XMPP Council - 2022-10-19


  1. larma

    daniel: can we add https://github.com/xsf/xeps/pull/1188 to the Agenda?

  2. daniel

    ok

  3. moparisthebest

    Now that's a list to vote on!

  4. moparisthebest

    o/

  5. Ge0rG

    /o\

  6. larma

    šŸ‘‹ļø

  7. jonasā€™

    o/

  8. moparisthebest

    moooommmm the ecosystem is moving again!!!

  9. Ge0rG

    don't moxie me!

  10. daniel

    Either my Dino or my notebook has connection issues

  11. daniel

    Give me one second

  12. moparisthebest

    perhaps both!

  13. daniel

    It's time

  14. daniel

    1) roll call

  15. daniel

    is jonasā€™ around?

  16. daniel

    aehm

  17. daniel

    wonder if they are fixed now...

  18. moparisthebest

    well that message came through but that's all I can be confident about

  19. jonasā€™

    two generals?

  20. daniel

    yes plus a few delayed ones

  21. daniel

    ok. I think we are good now

  22. daniel

    2) Agenda bashing

  23. daniel

    larma wanted to add https://github.com/xsf/xeps/pull/1188 - I suggest we just do that as an aob

  24. daniel

    3) Editors update

  25. daniel

    - Proposed XMPP Extension: PubSub Social Feed (https://xmpp.org/extensions/inbox/pubsub-social-feed.html) - Proposed XMPP Extension: OpenPGP for XMPP Pubsub (https://xmpp.org/extensions/inbox/pubsub-encryption.html) - Proposed XMPP Extension: SASL SCRAM Downgrade Protection (https://xmpp.org/extensions/inbox/xep-downgrade-prevention.html)

  26. daniel

    4) Items for voting

  27. daniel

    we have a long list today

  28. daniel

    a) Proposed XMPP Extension: PubSub Social Feed (https://xmpp.org/extensions/inbox/pubsub-social-feed.html)

  29. daniel

    lgtm on first glance but want to take a closer look. on list

  30. moparisthebest

    I'm +1 here I don't even have nits

  31. jonasā€™

    I note it references XEP-0071 (XHTML-IM)

  32. jonasā€™

    I note it references (and uses) XEP-0071 (XHTML-IM)

  33. Ge0rG

    on-list

  34. jonasā€™

    which I'm not opposed to, nowadays I believe the deprecation of XHTML-IM was a mistake

  35. jonasā€™

    I'm +1

  36. jonasā€™

    this seems like a reasonable embedding of Atom

  37. Ge0rG

    can we de-deprecate it?

  38. jonasā€™

    Ge0rG, we can do everything, if need be, if we can get Board on board

  39. jonasā€™

    the only thing I'm missing is words on how this relates to ActivityPub

  40. jonasā€™

    but that's no blocker

  41. Ge0rG

    sorry, I wasn't being very serious.

  42. larma

    I'm on-list

  43. tmolitor

    just my 2 cents: I thnik deprecating it for pure IM cases was a good thing, but for other things like social feeds, it should still be possible to use it...

  44. daniel

    b) Proposed XMPP Extension: OpenPGP for XMPP Pubsub (https://xmpp.org/extensions/inbox/pubsub-encryption.html)

  45. daniel

    on list

  46. jonasā€™

    let's not go into that rabbithole :)

  47. Ge0rG

    on-list

  48. jonasā€™

    on-lits

  49. jonasā€™

    on-list

  50. moparisthebest

    I have some comments like it should probably specify at least some PGP algorithms that should *not* be supported, but so should OX, generally lgtm though, I'll bring it up on-list

  51. daniel

    is this a +1?

  52. moparisthebest

    on-list :) sorry

  53. daniel

    ok :-)

  54. larma

    +1, although I'd love if it was mentioned that this only supports encrypted content (it can't be signed only). Also I started to dislike OX in general (from original being a fan) but that's another story šŸ˜‰

  55. jonasā€™

    the signature thing has been raised on-list already, and there's something in the making for that IIRC

  56. larma

    +1, although I'd love if it was mentioned in title/abstract that this only supports encrypted content (it can't be signed only). Also I started to dislike OX in general (from original being a fan) but that's another story šŸ˜‰

  57. daniel

    c) Proposed XMPP Extension: SASL SCRAM Downgrade Protection (https://xmpp.org/extensions/inbox/xep-downgrade-prevention.html)

  58. larma

    on-list

  59. daniel

    I have mixed feelings about that. I'm not really sure it fills a gap in the xmpp protocol

  60. moparisthebest

    yuck, another "try to protect password from MITM'd TLS" set of hoops, which I'm opposed to on principle, though the spec itself looks fine :/

  61. daniel

    the use case or the scenarios where this provides additional security is super niche

  62. jonasā€™

    (filling a gap is only a requirement for moving on to Stable :))

  63. tmolitor

    no, it does not try to protect passwords, but to detect such MITMs and it tries to protect the list of channel-bindings as well

  64. daniel

    mitm detection is not necessarily about protecting the password; but about protecting against mitm

  65. moparisthebest

    right that's fair

  66. daniel

    which i generally think is a good thing. not sure this one is the correct approach though

  67. tmolitor

    I think the main usecase is to protect the channel-binding list

  68. Ge0rG

    on-list

  69. daniel

    on-list too

  70. jonasā€™

    I have words on list I think

  71. moparisthebest

    same, on-list

  72. larma

    tmolitor, maybe then don't put requirements in if they are not really requirements šŸ˜‰

  73. tmolitor

    larma: they are requirements, but both requirements are not equally important

  74. daniel

    d) Should this go into XEP-0198? XEP-0198: Add section defining SASL2 and BIND2 interaction https://github.com/xsf/xeps/pull/1215 this one is not about merging the PR; because this depends on other things; but getting an idea if council would like this in 0198 or in a new xep

  75. tmolitor

    if you have proper channel-binding in place, you won't need to protect the SASL mechanism list...but if you don't have channel-binding, protecting the SASL mechanism list is of value

  76. daniel

    to me the change is backward compatible enough that the discoverability of putting it into 198 is worth it

  77. moparisthebest

    I agree putting it into 198 is best

  78. jonasā€™

    tmolitor wants to see the world burn and writes verbatim `/>` in XML cdata :D

  79. larma

    I think we first should talk about the updates to xep-0386/xep-0388 before considering this PR

  80. moparisthebest

    good :)

  81. jonasā€™

    yeah, works for me

  82. jonasā€™

    yeah, integrating this in '198 works for me

  83. Ge0rG

    larma: I agree with that, both are Deferred, and adding them into 0198 as-is seems counterintuitive

  84. jonasā€™

    please see what daniel wrote.

  85. jonasā€™

    (and I, in the xeps issue tracker)

  86. jonasā€™

    > [ā€¦] but getting an idea if council would like this in 0198 or in a new xep

  87. jonasā€™

    this is not about merging, just figuring out if I need to tell tmolitor to put it in a new XEP, so that they can go ahead and do that

  88. daniel

    I think it's likely that some updates to bind2 and sasl2 will pass (soon-ish) to un-defer them and to actually allow for what this PR is doing

  89. jonasā€™

    (instead of blocking on dwd to accept the changes to bind2 and sasl2, and then blocking again on rewriting the update to '198 as protoxep)

  90. daniel

    without consequences to the questions if we want something like this in 198

  91. Ge0rG

    For discoverability, it would suffice to have a short list with the XEP titles.

  92. Ge0rG

    is #1215 adding new content that's not found in 0386/0388?

  93. daniel

    both bind 2 and sasl2 are extensible. the question is should 198 say "i'm a bind 2 extension" or should there be a new xep that says hey you can use 198 as a bind 2 extension

  94. larma

    I think it would be fine to put this into 0198 IIF it's reasonable to assume that 0386/0388 are moving to stable soonish.

  95. Ge0rG

    larma: +1 to that

  96. Ge0rG

    I was just trying to understand if it's adding new protocol or just new examples of documented protocol

  97. tmolitor

    Well #1215 does not add new content strictly speaking, one could infer the details of '198 and '388 interaction themselves, but #1215 makes these things more discoverable and concentrated to one point

  98. Ge0rG

    conceptually speaking, I think making 0198 say "I'm a bind2 extension" is more logical than making bind2 say "this is the 0198 bind2 extension btw"

  99. daniel

    i donā€™t think bind2 would say that. if anything there would be a third xep - I think

  100. tmolitor

    it tries to explain some uncertainties one may have when implementing '0198 for SASL2 and BIND2

  101. daniel

    but I think we have enough of an answer here

  102. larma

    Even if 0386/0388 changes are merged, it is not a given that they are going to stable soonish and I wouldn't like to see a stable xep pointing to experimental/deferred xeps and thereby confusing implementors of 0198

  103. jonasā€™

    larma, what if a note is added which explains the why?

  104. Ge0rG

    larma: I think the Ā§9 intro is clear enough to not confuse readers

  105. larma

    I think it would be fine to just not have it in 0198 while 0386/0388 are experimental. Because IMO it's fine if the experiments are partially underspecified (that's how things typically have been in experimental in the past anyway)

  106. Ge0rG

    but yeah, having a note in Ā§9 saying that you only need to implement the respective subsections when you implement xep-0386/xep-0388 would probably be good

  107. tmolitor

    I can add such a note, if that's what council wants

  108. daniel

    a note like this certainly wonā€™t hurt

  109. jonasā€™

    larma, would that be sufficient so that it's ok to include to '198?

  110. jonasā€™

    mind that we cannot fully control *when* things go to stable, so it must also be ok if that won't happen immediately

  111. Ge0rG

    I think it would be premature to add it now, but I'm not sure what amount of activity around 0386/0388 would warrant the merge

  112. larma

    I think this belongs in 0198 and if it makes things much easier to everyone we can add it "early", but I'd rather see to have at least some delay between merging 0386/0388 and adding this when it's not strictly required to get the experiments roling

  113. moparisthebest

    perhaps a good % of clients and servers implementing an update to them and a ton of traffic on the mailing list ?

  114. Kev

    Logically I think bind2 provides a mechanism, and then other xeps can say that they use that mechanism, so saying in 198 how 198 interacts with bind2 makes sense to me. Similarly anything else that may fit into the bind2 exchange.

  115. Kev

    For a future XEP that does something during bind it makes much more sense for the future XEP to say "And this is what happens during bind" than BIND2 mention every possible XEP that could be used with it.

  116. daniel

    ok we are running up on a time limit. I donā€™t think we are going to fully answer the question today and it all depends on bind 2 and sasl 2 changes to be merged anyway

  117. jonasā€™

    (though it seems there are no strong arguments against having this as a '198 update *eventually*)

  118. larma

    moparisthebest, ton of traffic on mailing list IMO rather indicates that there are likely going to be changes which is rather an indication to not touch 198 yet

  119. Kev

    (bind2 will be merged, presumably, as it's Experimental and the Author is happy with it. SASL2 may be another matter)

  120. daniel

    I'm taking away that 198 is the right place. it's only a matter of figuring out the correct time

  121. larma

    daniel, +1 šŸ™‚

  122. moparisthebest

    larma, right just that it's indicitive of the "amount of activity", and +1 on what daniel just said

  123. tmolitor

    I've just added a note: https://dyn.eightysoft.de/xeps/xep-0198.html#inline

  124. daniel

    are people ok with extending the meeting by 10mins?

  125. moparisthebest

    yep!

  126. jonasā€™

    I am

  127. daniel

    (I would like to start voting on the other two items today)

  128. larma

    sure

  129. jonasā€™

    quorum, let's go

  130. daniel

    e) XEP-0045: Remove more of GC1 (https://github.com/xsf/xeps/pull/1213)

  131. daniel

    +1

  132. moparisthebest

    +1

  133. jonasā€™

    +1

  134. larma

    +1

  135. Ge0rG

    +1

  136. Kev

    We're sure this doesn't open the door to people not including the payload?

  137. daniel

    passed. thank you

  138. daniel

    f) XEP-0167: Release version 1.2.2 (https://github.com/xsf/xeps/pull/1212)

  139. daniel

    +1

  140. jonasā€™

    Kev, > In order to inform occupants of room roles and affiliations, and to make it easier for clients to track the current state of all users in the room, MUC service implementations MUST provide role and affiliation data (and, if allowed by the room configuration, full JID) in all presence stanzas, including presence stanzas of type "unavailable" sent when a user exits the room for any reason.

  141. jonasā€™

    that requires the <x/> element, IIRC

  142. Kev

    (ok)

  143. moparisthebest

    +1 on f)

  144. jonasā€™

    +1 on f)

  145. Ge0rG

    +1

  146. larma

    I don't think f) needs council (schema is non-normative IIRC), but +1 anyway

  147. daniel

    5) Pending votes: none

  148. daniel

    6) Date of next

  149. daniel

    +1w wfm

  150. moparisthebest

    +1w wfm

  151. larma

    +1w wfm

  152. jonasā€™

    +1w probably wfm

  153. Ge0rG

    +1w wf

  154. jonasā€™

    (RIPE GM is in parallel, but past experience says I can attend the council meeting nontheless)

  155. Ge0rG

    +1w wfm

  156. daniel

    7) AOB larma said something about https://github.com/xsf/xeps/pull/1188 - can you repharse this is an action council should consider taking?

  157. jonasā€™

    I suppose making dwd react

  158. larma

    what jonasā€™ said šŸ™‚

  159. larma

    or decide without him

  160. jonasā€™

    (and or making larma co-author officially)

  161. jonasā€™

    but given that dwd is reactive elsewhere, we should try poking him first

  162. jonasā€™

    though that is strictly the editor's job

  163. jonasā€™

    so I'll shoot him a mail now

  164. daniel

    ok. thank you jonasā€™

  165. daniel

    any other aob?

  166. larma

    not from me

  167. moparisthebest

    none here

  168. larma

    (and thanks jonasā€™ )

  169. jonasā€™

    (mail sent)

    šŸ„°ļø 1
  170. jonasā€™

    and no AOB here

  171. daniel

    ok. assuming none then

  172. daniel

    8) Close

  173. jonasā€™

    thanks daniel, thanks all

  174. daniel

    thank you all

  175. Ge0rG

    thanks!

  176. moparisthebest

    thanks all

  177. tmolitor

    thanks

  178. Zash

    Oh look, reactions! https://logs.xmpp.org/council/2022-10-19?p=h#2022-10-19-8d7503edf14921df

  179. jonasā€™

    whaaat

  180. larma

    Now the only thing we need is stickers!

  181. moparisthebest

    Hey, get off my lawn

  182. moparisthebest

    (seriously though, neat :))

  183. Zash

    No, now it's inline custom emojis apparently

  184. larma

    custom reactions

  185. moparisthebest

    :yes-indeed-mountain-man-nodding:

  186. Zash

    <reaction>lol</reaction>