XMPP Council - 2019-04-03

  1. debacle has left
  2. lnj has left
  3. lnj has joined
  4. lnj has left
  5. lnj has joined
  6. debacle has joined
  7. lnj has left
  8. lnj has joined
  9. Zash has left
  10. Zash has joined
  11. dwd .
  12. Zash ,
  13. Kev_ has joined
  14. Kev_ There we go. For some reason I can't join with my usual account.
  15. Kev_ I repeat my question that didn't get through six hours ago - do we have agendums? :)
  16. dwd Hello, and no. But I don't think we have any agendums not to have.
  17. Zash Kev_: I think your servers cert expired, but that might be unrelated
  18. Kev_ The account that can't join is isode.com's - I think you mean doomsong's expired?
  19. Zash Kev_: Correct
  20. Kev_ 'tis time?
  21. dwd Tis indeed.
  22. dwd 1) Roll Call
  23. dwd Ge0rG, Link Mauve jonas’ ?
  24. Kev_ Bacon
  25. jonas’ .
  26. dwd Defintely a bacon day for me, as well.
  27. jonas’ tomorrow is bacon day
  28. Link Mauve Hi, I’m here.
  29. Kev_ And I'm sorry for so much absense recently, life has been ... busy.
  30. dwd Kev_, Brown sauce?
  31. Kev_ Only if you're broken.
  32. Kev_ Ketchup all the way.
  33. Kev_ Stokes, if I get the choice.
  34. dwd Kev_, Philistine.
  35. dwd OK, assuming a lack of Ge0rG.
  36. dwd 2) Agenda Bashing
  37. dwd I'm blissfully unaware of anything requiring a vote.
  38. dwd But that is in part because of Stuff Happening, which means I've not really had the time or head-space to go look.
  39. Ge0rG has joined
  40. Ge0rG Hi
  41. jonas’ dwd, I’m not aware of anything either
  42. dwd Awesome.
  43. dwd 3) Matter for a vote [Nothing]
  44. dwd 4) Outstanding Votes
  45. dwd I think everyone's got some.
  46. Kev_ I'd like to gently encourage people to let that 308 PR through, given I think we've more or less got agreement that it's what the XEP intended to say, and future changes don't need to be blocked on this.
  47. Kev_ I think I've got nothing outstanding, and went through everything not-expired the other day, but I could be wrong.
  48. Ge0rG I'd like to hear more voices on 0308 from Council
  49. Link Mauve I’m changing my vote on this one to +1, on the basis that once we reach the MAM companion table we discussed at the Summit, every correction does indeed pertain to the original message and not to a following correction.
  50. dwd Kev_, Did you vote on 412, ATT, and 308? If so I missed these.
  51. jonas’ I need to dig through the huge amount of emails you folks wrote on that. I read many of them, but I still don’t fully get the consequences of either choice
  52. jonas’ but I think there was nothing in it which’d change my +1
  53. Kev_ dwd: I did, yes. I -0d 412, -1d ATT (with justification) and +1d 308.
  54. jonas’ (the +1 I gave last week already)
  55. dwd Ah, yes, I see the email now, Kev_
  56. Ge0rG Kev_: do you have a solution for correction receipts already?
  57. Kev_ On the topic of 412, I'd quite like a serious discussion about the proposal I made yesterday, long before the next year's suite comes into being - maybe an agendum for next week?
  58. dwd Kev_, SOunds good.
  59. dwd I'll move on for now.
  60. dwd 5) AOB
  61. Ge0rG yes, please put that on the Agenda
  62. jonas’ AOB
  63. jonas’ the ominous "things" I’ve been working on go better than I expected them to go, so here’s a glimpse
  64. Kev_ Ge0rG: I'm happy to put some text in there about content vs ephemeral stuff, with the example of receipts, such that you don't put a receipt on for replacing the original, but for a receipt of the correction itself. Which I think addresses everything.
  65. Ge0rG AOB: correction receipts
  66. jonas’ https://sotecware.net/files/noindex/xeptest/xep-0030.html (note that this is not pointing to xmpp.org)
  67. jonas’ after being a little underwhelmed with the readability of our documents on mobile this morning I thought I’d give this a shot
  68. jonas’ this is massively WIP
  69. jonas’ and I found scray^Wwonderful things when looking into the XSL
  70. jonas’ (and I found scrary^Wwonderful things when looking into the XSL)
  71. Ge0rG Kev_: will it also address MAM IDs?
  72. Ge0rG Kev_: and the fact that the most delayed correction "wins"?
  73. dwd Oh, crap. One thing at a time, please.
  74. jonas’ I guess Ge0rG was delayed and so we ran into a race condition
  75. Kev_ Ge0rG: I think so (MAM). I propose you give a tentative +0 or +1 to the PR, with the proviso that it not be merged until a subsequent PR doing receipt etc. stuff is written. For missing corrections, you can't avoid that, I think, if you allow multi-client edits simultaneously.
  76. dwd Ge0rG, Kev_ : Delighted to have a conversation about general 308 improvements, but perhaps taken offline? I don't think it's a Council matter (beyond acknowledging they're coming and approving them when they do)
  77. Kev_ jonas’: What would you like discussed on this?
  78. jonas’ Kev_, I’m just throwing this in here, and I probably could’ve done this right after End-Of-Meeting
  79. Ge0rG dwd: I wanted to hear Council voices in context of the list discussion of 0308 and data vs meta data
  80. Kev_ In that case, I'm supportive of better stylesheets. ALthough not entirely sold on this one yet :)
  81. dwd jonas’, I think giving our XEP rendering a massive overhaul is a good thing, and thoroughly support it. I think you should come up with a proposal with Editor hat on, and run it past members, Council, and probably approval by Board.
  82. jonas’ dwd, that sounds like a reasonable course of action
  83. Kev_ I'm not sure that's even needed, I think Editors could probably come up with something themselves.
  84. Kev_ Discussion is sensible, but I don't see any reason it should need Board approval.
  85. dwd I'm not sure it does, but the decision on whether it needs Board approval probably rests with Board, so...
  86. dwd OK.
  87. Kev_ Nothing in our bylaws suggests that Board owns the styling of the XEP series.
  88. dwd Kev_, No, but nothing in our bylaws suggests anything about the styling of the XEP series.
  89. Kev_ (Although removing idiot Editors does like with Board, IIRC)
  90. dwd In any case, the decision on styling doesn't rest with Council, for sure. :-)
  91. dwd Next: 308 strategy.
  92. Ge0rG +1 to jonas’ for picking up the ball on CSS
  93. Ge0rG is heavily delayed today
  94. Ge0rG (sorry to everyone)
  95. Ge0rG 308 strategy: I've written a very very long mail to standards@ outlinig why I think that correction of correction is superior to multiple competing corrections to one original.
  96. dwd The more I've looked into '308, the more I think this is a bit of a storm in a teacup. A strict interpretation of the rules is pretty difficult, but modulo which message you correct for multiple corrections, I don't think there's much conflict in interop terms, is there?
  97. dwd Ge0rG, I read your message. Not sure I agree - when correcting a message which you don't have twice, you'll still correct the same message either way.
  98. dwd Ge0rG, There's an interesting point over whether a correction of a correction means the original correction (eek) is formally superceded, but I think we're deep into philosophical questions.
  99. Ge0rG dwd: yes. the point is rather about making a sequence of edits from different devices that get reordered
  100. Kev_ I suggest we just implement vector clocks for 308 and be done with it.
  101. dwd Ge0rG, "Doctor, it hurts when I..."?
  102. Ge0rG dwd: I'd like to get philosophy out of the way and make the XEP explain the right way to do it, whatever we as Council decide is more right.
  103. dwd Kev_, That is, in effect, what correcting-the-correction does. But again, I'm nto sure it matters in any practical sense.
  104. Ge0rG if my arguments are considered as unconvincing, and we have wording in the XEP that excludes MAM IDs and receipts from the "all child elements" initial rationale, I'll change to -0
  105. dwd Ge0rG, I'm happy for such clarifications to appear as a new PR, personally. I don't think they alter the need for clarification.
  106. Ge0rG we could also move forward with a spec that supports both ways.
  107. Kev_ I'm convinced that there are race conditions if you edit the same message from multiple devices at once, irrespective of whether you multi-correct one id, or correct a stream of ids.
  108. Kev_ So I think really that's a not entirely unrelated issue, but also not a core issue.
  109. Ge0rG Kev_: yes, but which ID you correct influences how the race condition is resolved
  110. Kev_ Plus, some amount of Dave's "Doctor it hurts when..." does apply.
  111. Kev_ Given we've got three +1s now, I'd go with the compromise of a -0 from Ge0rG in exchange for the MAM ID/Receipt thing, which I'm willing to write.
  112. dwd Cool.
  113. dwd Any Other AOB?
  114. Ge0rG Acceptable.
  115. Ge0rG Thus I Formally Change My Vote on the 0308 PR to -0.
  116. Kev_ Ta. Editor please don't merge it until my follow-up PR is in, to avoid two version pushes :)
  117. Kev_ Well, actually, I don't care, but it'd be more seemly to do it that way.
  118. Ge0rG (it also looks like we lost two council members)
  119. Ge0rG Kev_: we will have to vote on the new PR anyway?
  120. Kev_ I'll try to do various other editorial text cleanups at the same time.
  121. dwd Ge0rG, Attrition via detail.
  122. Kev_ Ge0rG: Yes.
  123. dwd 6) Next Meeting
  124. dwd Next week, same time?
  125. jonas’ I’m still heer
  126. Ge0rG +1W WFM
  127. jonas’ I’m still here
  128. jonas’ +1 wfm
  129. dwd 7) Ite Meeting Est
  130. dwd Thanks all.
  131. Kev_ SBTSBC should work for me, as long as I don't decide to retire so I can spend 6 months constantly playing the Borderlands remaster :)
  132. Ge0rG Kev_: would you also volunteer to remove the full-JID-must-match rule out of 0308?
  133. Ge0rG Ah, the good old times of Borderlands coop.
  134. Kev_ Can we have a distinct discussion on that one, please?
  135. dwd WHat, on Borderlands?
  136. Kev_ Yes. BL1 was awesome and we should have it as AOB.
  137. Kev_ Or even ALB (all the business)
  138. Ge0rG +1
  139. dwd I'd be generally up for a suggestion that Council Meetings should occur on Borderlands.
  140. Ge0rG claptrap will agree.
  141. Kev_ This ATT thing seems to be heavily broken to me. Not just a little bit, but completely.
  142. Ge0rG I think it's not broken per se, it is merely operating under the constraints that were set up by the broken OMEMO
  143. Kev_ Unless I completely don't understand it, it treats a web of trust as completely flat.
  144. Zash Brokenness all the way down
  145. Kev_ Ge0rG: I might be misreading it, but as far as I can see, a revoked device will be re-added across the tree again automatically.
  146. Ge0rG Kev_: it does. That can be fixed by requiring auth messages to be either from your own JID or from the JID that is authenticated (and obviously to cross-check the signing identity with those JIDs)
  147. Kev_ And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre.
  148. Ge0rG Kev_: good point. I was going to complain about a single auth operation merging two meshes into one, and the revocation of that link only removing one device.
  149. Kev_ Yes, only allowing an entity to effectively cross-sign their own devices would help greatly.
  150. dwd Kev_, I don't think it allows that.
  151. Kev_ Although you /still/ have an issue with revoked devices being re-added to the tree.
  152. Ge0rG but your point one-ups that.
  153. Ge0rG also xmpp: URIs in the body payload make my eyes hurt.
  154. Kev_ dwd: I may have completely missed the point where it doesn't. I did find the bit where you can't cross sign my devices for me, but not the bit where you can't Cath's.
  155. dwd Kev_, I think you can have your devices "authenticating" your other devices to your contact, and your contact's device to your other devices.
  156. Ge0rG dwd: yes, but there are no constraints on who may authenticate whose devices.
  157. Kev_ That would be a significant improvement over my reading. I didn't see that.
  158. Ge0rG "who's"?
  159. Kev_ whose, yes.
  160. Ge0rG also there is no strong coupling between devices and JIDs.
  161. Kev_ But I think that even with that, the lack of a chain is broken.
  162. Kev_ Let's assume that the reason you steal someone's device is precisely so you can communicate as them, the first thing you do is cross-sign another key.
  163. Ge0rG And in a cryptographically sane protocol, I'd require a more explicit bond between the signing key and the signed message than the fact that a JID is in the body.
  164. Kev_ The user then revokes the stolen device's key. Oh well, who cares?
  165. Kev_ So this Dot of Trust thing seems to fundamentally not work, to me.
  166. Kev_ I was joking about vector clocks earlier, but in this case something like that seems needed for the sync issues, and trust chains seem needed for the other issue.
  167. dwd "End-to-end encryption is based on the assumption that the devices are not compromised."
  168. dwd That is literally the funniest thing I've ever read.
  169. Zash Hm, I wonder what's most likely, my server gets broken into or I forget my phone somewhere...
  170. Kev_ Zash: You don't even need to forget it. You only need to look away long enough to cross-sign :)
  171. dwd Zash, Device security is pretty good, these days, in fairness.
  172. Kev_ (I realise it isn't technically cross-signing, but the end effect works)
  173. Kev has left
  174. Kev_ has left
  175. Ge0rG cross-signing happens by scanning a QR code, right? What if I pretend that you cross-sign me, but then inject a device-key for your identity through your compromised server?
  176. dwd "I followed the current version of the XEP. Thus, it is possible to implement the XEP by following it." - this would be a lot more convincing if it were not the author of the ProtoXEP writing this...
  177. Ge0rG There are very many mails on the list about ATT, and it is -1, so I feel very inclined to just 'D' the whole thread
  178. Ge0rG also the fact that it involves OMEMO, with which I have a beef of my own.
  179. Ge0rG But maybe the least destructive way forward is to put SEX into the XEP template.
  180. pep. "Kev_> And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre." ATT doesn't allow Dave to tell you anything about Cath's device
  181. Ge0rG pep.: where is that restriction?
  182. Ge0rG Because I am apparently not the only one to have missed it
  183. pep. In the XEP I don't remember, I get my info from the source, and I agree it's confusing and can be improved greatly. The intent of ATT is to authenticate your own devices, and the devices or your contacts (only one hop away from you, as in your contact and all their devices are one hop)
  184. Ge0rG pep.: if Berlin isn't written down, it hasn't happened.
  185. pep. Ge0rG, that's why I sent all of that on the list :)
  186. Ge0rG Damn.
  187. Ge0rG pep.: in the ATT thread?
  188. pep. And as I understand the author is currently replying to all the thread
  189. pep. yeah
  190. pep. This precision that I made above isn't said by me in the list. I only complaining about stuff in the body.
  191. vanitasvitae Yes, I'd also prefer to read your feedback on the list, rather than in this muc where the author isnt even joined, Ge0rG ;)
  192. pep. Also there is another issue with revocation that daniel mentions
  193. Ge0rG vanitasvitae: it would be unwise to send my feedback before reading all the thread.
  194. pep. Not exactly the same as Kev, but similar
  195. pep. Ge0rG, :p
  196. Ge0rG vanitasvitae: and I barely got through the XEP in the last week
  197. pep. Ge0rG, see we're slowly improving in trying to include people that are not in sprints :)
  198. Ge0rG pep.: that's a great thing, although the cynic in me wonders whether this is praise-worthy.
  199. pep. ;)
  200. pep. It's not always easy to stir people that way, they're all excited about actually doing things
  201. vanitasvitae :D
  202. Ge0rG I'm also excited about actually doing things without telling anybody what or why or how.
  203. Ge0rG I think there is a pseudo-medicinal term for that.
  204. Kev has joined
  205. jonas’ xsf@ maybe?
  206. Guus has left
  207. Guus has joined
  208. Remko has joined
  209. Remko has left
  210. Remko has joined
  211. Remko has left
  212. debacle has left
  213. debacle has joined
  214. moparisthebest has left
  215. moparisthebest has joined
  216. lnj has left