XMPP Council - 2020-01-08

’tis time

Let’s get started.

1) Roll Call

Me!

hi

hello

(I’m also going to implement a 1 minute timeout in this session. Unfortunately, my client doesn’t show typing notifications, so if you need more time to write a reply to an open question like "Anything else?", please send a dot or something first.)

that’s a quorum

2) Agenda Bashing

(here too.)

we’ve got a ProtoXEP and the OMEMO thing on the list, is there anything I missed?

also here if needed

Alright, moving on 3) Items for a vote

3a) Proposed XMPP Extension: Special Interests Group End to End Encryption URL: https://xmpp.org/extensions/inbox/sige2ee.html Abstract: This document proposes the formation of a Special Interest Group (SIG) within the XSF devoted to the development of end-to-end encryption within the context of XMPP. ✏

so first of all, it turns out that SIG formations/proposals have their own XEP type, so that’ll have to be adjusted by the editor

And this is approved by Council?

yes

(I wasn't entirely sure about that, and I didn't take the time to look it up properly)

> A Special Interest Group (SIG) is a working group approved by the XMPP Council to address specific areas of growth or concern within the Jabber/XMPP developer community, usually by means of developing and publishing XMPP Extension Protocols (XEPs).

https://xmpp.org/extensions/xep-0002.html

nobody knew, which is why we didn’t vote on this last week

Generally in favour. I had some comments around the second bullet point, but assuming this goes to Experimental before a LC and Active, I'm +1

Also noted in our Bylaws

I’m not sure if this is supposed to be a SIG Formation or a SIG Proposal

Section 8.2

I’m going to be on-list, because the procedure is unclear to me

anyone else who wants to cast votes in this meeting?

Hi! Sorry for being late.

jonas’, which part is unclear?

I did cast a vote.

ralphm, - Is this a SIG Proposal or a SIG Formation? - If SIG Formation, does the XEP need to specify who is part of the SIG leadership? If not, where is this recorded? - Is it even legitimate for a SIG to be open for non-XSF members? (It isn’t for SIG leadership)

3a( +1

ralphm, but I think this isn’t the right venue to figure this out, since all of this should be documented somewhere I can read it. If I’m missing info, I’ll probably head to other council members or board as required.

sorry i haven’t had time to read the final draft; i assuming that i'm going to be +1 ; but on list for now

SIGs are open by nature, however, its leaders must be members

I would assume a SIG Proposal, and needs to be Active for a Formation.

§8.2 of the bylaws says: "Because a SIG is an open forum, participation in a SIG shall not be limited to elected Members of the Corporation, and shall be open to any interested individual. Leadership and direction for a SIG shall be provided by the members (and in particular by the Chair) of the relevant XSF Work Team or the XMPP Council."

dwd, things in the past have used SIG Proposal and SIG Formation type of XEPs

jonas’, Oh.

dwd, see, it’s complicated, and I don’t want to waste time in this meeting while I read up on things :)

I expect the next point to be more contentious.

3b) Do something about the OMEMO XEP Dave suggested that we try to get OMEMO into Rejected state (which may meean moving it via Proposed or asking Board for assistance).

dwd, do you want to summarise what this is about?

I think we have already, but it's not clear that OMEMO can (or, possibly, should) be made Draft.

The "can" relates to whether OMEMO can be implemented without the use of a GPL library. There are people arguing both ways on this.

dwd, though that’s not a strict requirement for Draft, is it?

jonas’, https://xmpp.org/extensions/xep-0001.html#objectives argues otherwise, since GPL would could as an "encumberance".

Can you implement it based on only specifications or not?

As stated on list, I believe that in its current form, this XEP violates Objective 4 of XEP-0001, and can therefore not move forward.

right, true

Any particular license would, in fact.

Zash, I have been told both yes and no.

Ugh

so, I think the ambiguity alone is sufficent

Sufficient to do what?

Indeed, the (legal) ambiguity alone is an "encumbrance".

while normally we don’t require proof (except in form of the IPR) that a protocol is not under any restrictive license, the uncertainty about the signal protocol requires extra proof to let this move forward, IMO

I mean, absolutely not right now, because the specification doesn't reference the libsignal docs. Whether the libsignal docs are sufficient to implement a non-GPL clone of libsignal is the ambiguous question.

and the proof might be hard to bring, since I feel that this is a grey area of copyright law (akin to the still-ongoing API debate between google and oracle) which needs to be fought out over courts, and that’s not a good standing for an open standard

OMEMO lacks a lot of specification / documentation and that is a reason to not move it to Draft. Unfortunately so far, nobody ever tried to gather a conclusive list of what is missing (because everyone just uses libsignal)

(and this is all in addition to the issues with the "shady" practices around this XEP)

copyright lawyering doesn't sound like a job for Council :|

It doesn't.

larma, I know of at least one effort to make a non-GPL client using OMEMO failed with the author deciding it wasn't possible given available information. I know of other people who claim it is, but there is very little evidence either way.

dwd, can you point me their? would like to read/hear reasoning

so my concrete suggestion would be to: - Change XEP-0384 to historical type and lock it update-wise - If the community wants to pursue signal-ish E2EE under the umbrella of the XSF, they need to provide a proper (and I think this time we should require "as few references as possible") document to describe how to do it from basic principles

And on the long-term, we should probably pursue MLS

If an actual protocol specifications would exist, we could point to it, and would have a lot less discussion on hypotheticals. Also, prior legal posturing by the Signal authors doesn't help this situation.

jonas’: sounds sensible

we probably need Boards OK for changing a XEP type after acceptance

ralphm, Do we need Board here?

Wasn't the current version meant to be what amounts to Historical anyways?

jonas’, I think everyone is happy with longterm MLS replacing OMEMO

larma, that’s at least something

don't we have a SIG for that?

I'm not sure how changing to historical is addressing the concern.

Ge0rG, not yet

And SIGs don't have that authority do they

would it make sense to postpone those hairy questions for the SIG?

Ge0rG, I’d rather not until it is clear to me how SIG leadership works.

> Wasn't the current version meant to be what amounts to Historical anyways? iirc that was the intent; but was deemed impossible to switch tracks

ralphm, https://xmpp.org/extensions/xep-0001.html#types-Historical I think historical (while you need to stretch the definition of "before" a bit) fits this quite nicely and would be loopholey enough to look in a different direction when someone talks about objective #4

(to me anyways)

dwd: I think the Editor can change the type at the instruction of Council as long as Council remains its approving body.

SIGs don't have any authority, in principle.

jonas’, I think this spec doesn't meet the definition of historical, and as I mentioned above, I'm not sure how it addresses Objective 4.

Speaking of Board and remits and so on, it may be that violating Objectives is something that only Board can decide anyway, which neatly makes it someone else's problem.

ralphm, my point being: It is clearly unfit for Standards Track, mainly for the license reason. However, it’s worthwhile to document what’s currently going on in the XMPP ecosystem. Especially in the case of OMEMO, which is a PITA when you don’t have it.

I'd happily +1 shuffling this over to Board :)

It doesn’t 100% fit the definition of Historical, but if we want to have this still as a XEP (and I think we should), Historical is probably the best place. Informational may work too, but only if Informational has some type of Deprecated state

it does, so I’d also be fine with Informational+Deprecated

Council itself can perfectly decide on what violates the objectives on its own.

I wouldn't oppose tweaking the definition of Historical

(we’re heading towards the magic :30 mark, and I have a quick AOB, so I’ll terminate this discussion at about :27)

I would object to tweaking our process just to accomodate the fact that people want to have a specification like OMEMO

yeah i also like 'historical' (mostly for what jonas’ said)

I'd be fine with any status that does not make any suggestion that this is a recommended protocol by the XSF.

I'm fine with either Historical or Informational+Deprecated, with a slight preference to the former.

Maybe we also need a blog post explaining the rationale.

IMO, you can 1) decide to not move it forward until the objective is met, e.g. by switching back to the previous protocol or forward to MLS, 2) dismiss the XEP is unacceptable.

Ge0rG, I think daniel volunteered to do that last week

(and again; historical was i believe my original preference before we put in the siacs namespaces; however that wasn’t possible and thus we ended up with the 'compromise' that we have now)

I propose we instruct the Editor to create a patch which: - Moves to Informational - Changes to Deprecated - Adds necessary rewording to make it clear that this is an embedding of the Signal protocol and not a generally preferred and open E2EE scheme

My opinion is that both historical and informational+deprecated don't carry the right message.

I'm not entirely fine with Deprecated while we don't have a replacement

Informational is probably ok

ralphm: Rejected?

Yes

(nor Rejected)

Rejected would work too for me

though technically rejected would have to go through Proposed

I have a feeling that either change will cause contention outside of the XSF membership

arguably dwd proposed it to be rejected, so there's that

What's the message we're sending doing this?

okay, instead of a vote, can we have a quick show of hands from council members: Do you agree that OMEMO as it stands currently should be demoted from its current position and put in a dead end?

pep.: "This isn't the Right Way"

(if we agree on this, we can figure out the specifics later)

> What's the message we're sending doing this? that the xsf doesn’t care about e2ee

pep., that we don't base our standards on libraries

daniel, that, exactly

I'm actually fine with putting it through a Last Call, which would then allow us to declare it counter to the objectives and then Rejected.

that the xsf is hostile towards E2EE

(not objecting the proposed changes; but that is the message)

If you're all fine with this then good for you. I'm not

The XSF likes surveilance!!!11!1eleven /s

In the same blog post, you could mention that we (Dave and I) have reached out to the MLS WG to offer our assistence.

ralphm, so it's ready in 5 years instead of 10?

jonas’: +1 on the general demotion

And in implementations in ~7

if you put it to last call, please make the last call more than 2 weeks so that people have the time to extend the specification to make the whole reason to reject it invalid

jonas’: hand

pep., this is not a great argument. Have you even looked at what's there?

larma, that sohuld happen BEFORE last call

the XEP has been inactive for a looong while

..in the last year or so, actually

okay, we’re running out of time

I see that this clearly needs more discussion. I encourage you to take it to the list or to xsf@.

"hand", BTW.

jonas’, yes, it didn't happen, I agree, but what do we do with all the other XEPs that are not maintained?

ralphm, it's not even a XEP yet. is there even an implementation outside of XMPP at all (that works with proper chat solutions).

4) Date of next

+1w wfm

The XSF is not really a symbol of swiftness

pep., please, outside of this meeting

jonas’, +1

k

pep. indeed swiftness is not a goal, you may disagree, of course

jonas’: +1 +1w

I might be in an overrunning meeting in +1W, so I excuse myself in advance

alright

5) AOB

5a) Editor Mishap Report

I accidentally merged https://github.com/xsf/xeps/pull/870 which should’ve been Needs Author. I reverted the change just before the meeting and published Version 0.4.0 without the changes from #870

this is mostly an FYI

(changing the existing version would be confusing and cover-up-ish, so I decided to instead publish a new one)

related to this, the author asked for XSF / Council feedback on the proposed change.

Ack.

also, what Ge0rG says.

Ge0rG, can you please re-do your MR on top of current master?

Seems like a good fix.

should be as simple as a cherry pick

then you can post to list asking for feedback

Alright, I'll try to do it when I have some more time

Ge0rG, thanks

and since we’re already over time

6) Ite Meeting Est

Thanks everyone

please carry any further technical or procedural discussion about OMEMO to xsf@, where more stakeholders are present and which is more discoverable to the community in general

Thanks jonas’!

Thanks jonas’

Ge0rG> Maybe we also need a blog post explaining the rationale. A disclaimer, potentially linking to the blog post, in xep-omemo would probably be also a good idea

flow, -> xsf@

(where I already proposed that)