XSF Discussion - 2018-02-10

zinid: so e2e isn't important but muc Avatar is?

Sorry I'm just trolling :)

That's the good thing about open protocol and community, everyone can work on what's important to them :)

marc, yes

moparisthebest, and what are you working on? 🙂

zinid: my most recent xmpp related thing? Client side components/gateways

moparisthebest, where is your e2ee implementations?

Omemo and pgp work fine :)

yeah, tell that 1000 times and you this will become truth

You should read Daves membership reapplication

damn, there is a wall of text again

well, that's Dave 🙂

ok, I read briefly and understood nothing

Countless e2e xeps?

I only know of 3, 2 of which are pgp and not forward secret

I guess you could add OTR in there

so if a protocol has a drawback then it's not counted as a protocol?

(I'm not even starting to debate lacking forward secrecy is a drawback)

No I didn't think otr was a xep

moparisthebest, there is also I-D about new e2eee

It's just text encryption people sometimes use over XMPP

so we have omemo, otr, pgp, and that new I-D

four xeps

damn, we probably even have less for file transfer 😉

2 different pgp xeps

5 xeps

esessions?

Still way less than countless and almost half are not forward secret

Never heard of them

I guess you didn't use gajim then until three years ago or so

2013 I think

I used pgp then

moparisthebest, just implement the protocol where you exchange messages via direct p2p jingle sessions, and call it a day

I think you can install a session via jingle and then use that server-less protocol

what xep is that...

xtls?

https://xmpp.org/extensions/xep-0174.html

zinid: that's tox and eats battery

who cares? nobody will use it except you and a few other nerds

Well and that would also leak your IP

you can live with that I think

Tox doesn't do that

doesn't do what?

I can also live with pgp or omemo

moparisthebest, the problem is that others cannot leave with omemo

Tox does stuff like tor to avoid leaking your IP

Then don't turn it on?

moparisthebest, I didn't turn it on, but I see other XEPs start to suffer from this OMEMO shit

One could say this vcard shit is spreading too

right now we cannot put any data outside <body/> element, because it's "insecure" and "metadata leaks"

moparisthebest, vcards forbid me to attach elements to stanzas?

The new pgp xep fixes that

And in a way omemo can reuse

fixes what?

It encrypts entire XML sections

so daniel will implement SIMS finally?

Not just body

How do you turn OMEMO off?

Isn't it off by default

Zash, good question, I don't think it's possible to disable OMEMO for incoming messages

at least in conversations

Pretty sure all the clients will just publish keys and stuff without asking first

moparisthebest, it's enabled in Conversations, you still can get incoming messages even if you don't press that "lock icon"

is there any xep to have "message displayed" event? it was in xep-0022 but then it was obsoleted.

rion, "displayed" is considered as an bad idea by some (incl. me) for a federated network, but we have delivery receipts

and it's trivial to build a "message displayed" mechanism for your internal usage

rion: xep333

chat states, message receipts, 333

yeah 333 seems to exact match :)

thanks

daniel, wasn't xep333 the one you wanted to take care of?

Flow: yes

daniel, what was the issue with it again?

No major issues. I wanted to clarify it a bit and change some of the rules

I read that as "nothing. just everything" :-). good morning everyone.

eh, not even morning anymore

daniel, ahh ok, i thought there where some major issues with it

Do you guys know which XMPP server do they use?

https://www.epicgames.com/fortnite/en-US/news/postmortem-of-service-outage-at-3-4m-ccu

If I'm not wrong it was a tuned ejabberd

I was told MongooseIM at some point