XSF Discussion - 2018-11-14

fun question: what happens when a remote entity sends me a stanza which is larger than my servers stanza size limit?

Excellent question

It probably won't arrive

Let's implement Path MTU Discovery

I wouldn't be surprised if your server would close the stream as invalid, forcing the remote server to reconnect and to resend the stanza.

...ad infinitum

then the server should delay the s2s reconnection gradually to prevent such infinite loop to happen

Ge0rG, sure, it won’t arrive, but what happens?

right

jonas’, error response stanza? I don't think that this justifies a stream:error nor that current impl do that

flow, RFC 6120 disagrees

stanza size limit is one of the examples on when to use the policy-violation stream error (see 4.9.3.14. policy-violation)

lovely example, too: C: <message to='juliet@im.example.com' id='foo'> <body>[ ... the-emacs-manual ... ]</body> </message> S: <stream:error> <policy-violation xmlns='urn:ietf:params:xml:ns:xmpp-streams'/> <stanza-too-big xmlns='urn:xmpp:errors'/> </stream:error> S: </stream:stream>

> [ ... the-emacs-manual ... ]

uhh that is indeed a gem I had missed all the years

Yes, the emacs manual clearly is a policy violation

but still I stand by my statement

but RFC 6120 allows both: If a connected resource or peer server sends a stanza that violates the upper limit, the receiving server MUST either return a <policy-violation/> stanza error (Section 8.3.3.12), thus allowing the sender to recover, or close the stream with a <policy-violation/> stream error (Section 4.9.3.14).

(see 13.12. Denial of Service)

What do we do?

Crash

hmm I didn't realize I hadn't had xmpp spam for months until I got 5 today...

I suppose that is in some ways good

Classic human, doesn't know how good you have it until it gets worse

moparisthebest, there is a huge IBR registration wave which started three days ago, so it’s no wonder it’s finally getting used.

moparisthebest, please report to their server admin, domain registrar, IP provider, in this order.

we had a nice article from a user about OMEMO published https://fr.movim.eu/?blog/debacle%40movim.eu/things-i-don-t-like-with-omemo-as-it-is-today-ogqaAM

I'd be happy if some of you can reply to him about the points he mentionned

I agree with those points.

I'm also thinking of adding xCal (https://datatracker.ietf.org/doc/rfc6321/) to Pubsub items, next to the Atom elements, to be able to attach events

edhelas, see https://xmpp.org/extensions/inbox/calendaring.html maybe.

I never managed to figure out why it hadn’t been accepted.

Hmmm, http://logs.xmpp.org/council/ don't go back that far :(

this is not based on the RFC 6321 (by Peter St Andre by the way) and rely on some server things

But I recall someone saying we shouldn't try to re-do calendaring, it's a complicated problem

also it basically define a specific calendar node

here I just want to append events to blog publication

Sticking calendar events in PubSub seems fine enough

like you're doing when attaching .cal file to your emails

Don’t you want notifications and such rather than just a dumb storage?

Have a look at how iCal servers such as Radicale are doing it.

well if you already suscribed to the node or following the JID you'll get notified by those events

Link Mauve: I recommend you don't if you value your sanity

iCal is very complicated

Zash, I know, I’ve worked on that in the past.

I'll give it a try, just create a small piece of UI to set a date, title, location when publishing a post

edhelas, isn’t Atom enough for this purpose?

I've researched it. CardDAV is acceptable, but CalDAV is complicated madness

Link Mauve Atom is not made for events

rfc6321 looks fine to me

and then Movim can generate .cal file out of it to import the events in the calendar applications

hmm http://activitystrea.ms/specs/json/schema/activity-schema.html#event

maybe it's time to move to JSON

No

Not again!

Activitystreams has an Atom mapping, tho everyone's doing the JSON thing now

Anyways, there's prior art to look at

I wonder if roster annotations isn't repeating the same mistake we did with presence extensions (regarding council@)

huh?

how are presence extensions a mistake?

There was a time where everything stuffed into presence (tune, geoloc, …), which eventually leaded to the invention of PEP and +notify

right

what alternatives are there, though?

make the server put it in PEP, too?

(instead of annotating the roster directly) ✏

one should remove presences from xmpp and replace them with pep =)

Possibly, maybe there are other alternatives, maybe a caps like mechanism would be sensible. I haven't given it much thought, as people already started annotating the roster

flow, only mix annotates it, right?

MIX also has some .. special requirements because they want to hide the MIXes from clients which don’t understand MIX

so I don’t think that’s a good precedent in general

Well I wouldn't rule it out that there are other XEPs (and ProtoXEPs) burried which also it

protoxeps don’t count

Help me here, MIX annotating was a <mix/> element to the roster <item/>, right? How does that help with hiding anything?

you only get it when you ask for it

jonas’, you don't happen to have a pointer to the relevant section of the MIX spec at hand?

(*shaking fist at mozilla for taking away the possibility to disable ctrl+q)

flow, https://xmpp.org/extensions/xep-0405.html#mix-roster-capability-sharing

jonas’, thanks :)

Hmm, what if another client of mine adds a MIX channel, does the roster push contain <channel/> or not?

Or isn't there a roster push send?

How about the server queries the client's disco#info before the first roster operation and decides based on the resulting disco#info how the roster is presented, and sends additional stanzas with the related roster item information for optional features…

that was discussed on-list

great, or not great, because it was probably dismissed

I was reading XEP-0409, not sure the problem it's trying to solve. Is the idea to allow new XEPs to eventually modernize routing for IM users and have IM-NG for legacy or specific use cases (like M2M )?

jjrh, the problem is that current rfc6120/6121 routing rules are unnecessarily complex, I'd say

oh the part about carbons MUST NOT be enabled confused me, but I didn't read close enough - the server will reflect the message to all my IM-NG resources so i'll see my own messages.

The current rules are complex and insufficient for a reality where a user has multiple clients

But we can't just change them because it might break current use cases outside of IM, and Carbons and MAM are not sufficient because they are just hacks on top of the bad rules.

Somebody gave a talk at the February 2018 Summit about what needs fixing, and IM-NG was the resulting specification

jjrh: https://op-co.de/tmp/whats-wrong-with-xmpp-2017.pdf

Cool thanks

flow: sorry, but I'm being evil to you.

XEP-0359 needs to mandate that the stanza @id MUST (SHOULD) be the same as the <origin-id> @id

hear hear

flow: we had that discussion many months ago, and I didn't change my mind because you didn't bring up compelling arguments. Feel free to convinve me on list or just add that one sentence.

I would be more interested if you envision a namespace bump or not

flow: how many implementations are there? And how many don't set the two @id fields to the same value?

Holger, "Edit: Add point about OMEMO complexity and errors, thanks to Holger!" on debacle's article re OMEMO. Should we deprecate this one now? :-°

Also, "It does not work with local, serverless messaging. I don't use this feature a lot, but still, encryption should work with it, too." too bad, because that's actually one place where it would actually be useful

I guess "it works" if you already have keys

Just that clients don't allow that