jdev - 2021-01-23


  1. pep.

    https://tools.ietf.org/html/rfc3923 anybody knows what this is for exactly? Seems like ejabberd implements it? (this page says: https://en.wikipedia.org/wiki/Comparison_of_XMPP_server_software )

  2. pep.

    “End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP)”

  3. pep.

    TIL.

  4. Kev

    ejabberd only supports it in the sense that if a client sends it, it will route it through, I imagine.

  5. Holger

    :-)

  6. Kev

    In those tables there's a lot of entries of servers claiming to support client-only XEPs.

  7. Holger

    Marketing is everything.

  8. Kev

    It's only marginally better than the old jabber.org feature tables where one server was inventing new features (like different features for distinct database versions it could use) so it could show things other servers didn't.

  9. Holger

    Dunno about other servers but ejabberd supports chatting in several languages.

  10. Holger

    https://jabber.fu-berlin.de/share/holger/FeegIGVBWZ3W0z8f/software.png

  11. marc

    🙃

  12. pulkomandy

    you're laughing, but... https://www.theregister.com/2013/11/22/richard_stallman_decides_emacs_should_go_wysiwyg/

  13. pep.

    Holger, "Marketing is everything", even confusing users :)

  14. pep.

    I learned about this table because somebody told me they were confused that only ejabberd supported e2ee

  15. jonas’

    so the obvious problem is that the other servers need to add that tickmark

  16. pep.

    hehe

  17. Zash

    I wish for some metadata in XEPs saying which are relevant in which kinds of software or such

  18. Zash

    Re DOAP. By the power of xslt:

  19. Zash

    https://cerdale.zash.se/upload/FCuoYqzYySJFmnV3/doap.html

  20. Porru

    Hi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms. I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address. This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...) What do you all think about this? If you want to contact me, write me by email or XMPP to porru@disroot.org

  21. jubalh

    > Hi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms. > I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address. > This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...) > What do you all think about this? If you want to contact me, write me by email or XMPP to porru@disroot.org Have you heard about Quicksy?

  22. pep.

    Can we please all implement some proper quoting quickly :(

  23. Martin

    What's wrong?

  24. jubalh

    > What's wrong? Indeed :D (quoting again)

  25. pep.

    I don't understand the need to quote the last message, but let's say it's to be explicit about which message you're replying to, the current way it's represented in clients is meh, but the protocol doesn't really allow for anything else than this

  26. pep.

    (Bring back XHTML-IM!! and improve it)

  27. Zash

    Hi Porru. We have had talks about such things in the past around here. If you have something more concrete then feel free to submit it for discussion.

  28. mathieui

    No matter how you build it, there is no way of building a JID←→phone number mapping that is decentralized AND protects both the JID and the phone number

  29. mathieui

    (I would be happy to proved wrong, if anything)

  30. pep.

    I remember goffi proposing something like getting contacts through other contacts

  31. pep.

    I liked the idea

  32. Zash

    Also costs money to send an SMS or something to verify such a mapping.

  33. Zash

    And as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner.

  34. mathieui

    Yeah, some other models might work, but you can’t just have a service you query, it has to be trickier than this

  35. mathieui

    pep., like an XMPP web of trust of sorts?

  36. pep.

    I guess "as many people feels comfortable with this workflow" in the original message gives it away

  37. pep.

    mathieui, ish. I don't think I would personally go further away than n+1 though, if I implemented something like this

  38. mathieui

    makes sense

  39. mathieui

    but that has like 1/10th of the usefulness of the centralized indexes anyway

  40. mathieui

    I mean, signal will periodically iterate over your contacts and check which ones have a signal account, and tell you

  41. mathieui

    (either by telling you how many, or by telling you straight away "XXXX uses signal")

  42. Zash

    I remember watching a talk about querying encrypted databases, which could have been for looking up identifier mappings.

  43. Porru

    > And as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner. What is the problem on linking a phone number to a JID? It's a real question, not irony :) If that information is encrypted on the server, I see no problem. At the end of the day, it would be each user's choice to trust server/instance administrators.

  44. pep.

    How would you do that in a decentralized manner?

  45. mathieui

    Porru, people do not like having their contact addresses published on the internet for various reasons

  46. pep.

    mathieui, I guess the assumption is that "some people don't care"

  47. pep.

    (I guess most don't understand)

  48. Zash

    Porru, do you have a specific architecture in mind?

  49. Porru

    There should be a federated database, in which each user should choice whether to take part. Maybe there could be a way to hide phone-number, but let the clients or the protocol see that info. I don't still know how to make it.

  50. mathieui

    you can’t hide the phone number because it is the relevant information of the database

  51. Porru

    Of course, as said, each user would choose whether to take part

  52. pep.

    Also hashing phone numbers is not exactly useful, as said multiple times before. The set of phone numbers available is finite

  53. Porru

    > you can’t hide the phone number because it is the relevant information of the database And wouldn't it be possible it to be encrypted or something, so only clients could see them? I have no knowledge on these things 😅

  54. mathieui

    Porru, no, because it has to be accessible to any client, without prior knowledge, to be useful

  55. mathieui

    (and if it is accessible to any client, it is to any server anyway)

  56. mathieui

    but there is a case for contact information exchange with one-way hashes and encryption on top, I guess

  57. mathieui

    the issue is that even if you get that, you don’t get pre-authenticated contact requests, and people need to approve them one by one

  58. mathieui

    (one more interaction)

  59. pulkomandy

    Basically the simplest protocol is sending an sms to all your contacts saying "hi, btw I use xmpp my jid is xxx"

  60. pulkomandy

    Decentralized, privacy friendly, etc

  61. pulkomandy

    And for the other direction, you can put your phone number in your vcardand publish that?

  62. Zash

    There's the 3rd direction of doing something during sign-up to verify the account. Sending an would be cheaper tho.