jdev - 2020-05-15

which client

??

hey listen

nice to meet you guys i am natasha

😂

Is anyone aware of a SASL implementation (preferably a generic one, but XMPP specific is fine too) that handles both the client and server side of SASL that I could look at?

Sam Whited, this one does: https://crates.io/crates/sasl

Thanks

Hello!

I have more questions about OMEMO.

Ah too bad, that SASL package works almost exactly the same as mine and I was looking to find new API ideas since I don't love the one I've got; oh well :)

^^'

Old implementations of OMEMO (e. g. Conversations) sends in OMEMO messages along with encrypted content <body/> element with a notice for clients, which do not support OMEMO.

But there is no mention about it in the XEP.

Is it ok to do the same in the implementations of the recent versions of the XEP?

use XEP-0380

lovetox, is that understood by clients?

is this a trick question? :d

Is this implemented in any client?

yes in many

i would guess at least every client that has some encryption possibility

which makes already for a long list

Do we need XEP-0380 to be implemented in clients, which implement XEP-0384?

its not a dependency if thats the question

380 is useful for all clients

it gives you the possibility to recognize encrypted messages, even if you never heard or implemented it

But the value of 380 would be in clients that *don't* support encryption

Or don't support the specific method of encryption you use

No clients that dont support a specific encryption

ergo all

because all clients dont support at least one encryption

its a trivial XEP to implement for any client

the only reason for a fallback body in my opinion is

if you specifically want to support very old unmaintained legacy clients

then its the only way

I don't see any reason in implementation of XEP-0380 for XEP-0384, 'cause XEP-0384 is too XMPP-ish and XEP-0380 looks more like crutches for the old encryption technologies, like PGP or OTR.

Yagizа, 380 gives only examples of encryptions

its encryption agnostic

So far I've only found that Conversations sends it, but doesn't care about it on incoming messages

it does work for all and every encryption in the future universe

Zash how do you determine that it does not care about it on incoming?

Code search

lovetox, I consider using <body/> element in the <message/> with encrypted content as a hint for a user rather than a fallback.

Only found code that added it to messages

Yagizа, i dont see the difference

if an encrypted message arrives i like to give my user a message in *his* language, a message that i as a client developer decide

But then the Github code search might not be that great

maybe with hints how to use that encryption in my client

this is impossible with a fallback body

A <body> also usually ensures that the message goes into the archive and through carbons etc.

thats the worst reason of all to include one :D

Modern servers should use EME tho.

and we have storage hints for that

I have to agree with lovetox on this one.

Council took away hints from us.

EME is a hint!

Zash: but is EME a typical IM payload?

Ge0rG, I would argue that you can't know that it isn't if there's an encrypted payload, so it should be stored.

Hope you like encrypted chat states

This chat state was not encrypted for your device.

Wasn't it decided on a summit to move that kind of thing to directed presence?

Zash: yes. and then nothing happened

also see my last mail to standards

lovetox: you might also be interested in "[Standards] Sprint for Message Routing"

and Zash too, we need server folks there

not only zinid

Ge0rG, your message routing post is missing the most important thing!

a coffee break!

then it'll be perfect

😁

So, what's the conclusion? Do I have to add <body/> element along to <encrypted/> one or not?

Yagizа: > Entities SHOULD include a non-encrypted body as possible, since older clients not supporting this protocol might otherwise ignore messages sent with an unknown encryption, making both the sender frustrated that their message did not get an answer, and the recipient frustrated that they never saw any message.

Yagizа: add a body along the lines of this:

I sent you an OMEMO encrypted message but your client doesn’t seem to support that. Find more information on https://conversations.im/omemo

Ge0rG, yes, that's the message I meant.

Yagizа: yes, add such a message

Ge0rG, but the cite you pasted above is from XEP-0380, not from XEP-0384. And my client do not support XEP-0380 so far.

Yagizа: it doesn't matter.

Yagizа: it is good practice to also add a XEP-0380 tag when sending, even if you can't read the tag yet.

Ge0rG, ok, thanx.

There's also https://xmpp.org/extensions/xep-0428.html which overlaps with 380 ...

yes a little little bit

but 428 is not specific for encryptions

IC

Still not entirely sure if it should mean anything to a server.

If something was important enough to warrant a fallback-<body/> then it's probably about as important as a message with a <body/>, so should be treated as one.

But you already do that based on the <body/>

But clients could display it in some way to indicate that it's not quite meant to look like that.

I think that 0428 is similar to Hints. It's a central place trying to define semantincs for something which should better be defined in the individual XEPs that implement fallback bodies

This⤴️

OTOH, I don't see (much) harm in a hint that says "the body of this message is a fallback" - except that now all the "old" uses of fallback bodies are suddenly incompliant

Tricky to do anything about that without time travel unfortunately

Ge0rG, you were talking about your last post to standards, was that the message routing sprint post? I read it as if it was some different post but I'm not seeing any later one.

Zash: yes, it was that message routing sprint post

k