XEP I don't remember, I get my info from the source, and I agree it's confusing and can be improved greatly. The intent of ATT is to authenticate your own devices, and the devices or your contacts (only one hop away from you, as in your contact and all their devices are one hop)
-
Ge0rG
pep.: if Berlin isn't written down, it hasn't happened.
-
pep.
Ge0rG, that's why I sent all of that on the list :)
-
Ge0rG
Damn.
-
Ge0rG
pep.: in the ATT thread?
-
pep.
And as I understand the author is currently replying to all the thread
-
pep.
yeah
-
pep.
This precision that I made above isn't said by me in the list. I only complaining about stuff in the body.
-
vanitasvitae
Yes, I'd also prefer to read your feedback on the list, rather than in this muc where the author isnt even joined, Ge0rG ;)
-
pep.
Also there is another issue with revocation that daniel mentions
-
Ge0rG
vanitasvitae: it would be unwise to send my feedback before reading all the thread.
-
pep.
Not exactly the same as Kev, but similar
-
pep.
Ge0rG, :p
-
Ge0rG
vanitasvitae: and I barely got through the XEP in the last week
-
pep.
Ge0rG, see we're slowly improving in trying to include people that are not in sprints :)
-
Ge0rG
pep.: that's a great thing, although the cynic in me wonders whether this is praise-worthy.
-
pep.
;)
-
pep.
It's not always easy to stir people that way, they're all excited about actually doing things
-
vanitasvitae
:D
-
Ge0rG
I'm also excited about actually doing things without telling anybody what or why or how.
-
Ge0rG
I think there is a pseudo-medicinal term for that.
- Kev has joined
-
jonas’
xsf@ maybe?
- Guus has left
- Guus has joined
- Remko has joined
- Remko has left
- Remko has joined
- Remko has left
- debacle has left
- debacle has joined
- moparisthebest has left
- moparisthebest has joined
- lnj has left
- debacle has left
- lnj has left
- lnj has joined
- lnj has left
- lnj has joined
- debacle has joined
- lnj has left
- lnj has joined
- Zash has left
- Zash has joined
- Kev_ has joined
- Ge0rG has joined
- Kev has left
- Kev_ has left
- Kev has joined
- Guus has left
- Guus has joined
- Remko has joined
- Remko has left
- Remko has joined
- Remko has left
- debacle has left
- debacle has joined
- moparisthebest has left
- moparisthebest has joined
- lnj has left