-
lovetox
is a type error presence, always generated as a response? Meaning is there a situation where the server would route a error presence to my client, without the client first sending out some presence?
-
MattJ
You might get error responses from your contacts after sending initial presence, which is somewhat similar
-
MattJ
Specifically, in this case you might receive multiple errors in response to a single presence
-
MattJ
I suspect that *may* also happen in some circumstances the event that another client on your account comes online and triggers presence probes
-
nav
Now that leaves me with the problem of what happens when someone does recycle an old JID.
-
nav
Would it be useful to have some kind of unique (opaque) registration identifier to distinguish between two uses of the same JID?
-
nav
Something like an UUID that is associated with a JID for the lifetime of the account. When a JID gets recycled a new UUID is associated with it.
-
nav
Then other services can query for the UUID to establish whether it is the same registration.
-
Kev
I think the basic solution is 'never allow re-use'.
-
MattJ
I think that's for the best. Otherwise every single slot where we currently have a JID, we would need to replace with JID and UUID
-
nav
Kev: It's one solution, but not always feasible. For instance because of a catastrophic server failure with loss of data or even GDPR considerations.
-
MattJ
Even sending a message. What if you send a message to someone, and it was delayed for a few minutes, but they deleted their account and somebody recreated it?
-
MattJ
The logical conclusion is to replace JIDs with UUIDs :)
-
nav
MattJ: I was thinking more of an as-needed approach, where the onus is on the receiving entity to validate, if they want to, that they're dealing with the same registration.
-
MattJ
But more feasible would be: treat usernames as human-readable UUIDs
-
nephele
that problem is fun, if you have a UUID you can also move servers
-
nav
For instance, via a disco#info query returning the UUID.
-
nephele
if you disallow reuse you might have users that you cannot use for *some* instances because they know your hostname and users that used to be on it, but can use it for other instances that don't know about it... might be a problem if you get a dns name that had a previous owner beforehand
-
MattJ
Sure. For Snikket I disallow hostname reuse for this reason, too.
-
nav
Of course, it doesn't cover the case where someone recycles JIDs mid-conversation. ☺
-
nephele
i'm enviromentally friendly, reuse before recycling! :D better to steal the account mid-conversation
-
nav
nephele: I wasn't considering active attacks. If that is a concern, then you'd want to be using encryption.
-
nephele
well, the dns entry expiring and beeing re-registered mid conversation seems quite unlikely to me?
-
MattJ
It's an extreme example of course, but certainly I could send a delayed reply to someone whose domain expires and was reregistered by someone else
-
nephele
I mean, what exactly would a UUID *reasonably* protect against that a JID does not? if it does not have any crpytographic gurantees it could also be recycled mid conversation
-
nephele
say, if a caching entity is not told that it was recycled and maintains a wrong association of jid<->uuid
-
nav
Actually, I wonder if using encryption would be a viable approach. In theory that would allow both endpoints to authenticate each other.
-
nav
nephele: Yes, good point.
-
Link Mauve
nav, you mean like SASL EXTERNAL, which validates against TLS certificates? :p
-
nephele
I personally like the aproach of "your public key *is* your adress"
-
nephele
i am not sure if that is viable, but it would be quite neat ;)
-
nav
Link Mauve: Possibly, but how do you get say your external component to ask the user connecting to it to authenticate himself that way?
-
nav
nephele: Yeah PKA makes sense.
-
nav
I'll need to have a read of the relevant XEPs see how much hassle it is to implement something like OX on something like a component.
-
nav
Bit of a problem. Encryption support appears to be largely limited to message stanzas but not IQ or commands.
-
nav
It's not encryption per se that I'm concerned about but a way of verifying that you're dealing with the same identity you were dealing with at some unspecified point back in time. Maybe signed presence stanzas will fill the gap.
-
Link Mauve
nav, that was a thing in XEP-0027 fyi.
-
nav
Link Mauve: Presence signing?
-
Link Mauve
Yes.
-
nav
Yup, at least Blabber supports it.
-
nav
Kind of out of the box if you've configured an OpenPGP key for the account.
-
nav
Which is nice because that means the component is getting the signed message essentially for free.
-
nav
If the component can be bothered to discover the user's public keys and cache them, then a change in the advertised fingerprints may mean that the user could be someone else (or has replaced his keys). That the advertised fingerprints are valid can be checked by verifying the signed presence message.
-
nav
And in principle, this can be done transparently and in a way that's compatible with no OpenPGP use. ☺
-
flow
nav: i am not confinced that presence signing is a good idea
-
flow
message signing, of course, but presence probably not
-
flow
for starters, presence signing probably significantly increases the time your OpenPGP signing key is unencrypted
-
nav
flow: The same consideration applies whether you're signing and/or encrypting messages as it does to presence. In any case, at least Blabber automatically signs presence stanzas if you have a PGP key associated with your account.
-
flow
nav, the thing is, sending a message is a conscious action, whereas presences are mostly send without the user being aware
-
flow
granted, the problem was more severe in the days where whe shove everything into presence, like "the current song you are listening to"
-
Zash
XEP-0027 signed presences are *huge* and get broadcast to all your contacts every now and then
-
Zash
Doesn't feel efficient
-
flow
in those situations, your pgp key practically never got re-locked, and it always stayed unlocked, which wouldn't be the case if only messages are signed
-
flow
Zash, I think that modern cipher woulds produce smaller signed presences
-
nav
XMPP is hardly efficient to start with. As for presence stanzas, they're not being sent all the time but only when your presence status changes.
-
Zash
OpenPGP?
-
nav
Zash: ?
-
flow
nav, depending on the used extension protocols, your presence status changes quite often
-
nav
flow: For instance?
-
Zash
auto-away etc
-
flow
xep256
-
flow
but shoving stuff into presence is now large considered an anti-pattern, rightfully, if I may add✎ -
flow
but shoving stuff into presence is now largely considered an anti-pattern, rightfully, if I may add ✏
-
nav
flow: Why would 0256 increase the rate at which <presence/> is being sent?
-
Zash
flow, XEP-0319 too!
-
nav
It's, as you say, just adding some more stuff into it.
-
Zash
Conversations for example has a feature where it sends presence every time you focus or unfocus it.
-
Zash
Disabled by default IIRC
-
Zash
In any case, it was agreed in the XMPP community long long ago not to shove so much stuff in presence, instead use PEP
-
nav
XEP-0319 is a better example, but as long as it's under control of the user I still don't see the problem
-
flow
xep256 isn't the best example, but it was the best I could dig up in short time
-
nav
Yup, PEP is a good idea.
-
flow
nav, but as I wrote, we had previously XEPs that put the last user tune in presence
-
Zash
OX!
-
flow
so every 3 minutes or so, you would emit a new presence
-
flow
furthermore presence gets amplified by MUCs
-
flow
imagine you are in 3 MUCs with the same people
-
nav
flow: Yeah, I remember that fad!
-
flow
every time someone emits a new presence, you get it 4 times
-
flow
(assuming you are also subscribed to the presence0
-
flow
and finally, I am not sure what a signed presence gets you
-
Zash
I think it might vary a bit actually, some clients don't send presence updates to MUC
-
flow
like what do you do with that information?
-
flow
how would you behave if it wasn't signed
-
flow
how do you behave differently if it was signed?
-
flow
Zash, hmm isn't the server doing that?
-
flow
but you are the expert on that topic :)
-
Zash
Prosody doesn't. Maybe it should? But you get problems.
-
flow
I assumed that MUC presence is based on RFC 6121 § 4.6 Directed Presence
-
Zash
Like, it gets weird if you change nickname. Should the server broadcast your presence to both nicks?
-
nav
flow: "how do you behave differently if it was signed?" Well, that's what I was getting at. I could make certain assumptions as to whether the JID is under control of the same user.
-
Zash
nav, your phone gets stolen. now what?
-
flow
nav, I am not sure if this answers my question
-
flow
could you give a concrete example?
-
flow
don't get me wrong, 20 years ago I also believed that signed presence is cool
-
flow
but today, I see only drawbacks and no advantages of presence signing
-
nav
flow: See the discussion around 1130Z today for background to the discussion.
-
flow
kk
-
flow
and fwiw, I believe signed presences should include a timestamp, for hopefully obvious reasons
-
flow
but then you need to define a time-to-live for those
-
flow
1h, 3h, 24h, 7d?
-
nav
It all comes from the fact that yesterday I accidentally deleted my account 🙄
-
flow
in any case you now inveted a new mechanism that causes presences updates
-
Zash
Wasn't that one of the problems with XEP-0027, no replay protection?
-
flow
nav, probably the better solution would be a signed pep item in a well-defined pep node
-
nav
But the component I was testing at the time still kept all the information associated with my JID.
-
nav
It dawned on me that the component will wipe out your info if you unregister with it, but not if you unregister from your own server and someone else takes over your JID.
-
nav
flow: That sounds sensible.
-
flow
I get that point, and I think the solution lies in PEP, not in Presence :)
-
flow
you basically want to place a proof of ownership in the PEP node
-
nav
My first thought was some kind of UUID but as was pointed out above that was kind of daft and then someone brought up crypo, and here we are.
-
nav
Indeed that sounds like a good solution! ✔
-
nav
I could get people to register a password with the component but the usability is not quite as good.
-
nav
What about discovering and remembering OMEMO nodes?
-
flow
if you work out a protcol with one crypto scheme it is easy to apply to the same to another crypto scheme which is able to sign bytes
-
nav
On second thought, that probably would not work.
-
flow
the main issue is that OMEMO, unlike OpenPGP, has no concept of a primary key
-
flow
at least IIRC
-
nav
Exactly
-
nav
I like the signed PEP node approach. The disadvantage is that it requires explicit client support.
-
flow
how could something like that *not* require explicit support from implementations?
-
nav
I should have said explicit client support which is not there at the moment. ☺
-
Zash
Deploying new things 🤷️
-
nav
That's why I was hoping to piggyback on signed <presence/> stanzas, as some clients already do those.
-
flow
isn't that always the issue: that we imagine those kewl new protocol extensions, but then suddenly realize that someone needs to implement them? :)
-
nav
The cool thing about the signed PEP is that it could be used by people wanting to prove control over a JID *or a group of JIDs*
-
Zash
open standards go brrr
-
nav
For instance people who have accounts on different servers.
-
moparisthebest
what's it proving? that someone with that private key at some point had access to that account and/or server ?
-
nav
moparisthebest: Yup
-
nav
No more and no less.
-
moparisthebest
what's the intended way to use that info ?
-
nav
moparisthebest: https://logs.xmpp.org/jdev/2022-07-26?p=h#2022-07-26-8255b4655df233bd
-
nav
With reference to the red warning on XEP-0086 (https://xmpp.org/extensions/xep-0086.html)…
-
nav
…considering that I am dealing with handling error conditions in the context of XEP-0030 (https://xmpp.org/extensions/xep-0030.html), I guess I should ignore that warning, right?
-
Zash
https://xmpp.org/rfcs/rfc6120.html#stanzas-error is where you should look for syntax of errors.
-
nav
Thanks!
-
Zash
And service-unavailable is the error you must return for any iq-get or set that you do not understand.
-
nav
Roger that.
-
nav
Is that specified somewhere, off the top of your head?
-
nav
Or just customary practice?
-
Zash
In the RFC I just linked
-
nav
Yup, just found it, ta. https://xmpp.org/rfcs/rfc6120.html#stanzas-error-conditions-service-unavailable
-
Zash
10.3.3. IQ > If the IQ stanza is of type "get" or "set" and the server does not understand the namespace that qualifies the payload, the server MUST return an error to the sending entity, which MUST be <service-unavailable/>.
-
nav
Cool, that makes life easier. ☺
-
Zash
There should also be text to the effect that every iq-get and iq-set must have a matching iq-result or iq-error
-
techmetx11
hi
-
techmetx11
how would you implement multiple nicknames in a vcard
-
nav
Zash: True
-
techmetx11
the DTD says that multiple <NICKNAME> elements can exist, but multiple nicknames must be a comma-seperated list
-
techmetx11
(talking about vcard-temp)
-
Zash
My personal advice: Ignore vcard-temp.
-
Zash
All the cool kids use vcard4
-
techmetx11
how much servers do you think support vcard4
-
Zash
Also https://xmpp.org/extensions/xep-0172.html
-
Zash
All of them!
-
Zash
All Modern XMPP servers support PEP, and that is all you need for vcard4
-
techmetx11
Zash: i mean multiple nicknames in a vcard-temp
-
techmetx11
also the vcard4 xep is deferred
-
Zash
vcard-temp is Historical
-
Zash
aka ugly things from before there was a standards process
-
techmetx11
... but still active?
-
Zash
deferred just means it hasn't moved forward in the standards process for a year
-
techmetx11
if you could just please answer my question
-
Zash
with how slow the standards process is, one year doesn't really mean much
-
techmetx11
i'll try to send a hand-crafted vcard4 retrival request
-
techmetx11
and see if it works
-
Zash
all I can say is that the Prosody module handling vcard-temp simply takes the XML and saves it as-is
-
techmetx11
disroot's server errored out with "No module handling this query"
-
techmetx11
so i'm gonna assume, that this isn't as widely implemented as it might seem
-
techmetx11
now anyway, my question was
-
techmetx11
how do you implement multiple nicknames in a vcard
-
techmetx11
i'm gonna assume multiple elements
-
nav
techmetx11: I've just tested and multiple elements does not work with ejabberd.
-
nav
In theory, according to the DTD on XEP-0054 it should be allowed, but also the XEP does not prescribe what to do with multiple instances of the same tag. Ejabberd just keeps the last received.
-
nav
The DTD does say, in a comment, that "Multiple nicknames must be specified as a comma separated list value" (I guess you've already seen that), and that is also how RFC 6350 specifies it: NICKNAME-param = "VALUE=text" / type-param / language-param / altid-param / pid-param / pref-param / any-param NICKNAME-value = text-list (https://datatracker.ietf.org/doc/html/rfc6350#section-6.2.3)
-
techmetx11
yeah
-
techmetx11
i was a bit confused