XSF Discussion - 2019-03-11


  1. zinid

    jonas’, hey, I have sent you the protoXEP, I know you're busy, but maybe you will find some time to accept it for the upcoming agenda

  2. jonas’

    zinid, thanks for the hint

  3. dwd

    lnj, Is qxmpp your project?

  4. lnj

    dwd: not its not, but I'm contributing to it

  5. dwd

    lnj, Any idea if the example GUI does MIX at all? I saw the library does.

  6. zinid

    dwd, are you working at any XMPP projects nowadays?

  7. dwd

    zinid, Trying to. :-)

  8. dwd

    zinid, Both Threads Styling stuff (lots of gatewaying into other IM systems) and Metre. I should be doing Openfire too (although I'm not really sure they need my help right now).

  9. dwd

    zinid, Current Threads thing is a standalone MIX implementation that I'm then building on to do our gatewaying interface. Hoping to get the MIX bits out as OSS for people to play with.

  10. zinid

    dwd: okay

  11. zinid

    good to know someone is doing MIX

  12. Guus

    dwd we just upgraded MINA, and you're wondering if we need your help? πŸ™‚

  13. lnj

    dwd: I'm working on the MIX implementation in QXmpp, but it's not entirely finished and not all of my pull requests have been merged yet.

  14. lnj

    But all parsing / serialization of the main xep and xep 405 is working (in the unit tests).

  15. dwd

    Guus, That's what I mean, you clearly don't!

  16. dwd

    lnj, Ah, OK. For my purposes, just a real client I can use for exploratory testing would be really helpful.

  17. Guus

    dwd Imply what you want - we're still assigning all issues to you. πŸ™‚

  18. Guus

    dwd We'd like to welcome you home. Kindly re-auto-join open_chat πŸ™‚

  19. Zash

    Would you kindly

  20. Guus

    That'd be as if I'm giving him a choice. Nope. πŸ™‚

  21. Guus

    We need our glorious leader back!

  22. Guus

    The fashion industry has stolen him from us!

  23. dwd

    So - if a XEP-0060 node supports XEP-0313, the archived items are the events sent out? What about retracts when notify is set to false - do these events which don't get sent get archived nonetheless?

  24. ralphm

    dwd: a retract is not an item, it is the removal of one, so I'm not sure if it is appropriate to store in MAM.

  25. dwd

    ralphm, What's in MAM then, if not events?

  26. ralphm

    I.e. if you request items from a pubsub node, you only get items, and if a previously existing item was retracted, it will not be included in the result.

  27. dwd

    ralphm, Oh, certainly. But if you ask for the Things from MAM, that wouldn't be items, but events? Or what?

  28. ralphm

    dwd: this is a good question. Either the MAM archive is a record of the notifications (even if they weren't sent?) or it is an archive of items.

  29. ralphm

    I kinda expected the latter, to be consistent with the pubsub items iq results.

  30. dwd

    ralphm, I thought it was a good questioin when I asked it.

  31. ralphm

    It is

  32. ralphm

    because we also have other notifications

  33. ralphm

    like node deletion

  34. dwd

    ralphm, Yes, this is true. Are those also events (as in {http://jabber.org/protocol/pubsub}event)?

  35. ralphm

    ``` <xs:element name='event'> <xs:complexType> <xs:choice> <xs:element ref='collection'/> <xs:element ref='configuration'/> <xs:element ref='delete'/> <xs:element ref='items'/> <xs:element ref='purge'/> <xs:element ref='subscription'/> </xs:choice> </xs:complexType> </xs:element> ```

  36. dwd

    Oh. Gosh. Lots of types I hadn't thought about.

  37. MattJ

    dwd, FWIW the pubsub stuff in MAM has never delighted me, for reasons like this. I've had a lot of feedback that it should at least be split out, but I haven't had time for that yet.

  38. ralphm

    And items can include 'item' or 'retract'.

  39. MattJ

    I don't really understand what it would be expected to return, but I suspect it would have to leave a tombstone for retracted items

  40. dwd

    MattJ, I would advocate splitting it out if it weren't for the minor point that there seems to be only one sentence of it...

  41. MattJ

    No, there is more: https://xmpp.org/extensions/xep-0313.html#business-storeret-pubsub-archives

  42. MattJ

    Oh right, that paragraph is a sentence

  43. MattJ

    No, two

  44. ralphm

    Since MIX critically depends on MAM and PubSub, this is something that requires a clear answer.

  45. dwd

    MattJ, SO that looks as if it's saying that it's the events that are stored, but the only mandatory event is the 'item' event (for publicaiton).

  46. dwd

    MattJ, One assumes, therefore, that other events might be permissible. If one squints enough.

  47. dwd

    ralphm, This, incidentally, is why I'm asking the question.

  48. ralphm

    So really, events with <items><item/></items>

  49. ralphm

    but with retracted items excluded

  50. dwd

    ralphm, Yes. Sorry, it seems today everyone has to use very loose parsing on what I'm trying to say...

  51. dwd

    ralphm, No, it mentions no limitations, just a requirement to include the item publishes.

  52. ralphm

    MAM in turn also seems to kinda support the notion of messages being removed from an archive, without providing protocol for it.

  53. ralphm

    (section 3.2)

  54. MattJ

    It definitely doesn't support the notion of messages being *removed*

  55. dwd

    ralphm, Seems reasonable. I suspect there are a number of use-cases for siilently removing a message from the archive.

  56. ralphm

    MattJ: second paragraph

  57. dwd

    MattJ, Blame Kev?

  58. MattJ

    The second paragraph essentially explains that the entry is still there, but without a payload

  59. ralphm

    But, reading XEP-313's 5.1.3, I definitely read that as grafting the MAM protocol on top of a pubsub item store and faking it

  60. ralphm

    I.e. not actually requiring storing events, but constructing them as if sent to a subscriber, wrapped by the envelope.

  61. ralphm

    Also note that it doesn't allow multiple items in one message, which /is/ ok for actual event notifications.

  62. ralphm

    For what it is worth, I think this is fine.

  63. ralphm

    The only gap I see is that a client may not ever become aware of the retraction of an item.

  64. ralphm

    because if it happened to be offline when the notification got sent, and the item is 'emptied' (as MattJ suggests), there will not be a thing representing that deletion in the archive.

  65. ralphm

    However, on the other hand, the retract event *should* be in the user's own archive, assuming the model where the server manages the users subscription (PAM).

  66. ralphm

    And given that, it is sufficiently consistent to me.

  67. ralphm

    I.e. if you were not yet subscribed, retrieving the archive just lacks the retracted items, and is the consolidated state of things.

  68. ralphm

    (retrieving it from the pubsub node)

  69. ralphm

    dwd?

  70. dwd processes.

  71. Zash

    And where did the text about having to return item-not-found for unknown ids in RSM?

  72. Zash

    And where did the text about having to return item-not-found for unknown ids in RSM come from?

  73. dwd

    ralphm, No, I think that sucks a bit. Asking a remote source for MAM items should yield the same result as asking your local source filtering for the remote sender. I think.

  74. Guus

    Was there a DST switchover last weekend?

  75. MattJ

    US changed, yes

  76. Guus

    \o/ first time in ... ever ... that I learned about this _before_ being late for a meeting.

  77. ralphm

    dwd: why? The first in this case is the archive of the pubsub node, and the second is the archive of messages sent to you.

  78. ralphm

    Guus: make sure you tell Arc

  79. Guus

    arc ^^

  80. arc

    Lol

  81. arc

    It's a DST miracle

  82. dwd

    (In other news, I think I can make MIX without MIX-PAM work reasonably well, which might make it less of a forklift upgrade)

  83. Zash

    And EU chickened out of abolishing DST :(

  84. dwd

    Zash, It may be the only positive from Brexit.

  85. ralphm

    dwd: having MAM remember all the possible events sent to users for pubsub nodes is a bit terrible itself. E.g. it would need to record config changes.

  86. ralphm

    Not even sure about subscription approvals

  87. dwd

    ralphm, Well sure. But for items, at least, recording old versions of items and retractions seems reasonable.

  88. Guus

    Zash wait what?

  89. dwd

    ralphm, Otherwise what's the point of having the archive?

  90. ralphm

    dwd: why? The semantics of a publish request with the same item id, is that the previous item is obliterated and replaced with the new one.

  91. dwd

    ralphm, Besides which, it'd mean querying the MAM archive of the messages node of a MIX channel always gave you nothing. Boring.

  92. ralphm

    If you do an items request, you don't get that either.

  93. Zash

    Guus: The EU considered abolishing DST changes, but chickened out and didn't give any requirements and "every country could do whatever they want", so it seems nothing changes and we get the stupid DST headache twice a year.

  94. ralphm

    dwd: why would querying the mam archive of the messages node of a mix channel give you no items?

  95. Guus

    Zash fwiw, I thought that most countries would still go ahead and change it - although there might not be a uniform choice across Europe (and for those that do stop switching over, it's undecided if they'd go for summer, or winter time.

  96. ralphm

    dwd: even though the notifications are sent as regular <message/> stanzas with bodies, there's no reason the message archive for the node to not return 'proper' constructed events as with every node.

  97. dwd

    ralphm, Because it's explicitly defined to not store pubsub items.

  98. ralphm

    dwd: so that node is transient?

  99. dwd

    ralphm, See XEP-0369#4.7.2

  100. Zash

    Guus: So without coordination we might get a worse mess than now.

  101. Guus

    Zash perhaps

  102. dwd

    Zash, Same time for any switches that do happen, mind.

  103. Zash

    Don't most of the EU switch at the same time already?

  104. ralphm

    dwd: wait, so in that section, which archive is being referred to? The archive of the messages node, or of the channel itself?

  105. dwd

    ralphm, It doesn't mention an archive there. But your proposal means that querying the archive for the MIX channel gives messages, whereas querying the archive of the messages node of the MIX channel doesn't.

  106. dwd

    Zash, They do, all, switch at the same time. The UK moved its changeover time, IIRC, by an hour, to match the rest of the EU.

  107. Zash

    And is mostly in the same timezone (except the uk and finland?)

  108. Zash

    And what's this about MIX and MAM?

  109. dwd

    Zash, And Portugal. Not sure about some of Eastern Europe either.

  110. dwd

    Zash, MIX, MAM, and '60.

  111. dwd

    Zash, But mostly, what's in a '60 MAM archive.

  112. Zash

    Don't you get all messages regardless of whether you have online resources?

  113. Zash

    .. to your account? So you could query them from there?

  114. Zash

    And without getting a copy per joined resource?

  115. ralphm

    dwd: well, I'm not sure if it a proposal, but it is one or the other. Either the messages node is persistent, but sends out notifications as regular messages instead of pubsub events, or it is not a real pubsub node, and subscribing to it just indicates the desire to get the non-event-but-bare-stanzas-with-payload messages.

  116. arc

    Zash no we get it four or more times a year because different parts of the world switch at different times

  117. Zash

    I meant within the EU tho

  118. ralphm

    In the latter case, maybe having the archive be at the channel level, not the nodes it contains. I'm not sure how that interacts with hypothetical 'root node' subscriptions and their MAM archive.

  119. arc

    Yea, that kind of thinking is problematic because it spreads. At a tech conferences here in the US, I keep hearing things like "xmpp? Don't they just use that in the EU?"

  120. MattJ

    No, they also use it in the UK

  121. ralphm

    Zash: I think you want to scroll back to http://logs.xmpp.org/xsf/2019-03-11#2019-03-11-fb946fc83908ade3

  122. ralphm

    arc: you could reply with 'Fortnite'.

  123. dwd

    MattJ, Another 18 days until that works.

  124. arc

    Adults don't understand fortnight

  125. dwd

    arc, Eve Online. Origin. NATO.

  126. dwd

    arc, Actually, your president doesn't understand NATO, at least. :-)

  127. ralphm

    arc: adults are overrated

  128. arc

    Not my president. He's only president for Nazis and rednecks

  129. ralphm

    dwd: what about my message earlier?

  130. dwd

    ralphm, FWIW, I wanted the messages node to hold all messages. But I lost that one. My solution was to have MAM flags which could "condense" the items, for example by eliding retractions and corrected messages. I've been toying with the idea of such things to flag messages which have been acknowledged by '184, etc.

  131. dwd

    ralphm, But in any case, the MAM/MIX vs MAM/'60-on-messages-node is just a curiosity. Subscribing to the messages node with '60 syntax should/might give you a pubsub-syntax event stream of messages.

  132. ralphm

    I am happy for something that condenses archived messages in general, although keeping in mind the discussion on multiple dimensions as discussed with Kev on the Summit.

  133. dwd

    ralphm, I don't remember the discussion being discussed.

  134. dwd

    ralphm, Did we discuss a discussion during the discussion?

  135. ralphm

    However, I strongly believe that MAM on PubSub nodes currently are defined as a protocol to the item archive, not the message archive, and this is just a choice. I don't think right now that it is a bad one.

  136. ralphm

    To cover the weird semantics of the messages node sending out notifications is a non-XEP-0060 syntax is something we could encode in the node configuration.

  137. ralphm

    There is (some) precedent for this.

  138. Zash

    If it was an archive of events then you'd probably want a way to filter them for the data payloads

  139. ralphm

    I remember that when Twitter supported XMPP pubsub (yes, really), it sent out atom elements and bodies in the bare message instead of using the event structure.

  140. ralphm

    The goal was to make it easier for client devs to work with.

  141. Zash

    pubsub#include_body is pretty nice

  142. ralphm

    yes and no

  143. ralphm

    it would only cover the body

  144. Zash

    True

  145. ralphm

    But we could define something similar

  146. ralphm

    like

  147. Zash

    Including a picture would be neat in some cases actually.

  148. ralphm

    a config item that represents 'bare notifications'

  149. Zash

    What do you mean by "bare"?

  150. ralphm

    Zash: a notification without the pubsub event wrapper

  151. Zash

    Wait did they send `<message><{atom}item>atom stuff</item><body>someone tweeted hello</body></message>` without the pubsub container?

  152. ralphm

    Zash: we are considering what notifications a user gets when subscribed to the messages node in a mix channel, right?

  153. ralphm

    So at some point we said we wanted 'regular' messages to be sent as 'regular' messages originating in the channels' JID

  154. ralphm

    However, you still have to subscribe to the 'messages' node.

  155. ralphm

    For all other nodes, you'd get notifications with the normal pubsub event wrapper.

  156. Zash

    I'm afraid I haven't managed to read the MIX specs yet.

  157. ralphm

    So if we want to change that for this purpose, you'd have to have a flag to represent this behaviour.

  158. Zash

    I remember discussions about that and thought containerless was the case already.

  159. ralphm

    Zash: yes, but implicit in the sense that if you just throw a pubsub service onto the jid representing a channel, it doesn't work that way.

  160. ralphm

    Zash: XEP-0369 now says something weird:

  161. ralphm

    β€œThe Messages node is used to distribute messages. The Messages node is a transient node and so no PubSub items are held. Messages MUST go to the associated MAM archive and history is retrieved by use of MAM. Users subscribe to this node to indicate that messages from the channel are to be sent to them. Private Messages are not distributed by the Messages node. ”

  162. ralphm

    So this is not very clear on the details.

  163. zinid

    why isn't it clear?

  164. zinid

    I find it pretty clear

  165. zinid

    I implemented this part, didn't find caveates

  166. ralphm

    zinid: if the pubsub item 'messages' doesn't hold items, what MAM archive does this text refer to?

  167. ralphm

    pubsub node, I mean

  168. zinid

    I don't know, but that's how MIX designed

  169. zinid

    it's just weird

  170. ralphm

    zinid: so instead of saying 'it is weird', we are trying to properly define it.

  171. ralphm

    zinid

  172. ralphm

    I didn't say the intent wasn't clear

  173. zinid

    I mean the sentence "as an instruction" is clear. we have tons of weirdness in our XEPs, I kinda don't pay attention already

  174. zinid

    whatever

  175. ralphm

    zinid: so to retrieve the MAM archive for the channel's messages, where does the client direct it? The channel JID? With or without a node?

  176. zinid

    ralphm, to channel jid, no need for any nodes

  177. dwd

    zinid, +1

  178. zinid

    this node is kinda "ephemeral"

  179. ralphm

    zinid: ok, I'll buy that, but that means that the 'messages' node is not really a pubsub node.

  180. dwd

    ralphm, We assume that directing XEP-0060 traffic to individual nodes gives you "classic" XEP-0060 stuff.

  181. ralphm

    dwd: sure, I'm happy with that

  182. ralphm

    but the text I quoted should be more explicit on this

  183. dwd

    ralphm, And FWIW, the "subscription" to nodes is fully mediated by the MIX channel itself, so it can do "special" subscriptions for the messages node if done through a join. WHich is what I'm doing right now.

  184. ralphm

    Because even if it is a transient node, subscribing to it would normally yield empty notifications like this: <message from='pubsub.shakespeare.lit' to='francisco@denmark.lit'> <event xmlns='http://jabber.org/protocol/pubsub#event'> <items node='elsinore/doorbell'/> </event> </message>

  185. ralphm

    dwd: maybe it would be better to say: there is no XEP-0060 style 'messages' node.

  186. dwd

    ralphm, Why empty?

  187. ralphm

    dwd: right, good point. At least without an item id.

  188. zinid

    > the "subscription" to nodes is fully mediated by the MIX channel itself dwd, and that's the most weird thing of MIX. Back then when we implemented pubsub in ejabberd it was supposed to be a simple front-end to a database, now we introduce some "mediation" layer and the code is just useless now

  189. dwd

    ralphm, You're showing '60 Ex 3, there, which is explicitly a transient node that *also* doesn't have payloads.

  190. zinid

    so the complexity now is how to design internal pubsub handlers to work above any "mediated" layer

  191. zinid

    including database or MIX

  192. dwd

    ralphm, Whereas if you look at Table 4, bottom right is what we're expecting if you subscribe directly to the messages node.

  193. ralphm

    Right, without item ids

  194. dwd

    zinid, Right - in my toy implementation, subscriptions internally are callable types (functor objects), and so MIX just uses a different callable type for join'ed message subscriptions.

  195. dwd

    ralphm, No, they just don't *have* to have message ids.

  196. dwd

    ralphm, Argh. Item ids.

  197. zinid

    dwd, sure, it's quite doable if you don't have a ton of code you need to redesign πŸ™‚

  198. dwd

    ralphm, And probably wouldn't - there's a lot of complexity unspoken about whether the id on a message coming out from MIX is an item id in Pubsub terms or some new Event Id.

  199. dwd

    zinid, Yes, as well I know from looking at doing similar in Openfire etc.

  200. ralphm

    dwd: it'd be better to say: the messages node is special, no notifications, no archive, you just indicate you want normal message from the channel and *it* has an archive

  201. dwd

    ralphm, I think it works anyway, doesn't it? We just need to say that asking for the MAM archive from the channel itself is a Different Thing.

  202. dwd

    ralphm, Noting, of course, that MIX implementations do nto have to offer very much (if any) classic XEP-0060 on the nodes within channels.

  203. ralphm

    And that you don't get notifications from the node itself

  204. ralphm

    Well, I definitely expect other nodes to be proper pubsub nodes

  205. ralphm

    With retract, purge, etc.

  206. ralphm

    Or at least all the normal mandatory stuff

  207. zinid

    hey guys, any input on my last ranting on standards@ list?

  208. zinid

    https://mail.jabber.org/pipermail/standards/2019-March/035857.html

  209. zinid

    nobody read? nobody cares?

  210. moparisthebest

    I like the idea, haven't read the XEPs yet though

  211. zinid

    nice to hear, thanks

  212. Zash

    I stopped reading at "it just sucks"

  213. zinid

    oh, sorry

  214. zinid

    yeah, I shouldn't have said that

  215. moparisthebest

    oh I agreed with that part :P

  216. zinid

    you're guys so fragile, I always forget πŸ˜€

  217. zinid

    whatever, scram sucks πŸ˜›

  218. moparisthebest

    hmm, so I like the whole "cert auth" part, I hate the centralized CA bit

  219. moparisthebest

    is the only reason for that "spam prevention" ?

  220. zinid

    moparisthebest, no, also RELOAD requirement

  221. zinid

    that's Sybil protection

  222. zinid

    https://xmpp.org/extensions/xep-0415.html#enroll-auth

  223. zinid

    first part

  224. Ge0rG

    zinid: how do you protect from sybil attacks, again?

  225. zinid

    Ge0rG, by concentrating identities checks in a few single place, at CAs

  226. zinid

    note that for now we don't need the checks to be extremely severe, something like oauth to popular services or sms verification is enough so far

  227. Ge0rG

    why is a sybil attack even a problem at all?

  228. zinid

    Ge0rG, in p2p?

  229. zinid

    because you can polute routing

  230. Ge0rG

    in the CA thing.

  231. zinid

    aka Eclipse attack

  232. zinid

    sybil attack is not a problem is CA, CAs are just centralized to prevent Sybil

  233. zinid

    *in

  234. moparisthebest

    idk, the CA looks like a total dealbreaker to me

  235. zinid

    moparisthebest, why?

  236. moparisthebest

    maybe that makes it vulnerable to a sybil attack but probably worth it

  237. zinid

    I recall you like DNS, but DNS is ICANN - same centralized stuff

  238. moparisthebest

    I don't know anyone or any organization I trust enough to run a CA

  239. Ge0rG

    zinid: but how is a CA supposed to prevent sybil attacks?

  240. moparisthebest

    I only trust certificates as far as the public key anyway, hence why I like DNSSEC + DANE etc

  241. zinid

    Ge0rG, I wrote already: > note that for now we don't need the checks to be extremely severe, something like oauth to popular services or sms verification is enough so far

  242. zinid

    moparisthebest, but what's the difference?

  243. Ge0rG

    zinid: but that would mean that you essentially don't verify the identity of the XMPP entity but instead of whatever third-party service you use?

  244. Ge0rG

    (actually, "in addition to")

  245. zinid

    Ge0rG, you can verify the entity of course by asking to provide the passport πŸ˜€

  246. zinid

    without CAs you don't have even that: you cannot identify all your online contacts that way

  247. moparisthebest

    to clarify, I like the idea of identifying an XMPP *account* (not device, could be multiple devices) with a cryptographic key

  248. moparisthebest

    I don't like the idea of a centralized CA approving that

  249. Ge0rG

    zinid: I still think that you are conflating multiple different problem domains. There is value in having an XMPP based CA hierarchy, and there is value in whatever sybil attack prevention mechanism you might require for RELOAD. But those are completely separate

  250. zinid

    Ge0rG, sure they are separate

  251. zinid

    but I don't solve separate problems

  252. zinid

    I separate a single meta problem

  253. moparisthebest

    zinid, if you are looking for "trust" then each domain should have it's own level of trust, which gets passed to it's users, imho

  254. zinid

    I'm not interested in our permanent bikeshedding with small problems without seeing a complete picture

  255. moparisthebest

    that keeps it federated

  256. zinid

    moparisthebest, it's possible to do and I outlined that in XEP-0416

  257. zinid

    but still Sybil resistance is a problem and you CANNOT address it without centralization, and clever people proved that

  258. moparisthebest

    then it shouldn't be addressed...

  259. zinid

    also, what's the point in federated accounts? why not roaming user profiles? we're moving that way in Moved for example

  260. moparisthebest

    as you pointed out it's already basically centralized and could be solved that way through DNS

  261. zinid

    so we just rely on CA instead of DNS, both are centralized

  262. moparisthebest

    if entire domains are trusted/not and excluded/not attackers already can't buy an unlimited number of those

  263. zinid

    moparisthebest, I can create 100500 accounts on another poorly maintained server and attack your server, what will you do?

  264. moparisthebest

    block that 1 server

  265. zinid

    oh great idea πŸ™‚

  266. zinid

    to block other users on that server?

  267. moparisthebest

    no problem, they can use their crypto identity to move to another one :D

  268. zinid

    moparisthebest, how that?

  269. zinid

    where will they get the identity? how will they move?

  270. zinid

    from *abandoned* server

  271. zinid

    not to mention they will of course not move anywhere

  272. moparisthebest

    they generate the identity, all their contacts have that key, when they get a request from $new_account with that same identity, they know they've moved

  273. zinid

    and you will trust the identity signed by that rougue server?

  274. moparisthebest

    it's not signed by anyone

  275. zinid

    moparisthebest, also, can you please outline your concerns with CAs?

  276. zinid

    let's encrypt is bad?

  277. moparisthebest

    1. assuming good intent and all that, commercial CAs get hacked/compromised all the time, what "XMPP CA" would even be as good?

  278. moparisthebest

    2. I don't like assuming good intent, or being at the whim of anyone else

  279. zinid

    moparisthebest, and DNS servers are not hacked all the time?

  280. zinid

    and DNS assumes not intent?

  281. moparisthebest

    no? also there isn't a single source of truth DNS server

  282. zinid

    except root servers?

  283. zinid

    whatever, what you say is possible if every XMPP server maintains CA

  284. zinid

    tied to their domains

  285. zinid

    but it sucks

  286. zinid

    also, good luck create roaming profiles in such system: why would I trust identities signed by some server X?

  287. zinid

    it's even moot that CA and much easier to compromise

  288. zinid

    *than

  289. moparisthebest

    I don't think there should be CAs at all, only account keys, generated on an end device on account creation, sync'd to other devices

  290. zinid

    moparisthebest, and how will you verify those keys?

  291. moparisthebest

    manually, or PGP web-of-trust style ? :P

  292. zinid

    sigh

  293. zinid

    okay, have fun with it