jdev - 2021-01-23

https://tools.ietf.org/html/rfc3923 anybody knows what this is for exactly? Seems like ejabberd implements it? (this page says: https://en.wikipedia.org/wiki/Comparison_of_XMPP_server_software )

“End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP)”

TIL.

ejabberd only supports it in the sense that if a client sends it, it will route it through, I imagine.

:-)

In those tables there's a lot of entries of servers claiming to support client-only XEPs.

Marketing is everything.

It's only marginally better than the old jabber.org feature tables where one server was inventing new features (like different features for distinct database versions it could use) so it could show things other servers didn't.

Dunno about other servers but ejabberd supports chatting in several languages.

https://jabber.fu-berlin.de/share/holger/FeegIGVBWZ3W0z8f/software.png

🙃

you're laughing, but... https://www.theregister.com/2013/11/22/richard_stallman_decides_emacs_should_go_wysiwyg/

Holger, "Marketing is everything", even confusing users :)

I learned about this table because somebody told me they were confused that only ejabberd supported e2ee

so the obvious problem is that the other servers need to add that tickmark

hehe

I wish for some metadata in XEPs saying which are relevant in which kinds of software or such

Re DOAP. By the power of xslt:

https://cerdale.zash.se/upload/FCuoYqzYySJFmnV3/doap.html

Hi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms. I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address. This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...) What do you all think about this? If you want to contact me, write me by email or XMPP to porru@disroot.org

> Hi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms. > I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address. > This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...) > What do you all think about this? If you want to contact me, write me by email or XMPP to porru@disroot.org Have you heard about Quicksy?

Can we please all implement some proper quoting quickly :(

What's wrong?

> What's wrong? Indeed :D (quoting again)

I don't understand the need to quote the last message, but let's say it's to be explicit about which message you're replying to, the current way it's represented in clients is meh, but the protocol doesn't really allow for anything else than this

(Bring back XHTML-IM!! and improve it)

Hi Porru. We have had talks about such things in the past around here. If you have something more concrete then feel free to submit it for discussion.

No matter how you build it, there is no way of building a JID←→phone number mapping that is decentralized AND protects both the JID and the phone number

(I would be happy to proved wrong, if anything)

I remember goffi proposing something like getting contacts through other contacts

I liked the idea

Also costs money to send an SMS or something to verify such a mapping.

And as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner.

Yeah, some other models might work, but you can’t just have a service you query, it has to be trickier than this

pep., like an XMPP web of trust of sorts?

I guess "as many people feels comfortable with this workflow" in the original message gives it away

mathieui, ish. I don't think I would personally go further away than n+1 though, if I implemented something like this

makes sense

but that has like 1/10th of the usefulness of the centralized indexes anyway

I mean, signal will periodically iterate over your contacts and check which ones have a signal account, and tell you

(either by telling you how many, or by telling you straight away "XXXX uses signal")

I remember watching a talk about querying encrypted databases, which could have been for looking up identifier mappings.

> And as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner. What is the problem on linking a phone number to a JID? It's a real question, not irony :) If that information is encrypted on the server, I see no problem. At the end of the day, it would be each user's choice to trust server/instance administrators.

How would you do that in a decentralized manner?

Porru, people do not like having their contact addresses published on the internet for various reasons

mathieui, I guess the assumption is that "some people don't care"

(I guess most don't understand)

Porru, do you have a specific architecture in mind?

There should be a federated database, in which each user should choice whether to take part. Maybe there could be a way to hide phone-number, but let the clients or the protocol see that info. I don't still know how to make it.

you can’t hide the phone number because it is the relevant information of the database

Of course, as said, each user would choose whether to take part

Also hashing phone numbers is not exactly useful, as said multiple times before. The set of phone numbers available is finite

> you can’t hide the phone number because it is the relevant information of the database And wouldn't it be possible it to be encrypted or something, so only clients could see them? I have no knowledge on these things 😅

Porru, no, because it has to be accessible to any client, without prior knowledge, to be useful

(and if it is accessible to any client, it is to any server anyway)

but there is a case for contact information exchange with one-way hashes and encryption on top, I guess

the issue is that even if you get that, you don’t get pre-authenticated contact requests, and people need to approve them one by one

(one more interaction)

Basically the simplest protocol is sending an sms to all your contacts saying "hi, btw I use xmpp my jid is xxx"

Decentralized, privacy friendly, etc

And for the other direction, you can put your phone number in your vcardand publish that?

There's the 3rd direction of doing something during sign-up to verify the account. Sending an would be cheaper tho.