XMPP Council - 2021-04-21


  1. jonas’

    1) Roll Call

  2. Zash here

  3. jonas’

  4. daniel

    Hi

  5. Ge0rG

  6. jonas’

    no dwd?

  7. jonas’

    2) Agenda Bashing

  8. jonas’

    crickets!

  9. jonas’

    3) Editor’s Update

  10. jonas’

    nothing unusual

  11. jonas’

    4) Items for Voting

  12. jonas’

    No new items

  13. jonas’

    5) Pending Votes

  14. jonas’

    we need to handle the LCs now

  15. Zash

    Carbons and MAM eh

  16. jonas’

    yep

  17. Kev

    I think MAM needs at least one round of changes, given my review yesterday, but they’re not major.

  18. Kev

    (Jumping ahead because I might not notice when (5) comes up)

  19. Ge0rG

    I think MAM needs at least one round of changes, given my review three weeks ago, but they're rather significant.

  20. jonas’

    Kev, we are already at (5) :)

  21. dwd

    Ah. Sorry, I've been dragged into a meeting.

  22. Zash

    I've looked at past LCs and there's been a lot of back and forth on things

  23. Ge0rG

    The agenda items 2 to 5 all arrived in the same second at my end. Some lag might be involved.

  24. Zash

    <private> vs xep-0334 and whatnot

  25. Ge0rG

    Should we have some separate discussion of the open points of 0280 and of 0313 before casting final votes?

  26. jonas’

    so IMO we should factor out the rules in a standards track document which defines disco#info features. The rules should be called "general routing rules" and versioning should go across all of them, but they may be different for the different "routing" protocols (MAM, Carbons, CSI, Push…)

  27. Zash

    Sounds good.

  28. jonas’

    we can think about the issue that such a living document can never advance beyond Draft later.

  29. Ge0rG

    jonas’: so one namespace for all the routing rules, instead of one namespace per task?

  30. jonas’

    ideally that issue resolves itself with IM-NG

  31. jonas’

    Ge0rG, yes

  32. jonas’

    but I’m not hard-sold on that

  33. Zash

    The base wire protocols are probably good enough and certainly well-deployed by now,..

  34. jonas’

    Zash, exactly

  35. Ge0rG

    What do we do with urn:xmpp:carbons:rules:0?

  36. jonas’

    Ge0rG, make it implicit in urn:xmpp:routing-rules:0

  37. jonas’

    and advertise it for up to routing-rules:N, where N is the revision where the rules for carbons are first changed

  38. Kev

    FWIW, nothing needs factoring out of either 313 or 280 in order for later rules to be defined elsewhere.

  39. Ge0rG

    well, the feature version was just a quirk to get around bumping carbons, so I'm not fighting to death over it

  40. Kev

    (At least, the intention when writing the text in 313 was that a later external feature could be advertised for a concrete set of rules, same as 280)

  41. jonas’

    but again, not hard sold on unifying them; it seemed sensible to me on a quick thought to have that all under a single version umbrella, but especially when we have to adapt (e.g. only) push rules and then have to forklift all features, it seems a bit overkill

  42. jonas’

    yep, separated features are probably waaay better

  43. Zash

    And then compliance suites that point to recommended versions?

  44. Ge0rG

    I'm torn on whether to use my 0313 vote to extort somebody to write down those rules for 0313

  45. jonas’

    Zash, yes

  46. jonas’

    Ge0rG, I get the impression that '313 may be blocked anyway

  47. Kev

    I don’t think 313 is blocked otherwise in a meaningful sense. I.e. I don’t think any changes need another LC.

  48. Ge0rG

    Indeed, even if I were to retract my storage rules requirement, there are still the open questions around MUC in personal MAM and client business rules

  49. Ge0rG

    and of course the bind2 / MAM subscription topic that probably needs to be postponed anyway.

  50. Zash

    Myeah, recommending against storing MUC messages without additional negotiation would probably be good.

  51. Zash

    "additional negotiation" something something MIX I guess

  52. Ge0rG

    against *delivering*

  53. Ge0rG

    backfilling of MIX history on the personal MAM is still an unsolved problem.

  54. Ge0rG

    Given that, I'm solidly -1 on 0313.

  55. jonas’

    noted

  56. jonas’

    how about '280?

  57. Zash

    The <private> thing seems unresolved.

  58. Ge0rG

    Kev addressed the "stripping <private> parts" point and I'd like to get a discussion of Hints

  59. Ge0rG

    My desired way forward would be to remove the stripping requirement, to completely remove Hints, and to Convince Council to go on without a namespace bump.

  60. daniel

    you'd need to convince the authors. not council

  61. Ge0rG

    I'd also rewrite the Mobile Considerations to say the opposite of what it does now, but that's the non-normative part.

  62. Ge0rG

    daniel: given that I'm one of the authors, you can consider it done.

  63. jonas’

    my problem with not bumping the namespace there would be, on a theoretical level, that a client relying on <private/> not being stripped may be owned in one way or another by an old server

  64. Ge0rG

    Still, I've heard some objections from Council members about this suggestion last week

  65. Zash

    Does anything really bad happen in that case?

  66. Ge0rG

    jonas’: you mean by a client relying on <private/> *being* stripped?

  67. jonas’

    Ge0rG, no

  68. Ge0rG

    jonas’: ah, now I get you

  69. jonas’

    if we don’t bump and a new implementation comes along, relying for $importantFeature on <private/> being there, it will be confused when <private/> is *not* there because the server is on old carbons

  70. Ge0rG

    So I'd also add an implementation note.

  71. jonas’

    and then what?

  72. Ge0rG

    jonas’: also there used to be different semantics for stripping <private/> before 2013, https://xmpp.org/extensions/xep-0280.html#revision-history-v0.9

  73. Kev

    urn:xmpp:carbons:doesn't-fuck-with-private:0

  74. Kev

    Is that a pragmatic compromise?

  75. Zash

    Would work I guess?

  76. jonas’

    Kev, would’ve been my next suggestion :)

  77. dwd

    Not a valid URN?

  78. Zash

    doesn&quot;t‽

  79. jonas’

    Ge0rG, wait what

  80. Kev

    It’s in pre-encoded form.

  81. jonas’

    it was changed again?

  82. jonas’

    it was changed already back and forth?

  83. Ge0rG

    jonas’: as I read the log, it was stripped by the *sending* server before

  84. Zash

    <server author hat> I think it does that still?

  85. jonas’

    huh.

  86. Zash

    or what

  87. jonas’

    okay

  88. jonas’

    that makes me think that we should not at all rely on <private/> being there or not being there

  89. jonas’

    too many versions

  90. jonas’

    and adding another change is not going to make it any better

  91. Ge0rG

    So can I move forward with my grand plan?

  92. jonas’

    Ge0rG, no, I think that you should leave <private/> alone

  93. Ge0rG

    jonas’: is that an opinion or a foreshadowed Council vote?

  94. jonas’

    that is an opinion

  95. jonas’

    because I don’t see what good it brings

  96. Ge0rG`

    Sorry, my prosody is stalled

  97. jonas’

    I hope this wasn’t me

  98. Ge0rG`

    Only if you suddenly took over VaxBot

  99. Ge0rG

    jonas’: I think that Kev has a great point about letting the receiving client know that it received a Carbon that won't get delivered to any other resource.

  100. Kev

    I think it’s a not-insignificant security consideration to strip private.

  101. Ge0rG`

    > jonas’: I think that Kev has a great point about letting the receiving client know that it received a Carbon that won't get delivered to any other resource.

  102. Kev

    Letting another user modify my server’s routing rules without telling me does not seem at all safe.

  103. jonas’

    Kev, I agree, but just removing that rule doesn’t mean that anyone can rely on it

  104. Kev

    Thus feature.

  105. jonas’

    Ge0rG`, so you could do it with a feature flag IMO

  106. Kev

    But this isn’t a case of clients relying on it.

  107. Kev

    It’s a case of a user of a server relying on the server not doing questionable things without trace.

  108. Ge0rG`

    But we are also still in Experimental, so it's all not so bad from a protocol point of view. Right?

  109. Ge0rG`

    (from a Council protocol...)

  110. jonas’

    Ge0rG`, yes

  111. Kev

    I would be ok (not that my opinion matters) with removing that (or rather, flipping that to a must not) rule without adding the feature. But adding the feature is cheap, and not without value, so why not.

  112. jonas’

    what Kev says tho

  113. Ge0rG

    Alright, I can live with what Kev says.

  114. jonas’

    then do that please

  115. Ge0rG

    Now what about stripping Hints from the XEP?

  116. jonas’

    do we know how widely implementations rely on that?

  117. Zash

    Do we not like Hints anymore?

  118. Ge0rG

    Ironically, current-0280 requires to strip <private/> but doesn't mention strpping the Hint.

  119. Kev

    I would probably form an opinion on that given time to think, but don’t currently have one on the hop.

  120. jonas’

    Ge0rG, what is the harm of keeping it?

  121. Ge0rG

    jonas’: we are enshrining a protocol that we don't want to keep.

  122. Zash

    We don't?

  123. Ge0rG

    jonas’: there was a version of 0280 that only required adding <private/> and later a version that required adding both <private/> and the Hint.

  124. Ge0rG

    Thus, removing the Hint requirement won't break any compliant implementations.

  125. Ge0rG

    I dislike the inconsistency of https://xmpp.org/extensions/xep-0280.html#avoiding

  126. jonas’

    section 9 reads very confusing

  127. jonas’

    > The sending client MAY exclude a <message/> from being forwarded to other Carbons-enabled resources, by adding a <private/> element qualified by the namespace "urn:xmpp:carbons:2" and a <no-copy/> hint as described in Message Processing Hints (XEP-0334) [8] as child elements of the <message/> stanza.

  128. jonas’

    the sending client is not excluding anything, protocol wise

  129. jonas’

    and then the enumeration just goes on as if it was on the same side of the contract ... very weird

  130. jonas’

    Ge0rG, put that on your list of things to fix please

  131. Ge0rG

    jonas’: I'd improve the wording while removing Hints.

  132. jonas’

    if

  133. jonas’

    if *both* are currently required, we can remove hints without damage indeed

  134. Ge0rG

    jonas’: that's what the XEP says, right?

  135. jonas’

    yep

  136. jonas’

    I think

  137. jonas’

    I mean I think the XEP makes no statement at all about that in the text as written because of that wording weirdness, but the intent is clear

  138. Ge0rG

    Yes, that's also my reading of it

  139. daniel

    The concept of private messages is out dated anyway. I think a variant version of carbons todo wouldn't even have it

  140. Ge0rG

    daniel: what about OTR?

  141. daniel

    Yes

  142. jonas’

    "out dated"

  143. daniel

    My point exactly

  144. Kev

    Private goes away in IMNG, I think, but I’m not sure until then.

  145. daniel

    Otr was the only thing that used it

  146. Ge0rG

    Kev: but it goes away because we introduce a different mechanism to route a message just to a single specific resource, right?

  147. daniel

    And even otrv3 technically didn't event need it

  148. Kev

    Ge0rG: Right.

  149. Ge0rG

    So just the XML element goes away, not the semantics.

  150. Kev

    The new syntax for sending just to one resource becomes to=‘fulljid’ :D

  151. Ge0rG

    Unless we decide that we do not have any more need to route messages just to a single resource.

  152. jonas’

    okay

  153. jonas’

    we’re a bit over time at this point

  154. jonas’

    Ge0rG, do you need any further input?

  155. Ge0rG

    But I'm pretty sure we will have some use for that in IOT or PubSub events

  156. Ge0rG

    jonas’: no.

  157. jonas’

    excellent

  158. jonas’

    6) Date of Next

  159. jonas’

    +1w wfm

  160. Ge0rG

    Is the CVE PR applied already? :D

  161. jonas’

    (waking up Zash and dwd )

  162. daniel

    +1w wfm

  163. Zash

    +1w wfm

  164. Ge0rG

    +1W WFM, but the following two weeks I'm going to be on vacation (from the computer screen)

  165. jonas’

    Ge0rG, good for you!

  166. jonas’

    7) AOB

  167. jonas’

    skipped because time

  168. jonas’

    8) Ite Meeting Est

  169. Ge0rG

    But but but AOB!

  170. Zash

    no aob for you

  171. jonas’

    Ge0rG, no, not yet, please bring it to the list because there was controversy around that in xsf@ and I’d like to have some rough consensus

  172. Ge0rG

    Also nobody cast their votes on 0280

  173. jonas’

    Thanks everyone

  174. Ge0rG

    so this makes another failed LC, right?

  175. jonas’

    Ge0rG, right, forgot, I wanted to ask

  176. jonas’

    9) Ite Meeting Un-Est

  177. jonas’

    votes on '280?

  178. jonas’

    I imagine you’ll want to veto

  179. daniel

    +0

  180. Ge0rG

    +1 with all the discussed changes applied.

  181. Zash

    -1 until the <private> thing has consensus and is resolved

  182. jonas’

    following Zash here

  183. jonas’

    (changing my +1)

  184. Ge0rG

    Zash: how do you imagine consensus happening here?

  185. daniel

    I don't think it matters what label we put on a very flawed but de facto draft xep

  186. jonas’

    10) Ite Meeting Est for real

  187. jonas’

    Thanks everyone

  188. jonas’

    (gotta run, need to prepare for being reaallly quick in 15 minutes)

  189. Zash

    Ge0rG: apply the changes discussed. I've ran out of coffee, can't think anymore.

  190. Ge0rG

    Alright. I'll PR and then ask for another LC.

  191. Zash

    and ... '313 is ..?

  192. jonas’

    vetoed

  193. Ge0rG

    Zash: vetoed by me

  194. Zash

    check

  195. Ge0rG

    I've been naughty.

  196. Zash

    Very well then