XMPP Council - 2020-02-26

heads up, work and public transport hate my scheduling today. I might run a few minutes late. Feel free to start without me, I'll join. Ideally, I'll at least be on my phone when 1600Z strikes

will be on time

Just got home and sat down

kind of did the same

1) Roll Call

Here

dwd?

assuming that dwd will appear, moving on

(we have quorum either way)

2) Agenda Bashing

anything to add?

probably not

We need shorter agendas in the future

3) Editor’s Update - ProtoXEP: Extended Channel Search - Expired calls: CFE on XEP-0198, CFE on XEP-0368, LC on XEP-0398 - Calls in progress: - LC: XEP-0402 (PEP Native Bookmarks), ends: 2020-03-03 - CFE: XEP-0066 (Out of Band Data), ends: 2020-03-10 - LC: XEP-0429 (Special Interests Group End to End Encryption), ends: 2020-03-10

(note the LC which came in after I sent the email yesterday)

4) Items for a Vote

4a) Decide on advancement of XEP-0398 Title: User Avatar to vCard-Based Avatars Conversion URL: https://xmpp.org/extensions/xep-0398.html Abstract: This specification describes a method for using PEP based avatars and vCard based avatars in parallel by having the user’s server do a conversion between the two. ✏

I would like to see changes on the Security Considerations section before this moves on. Since we need to touch normative language, I guess it’s better to handle this in Experimental

Some PEP access questions came up, it would make sense to consider those first

so -1 from my side, with the intent of having someone™ fix this; so no rejection, just back to Experimental for fixes ✏

-1 as well due to that

Yes I'm fine with updating the pep stuff on relative short notice

We can restart next week or so

sounds like a plan

-1 (I agree with jonas’ )

Hiya folks, sorry for being late.

-1

that’s massively Veto’d then

next:

I can add another veto if you want. :-)

dwd, would be great for formal reasons :)

4b) Decide on advancement of XEP-0198 Title: Stream Management URL: https://xmpp.org/extensions/xep-0198.html Abstract: This specification defines an XMPP protocol extension for active management of an XML stream between two XMPP entities, including features for stanza acknowledgements and stream resumption. (The CFE ends today, so be sure to send in your feedback if you haven’t already.)

-1, for the reasons stated by others.

dwd: can you also add more veto reasons?

I am on-list, because I haven’t been able to catch up on the thread yet

I'm not sure regarding 0198. It's doing its job great, except for the unclear resume host connection mechanism

For XEP-0198, I noted a comment from - I think - MattJ on S2S I've yet to consider. But it's fair to say that 198 on S2S is under specified at best.

Ge0rG, s2s?

we have zero s2s implementations, do we?

So we want actual experience with s2s 0198?

question is whether that even allows us to move it forward

-1. I think I (and others) brought up vaild but fixable concerns

on-list, haven't read that thread yet

jonas’, I honestly don't know. None were explicitly mentioned.

jonas’, Which itself is a procedural reason for not advancing.

So as such, given the lack of clarity there, I'll be -1 on this.

indeed

mod_smacks for Prosody does support 198 on s2s, but it's disabled by default and I don't think anyone ever enabled it

no resumption tho

Zash, Right, unclear what resumption would do for S2S.

resending stanzas which weren’t acked?

jonas’, Depends if they weren't already bounced.

mmm

okay, that’s a rabbit hole we shouldn’t go down in this context

Quite.

moving on

so -1 then

4c) Deviced on advancement of XEP-0368 Title: SRV records for XMPP over TLS URL: https://xmpp.org/extensions/xep-0368.html Abstract: This specification defines a procedure to look up xmpps-client/xmpps-server SRV records (for direct TLS connections) in addition to xmpp-client/xmpp-server and mix weights/priorities.

(I promised to make some changes to XEP-0368, mostly clerical, but one SHOULD to a MAY)

I am -1 on 4c, since there need to be some changes made

-1 on 4c as well, I liked the proposed wording

on-list

On list. I'm not caught up on that

I'll take "I promised to make some changes" as a "update coming", so -1 for now.

I think that leaving this to clients is good, because right now, priorizing DirectTLS over STARTSSL will add an RTT on servers without DirectTLS SRV records

I'm also unclear on ALPN implementation.

Oh, and this reminds me - I have AOB, jonas’

alright, changes will happen here, so moving on

dwd, noted

4d) Proposed XMPP Extension: Extended Channel Search URL: https://xmpp.org/extensions/inbox/extended-channel-search.html Abstract: This specification provides a standardised protocol to search for public group chats. In contrast to XEP-0030 (Service Discovery), it works across multiple domains and in contrast to XEP-0055 (Jabber Search) it more clearly handles extensibility.

Unsurprisingly, I’m +1 on that one.

+1

+1

+1

I have issues with that, mainly regarding the discoverability of whether the service is a local search for the given host domain or a proxy

+1

Ge0rG, me too, I intend to fix those in Experimental

excellent, next

4e) Authorship of XEP-0044 Title: Full Namespace Support for XML Streams Abstract: A description of the use of namespaces within Jabber.

jonas’, was this the one mentioning something about 0004? I didn't see it

Zash, yes, in the Design Considerations section

I would like to take authorship of XEP-0044, polish it, add namespaced attributes and a stream feature to it and bring it back on Track ✏

I tried to contact the author already, but neither did I get a reply nor can I find the sent mail, so maybe I didn’t

ah, it’s stuck in my clients outbox

I motion that jonas’ re-sends that email, and if no response happens within of 14d, he may take over authorship

resent it now, so we should probably move that agendum ✏

alright

5) Outstanding Votes

I think Zash still has one pending on Trust Messages

(noting that we are on two +1 and two ±0 at the moment)

(expires in +1w)

+1 then

alright, done

6) Date of Next

+1w wfm, though I might both be late and have to leave on time. Meeting at work before, burgers afterwards.

I'm going to miss +1W

+1w WFM.

so if someone volunteered to chair (I’ll send an agenda, of course) that’d be great

+1w fwm

+1w wfm

jonas’: maybe you should announce AOB first

can do that

let’s hope someone will be there next week to chair then ;)

7) AOB

dwd had some, so mic to you

Yeah...

So XEP-0001 says that to move to Final, a spec needs two implementations, etc.

But we're not clear if that means that every optional part needs implementing, and we're not clear on whether this might be one client and one server.

true

I've always just assumed that we demand the same levels as the IETF, which would be 2xClient and 2xServer covering all optional parts.

That sounds sensible

So Pubsub and MUC will never be Final?

Does anyone think this is important enough to specify properly in XEP-0001, and does anyone have any views on this?

(who implements everything?)

dwd, that indeed sounds sensible

pep.: zinid does?

pep., The idea would be that a spec moving to Final either gets the weird bits nobody actually does removed, or at least moved to a different XEP.

and ..... highly unlikely to ever apply to MUC and PubSub, indeed.

dwd: it's a good idea. Somebody™ should make it happen!

yay 1 server implementation, 3 to go

In practice the number of implementations never seems to be an issue

then there are odd xeps like 368, where there are 3 parts, 1 client, and 2 server, all servers implemented 1 of them before 368, but I'm not sure we have 2 impls of the 2nd part

daniel, in practice, we haven’t tried to Final '45 yet ;)

daniel, Normally, no - specs are either widely implemented or not at all.

dwd, if you prepare a patch for '1, can you remind me to update the CFE template to specifically instruct to mention pieces which were left out in the implementation?

moparisthebest, ALPN support in XEP-0368 would be an interesting case in point, actually.

jonas’, Yes, happy to do that.

either way, in this non-vote, I’m +1 to making this clear in '1 and to adhere to IETF standards

So consensus is that I'll take this on, pen some text, get agreement on lists and prepare a patch for this and CFE template?

needs to be sanctioned by board either way

dwd, yes

OK, will do.

Clarification is good.

dwd, that's true also, I was more meaning all servers supported listening for TLS on c2s, but how many 1) listen on TLS for s2s 2) connect TLS for s2s

I think maybe just your Metre ?

moparisthebest, And Openfire - I think Guus did it there anyway.

Prosody can if you enable port multiplexing

Listen, not connect tho.

Anyway, that's me done, jonas’

anyone else any AOB?

None here

My usual meta-oob comes and goes.

we’re running out of time either way

Ge0rG, I’m not sure which one that would be, does it fit in 30s?

jonas’: of course not. It's about persistence of message errors.

ew, right

then:

As a closing note, I’d like to encourage all Council members to read up and potentially advance on this thread: https://mail.jabber.org/pipermail/standards/2020-January/036870.html

Or rather, that is one of three or so meta-OOBs that I have around

And with that:

8) Ite Meeting Est

thank you all

thank you, Tedd

thank you, jonas’

Thanks all

Ge0rG, Didn't I handle persisting message errors somewhere in XEP-0427?

(at some point, when Tedd eventually disappears into the magic cloud of dust they must’ve come from, council chairs will still say that in the hopes to summon minutes.) ✏

> The second form, "full", presents every message stanza in the results, including all fastenings, errors, and so on.

dwd: I don't think that's normative.

jonas’: it will be one of those arcane procedures nobody knows the reasons for

Ge0rG, That is normative. It's a statement of fact. I can put MUST somewhere to clarify though.

dwd: my point is: I want that to be explicit and well-visible to all developers

and not part of a very new XEP that is still being rewritten

Ge0rG, Sure. I need to do a fairly extensive pass over that spec; I'll make it clear that an implication of supporting the spec for servers is that they need to store everything inclusing errors.

dwd: still, I'd like to keep that separate

Ge0rG, Split out "simplified" and "full" from XEP-0427?

dwd: split out "you MUST store message errors in MAM and Carbon-copy them everywhere" ✏

> moparisthebest, And Openfire - I think Guus did it there anyway. Yes, but has a bug.

buggy implementations probably still count as implementations? :) good to know though

Guus, does openfire do ALPN at all?

ALPN support seems far more widespread today than just a few years ago when XEP-0368 was written, thanks http/2 I guess!

moparisthebest: don't think so. Seem to recall it was not supported in java 8

java unsupported-for-over-a-year-now ? yea probably not :)

looks like it's been supported since Java 9 though, and 13 is the only supported version of java, until next month when 14 will be

I think it is in newer versions, but Openfire retains compatibility with older Java ✏

Conversations was the first impl and it always supported ALPN, Gajim I think supports ALPN, I don't think Dino does but not sure anymore

jonas’, does aioxmpp ?

moparisthebest, I don’t think so

oh it does

*can* it? (does python let you?)

oh cool

if the PyOpenSSL version is recent enough

anything that supports http2 supports ALPN so that should be fairly widespread at this point

and it’ll log a warning if DirectTLS is attempted and PyOpenSSL doesn’t support ALPN

https://github.com/horazont/aioxmpp/blob/devel/aioxmpp/connector.py#L296-L307

that's also where it gets hairy, server-side alpn support, probably most servers don't but then it's not the xmpp server's job to proxy to nginx or whatever

nginx and sslh both support this though, probably haproxy and others too

"support" or "implementations" is hard to define

I think in this case it means that the server side mustn’t break if the client attempts xmpp-related ALPN in a standard-conformant way ✏

yep and that's always been true even when servers just supported "legacy ssl" before 368

they didn't recognize the TLS extension and just ignored it