pep.https://tools.ietf.org/html/rfc3923 anybody knows what this is for exactly? Seems like ejabberd implements it? (this page says: https://en.wikipedia.org/wiki/Comparison_of_XMPP_server_software )
pep.“End-to-End Signing and Object Encryption for the Extensible Messaging and Presence Protocol (XMPP)”
Kevejabberd only supports it in the sense that if a client sends it, it will route it through, I imagine.
KevIn those tables there's a lot of entries of servers claiming to support client-only XEPs.
HolgerMarketing is everything.
KevIt's only marginally better than the old jabber.org feature tables where one server was inventing new features (like different features for distinct database versions it could use) so it could show things other servers didn't.
HolgerDunno about other servers but ejabberd supports chatting in several languages.
PorruHi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms.
I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address.
This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...)
What do you all think about this? If you want to contact me, write me by email or XMPP to email@example.com
jubalh> Hi all! I have started using XMPP, on search of an alternative to privative and centralized chat platforms.
> I have a vague proposal about a new XEP (extension) to be able to link a phone number to a XMPP account and the clients displaying saved contacts having XMPP account linked (each user could choose whether to add a phone number). This way, it would be easier to search for contacts that already have XMPP account, at which otherwise one should as for their address.
> This is thought to improve the facility to massively use and migrate to XMPP, as many people feels comfortable with this workflow (WhatsApp, Telegram, Signal...)
> What do you all think about this? If you want to contact me, write me by email or XMPP to firstname.lastname@example.org
Have you heard about Quicksy?
pep.Can we please all implement some proper quoting quickly :(
jubalh> What's wrong?
Indeed :D (quoting again)
pep.I don't understand the need to quote the last message, but let's say it's to be explicit about which message you're replying to, the current way it's represented in clients is meh, but the protocol doesn't really allow for anything else than this
pep.(Bring back XHTML-IM!! and improve it)
ZashHi Porru. We have had talks about such things in the past around here. If you have something more concrete then feel free to submit it for discussion.
mathieuiNo matter how you build it, there is no way of building a JID←→phone number mapping that is decentralized AND protects both the JID and the phone number
mathieui(I would be happy to proved wrong, if anything)
pep.I remember goffi proposing something like getting contacts through other contacts
pep.I liked the idea
ZashAlso costs money to send an SMS or something to verify such a mapping.
ZashAnd as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner.
mathieuiYeah, some other models might work, but you can’t just have a service you query, it has to be trickier than this
mathieuipep., like an XMPP web of trust of sorts?
pep.I guess "as many people feels comfortable with this workflow" in the original message gives it away
pep.mathieui, ish. I don't think I would personally go further away than n+1 though, if I implemented something like this
mathieuibut that has like 1/10th of the usefulness of the centralized indexes anyway
mathieuiI mean, signal will periodically iterate over your contacts and check which ones have a signal account, and tell you
mathieui(either by telling you how many, or by telling you straight away "XXXX uses signal")
ZashI remember watching a talk about querying encrypted databases, which could have been for looking up identifier mappings.
Porru> And as mathieui says, hard to do in a distributed, privacy-friendly and trusted manner.
What is the problem on linking a phone number to a JID? It's a real question, not irony :)
If that information is encrypted on the server, I see no problem. At the end of the day, it would be each user's choice to trust server/instance administrators.
pep.How would you do that in a decentralized manner?
mathieuiPorru, people do not like having their contact addresses published on the internet for various reasons
pep.mathieui, I guess the assumption is that "some people don't care"
pep.(I guess most don't understand)
ZashPorru, do you have a specific architecture in mind?
PorruThere should be a federated database, in which each user should choice whether to take part.
Maybe there could be a way to hide phone-number, but let the clients or the protocol see that info. I don't still know how to make it.
mathieuiyou can’t hide the phone number because it is the relevant information of the database
PorruOf course, as said, each user would choose whether to take part
pep.Also hashing phone numbers is not exactly useful, as said multiple times before. The set of phone numbers available is finite
Porru> you can’t hide the phone number because it is the relevant information of the database
And wouldn't it be possible it to be encrypted or something, so only clients could see them? I have no knowledge on these things 😅
mathieuiPorru, no, because it has to be accessible to any client, without prior knowledge, to be useful
mathieui(and if it is accessible to any client, it is to any server anyway)
mathieuibut there is a case for contact information exchange with one-way hashes and encryption on top, I guess
mathieuithe issue is that even if you get that, you don’t get pre-authenticated contact requests, and people need to approve them one by one
mathieui(one more interaction)
pulkomandyBasically the simplest protocol is sending an sms to all your contacts saying "hi, btw I use xmpp my jid is xxx"
pulkomandyDecentralized, privacy friendly, etc
pulkomandyAnd for the other direction, you can put your phone number in your vcardand publish that?
ZashThere's the 3rd direction of doing something during sign-up to verify the account. Sending an would be cheaper tho.