-
jubalh
I didn't know about EME
-
jubalh
Seems like a nice thing to know in advance which encryption type is used. I remember that we have quite some ugly code there, not setting this right when we get the stanza in all cases. But only discovering it later because _ (forgot the reason). Probalby was only discoverable later on.
-
jubalh
Would love to rewrite this to just check right at the beginning. But I guess I can't rely on clients using EME?
-
jubalh
lovetox: are you sure that many implement it?
-
defanor
Since EME is not required by the core protocol, it indeed sounds like a bad idea to rely on it (especially when not necessary), even if many do implement it.
-
Zash
You should probably look for the encryption methods you support first, then if you find nothing you understand, then you can check for EME and tell the user that the message is encrypted with some unknown method.
-
Zash
Show the <body>, if any, too. But an EME thing lets you apply i18n and such.
-
jubalh
Yep, I'm planning to rewrite it like that :)
-
Link Mauve
defanor, each encryption method should recommend to include it.
-
defanor
Link Mauve, that'd be a sensible recommendation, yet reliance on it still sounds bad, if it's for anything important. For instance, if a client would only decrypt messages if they contain an EME element: that'd lead to message loss when it shouldn't happen. Though maybe that's not what was meant above.
-
Link Mauve
defanor, that’s not what EME is for.
-
Link Mauve
It’s only there for the case where you don’t have any other hint that the message is encrypted.
-
defanor
Perhaps I've misinterpreted the intention then.
-
Link Mauve
So that for instance when clients will start migrating to omemo:1, clients from today would notify the user that they can’t decrypt these messages they receive.
-
Link Mauve
Or if you get OTR messages carbon’d and your client removed support for that.
-
Link Mauve
Basically, for backwards and forward compatibility.
-
Link Mauve
If you can decrypt a message, you know about the mechanism and don’t need EME.
-
jubalh
it still would be nice to know right from the start how to try to decrypt it
-
Sam
Hi all, if you're interested in attending any of the office hours / hangouts, please remember to fill out the availability survey (no need to put your name if you don't want to)! https://whenisgood.net/kr97tfy
-
mathieui
jubalh, except with OTR, you usually do as you have a specific elemetn for that
-
Ge0rG
Sam: For a brief moment, I thought this was another case of automated MUC spam... :D
-
Sam
oops, sorry
-
Ge0rG
Maybe I just get triggered too easily
-
Sam
I don't think MUC spam is something I've seen much of, but I'm that way with emails and stuff all the time. Any time I get something that has a wiff of that spammy writing I have that gut instinct to mark it as spam before I realize it's somebody I asked to email me or something.
-
Ge0rG
Heh.
-
Ge0rG
Sam: there were maybe two or three MUC spam incidents so far this year
-
Sam
Speaking of spam, I should prepare an email reminding everyone to go to Daniel's talk tomorrow :)
-
Ge0rG
Sam: half of the office hours time slots have passed already. Does it make sense to also populate the first days in anticipation of a weekly recurring event?
-
Sam
Ge0rG: sorry, I should have been clear, this is weekly, it just won't let me remove the dates. Ignore everything but the day.
-
flow
Sam, when and where is daniels talk tomorrow?✎ -
flow
Sam, when and where is daniel's talk tomorrow? ✏
-
Sam
flow: see https://wiki.xmpp.org/web/XMPP_Office_Hours
-
Sam
I've asked in the comm room for it to be put out on Mastodon, but if anyone here has access to Twitter it would be good to put it out there too.