XSF Discussion - 2018-09-05

could it be possible to share PEP messages with MUC ?

then I can share my localisation with people in a room for example ?

Prosody now allows you to get PEP items from people in a MUC, but there is no automatic subscription (yet?)

Holger what about ejabberd :) ?

MattJ how does it work ? I need to configure my PEP node for that ?

It would need to whitelist the MUC JID or be open, yes

For "live" updates, I wrote about this 9 (!) years ago: https://blog.prosody.im/multi-user-chat-gets-rich/

interesting

NINE YEARS

https://mail.jabber.org/pipermail/standards/2009-June/022173.html

and this post to the list ^

Crickets?

<3

I implemented it in Gajim, though I'm guessing the patch no longer applies :)

edhelas: Hmmm.

The point is making stuff available to room members (or occupants?) who are not on my contact list, without making it available world-wide?

(Plus anon rooms?)

yes

for example in a room where people could share their location or mood

Having directed presence count in the PEP access check?

Does anyone actually follow https://xmpp.org/extensions/xep-0178.html now?

Or ...

Really tiny mention of "or fall back to dialback" in there

Zash: for c2s or s2s or both?

Mostly thinking of s2s here

Also, I doubt that any CAs issue certs with the xmppAddr field.

All glory to Let's Encrypt

There can be only one! etc...

But at least one server offers EXTERNAL even if the cert doesn't match, then expects dialback to be attempted after <{sasl}failure>

What aspect of XEP-0178 are you wondering about? The interaction with dialback or the core functionality?

Ah, right.

Hrm, that seems less than ideal.

Zash: Us? I'd say that's a bug. I'd say it's always a bug to advertise external and not have it succeed.

We might want to take a look at how 178, 220, and 344 interact.

ejabberd

don't forget 288 :)

Well yeah.

That too. :-)

288 interacts by not having interoperable implementations :D

LOL

IIRC the rationale was to be able to report certificate validation errors back with the SASL failure, which seems sensible

We'll be redoing S2S in M-Link shortly and I'm seriously wondering if there's value in us (re-)implementing 288.

If we just used the blockchain, this would all be easy. https://medium.com/originprotocol/introducing-origin-messaging-decentralized-secure-and-auditable-13c16fe0f13e

Not using blockchain was our second big mistake.

Sorry, third.

Our second was not using bittorrent.

Blockchain based PubSub over BitTorrent!

And our first was not using yaml (I assume JSON must be going out of fashion by now).

JSON is Forever™

MongoDB is webscale, etc

Kev: A little curious about what "redoing S2S in M-Link" would result in

Just a code cleanup, or something beyond that?

waqas: Nothing visible, just tidying up some things internally.

Got it

Well, nothing visible from the protocol side.

But enhancing support for our non-Internet type routing scenarios.

That sounds neat

Yeah, some of this stuff is genuinely difficult and interesting.

288 seems like it'd be beneficial for some of those

also helps in some cases like where the server is behind a NAT or moving around without updating DNS

In those sorts of cases you probably don't want to S2S at all :)

read: I like being able to run a server on my laptop and have it work even when I visit people

(Probably you want 361 in most of those cases)

(X2X)

Except the 'moving laptop pretending to be a server' case possibly.

Although even 288 isn't enough to save you there.

Not perfect but it works

Sometimes.

I suspect that you'd find that a clustered server would give you partial service, depending on the model.

It'd be quite reasonable for a cluster to want one S2S session per node, rather than a giant mesh of session routing.

Since I do this mostly to test stuff locally, it only needs to work sometimes, ie when I'm testing.

But now I'm vanishing.

> Kev> And our first was not using yaml (I assume JSON must be going out of fashion by now). Wasn't yaml a superset of json

yaml is a superset of everything

Hmm M-Link and 288 in the same sentence, did Bidi ever work in it to begin with? 🤔😜👹

Has anyone ever seen or heard of MAM between different devices connected to the same account?

Someone in another muc was surprised omemo didn't work this way

(he didn't use those words of course, more like why don't I have full history on new device B when device A has full history)

moparisthebest, it’d then be trivial for the server (“the attacker”) to obtain the logs of things it shouldn’t have had access to.

At some point we could also drop the act and just implement OMEMO in the server.

Link Mauve: well presumably it would reencrypt, but yea still kind of breaks PFS