-
pep.
TIL https://xmpp.org/extensions/xep-0209.html
-
pep.
I knew about the feature but I always thought it was a custom client thing
-
mathieui
didn’t we talk about it at the meetup?
-
jonas’
wait what
-
jonas’
amazing
-
jonas’
same here, pep.
-
jonas’
now let’s move that to multi-item PEP and it’s actually useful.
-
edhelas
jonas’ <3
-
mathieui
pep., if you feel bored, don’t hesitate to fix https://lab.louiz.org/poezio/poezio/issues/2557
-
pep.
mathieui, I don't think so. Or I didn't understand it like that. I'm discussing this with sasza just now
-
jonas’
a proper solution for metacontacts of which the information lives server-side is somthing I wanted
-
jonas’
and then I ditched it. and now it doesn’t fit in my roster data model anymore.
-
jonas’
but given that it can greatly improve UX for those of us with (friends with) multiple accounts ... :)
-
pep.
There doesn't seem to be much security concerns for this meta-contact thing. owl was wondering if it was possible to use this as a pre-condition (but not requirement) for <moved/>. I also think it would be interesting
-
pep.
At the moment it seems I can just send a meta-contact tag for any other jid as long as I know their identity tag?
-
jonas’
what?
-
jonas’
send to whom?
-
pep.
Say I, userA, sends a meta-contact thing to userB, <meta jid='userA@jid1' tag='foo' .. />. Now userB knows my identity tag right, they could use it to send userC <meta jid='userB@jid1' tag='foo' ../> ?
-
pep.
There doesn't seem to be any auth mechanism(?)
-
pep.
/verification
-
jonas’
XEP-0209 does not specify anything for sending a meta-contact thing to another user.
-
jonas’
so why should there be an auth or verification mechanism?
-
pep.
oh
-
pep.
I see
-
jonas’
did you only look at the examples? ;-P
-
pep.
Yes and I was confused
-
jonas’
heh
-
pep.
Because it's not what I thought it was
-
pep.
With owl we were picturing something else, users would be able to say "This is another account of mine"
-
pep.
That would need another XEP then.. and would probably need to interact with this
-
jonas’
put it in vcard?
-
pep.
hmm?
-
jonas’
I bet you can put a JID in a vcard
-
jonas’
put all your accounts in all your vcards
-
jonas’
also allows cross-validation
-
pep.
Yeah cross-validation should be a thing
-
pep.
The issue owl had was that with <moved/> (and even with what's being discussed, https://wiki.xmpp.org/web/Sprints/2018_November_Dusseldorf/Pad grep for moved), it's not possible to say "hey I moved to that other JID" anymore if the first server is down
-
pep.
Ge0rG, ^
-
Ge0rG
pep.: yes, also if you actually delete the old account. Moved is full of hairy corner cases of xmpp.
-
Ge0rG
Next time I have a bit of time to tackle it, I'll prepare a proposal for a new Moved, probably based on a mix of messages and pep
-
edhelas
is stream compression still a thing in XMPP ?
-
Zash
It has dubious security properties. Prosody got rid of it. Dunno about others.
-
jonas’
FWIW https://github.com/horazont/aioxmpp/issues/249#issuecomment-435442679
-
jonas’
(scroll to the bottom of that comment for a summary)
-
jonas’
TL;DR: if you do it right™, the benefits are rather slim, but it can at least revert the base64 overhead
-
flow
edhelas, I'd say yes, and I believe that the side channels can be closed
-
flow
jonas’, you consider 12% bytes saved in the worst case "rather slim"?
-
flow
Or am I misreading the stats and its 1.2% or something?
-
Zash
Does it consider the extra memory usage on servers?
-
jonas’
yes, 12% is rather slim IMO
-
jonas’
12% is low enough that I’d be interested if the additional CPU time involved on the client side isn’t worse than transmitting the extra bytes
-
jonas’
(not to mention the memory overhead)
-
Zash
As a server dev, I'd rather avoid more memory usage
-
edhelas
I saw some security issues regarding TLS + compression as well
-
Zash
Yeah, you don't want SASL / password anywhere near compression.
-
jonas’
"password or password-equivalent" is probably more fitting, given that SCRAM for example is safe-ish even without encryption, IIRC.
-
Zash
Depends on what you wanna protect or be safe against
-
vanitasvitae
XML namespaces containing multiple occurences od ':' (eg. "urn:xmpp:bob") are valid, are they? https://github.com/dino/dino/issues/394#issuecomment-450573159 Maybe someone can shine some light on this issue?
-
vanitasvitae
s/od/of
-
lovetox
this is indeed wrong vanitasvitae
-
vanitasvitae
So such namespaces are not allowed?
-
lovetox
as you see on the captcha node
-
lovetox
namespace and node name are exchanged
-
lovetox
the thing is the namespace is not as namespace declared
-
lovetox
as you can read <urn:xmpp:captcha xmlns='captcha'>
-
lovetox
but it should be
-
lovetox
<captcha xmlns='urn:xmpp:captcha'>
-
lovetox
if this comes from an ejabberd, this is a major bug
-
vanitasvitae
ah 😀
-
vanitasvitae
Okay, I understood it wrong then
-
vanitasvitae
I thought "xmlns='urn:xmpp:bob'" would be illegal.
-
lovetox
are you not running a stable version?
-
vanitasvitae
Thanks for clarifying.