XMPP Council - 2023-02-22

👋

😜

o/

Hi

1) Roll call

Hello

I don’t think we have anything to talk about. the editor isn’t active currently

so instead of running through an empty agenda I’m just going to jump to AOB

does anyone have any AOB?

I do not

none here

Nope

No

ok. that was uneventful again

see you all next week

See you then, thanks

see ya

Just noticed during the discussion about XEP-0359 (stanza-id): XEP-0313 (MAM) was advanced to stable but depends on XEP-0359 which is still experimental/deferred. This shouldn't be possible. Maybe we should soon issue a last call for XEP-0359 (even though there are discussions about it right now) to fix that situation?

Am I going to be hated by everyone if I veto until <origin-id/> is burned out with napalm?

I'd be fine to get rid of origin-id, but it still has it's usecase (reflection detection in MUCs that don't do the non-RFC-compliant stable-id thing)

This is the XSF. You can do anything at the XSF! The the only limit is XEP-0001.

larma: how many of those MUCs are still in place [and don't also strip any XML payload besides of <body>, I'm looking at you, biboumi]

probably not a lot

that's why I say I'm fine with getting rid of it 😉

didn't we have some informal consensus / business rule that said that an origin-id and a is on the stanza having the same value (and proper by attribute) means that the client uses something sufficiently random like uuids to generate the id?

that said, a disco feature indicating that the ids are sufficiently random (128bit of entropy, uuid, whatever) would be a better solution, imho...

tmolitor, not strictly "sufficiently random" (because that's only recommended by 0359), but it requires them to be a) unique at the sender and b) not predictable - which is hard to achieve without actually using sufficient randomness :)

yeah...that one :)

was that written down anywhere?

disco is dead, MAM killed it :(

technically a client could generate a salt at start and then for every outgoing stanza hash that salt together with the nanoseconds since start of the client. That wouldn't be a lot of entropy, but for all practical purposes, this would be as good as a random uuid.

There exists a perfect way to generate unique stanza ids

(stream-id, counter++)

(pass trough hash or HMAC or something)

tmolitor, well origin-id as per 0359 requires: > the IDs defined in this extension MUST be unique and stable within the scope of the generating XMPP entity. > The values of the 'id' attribute SHOULD be unpredictable. Thus if a client generates an origin-id and puts the same id into the message's id-attribute, you know it's sufficiently random.

larma: depends on the entropy of the salt ;)

All the good clients already use that in stanza IDs, and if you rely on a third party client doing it for your database access or anything, you are in for a tough ride.

We can also just define a new XEP to define the <good-id /> element that declares that the generation of the message's id-attribute followed certain rules.

Which problem does that solve, again?

some legacy clients generating ids by generating 16 bit of randomness at start and then counting up from that with every stanza and therefor likely running into collisions without bad intent ✏

Collisions of what exactly?

Anything that references that id

Edits. Replies

Reactions

In direct chats only, of course

Yes

And edits in muc

Which only affects the user of the broken client when also using a modern client

But the broken client won't generate an adequate ID for referencing anyway

Yes, and thus the replying/reacting client should not allow the user to send replies/reactions to such message with broken id

You need to send a message from pidgin, then edit it from a modern client

Disabling a feature because of an opaque thing the user has no visibility of sounds like a bad idea

+1 for the <good-id/> element

> Yes, and thus the replying/reacting client should not allow the user to send replies/reactions to such message with broken id Yes and origin ID is an OK detection for whether or not the other client is sane ✏

Origin ID is essentially good-id

yes, but with an additional id value that we could get rid of...

Why come up with a new element that does the same thing minus muc reflection

Then mandate message id==origin id

For the sender

Are you actually disabling sophisticated features on messages without origin-id?

daniel [20:37]: > Then mandate message id==origin id I've been asking for that since day 1

Me too

> Then mandate message id==origin id that would be ideal, what is blocking that?

yaxim will generate sufficiently random IDs but not set origin-id

tmolitor: the author

on what basis?

It's not technically required

When I write that "best practices on using IDs" XEP (with how to reference messages depending on context), I'll definitely add that origin-id should be same as message id 🙂

Not technically required, but definitely a best practice. ✏

Ge0rG, well, clients already have to limit some features for some messages. Because there exist messages without any id, makign it very hard to reference them 😉

I'm gonna block stanza id unless this must is in stanza id

> I'm gonna block stanza id unless this must is in stanza id wait, what? what id are you referring to exactly?

The xep

I think the only reason it's not in the xep is that it's slightly complicated to do in smack

you mean "If the <origin-id /> element is present, the origin sender MUST set the message's id-attribute to the same value as the id-attribute of the <origin-id /> element." should be in XEP-0359? Rather than kicking origin-id out entirely?

Can't you just accept any ID with more than four characters and be done?

> you mean "If the <origin-id /> element is present, the origin sender MUST set the message's id-attribute to the same value as the id-attribute of the <origin-id /> element." should be in XEP-0359? Rather than kicking origin-id out entirely? If that wording is in 359 it becomes functionally equivalent to <good-id/>

We could just remove origin id entirely. But it seems fairly well established for a good-id replacement

<good-id/> meaning that <message id=good> ?

And you have an excuse to block out perfectly working clients from modern features

> <good-id/> meaning that <message id=good> ? Yes

Sure would help against my feeling that modern XMPP is full of redundant duplicated IDs and timestamps and also redundancy

Zash: also duplicate information

> I'm gonna block stanza id unless this must is in stanza id +1 for this MUST