XMPP Council - 2019-04-03


  1. dwd

    .

  2. Zash

    ,

  3. Kev_

    There we go. For some reason I can't join with my usual account.

  4. Kev_

    I repeat my question that didn't get through six hours ago - do we have agendums? :)

  5. dwd

    Hello, and no. But I don't think we have any agendums not to have.

  6. Zash

    Kev_: I think your servers cert expired, but that might be unrelated

  7. Kev_

    The account that can't join is isode.com's - I think you mean doomsong's expired?

  8. Zash

    Kev_: Correct

  9. Kev_

    'tis time?

  10. dwd

    Tis indeed.

  11. dwd

    1) Roll Call

  12. dwd

    Ge0rG, Link Mauve jonas’ ?

  13. Kev_

    Bacon

  14. jonas’

    .

  15. dwd

    Defintely a bacon day for me, as well.

  16. jonas’

    tomorrow is bacon day

  17. Link Mauve

    Hi, I’m here.

  18. Kev_

    And I'm sorry for so much absense recently, life has been ... busy.

  19. dwd

    Kev_, Brown sauce?

  20. Kev_

    Only if you're broken.

  21. Kev_

    Ketchup all the way.

  22. Kev_

    Stokes, if I get the choice.

  23. dwd

    Kev_, Philistine.

  24. dwd

    OK, assuming a lack of Ge0rG.

  25. dwd

    2) Agenda Bashing

  26. dwd

    I'm blissfully unaware of anything requiring a vote.

  27. dwd

    But that is in part because of Stuff Happening, which means I've not really had the time or head-space to go look.

  28. Ge0rG

    Hi

  29. jonas’

    dwd, I’m not aware of anything either

  30. dwd

    Awesome.

  31. dwd

    3) Matter for a vote [Nothing]

  32. dwd

    4) Outstanding Votes

  33. dwd

    I think everyone's got some.

  34. Kev_

    I'd like to gently encourage people to let that 308 PR through, given I think we've more or less got agreement that it's what the XEP intended to say, and future changes don't need to be blocked on this.

  35. Kev_

    I think I've got nothing outstanding, and went through everything not-expired the other day, but I could be wrong.

  36. Ge0rG

    I'd like to hear more voices on 0308 from Council

  37. Link Mauve

    I’m changing my vote on this one to +1, on the basis that once we reach the MAM companion table we discussed at the Summit, every correction does indeed pertain to the original message and not to a following correction.

  38. dwd

    Kev_, Did you vote on 412, ATT, and 308? If so I missed these.

  39. jonas’

    I need to dig through the huge amount of emails you folks wrote on that. I read many of them, but I still don’t fully get the consequences of either choice

  40. jonas’

    but I think there was nothing in it which’d change my +1

  41. Kev_

    dwd: I did, yes. I -0d 412, -1d ATT (with justification) and +1d 308.

  42. jonas’

    (the +1 I gave last week already)

  43. dwd

    Ah, yes, I see the email now, Kev_

  44. Ge0rG

    Kev_: do you have a solution for correction receipts already?

  45. Kev_

    On the topic of 412, I'd quite like a serious discussion about the proposal I made yesterday, long before the next year's suite comes into being - maybe an agendum for next week?

  46. dwd

    Kev_, SOunds good.

  47. dwd

    I'll move on for now.

  48. dwd

    5) AOB

  49. Ge0rG

    yes, please put that on the Agenda

  50. jonas’

    AOB

  51. jonas’

    the ominous "things" I’ve been working on go better than I expected them to go, so here’s a glimpse

  52. Kev_

    Ge0rG: I'm happy to put some text in there about content vs ephemeral stuff, with the example of receipts, such that you don't put a receipt on for replacing the original, but for a receipt of the correction itself. Which I think addresses everything.

  53. Ge0rG

    AOB: correction receipts

  54. jonas’

    https://sotecware.net/files/noindex/xeptest/xep-0030.html (note that this is not pointing to xmpp.org)

  55. jonas’

    after being a little underwhelmed with the readability of our documents on mobile this morning I thought I’d give this a shot

  56. jonas’

    this is massively WIP

  57. jonas’

    and I found scray^Wwonderful things when looking into the XSL

  58. jonas’

    (and I found scrary^Wwonderful things when looking into the XSL)

  59. Ge0rG

    Kev_: will it also address MAM IDs?

  60. Ge0rG

    Kev_: and the fact that the most delayed correction "wins"?

  61. dwd

    Oh, crap. One thing at a time, please.

  62. jonas’

    I guess Ge0rG was delayed and so we ran into a race condition

  63. Kev_

    Ge0rG: I think so (MAM). I propose you give a tentative +0 or +1 to the PR, with the proviso that it not be merged until a subsequent PR doing receipt etc. stuff is written. For missing corrections, you can't avoid that, I think, if you allow multi-client edits simultaneously.

  64. dwd

    Ge0rG, Kev_ : Delighted to have a conversation about general 308 improvements, but perhaps taken offline? I don't think it's a Council matter (beyond acknowledging they're coming and approving them when they do)

  65. Kev_

    jonas’: What would you like discussed on this?

  66. jonas’

    Kev_, I’m just throwing this in here, and I probably could’ve done this right after End-Of-Meeting

  67. Ge0rG

    dwd: I wanted to hear Council voices in context of the list discussion of 0308 and data vs meta data

  68. Kev_

    In that case, I'm supportive of better stylesheets. ALthough not entirely sold on this one yet :)

  69. dwd

    jonas’, I think giving our XEP rendering a massive overhaul is a good thing, and thoroughly support it. I think you should come up with a proposal with Editor hat on, and run it past members, Council, and probably approval by Board.

  70. jonas’

    dwd, that sounds like a reasonable course of action

  71. Kev_

    I'm not sure that's even needed, I think Editors could probably come up with something themselves.

  72. Kev_

    Discussion is sensible, but I don't see any reason it should need Board approval.

  73. dwd

    I'm not sure it does, but the decision on whether it needs Board approval probably rests with Board, so...

  74. dwd

    OK.

  75. Kev_

    Nothing in our bylaws suggests that Board owns the styling of the XEP series.

  76. dwd

    Kev_, No, but nothing in our bylaws suggests anything about the styling of the XEP series.

  77. Kev_

    (Although removing idiot Editors does like with Board, IIRC)

  78. dwd

    In any case, the decision on styling doesn't rest with Council, for sure. :-)

  79. dwd

    Next: 308 strategy.

  80. Ge0rG

    +1 to jonas’ for picking up the ball on CSS

  81. Ge0rG is heavily delayed today

  82. Ge0rG

    (sorry to everyone)

  83. Ge0rG

    308 strategy: I've written a very very long mail to standards@ outlinig why I think that correction of correction is superior to multiple competing corrections to one original.

  84. dwd

    The more I've looked into '308, the more I think this is a bit of a storm in a teacup. A strict interpretation of the rules is pretty difficult, but modulo which message you correct for multiple corrections, I don't think there's much conflict in interop terms, is there?

  85. dwd

    Ge0rG, I read your message. Not sure I agree - when correcting a message which you don't have twice, you'll still correct the same message either way.

  86. dwd

    Ge0rG, There's an interesting point over whether a correction of a correction means the original correction (eek) is formally superceded, but I think we're deep into philosophical questions.

  87. Ge0rG

    dwd: yes. the point is rather about making a sequence of edits from different devices that get reordered

  88. Kev_

    I suggest we just implement vector clocks for 308 and be done with it.

  89. dwd

    Ge0rG, "Doctor, it hurts when I..."?

  90. Ge0rG

    dwd: I'd like to get philosophy out of the way and make the XEP explain the right way to do it, whatever we as Council decide is more right.

  91. dwd

    Kev_, That is, in effect, what correcting-the-correction does. But again, I'm nto sure it matters in any practical sense.

  92. Ge0rG

    if my arguments are considered as unconvincing, and we have wording in the XEP that excludes MAM IDs and receipts from the "all child elements" initial rationale, I'll change to -0

  93. dwd

    Ge0rG, I'm happy for such clarifications to appear as a new PR, personally. I don't think they alter the need for clarification.

  94. Ge0rG

    we could also move forward with a spec that supports both ways.

  95. Kev_

    I'm convinced that there are race conditions if you edit the same message from multiple devices at once, irrespective of whether you multi-correct one id, or correct a stream of ids.

  96. Kev_

    So I think really that's a not entirely unrelated issue, but also not a core issue.

  97. Ge0rG

    Kev_: yes, but which ID you correct influences how the race condition is resolved

  98. Kev_

    Plus, some amount of Dave's "Doctor it hurts when..." does apply.

  99. Kev_

    Given we've got three +1s now, I'd go with the compromise of a -0 from Ge0rG in exchange for the MAM ID/Receipt thing, which I'm willing to write.

  100. dwd

    Cool.

  101. dwd

    Any Other AOB?

  102. Ge0rG

    Acceptable.

  103. Ge0rG

    Thus I Formally Change My Vote on the 0308 PR to -0.

  104. Kev_

    Ta. Editor please don't merge it until my follow-up PR is in, to avoid two version pushes :)

  105. Kev_

    Well, actually, I don't care, but it'd be more seemly to do it that way.

  106. Ge0rG

    (it also looks like we lost two council members)

  107. Ge0rG

    Kev_: we will have to vote on the new PR anyway?

  108. Kev_

    I'll try to do various other editorial text cleanups at the same time.

  109. dwd

    Ge0rG, Attrition via detail.

  110. Kev_

    Ge0rG: Yes.

  111. dwd

    6) Next Meeting

  112. dwd

    Next week, same time?

  113. jonas’

    I’m still heer

  114. Ge0rG

    +1W WFM

  115. jonas’

    I’m still here

  116. jonas’

    +1 wfm

  117. dwd

    7) Ite Meeting Est

  118. dwd

    Thanks all.

  119. Kev_

    SBTSBC should work for me, as long as I don't decide to retire so I can spend 6 months constantly playing the Borderlands remaster :)

  120. Ge0rG

    Kev_: would you also volunteer to remove the full-JID-must-match rule out of 0308?

  121. Ge0rG

    Ah, the good old times of Borderlands coop.

  122. Kev_

    Can we have a distinct discussion on that one, please?

  123. dwd

    WHat, on Borderlands?

  124. Kev_

    Yes. BL1 was awesome and we should have it as AOB.

  125. Kev_

    Or even ALB (all the business)

  126. Ge0rG

    +1

  127. dwd

    I'd be generally up for a suggestion that Council Meetings should occur on Borderlands.

  128. Ge0rG

    claptrap will agree.

  129. Kev_

    This ATT thing seems to be heavily broken to me. Not just a little bit, but completely.

  130. Ge0rG

    I think it's not broken per se, it is merely operating under the constraints that were set up by the broken OMEMO

  131. Kev_

    Unless I completely don't understand it, it treats a web of trust as completely flat.

  132. Zash

    Brokenness all the way down

  133. Kev_

    Ge0rG: I might be misreading it, but as far as I can see, a revoked device will be re-added across the tree again automatically.

  134. Ge0rG

    Kev_: it does. That can be fixed by requiring auth messages to be either from your own JID or from the JID that is authenticated (and obviously to cross-check the signing identity with those JIDs)

  135. Kev_

    And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre.

  136. Ge0rG

    Kev_: good point. I was going to complain about a single auth operation merging two meshes into one, and the revocation of that link only removing one device.

  137. Kev_

    Yes, only allowing an entity to effectively cross-sign their own devices would help greatly.

  138. dwd

    Kev_, I don't think it allows that.

  139. Kev_

    Although you /still/ have an issue with revoked devices being re-added to the tree.

  140. Ge0rG

    but your point one-ups that.

  141. Ge0rG

    also xmpp: URIs in the body payload make my eyes hurt.

  142. Kev_

    dwd: I may have completely missed the point where it doesn't. I did find the bit where you can't cross sign my devices for me, but not the bit where you can't Cath's.

  143. dwd

    Kev_, I think you can have your devices "authenticating" your other devices to your contact, and your contact's device to your other devices.

  144. Ge0rG

    dwd: yes, but there are no constraints on who may authenticate whose devices.

  145. Kev_

    That would be a significant improvement over my reading. I didn't see that.

  146. Ge0rG

    "who's"?

  147. Kev_

    whose, yes.

  148. Ge0rG

    also there is no strong coupling between devices and JIDs.

  149. Kev_

    But I think that even with that, the lack of a chain is broken.

  150. Kev_

    Let's assume that the reason you steal someone's device is precisely so you can communicate as them, the first thing you do is cross-sign another key.

  151. Ge0rG

    And in a cryptographically sane protocol, I'd require a more explicit bond between the signing key and the signed message than the fact that a JID is in the body.

  152. Kev_

    The user then revokes the stolen device's key. Oh well, who cares?

  153. Kev_

    So this Dot of Trust thing seems to fundamentally not work, to me.

  154. Kev_

    I was joking about vector clocks earlier, but in this case something like that seems needed for the sync issues, and trust chains seem needed for the other issue.

  155. dwd

    "End-to-end encryption is based on the assumption that the devices are not compromised."

  156. dwd

    That is literally the funniest thing I've ever read.

  157. Zash

    Hm, I wonder what's most likely, my server gets broken into or I forget my phone somewhere...

  158. Kev_

    Zash: You don't even need to forget it. You only need to look away long enough to cross-sign :)

  159. dwd

    Zash, Device security is pretty good, these days, in fairness.

  160. Kev_

    (I realise it isn't technically cross-signing, but the end effect works)

  161. Ge0rG

    cross-signing happens by scanning a QR code, right? What if I pretend that you cross-sign me, but then inject a device-key for your identity through your compromised server?

  162. dwd

    "I followed the current version of the XEP. Thus, it is possible to implement the XEP by following it." - this would be a lot more convincing if it were not the author of the ProtoXEP writing this...

  163. Ge0rG

    There are very many mails on the list about ATT, and it is -1, so I feel very inclined to just 'D' the whole thread

  164. Ge0rG

    also the fact that it involves OMEMO, with which I have a beef of my own.

  165. Ge0rG

    But maybe the least destructive way forward is to put SEX into the XEP template.

  166. pep.

    "Kev_> And the idea that I know that Dave's device belongs to Dave being enough for Dave to be able to authenticate Cath's devices is bizzarre." ATT doesn't allow Dave to tell you anything about Cath's device

  167. Ge0rG

    pep.: where is that restriction?

  168. Ge0rG

    Because I am apparently not the only one to have missed it

  169. pep.

    In the XEP I don't remember, I get my info from the source, and I agree it's confusing and can be improved greatly. The intent of ATT is to authenticate your own devices, and the devices or your contacts (only one hop away from you, as in your contact and all their devices are one hop)

  170. Ge0rG

    pep.: if Berlin isn't written down, it hasn't happened.

  171. pep.

    Ge0rG, that's why I sent all of that on the list :)

  172. Ge0rG

    Damn.

  173. Ge0rG

    pep.: in the ATT thread?

  174. pep.

    And as I understand the author is currently replying to all the thread

  175. pep.

    yeah

  176. pep.

    This precision that I made above isn't said by me in the list. I only complaining about stuff in the body.

  177. vanitasvitae

    Yes, I'd also prefer to read your feedback on the list, rather than in this muc where the author isnt even joined, Ge0rG ;)

  178. pep.

    Also there is another issue with revocation that daniel mentions

  179. Ge0rG

    vanitasvitae: it would be unwise to send my feedback before reading all the thread.

  180. pep.

    Not exactly the same as Kev, but similar

  181. pep.

    Ge0rG, :p

  182. Ge0rG

    vanitasvitae: and I barely got through the XEP in the last week

  183. pep.

    Ge0rG, see we're slowly improving in trying to include people that are not in sprints :)

  184. Ge0rG

    pep.: that's a great thing, although the cynic in me wonders whether this is praise-worthy.

  185. pep.

    ;)

  186. pep.

    It's not always easy to stir people that way, they're all excited about actually doing things

  187. vanitasvitae

    :D

  188. Ge0rG

    I'm also excited about actually doing things without telling anybody what or why or how.

  189. Ge0rG

    I think there is a pseudo-medicinal term for that.

  190. jonas’

    xsf@ maybe?