XSF Discussion - 2017-12-12


  1. goffi

    hi there, can I have clarification on #publish-options? As far as I remember, it was an way to configure a node on creation without having to create then configure. But it seems to have changed and to be way to do per-item configuration. I haven't had chance to follow all discussion on @standard, so a summary would be much appreciated, thanks

  2. daniel

    goffi: it can be both

  3. daniel

    The fields are registered. And each field defines if it's is a precondition (= node configuration on publish and enforcement) or an override

  4. goffi

    But this are 2 different features. Where the fields are registered (and which fields are registered?) ?

  5. goffi

    the XEP is not clear at all about that. The examples only show publication with items, and there is not notion of node creation.

  6. Zash

    I don't think autocreation and configuration on publish is a thing that's specified

  7. goffi

    I though it was #publish-option (and it was not specified indeed, just in example as far as I remember, like many Pubsub features unfortunately)

  8. Holger

    It was all totally underspecified before, but the wording has been clarified and things seem clear to me now: https://xmpp.org/extensions/xep-0060.html#publisher-publish-options

  9. Holger

    Zash: "If the node does not exist and the service supports the "auto-create" feature, then the service shall auto-create the node with default configuration in all respects except those specified in the preconditions, and the publish succeeds."

  10. goffi

    yes that how it is implemented in SàT Pubsub

  11. goffi

    but "Each field MUST specify whether it defines METADATA to be attached to the item, a per-item OVERRIDE of the node configuration, or a PRECONDITION to be checked against the node configuration. " is really confusing, which metadata can we attach?

  12. goffi

    how to override item, as the text only mention precondition or node configuration on auto-create

  13. goffi

    I think I'll write on @standard to discuss that, because it needs to be extremly clear and it is definetely not at the moment.

  14. Holger

    goffi: Right now there's only a single registered option (access_model), and it's specified to be a PRECONDITION. So OVERRIDE/METADATA are only theoretical options as long as no field is registered with that behavior.

  15. Zash

    Holger: Is that so?

  16. Holger

    Zash: Sure?

  17. goffi

    Holger: where it is registered ? How can I check it ?

  18. goffi

    I've implemented per-item overriding for years, and I'm since willing to propose a protoXEP for that (no time so far), so I'm willing to know if current publish-option can do it (I've explained how it's done in SàT pubsub at https://www.goffi.org/blog/goffi/S%C3%A0T_DOTCLEAR_IMPORT_BLOG_default_goffi_69%3A2012%2F06%2F24%2FFine-access-tuning-for-PubSub)

  19. Zash

    goffi: I would be happier if it was split in three

  20. Holger

    goffi: https://xmpp.org/extensions/xep-0060.html#registrar-formtypes-publish

  21. Holger

    goffi: Huh you implemented it. What's the use case?

  22. Holger

    goffi: My suggestion would've been to ditch OVERRIDE/METADATA. And if someone needs that feature, re-add it using different syntax.

  23. goffi

    Zash: what do you mean split in three ?

  24. Holger

    goffi: Isn't the implementation a great PITA when it comes to RSM / MAM access, for example?

  25. goffi

    Holger: blog post restricted to some people, similar to Google circles (even if it was done before)

  26. Zash

    Three forms, where the form decides what tge fields do, not some registry

  27. goffi

    Zash: ah yes, I think it would be better indeed, and in a separate XEP

  28. Holger

    goffi: https://github.com/xsf/xeps/pull/556

  29. goffi

    I need to check SàT Pubsub code, I'm not sure of the behaviour if the node exists (I think the options are just ignored, which is not compliant which current XEP state)

  30. Zash

    goffi: You have my support if you were to draft one

  31. goffi

    Zash: I will, but it will take time, I am already drowning in work

  32. Ge0rG

    Yeah, reading that section of 0060 made my head explode. And I'm used to reading protocol specs.

  33. jonasw

    I think we need a very diligent copy editor, ideally english mother tongue, who goes over those monsters like XEP-0060 and edits everything which is remotely unclear, while being in constant feedback with the community and council

  34. goffi

    daniel: OK it's a good thing to remove override, and probably it would be nice to remove metadata too, only keeping precondition and config setting.

  35. daniel

    i don't care very much for metadata either

  36. Zash

    jonasw: we were going to split '60 into smaller pieces

  37. goffi

    not sure if there is a use case on a per-item basis for metadata. Override there is definitely, but should be separate feature

  38. daniel

    i'd be fine with removing it for now and reintroducing it as a seperate form later if someone needs it

  39. edhelas

    daniel I do care of metadata actually

  40. goffi

    edhelas: on a per-item basis ?

  41. edhelas

    ah for items, meh, no

  42. edhelas

    sorry, misunderstanding

  43. goffi

    for node it's needed I think we all agree on that

  44. zinid

    > ideally english mother tongue They tend to use some rare wording which is only possible to translate with a dictionary 🙂

  45. daniel

    removing METADATA entirly changes the wording *a lot*. I'd rather only do that if we agree that this is the right thing

  46. Holger agrees ;-)

  47. jonasw

    if we remove it in a way so that we can bring it back in an addendum && we don’t have any depending XEPs currently, I don’t see any issue.

  48. goffi agrees too

  49. edhelas

    daniel in which cases you want to remove metadata ? I'm a bit lost

  50. Ge0rG

    I want that whole section burned. It doesn't make any sense.

  51. daniel

    edhelas, publish-options. we are talking about publish-options

  52. Ge0rG

    Removing metadata and override from the XEP would suffice for me, though.

  53. daniel

    removing metadata and override and maybe the ability to register additional fields would make the wording a lot more straight forward

  54. edhelas

    yeah registering fields could be quite nice and make it more flexible

  55. Holger

    Nah. No registering.

  56. goffi

    registering is not useful there, and bring a lot of complications

  57. jonasw

    no registering, but honoring <required/> so that implementations know when an option is critical?

  58. Holger

    Only node config preconditions. That makes it straightforward to understand and implement.

  59. jonasw

    that seems like a good compromise and allows later XEPs to extend things

  60. jonasw

    ah yes

  61. Holger

    And we make it work for all node config options in one go.l

  62. Holger

    jonasw: <required/> what?

  63. goffi

    that would make my current implementation nearly compliant, just need to check the precondition

  64. jonasw

    Holger, publish-options is a Data Form, right?

  65. Holger

    Yes.

  66. jonasw

    Data Forms specifies the <required/> child for fields

  67. jonasw

    users of publish-options could make it clear that a field MUST be understood or the request MUST be rejected with that

  68. jonasw

    while other unknown fields may be safely discarded

  69. Holger

    The wording already does that.

  70. Holger

    Uh.

  71. jonasw

    just an idea to open the venue for future extensions without making things too complicated with a registry etc.

  72. goffi

    Can't we ignore unknow fields if it's not a configuration option ? Else that would make it difficult to extend (new options specified in later XEP will not be usable on old implementations)

  73. daniel

    goffi, no

  74. goffi

    daniel: why ?

  75. Holger

    Well my suggestion was to reject anything that's not a config option.

  76. daniel

    because you have to rely on the fact that they are checked

  77. zinid

    unknown fields in practice will mean a client bug in 99% cases

  78. jonasw

    Holger, yeah, tbh, I was still thinking about the other use-cases, not Node Config overrides

  79. goffi

    but if it's not a configuration options ?

  80. Holger

    goffi: What should the publish option do then?

  81. goffi

    zinid: no, it can means a new options introduced in new XEP and not handled in current server

  82. zinid

    goffi, then it's fine for the server to return error, so a client doesn't expect the option takes effect

  83. goffi

    Holger: create node with right config, reject node with bad config, and let in place for unknow config options

  84. daniel

    how about something simple as https://gultsch.de/files/xep-0060.html#publisher-publish-options

  85. daniel

    exact wording tbd

  86. goffi

    daniel: happied with that, but worried about unknow fields

  87. daniel

    why?

  88. Holger

    goffi: You can't just ignore unknown options because clients probably want to rely on them being set. See the bookmarks XEP, for example.

  89. Holger

    goffi: If anything, you could go for jonasw's route and let the client specify whether the option is <required/>. But meh.

  90. zinid

    Holger, not to mention that you will get fancy "bug reports" like "I set this knob but it doesn't work!"

  91. daniel

    if you ever want to do something else just define your own form

  92. Holger

    goffi: I don't quite see the use case of specifying a publish option without caring whether it actually works.

  93. Holger

    zinid: Exactly.

  94. moparisthebest

    what if you just specify a new XEP 'pubsub-lite' in the time honored XSF tradition of replacing complicated XEPs with simpler ones that everyone actually wants?

  95. Ge0rG

    moparisthebest: I'm already waiting for MUC to replace MIX in five years :D

  96. Zash

    Ge0rG: Wow, aren't you the optimist

  97. zinid

    MUC to replace MIX?

  98. goffi

    Holger: zinid: daniel: use case => options "serial_ids" to have ids in series instead of uuids. If present I want it to be set I specify in publish option. A server is not managing it, my publish will fail with current wording.

  99. Ge0rG

    zinid: yes, because MIX is too complicated.

  100. zinid

    Ge0rG, ah, agreed

  101. zinid

    no way I implement it in ejabberd

  102. daniel

    goffi, it will already fail with the current wording

  103. daniel

    because serial_ids is not registered

  104. Zash

    MIX looks unlikely to be implemented in Prosody either atm

  105. daniel

    you can not just invent shit without registering it

  106. goffi

    daniel: yes I didn't say the opposite, I just say the current wording and one in patch are not future-proof

  107. zinid

    goffi, can't you just request the form to check what fields are supported?

  108. goffi

    zinid: ah yes good point

  109. daniel

    goffi, just create your own form. whats the problem?

  110. goffi

    zinid: but need one more request

  111. Holger

    goffi: And it buys you a clear spec with defined behavior.

  112. zinid

    goffi, ah, you client developers are afraid of requests 😀

  113. daniel

    create a form name it publish-sequential-enforcing-agency-visual-studio-powered

  114. goffi

    :)

  115. zinid

    I"m always forgetting this 😉

  116. daniel

    and be done

  117. goffi

    OK I'm convinced now, I can just request the form

  118. goffi

    so I'm fully in for daniel's patch

  119. Ge0rG

    Do we need to bump the namespace version?

  120. daniel

    no

  121. zinid

    YES

  122. zinid

    😀

  123. edhelas

    just bump by .05 and we're good

  124. daniel

    anyone has any suggestions on improving the wording based on https://gultsch.de/files/xep-0060.html#publisher-publish-options

  125. jonasw

    daniel, wfm

  126. daniel

    Ge0rG, is that wording fine with you?

  127. daniel

    you complained about the entire section before

  128. Ge0rG

    daniel: no, it's not fine. You are introducing the term PRECONDITION and kind of implicitly define it in that sentence. It works if you already know what a PRECONDITION is, but otherwise you stumble upon the CAPITAL LETTERS

  129. Holger

    Hah, after pressing 'reload', I actually see the changes :-) Browser caches yay.

  130. daniel

    Ge0rG, suggestions for improvments?

  131. daniel

    using lower case?

  132. goffi

    yes lower cae

  133. goffi

    case

  134. Ge0rG

    daniel: I'm trying to come up with a better wording, bear with me.

  135. zinid

    argh, I don't understand

  136. zinid

    does this precondition magic means publish-options should borrow all options from node-config?

  137. Holger

    zinid: Yes.

  138. daniel

    zinid: yes

  139. zinid

    Holger, ah, so we have a bug in ejabberd 🙂

  140. Holger

    zinid: We don't comply with the version suggested a few minutes ago on gultsch.de.

  141. Holger

    zinid: Not sure I'd call that a bug :-)

  142. Ge0rG

    daniel: maybe the following: > Each form field denotes a precondition to publishing the request. A pub-sub service advertising support for publishing options MUST check each precondition field against the node configuration of the same name, and it MUST reject the publication upon encountering unknown fields.

  143. Holger

    zinid: We do comply with the current XEP-0060 wording.

  144. zinid

    Holger, well I just didn't know what exactly Daniel has added 🙂

  145. Holger

    zinid: Ah ok. This exactly is the change he's suggesting.

  146. daniel

    `<F5>`

  147. Holger

    zinid: Currently 0060 says that 'access_model' is the only valid publish option.

  148. zinid

    Holger, yes, yes I got it 😀

  149. Holger

    daniel: Looks good to me.

  150. goffi

    daniel: patch put aside, I didn't get you're "16:58][daniel] goffi, just create your own form. whats the problem?", what were you suggesing actually? It's a configuration option, I can't put this in a random form.

  151. daniel

    goffi, well currently (as published by the XSF) you'd have to register a precondition with the registrar. i'm suggesting instead of doing that just define a form

  152. daniel

    like send a PR to xep60

  153. daniel

    either way you'd have to go through the xsf

  154. goffi

    daniel: I'll sure do for the per-item overridding, and other feature I'm willing to standardize, but serial_ids would just be a setting like any service would add, I think it's a bit overkill to create form or go through XSF for every single config option (in the particular case of serial_ids, it could be generally useful so it may make sense)

  155. daniel

    > I think it's a bit overkill to create form or go through XSF for every single config option well that's how xep60 works in that regard. none of my PRs change that

  156. daniel

    i don't understand what exactly it is you are trying to do but either you expect a certain reaction from the server then you have to specify it anyway or you don't in which case just don't use publish-options

  157. Ge0rG

    Maybe it is METADATA?

  158. Ge0rG

    marc: so where are we regarding account-invitation?

  159. goffi

    daniel: I'm willing to specify node configuration atomically on creation, and publish-option is exactly what I need for that. I was worrying abount new options or vendor specific options, but as zinid rightly said I can request node configuration first, so it's alright.

  160. marc

    Ge0rG, if we do not need fancy feature like token revocation I would proceed with my initial approach and add server-side PARS

  161. Ge0rG

    marc: you could have an ad-hoc command to revoke a token :P

  162. marc

    Ge0rG, of course :)

  163. Ge0rG

    marc: do you want me to write the XEP or to criticize it once you've written? :P

  164. marc

    But I think that's too complex and could be added later

  165. Ge0rG

    marc: yeah, revocation is out-of-scope

  166. goffi

    and XEP-0060 doesn't request to register any single config option by the way (which is a good thing)

  167. Ge0rG

    marc: I think we have two user stories: "roster invitation with potential account creation" and "explicit account invitation". I think they should have separate ad-hoc commands, but can share wire format.

  168. marc

    Ge0rG, I agree with the first part

  169. marc

    Not sure if it makes sense to use different commands

  170. marc

    We could just change the data form

  171. marc

    If the latter is also possible

  172. Ge0rG

    marc: ah, right.

  173. Ge0rG

    marc: I remember now.

  174. Ge0rG

    marc: but then as an admin, you can't create a one-click roster invitation.

  175. marc

    Ge0rG, why?

  176. Ge0rG

    marc: because you always need to send back the JID entry form.

  177. marc

    Oh, *one-click* is the keyword here

  178. Ge0rG

    marc: so maybe having separate ad-hoc commands is more useful after all.

  179. Ge0rG

    "Send invitation" for mortals, "Send account invitation" for admins

  180. marc

    Ge0rG, and you don't like the idea to provide the inviter name?

  181. Ge0rG

    marc: no, for two reasons: a) it is hard to validate independently and b) it's adding complexity to the process

  182. Ge0rG

    marc: I could send you an invitation that reads "Daniel Gultsch invited you to ..."

  183. marc

    Ge0rG, but it makes the invitation more personal :D

  184. marc

    Ge0rG, of course you can

  185. Ge0rG

    marc: you are sending a link to somebody. Make the message containing that link more personal.

  186. marc

    xmpp:romeo@montague.net?roster;preauth=1tMFqYDdKhfe2pwp;name=Romeo+Montague

  187. marc

    a) is not a good argument anymore ;)

  188. Ge0rG

    marc: xmpp:romeo@montague.net?roster;preauth=1tMFqYDdKhfe2pwp;name=Tybalt+Capulet

  189. Ge0rG

    marc: what now?

  190. marc

    Ge0rG, that's an example of your PARS XEP

  191. marc

    that's the point ;)

  192. Ge0rG

    marc: that's been almost a year :P

  193. marc

    Ge0rG, :P

  194. marc

    Ge0rG, but I'm okay with it, let's remove the possiblity to provide the inviter name

  195. marc

    But I would like to have nice admin options then :p

  196. Ge0rG

    marc: also, see §5.4

  197. marc

    Ge0rG, I know

  198. marc

    Ge0rG, but I could copy 5.4 into the new XEP ;)

  199. Ge0rG

    I can't link to §5.4 because somebody f***ed up the anchor. Bummer.

  200. Ge0rG

    marc: technically, it is okay to have an optional name parameter in the xmpp: URI, but it shouldn't require the inviter to input text

  201. Ge0rG

    I think we need some notion of "screen name", maybe stored in account vcard, and used as the default MUC nickname and for such invitations

  202. marc

    Ge0rG, I wouldn't store it into the URI but yeah

  203. marc

    Ge0rG, "screen name" independent of this XEP?

  204. Ge0rG

    marc: yes

  205. Ge0rG

    marc: one day, I'll change yaxim new account creation to ask for a screenname, auto-generate a slugified JID from that and going with a secure auto-created password

  206. marc

    Ge0rG, there is a nickname field in vcard, isn't it?

  207. Ge0rG

    marc: I'm not sure screen name == nickname or rather real name

  208. Ge0rG

    maybe something in between.

  209. Ge0rG

    marc: so if you enter "Crazy Batshit" as your screenname, it would suggest "crazy.batshit@yax.im" as your JID, and fall back to "crazy.batshit.5632@yax.im" if the former is already registered.

  210. marc

    Ge0rG, sounds like a good idea

  211. Ge0rG

    marc: of course :P

  212. Ge0rG

    marc: I'm obsessed with Easy XMPP for over a year now.

  213. jonasw

    how does twitter do that?

  214. marc

    Ge0rG, hopefully easy-invitation will be rolled-out in the near future

  215. marc

    Ge0rG, I'm okay with two commands: user-invitation and "account-creation"

  216. marc

    user-invitation allows PARS or account creation with one click

  217. marc

    account-creation is for admins with some options to generate an account for somebody

  218. marc

    admin or other privileged pro-users

  219. jonasw

    isn’t there an account creation adhoc already?

  220. Ge0rG

    marc: user-invitation --> `xmpp:georg@yax.im?preauth=FOOBAR;ibr` --> PARS or account registration account-creation --> form(username) --> `xmpp://username@server?preauth=FOOBAR`

  221. Ge0rG

    jonasw: yes, but there you must pre-set a password

  222. jonasw

    ah ok

  223. Ge0rG

    jonasw: we want to have one-click account setup for the invitee

  224. marc

    Ge0rG, I wouldn't make username required for account-creation but yeah looks good to me

  225. marc

    And probably we need an appropriate URI action parameter

  226. marc

    Not sure if 'register' or 'roster' should be used

  227. marc

    Or something like 'invite'

  228. Ge0rG

    marc: hm. If you don't need a pre-defined jid for account creation, you can fallback to the PARS URI as well

  229. Ge0rG

    marc: https://xmpp.org/registrar/querytypes.html#register

  230. Ge0rG

    marc: so it would be `xmpp://username@server?register;preauth=FOOBAR`

  231. marc

    Ge0rG, yeah but maybe you have more options on account-creation and it doesn't cost anything to make this field optional

  232. marc

    Ge0rG, yes, for account-creation ?register make sense

  233. marc

    Ge0rG, not sure if it makes sense for PARS

  234. marc

    because it doesn't lead necessarily to account creation

  235. Ge0rG

    marc: it doesn't.

  236. marc

    Ge0rG, yes :)

  237. marc

    But preauth is not a good action name IMO

  238. Ge0rG

    marc: I'd leave away the action name from PARS links for brevity.

  239. Ge0rG

    marc: there are actions for "roster" and "subscribe". Both are vaguely wrong.

  240. marc

    Ge0rG, I know but 'preauth' could be anything

  241. marc

    And to be compatible with other action names I would like to use an other name

  242. marc

    And actually action name don't have a value

  243. marc

    +s

  244. Ge0rG

    marc: https://mail.jabber.org/pipermail/standards/2016-June/031138.html

  245. marc

    Ge0rG, Nobody suggested to use an action name with value nor the name "preauth"

  246. Ge0rG

    marc: preauth is not an action, it's a query parameter.

  247. marc

    Ge0rG, and what's the action? nothing?

  248. Ge0rG

    marc: yes

  249. marc

    That's not better in my opinion :)

  250. marc

    I would prefer something like ?invite;preauth=...

  251. marc

    Or ?invite;token=...

  252. marc

    If not even using ?roster

  253. marc

    Which makes sense for PARS-only IMO

  254. jonasw

    is this bikeshedding or actual protocol discussion?

  255. Ge0rG

    marc: please respond to my mail from a year ago.

  256. jonasw

    If marc doesn’t have archives on his local machine, forging an email which is in fact a reply to that will be massively tricky :)

  257. Ge0rG

    marc: technically, the correct format for a query-less URI would be `xmpp:georg@yax.im?;preauth=FOOBAR`

  258. Ge0rG

    jonasw: I can bounce my original mail, allowing to respond properly.

  259. marc

    Ge0rG, why is this URI query-less?

  260. marc

    preauth is part of the query component

  261. Ge0rG

    Sorry, "action-less"

  262. Ge0rG

    marc: I care more about short URIs and small QR codes.

  263. Ge0rG

    I'm sure somebody from Council will -1 me on that protocol violation, one day.

  264. marc

    Ge0rG, a few char more or less...

  265. jonasw

    isn’t that all just conventions

  266. jonasw

    isn’t that all just convention?

  267. marc

    +s

  268. Ge0rG

    jonasw: yeah

  269. Ge0rG

    marc: did you know there are some email clients that break links longer than 72 characters?

  270. jonasw hides in shame

  271. Ge0rG

    marc: if you are marc_the_nice_guy@jabber.some-important-domain.com and have a long PARS token, you might be out of luck already.

  272. Ge0rG

    There's a reason why my XMPP service is yax.im :P

  273. marc

    Ge0rG, tbh no and I wouldn't care about it ^^

  274. Ge0rG

    marc: why do you care about the right query action, then?

  275. marc

    Ge0rG, because there is some sort of system for the XMPP URIs and we shouldn't break it IMO

  276. Ge0rG

    marc: it's already broken.

  277. marc

    Ge0rG, because of your XEP?

  278. Ge0rG

    marc: no, before that. I've written about it being broken. Nobody cared.

  279. marc

    Ge0rG, so let's care from now on ;)

  280. moparisthebest

    so ejabberd guys, seems like it could be vulnerable to https://robotattack.org/ depending on ciphers chosen, I tested conversations.im and it is safe because it only supports PFS ciphers

  281. Ge0rG

    marc: did you read my mail?

  282. moparisthebest

    erlang is specifically called out as being vulnerable fyi

  283. marc

    Ge0rG, https://mail.jabber.org/pipermail/standards/2016-June/031138.html this one?

  284. Ge0rG

    marc: yeah

  285. marc

    Ge0rG, I'll read it later.. I hope it's worth ;)

  286. Ge0rG

    marc: Good. We can continue the discussion afterwards, then. Or tomorro.

  287. Ge0rG

    marc: Good. We can continue the discussion afterwards, then. Or tomorrow.

  288. jonasw

    lolwtf, tls is still doing the broken PKCS padding?

  289. jonasw

    I thought this was just some funny anecdote in the lectures

  290. moparisthebest

    jonasw, nah it always comes back to bite everyone :P

  291. moparisthebest

    who's ejabberd dev in here, zinid ?

  292. jonasw

    Holger, too

  293. Ge0rG

    marc: but it's good that you see the same problems I encountered. You are on the right track ;)

  294. zinid

    moparisthebest, ejabberd doesn't use erlang's native ssl support, it uses openssl

  295. moparisthebest

    oh, excellent, good to know, thanks zinid

  296. zinid

    and I'm not sure what this attack is about, I'm not a cryptobitch

  297. moparisthebest

    yea no need to get bogged down in details, just should be concerned if you are vulnerable or not

  298. jonasw

    TL;DR: they managed to sign something using facebooks SSL private key they supposedly stole. game over.

  299. zinid

    what's the point in all this TLS stuff, if vulnerabilites are being found every month

  300. zinid

    only leads to false sense of protection

  301. moparisthebest

    do you have something better? :P

  302. moparisthebest

    at least it's widely used and studied

  303. zinid

    moparisthebest, well, the point is: if I didn't use TLS, I would be vulnerable to heartbleeding, where the whole system can be borked

  304. zinid

    not sure what I gain from using TLS in this case

  305. zinid

    *I wouldn't be vulnerable

  306. jonasw

    zinid, yeah, tls could use replacement by something much simpler. I think TLS 1.3 is on the right path with dropping support for a lot of legacy things. Not RSA though.

  307. Ge0rG

    zinid: you get protection against all passive attacks, and also some protection against FSB and NSA

  308. Ge0rG

    I think we should standardize on Curve25519, because DJB is an awesome m*****f****r

  309. zinid

    Ge0rG, I think FSB and NSA already collected all vulnerabilities of openssl like that one with heartbleeding

  310. moparisthebest

    yea most of the TLS problems are with legacy support, they realized that and dropped all legacy from TLS 1.3

  311. Ge0rG

    zinid: heartbleed looked way too much like a plausible-deniability backdoor, yeah.

  312. moparisthebest

    but zinid it's a choice between plaintext and no protection all the time, or TLS and best protection possible most of the time

  313. jonasw

    moparisthebest, although the argument that heartbleed may do more damage than plaintexting everything is plausible

  314. zinid

    moparisthebest, but I don't remember a single case of MITM attack, but I remember a lot of openssl fuckups

  315. zinid

    jonasw, exactly

  316. moparisthebest

    really? because some networks do MITM as normal matter of business

  317. jonasw

    openssl is particularly bad too

  318. moparisthebest

    s/networks/ISPs/

  319. moparisthebest

    https://forums.xfinity.com/t5/Customer-Service/Are-you-aware-Comcast-is-injecting-400-lines-of-JavaScript-into/td-p/3009551

  320. moparisthebest

    they even RFC'd it https://tools.ietf.org/html/rfc6108

  321. Ge0rG

    moparisthebest: I just was going to paste that.

  322. Ge0rG

    It's especially awesome for remote APIs

  323. moparisthebest

    I bet

  324. moparisthebest

    tl;dr everything should be TLS all the time, no exceptions :'(

  325. Ge0rG

    https://news.ycombinator.com/item?id=15892282 ;)

  326. Ge0rG

    It's nice and fair for the game to crash once you've used up 90% of your data cap.

  327. zinid

    moparisthebest, I mean I don't remember MITM in xmpp

  328. moparisthebest

    well if they do it to HTTP :)

  329. moparisthebest

    comcast will soon inject <message> stanzas

  330. moparisthebest

    UPGRADE YOUR MODEM

  331. zinid

    still, no a single case of xmpp mitm

  332. Ge0rG

    Reminds me of the good old times of CTCP PING +++ATH0

  333. edhelas

    XML ads injection in the messages stanzas for the non-prenium accounts

  334. Ge0rG

    edhelas: spam filtering as a premium feature.

  335. Ge0rG

    The good thing about it: you can cash in from both sides

  336. edhelas

    there is so much business to do

  337. Ge0rG

    I should do a post about spam filtering on yax.im.

  338. Zash

    Just figure out a way to get users to pay to view ads and you're golden

  339. moparisthebest

    to catch up to the web with all it's features we just need a XEP to send arbitrary javascript to clients so they'll execute it

  340. moparisthebest

    I mean we had XHTML-IM for that but now it's dead :'(

  341. edhelas

    JS over Markdown over XMPP messages

  342. Zash

    RCE as a service

  343. Ge0rG

    moparisthebest: JS is horribly inefficient to mine crypto moneys

  344. moparisthebest

    Ge0rG, what about WebAssembly

  345. Zash

    Surely there are wasm miners already running in your browser

  346. moparisthebest

    XEP-0400 Arbitrary WebAssembly over XMPP

  347. Ge0rG

    moparisthebest: what about it? Does it support OpenCL?

  348. moparisthebest

    probably?

  349. Ge0rG

    marc: right, please read my email and then we agree to not use any action at all.

  350. marc

    Ge0rG, okay, give me some minutes but I'm pretty sure I don't like the concept :D

  351. marc

    Ge0rG, okay, I don't see any argumentation in your mail to continue with meaningless "preauth" without action

  352. marc

    just because some other actions are poorly specified?

  353. Ge0rG

    marc: it's not meaningless. You can see from the JID that it is clearly a contact JID.

  354. Ge0rG

    marc: the actions are so underdefined, that yaxim just ignores the action and derives what to do from the other query parameters.

  355. Ge0rG

    marc: the only exception I'm using is `join` for MUCs

  356. Ge0rG

    if there is a `body=`, send a message, otherwise add to roster.

  357. Ge0rG

    marc: how does your client handle <xmpp:georg@yax.im> ?

  358. marc

    Ge0rG, depends

  359. Ge0rG

    marc: depends on what?

  360. marc

    If that's my account, if this contact is already in my roster

  361. Ge0rG

    marc: it's not your account. Now what will happen?

  362. marc

    Ge0rG, it probably adds you to my roster

  363. Ge0rG

    marc: and what happens on <xmpp:georg@yax.im?subscribe>? On <xmpp:georg@yax.im?roster>?

  364. Ge0rG

    marc: what if I'm on your roster already? Should you open a chat tab instead? Or the "Edit roster item" dialog?

  365. marc

    Ge0rG, The same argumentation applies to your ?preauth... what if you already subsubcribed? Should you open a chat window for the user?

  366. Ge0rG

    marc: can we leave out PARS for a moment, please?

  367. marc

    Ge0rG, this has nothing to do with the 'action' concept

  368. Ge0rG

    marc: preauth is not an action, it's a query parameter.

  369. marc

    Ge0rG, yes, but what happens needs to be specified

  370. marc

    If you use an "action" or just query parameters

  371. Ge0rG

    marc: where?

  372. Ge0rG

    marc: do we want to write an Informational XEP that mandates what happens to a ?roster action if I'm already on your roster?

  373. Ge0rG

    marc: nobody cares enough.

  374. Ge0rG

    marc: See, Zash was the only one to answer to my question.

  375. marc

    Ge0rG, yes, nobody cares which is why all clients behave differently which sucks, right?

  376. Ge0rG

    marc: there is a defined list of actions. None of them works as I would expect.

  377. Ge0rG

    marc: you would have to send two URIs with ?roster and ?subscribe for the full features

  378. marc

    Ge0rG, yes, they don't work I know. But that's not an argument against using something like "?invite;token="

  379. marc

    Is it?

  380. Zash

    I did whatnow?

  381. Ge0rG

    Zash: you responded to a mail in mid 2016.

  382. Ge0rG

    marc: But ?invite won't be supported by any clients at all!

  383. marc

    Ge0rG, correct, ad-hoc commands and QR code generation too ;)

  384. marc

    All clients need to be adapted for user-invitation

  385. Ge0rG

    marc: no

  386. marc

    Ge0rG, okay, all except yaxim

  387. Ge0rG

    marc: NO!

  388. marc

    Ge0rG, why?

  389. Ge0rG

    marc: the good thing about PARS is that it's 100% backwards compatible

  390. marc

    Ge0rG, no client except yaxim implements PARS, correct?

  391. Ge0rG

    marc: right, but most clients implement roster subscription.

  392. Ge0rG

    marc: and some even support using xmpp: URIs for that.

  393. marc

    Ge0rG, what's the point here? I would like to implement user-invitation and account creation and I'm okay with that fact that clients and servers need to be adapted

  394. marc

    Ge0rG, I can not invite somebody with PARS and Conversations

  395. marc

    Because Conversations doesn't support it

  396. marc

    It doesn't generate a QR for me

  397. Ge0rG

    marc: you can invite a Conversations user with PARS, but you'll have to add them manually afterwards.

  398. marc

    Ge0rG, yes I know but I can not invite somebody else with Conversations

  399. Ge0rG

    marc: so what's your point now?

  400. marc

    Ge0rG, clients have to be adapted

  401. Ge0rG

    marc: the good thing about PARS is that only the sending client needs to be changed.

  402. marc

    Ge0rG, yes, that's correct

  403. marc

    But that's not important for me if I don't use yaxim but Gajim or Conversations or whatever

  404. marc

    My point: implementing an URI for this XEP in a client is not a big deal

  405. Ge0rG

    marc: yes. First we need two implementations, then we can make it a proper XEP, then people will follow

  406. marc

    Because we have to implement a lot more

  407. Ge0rG

    marc: I'd go with Zash's suggestion and propose xmpp:georg@yax.im?add - my client will ignore the action anyway, because the existing actions are all bad.

  408. marc

    And that's why I started to implement PoC in those clients... there should be a working version for all major Clients after this XEP is done

  409. Ge0rG

    marc: but in practice, I've chosen not to create a new action type and just to rely on the receiving client to be smart about it when encountering a JID with query parameters.

  410. marc

    Ge0rG, we should focus on more important things than URI definition. We can discuss the URI thing after all the complicated stuff is done

  411. marc

    Ge0rG, right?

  412. Ge0rG

    marc: right.

  413. Ge0rG

    marc: so how would I add the preauth token into an IBR?

  414. Ge0rG

    it needs to be indicated at the beginning and not as a form element.

  415. marc

    data form as described in my awesome XEP?

  416. marc

    :(

  417. marc

    :D

  418. Ge0rG

    marc: "described"? :P

  419. marc

    well,...

  420. marc

    :D

  421. marc

    Ge0rG, what's wrong about the form element?

  422. Ge0rG

    marc: how does the server know that it needs to return a form element and not just do IBR?

  423. marc

    Ge0rG, it returns the form element if user-invitation is supported

  424. Ge0rG

    marc: so now all normal IBR clients will stumble upon that?

  425. marc

    it also returns <required/> if IBR is allowed with token only

  426. Ge0rG

    marc: let's say your server supports both normal IBR and preauth, and uses preauth to add the invitee to the roster.

  427. Ge0rG

    marc: let's say your server supports both normal IBR and preauth, and uses preauth to add the inviter to the roster.

  428. Ge0rG

    marc: now everyone who wants to IBR with you gets a stupid "invite-token" dialog popup

  429. marc

    Ge0rG, that's correct

  430. marc

    But that's also a feature because I didn't have to implement much :D

  431. Ge0rG

    marc: it's a feature to annoy all future users because you are lazy?

  432. marc

    Ge0rG, no because it's a PoC

  433. Ge0rG

    marc: it's great for a PoC, but we need to make it a protocol now

  434. marc

    Ge0rG, yes, tell me your solution

  435. marc

    Ge0rG, probably we need to change all clients for that, right?

  436. Ge0rG

    marc: No?

  437. marc

    Ge0rG, just tell me your idea :)

  438. Ge0rG

    marc: server announces support for IBR <preauth/> in caps. client requests IBR form, receives normal form, sends registration IQ with a <preauth/> element, done.

  439. Ge0rG

    marc: server announces support for IBR <preauth/> in caps. client requests IBR form with a special <preauth/> marker, receives form with <preauth/>, sends registration IQ with a <preauth/> element, done.

  440. marc

    Ge0rG, sounds good, you like the term preauth, hm? :D

  441. marc

    Ge0rG, how does this IBR form request for preauth look like?

  442. Ge0rG

    marc: I have put some thought into the name; it's short and it indicates what it is without depending on a certain technology

  443. Ge0rG

    <iq type='get' id='reg1' to='shakespeare.lit'> <query xmlns='jabber:iq:register'><preauth xmlns='urn:xmpp:pars:0'/></query> </iq>

  444. Ge0rG

    marc: I suppose this won't break IBR even if the server doesn't support PARS, and it lets the server know that the client intends to do preauth on this IBR

  445. Ge0rG

    so it can provide different fields in the response

  446. Ge0rG

    I think this is different from the typical data-forms flow which is intended for the user to enter more data. But I might be wrong and the standards@ ML will correct me.

  447. marc

    Ge0rG, sounds reasonable

  448. Ge0rG

    marc: does the above XML look good to you?

  449. marc

    Ge0rG, yes, except for the term "pars"

  450. Ge0rG

    marc: in the namespace?

  451. marc

    yes

  452. Ge0rG

    call it `paac` then, for pre-authenticated account creation :P

  453. Ge0rG

    marc: I'd be fine with renaming the namespace to urn:xmpp:preauth:0 as well

  454. marc

    haha

  455. marc

    :D

  456. Ge0rG

    Even if it would break existing yaxim installations :P

  457. marc

    however, 'pars' doesn't fit for account creation :)

  458. Ge0rG

    marc: but pars defines the <preauth/> element, and there is nothing wrong with element reuse :P

  459. marc

    aahh, that sounds wrong to me ^^

  460. Ge0rG

    marc: let's skip over it and solve the next problem.

  461. Ge0rG

    we are bike shedding again.

  462. marc

    Ge0rG, correct... I don't see other problems that a server operator may want to limit the number of account creations per user on a time basis or something like that

  463. marc

    So we should think about it

  464. Ge0rG

    marc: those limitations can be implemented on the server, no need to change the wire format

  465. marc

    Ge0rG, yes, I just don't like the idea that the server generates different types of tokens when a user hits the limit

  466. Ge0rG

    marc: I thought we were over that already?

  467. marc

    Ge0rG, it just bugs me ;)

  468. Ge0rG

    marc: no, I mean that you have different ad-hoc commands for IBR and PARS tokens.

  469. marc

    Ge0rG, Oh, I thought we have IBR+PARS (where IBR might be disabled if the user hits a limit) and IBR-only

  470. marc

    Ge0rG, so we have PARS and IBR-only?

  471. Ge0rG

    marc: we have PARS+IBR and IBR-only

  472. marc

    Ge0rG, correct

  473. marc

    But what happens if the user hits a limit?

  474. Ge0rG

    marc: I'm not sure what the right solution would be.

  475. marc

    No PARS and IBR at all?

  476. marc

    Or just PARS?

  477. Ge0rG

    marc: I think that sending a PARS-only token is better than no token.

  478. Ge0rG

    marc: also PARS+IBR doesn't mean all of the receipients are going to IBR immediately

  479. marc

    Ge0rG, yes, probably but it bugs me that the user won't this

  480. Ge0rG

    marc: so let's say I try to generate 100 PARS+IBR tokens. Should I be throttled after 50? Or only after 50 of the tokens have been used?

  481. marc

    ups... won't know this

  482. Ge0rG

    What if I don't understand how "Send invitation" works and my first 50 tokens get lost?

  483. marc

    That's a good question

  484. Ge0rG

    marc: I think the only sensible solution is to limit registrations, not token issuance

  485. Ge0rG

    marc: so your 51st friend will get a "this token is invalid" response to IBR

  486. marc

    Ge0rG, wow, but that's strange isn't it?

  487. Ge0rG

    marc: is it?

  488. marc

    You generate a valid token and somehow it doesn't work although the token isn't expired

  489. Ge0rG

    marc: do you have unlimited IBR on your server?

  490. marc

    Ge0rG, I have no IBR at all

  491. Ge0rG

    marc: my server will block out after three registrations from the same IP

  492. marc

    Ge0rG, I would limit the token generation either based on time or amount or both...

  493. marc

    Every token has an expiration date..

  494. Ge0rG

    marc: yes, but that's independent of your potential abuse scenario

  495. marc

    Ge0rG, why? A user is not allowed to invite more than X people, for example?

  496. Ge0rG

    marc: your ad-hoc command could also return a text field that explains the token validity

  497. Ge0rG

    marc: if a user is allowed to invite X people, and he generated X invitations already that all were lost. What then?

  498. Ge0rG

    marc: another ad-hoc command to reset pending invitations?

  499. marc

    Ge0rG, well, this depends on server operations anyway. But you could allow token generation after all tokens were expired?

  500. Ge0rG

    marc: so the user is blocked for two weeks?

  501. marc

    Ge0rG, depends on your lifetime?

  502. Ge0rG

    marc: yes. Maybe it's two days. But how is that useful?

  503. marc

    Ge0rG, maybe not more then X tokens in a hour?

  504. Ge0rG

    marc: maybe, but I still think that you should limit account registrations instead.

  505. Ge0rG

    marc: and even if you don't, you can easily link all the new accounts to the initial abuser.

  506. Ge0rG

    marc: think about it some more, I'm out for tonight.

  507. marc

    Ge0rG, I don't know. If a token doesn't work and is valid with respect to the expiration date it is confusing and wrong IMO

  508. Ge0rG

    P.S: protocol design is hard.

  509. marc

    No, good protocol design it hard ;)

  510. moparisthebest

    ‎[04:11:00 PM] ‎marc‎: Ge0rG, depends on your lifetime? ‎[04:11:16 PM] ‎Ge0rG‎: marc: yes. Maybe it's two days.

  511. moparisthebest

    wow context matters

  512. edhelas

    is there a proper way today to know if a remote MUC has been disconnected ? (like the service went down…)

  513. zinid

    edhelas: ping your nick

  514. Ge0rG

    And pray that none of your clients disconnects or lags in that time