XMPP Council - 2021-04-21

1) Roll Call

Hi

no dwd?

2) Agenda Bashing

crickets!

3) Editor’s Update

nothing unusual

4) Items for Voting

No new items

5) Pending Votes

we need to handle the LCs now

Carbons and MAM eh

yep

I think MAM needs at least one round of changes, given my review yesterday, but they’re not major.

(Jumping ahead because I might not notice when (5) comes up)

I think MAM needs at least one round of changes, given my review three weeks ago, but they're rather significant.

Kev, we are already at (5) :)

Ah. Sorry, I've been dragged into a meeting.

I've looked at past LCs and there's been a lot of back and forth on things

The agenda items 2 to 5 all arrived in the same second at my end. Some lag might be involved.

<private> vs xep-0334 and whatnot

Should we have some separate discussion of the open points of 0280 and of 0313 before casting final votes?

so IMO we should factor out the rules in a standards track document which defines disco#info features. The rules should be called "general routing rules" and versioning should go across all of them, but they may be different for the different "routing" protocols (MAM, Carbons, CSI, Push…)

Sounds good.

we can think about the issue that such a living document can never advance beyond Draft later.

jonas’: so one namespace for all the routing rules, instead of one namespace per task?

ideally that issue resolves itself with IM-NG

Ge0rG, yes

but I’m not hard-sold on that

The base wire protocols are probably good enough and certainly well-deployed by now,..

Zash, exactly

What do we do with urn:xmpp:carbons:rules:0?

Ge0rG, make it implicit in urn:xmpp:routing-rules:0

and advertise it for up to routing-rules:N, where N is the revision where the rules for carbons are first changed

FWIW, nothing needs factoring out of either 313 or 280 in order for later rules to be defined elsewhere.

well, the feature version was just a quirk to get around bumping carbons, so I'm not fighting to death over it

(At least, the intention when writing the text in 313 was that a later external feature could be advertised for a concrete set of rules, same as 280)

but again, not hard sold on unifying them; it seemed sensible to me on a quick thought to have that all under a single version umbrella, but especially when we have to adapt (e.g. only) push rules and then have to forklift all features, it seems a bit overkill

yep, separated features are probably waaay better

And then compliance suites that point to recommended versions?

I'm torn on whether to use my 0313 vote to extort somebody to write down those rules for 0313

Zash, yes

Ge0rG, I get the impression that '313 may be blocked anyway

I don’t think 313 is blocked otherwise in a meaningful sense. I.e. I don’t think any changes need another LC.

Indeed, even if I were to retract my storage rules requirement, there are still the open questions around MUC in personal MAM and client business rules

and of course the bind2 / MAM subscription topic that probably needs to be postponed anyway.

Myeah, recommending against storing MUC messages without additional negotiation would probably be good.

"additional negotiation" something something MIX I guess

against *delivering*

backfilling of MIX history on the personal MAM is still an unsolved problem.

Given that, I'm solidly -1 on 0313.

noted

how about '280?

The <private> thing seems unresolved.

Kev addressed the "stripping <private> parts" point and I'd like to get a discussion of Hints

My desired way forward would be to remove the stripping requirement, to completely remove Hints, and to Convince Council to go on without a namespace bump.

you'd need to convince the authors. not council

I'd also rewrite the Mobile Considerations to say the opposite of what it does now, but that's the non-normative part.

daniel: given that I'm one of the authors, you can consider it done.

my problem with not bumping the namespace there would be, on a theoretical level, that a client relying on <private/> not being stripped may be owned in one way or another by an old server

Still, I've heard some objections from Council members about this suggestion last week

Does anything really bad happen in that case?

jonas’: you mean by a client relying on <private/> *being* stripped?

Ge0rG, no

jonas’: ah, now I get you

if we don’t bump and a new implementation comes along, relying for $importantFeature on <private/> being there, it will be confused when <private/> is *not* there because the server is on old carbons

So I'd also add an implementation note.

and then what?

jonas’: also there used to be different semantics for stripping <private/> before 2013, https://xmpp.org/extensions/xep-0280.html#revision-history-v0.9

urn:xmpp:carbons:doesn't-fuck-with-private:0

Is that a pragmatic compromise?

Would work I guess?

Kev, would’ve been my next suggestion :)

Not a valid URN?

doesn&quot;t‽

Ge0rG, wait what

It’s in pre-encoded form.

it was changed already back and forth? ✏

jonas’: as I read the log, it was stripped by the *sending* server before

<server author hat> I think it does that still?

huh.

or what

okay

that makes me think that we should not at all rely on <private/> being there or not being there

too many versions

and adding another change is not going to make it any better

So can I move forward with my grand plan?

Ge0rG, no, I think that you should leave <private/> alone

jonas’: is that an opinion or a foreshadowed Council vote?

that is an opinion

because I don’t see what good it brings

Sorry, my prosody is stalled

I hope this wasn’t me

Only if you suddenly took over VaxBot

jonas’: I think that Kev has a great point about letting the receiving client know that it received a Carbon that won't get delivered to any other resource.

I think it’s a not-insignificant security consideration to strip private.

> jonas’: I think that Kev has a great point about letting the receiving client know that it received a Carbon that won't get delivered to any other resource.

Letting another user modify my server’s routing rules without telling me does not seem at all safe.

Kev, I agree, but just removing that rule doesn’t mean that anyone can rely on it

Thus feature.

Ge0rG`, so you could do it with a feature flag IMO

But this isn’t a case of clients relying on it.

It’s a case of a user of a server relying on the server not doing questionable things without trace.

But we are also still in Experimental, so it's all not so bad from a protocol point of view. Right?

(from a Council protocol...)

Ge0rG`, yes

I would be ok (not that my opinion matters) with removing that (or rather, flipping that to a must not) rule without adding the feature. But adding the feature is cheap, and not without value, so why not.

what Kev says tho

Alright, I can live with what Kev says.

then do that please

Now what about stripping Hints from the XEP?

do we know how widely implementations rely on that?

Do we not like Hints anymore?

Ironically, current-0280 requires to strip <private/> but doesn't mention strpping the Hint.

I would probably form an opinion on that given time to think, but don’t currently have one on the hop.

Ge0rG, what is the harm of keeping it?

jonas’: we are enshrining a protocol that we don't want to keep.

We don't?

jonas’: there was a version of 0280 that only required adding <private/> and later a version that required adding both <private/> and the Hint.

Thus, removing the Hint requirement won't break any compliant implementations.

I dislike the inconsistency of https://xmpp.org/extensions/xep-0280.html#avoiding

section 9 reads very confusing

> The sending client MAY exclude a <message/> from being forwarded to other Carbons-enabled resources, by adding a <private/> element qualified by the namespace "urn:xmpp:carbons:2" and a <no-copy/> hint as described in Message Processing Hints (XEP-0334) [8] as child elements of the <message/> stanza.

the sending client is not excluding anything, protocol wise

and then the enumeration just goes on as if it was on the same side of the contract ... very weird

Ge0rG, put that on your list of things to fix please

jonas’: I'd improve the wording while removing Hints.

if

if *both* are currently required, we can remove hints without damage indeed

jonas’: that's what the XEP says, right?

yep

I think

I mean I think the XEP makes no statement at all about that in the text as written because of that wording weirdness, but the intent is clear

Yes, that's also my reading of it

The concept of private messages is out dated anyway. I think a variant version of carbons todo wouldn't even have it

daniel: what about OTR?

Yes

"out dated"

My point exactly

Private goes away in IMNG, I think, but I’m not sure until then.

Otr was the only thing that used it

Kev: but it goes away because we introduce a different mechanism to route a message just to a single specific resource, right?

And even otrv3 technically didn't event need it

Ge0rG: Right.

So just the XML element goes away, not the semantics.

The new syntax for sending just to one resource becomes to=‘fulljid’ :D

Unless we decide that we do not have any more need to route messages just to a single resource.

okay

we’re a bit over time at this point

Ge0rG, do you need any further input?

But I'm pretty sure we will have some use for that in IOT or PubSub events

jonas’: no.

excellent

6) Date of Next

+1w wfm

Is the CVE PR applied already? :D

(waking up Zash and dwd )

+1w wfm

+1w wfm

+1W WFM, but the following two weeks I'm going to be on vacation (from the computer screen)

Ge0rG, good for you!

7) AOB

skipped because time

8) Ite Meeting Est

But but but AOB!

no aob for you

Ge0rG, no, not yet, please bring it to the list because there was controversy around that in xsf@ and I’d like to have some rough consensus

Also nobody cast their votes on 0280

Thanks everyone

so this makes another failed LC, right?

Ge0rG, right, forgot, I wanted to ask

9) Ite Meeting Un-Est

votes on '280?

I imagine you’ll want to veto

+0

+1 with all the discussed changes applied.

-1 until the <private> thing has consensus and is resolved

following Zash here

(changing my +1)

Zash: how do you imagine consensus happening here?

I don't think it matters what label we put on a very flawed but de facto draft xep

10) Ite Meeting Est for real

Thanks everyone

(gotta run, need to prepare for being reaallly quick in 15 minutes)

Ge0rG: apply the changes discussed. I've ran out of coffee, can't think anymore.

Alright. I'll PR and then ask for another LC.

and ... '313 is ..?

vetoed

Zash: vetoed by me

check

I've been naughty.

Very well then