-
jonas’
and set it to moderated
-
jonas’
someone with power must create the muc on muc.xmpp.org
-
jonas’
you can’t just join there and create it
-
Ge0rG
One does not simply...
-
Holger
I once moved a room by setting it to moderated and sending invites to the new room on join. Plus a message explaining things.
-
Holger
(One of the very few Prosody modules I wrote.) :-)
-
lovetox
So MattJ would you be so kind and use your power to create the MUC
-
flow
yes, please :)
-
ralphm
I can create it
-
jonas’
yes please
-
Ge0rG
don't forget to give it a good name :)
-
Zash
xdev?
-
Zash
x is moar cool than j 🙂
-
Holger
.oO( Sounds like the beginning of a discussion that can easily take several weeks ... )
-
jonas’
yog-sothoth@
-
ralphm
I gave it a great name: jdev
-
Seve
xdev +1 :(
-
Zash
Why not both, jxdev!
-
Zash
or xjdev
-
jonas’
... dev@ would do the trick too, it’s already on muc.xmpp.org
-
ralphm
This is not a democracy.
-
Seve
jonas’, true!
-
jonas’
I hereby call for a member meeting to remove ralphm from Board</joking>
-
Holger
I would've suggested dev/devel/development as well, but there might be some value in sticking to the same name as the jdev@ mailing list.
-
Zash
Historical Reasons™
-
Kev
Or just sentimental value.
-
ralphm
jonas’: there's this member election coming up, though, where I have to renew.
-
jonas’
consistency is nice
-
ralphm
Kev & jonas’: these.
-
ralphm
Also Zash
-
Yagiza
Hello!
-
Yagiza
About OMEMO implementation.
-
Yagiza
When do I need to ask user if he trust the identity?
-
Yagiza
In save_identity or is_trusted_identity callback?
-
Zash
This sounds like a question for xmpp:jdev@muc.xmpp.org?join 🙂
-
lovetox
Yagiza, neither
-
lovetox
If signal asks is trusted, you return always true
-
lovetox
you have to implement your own trust management on top
-
lovetox
otherwise signal will not build sessions until user interacts with the client which would result in very bad UX
-
Yagiza
lovetox, so, I should always trust the identity, but notify user that identity cannot be trusted yet.
-
lovetox
depends on what you want to do
-
lovetox
What im saying is, you should circumvent signal trust management and always return True when signal lib asks you
-
lovetox
that does not mean you Trust anything though
-
lovetox
you have to add your own trust management on top of that
-
lovetox
could mean you trust on first contact, (blind trust), could mean you always want a user interaction before a message is sent ..
-
lovetox
whatever you think is in the security interests auf your users
- ralphm bangs gavel
-
ralphm
0. Welcome + Agenda
-
ralphm
Who do we have?
-
nyco
_o/
-
nyco
and hi
-
Seve
Hello
-
nyco
quorum
-
Guus
ola
-
ralphm
MattJ: around?
-
MattJ
Here
-
Seve
Wow, nice
-
ralphm
CooL!
-
ralphm
1. Minute taker
-
nyco
ok...
-
ralphm
Thanks nyco
-
ralphm
2. Compliance badges
-
nyco
yep, so
-
nyco
the poll has run
-
nyco
I can pack it and deliver it
-
ralphm
What's the gist?
-
nyco
also I can share the form and sheet with board members
-
nyco
but
-
nyco
we raised the question whether we wanted or not to enlarge the audience to standards@
-
nyco
so... 1. stop 2. more ?
-
ralphm
It depends, really. How many responses did you get and can we work with it?
-
ralphm
I'm not opposed to extending the audience
-
Guus
I think it's kind of silly to, after all these weeks and various discussions / emails, go back _again_ to asking for input.
-
ralphm
right
-
ralphm
I prefer to take a decision.
-
Guus
We're trying to pick a nice image here - it's not a life/death decision. Let's try to come to a conclusion.
-
nyco
all right
-
Seve
Yes, we have been talking about this for a bit already
-
nyco
I'll send the results... to what list?
-
nyco
also, who wants to have it shared?
-
MattJ
Have there been any responses from people saying they would definitely use them? I confess I haven't been keeping up to date, but I mostly/only(?) read negative comments
-
ralphm
I'm ok with sharing a quantative summary, not individual comments.
-
nyco
these are anonymous
-
nyco
19 responses
-
nyco
ok, I'll send it to board@
-
nyco
next topic?
-
ralphm
thanks
-
ralphm
nyco: what
-
ralphm
's the overal theme of the result?
-
nyco
our preferred badge
-
nyco
and predictions if it's gonna be used
-
ralphm
You're not giving anything away, are you?
-
nyco
I gotta count
-
ralphm
oh
-
ralphm
Ok, moving on then.
-
nyco
spoiler warning: don't read what's next => opensourcedesign wins
-
nyco
spoiler warning: don't read what's next => people will use it
-
ralphm
Yay
-
nyco
that's positive to very positive
-
Seve
:)
-
ralphm
Let's then discuss it finally next week.
-
ralphm
3. M-Sec
-
ralphm
This card has been on our agenda for a while
-
Guus
If I recall correctly, this is the second email from the same project. I'm unsure if we handled the first one.
-
ralphm
I responded to their initial request, and they send a reply, but I haven't followed up since.
-
Guus
And did a second email / invitation then arrive again out of the blue?
-
ralphm
I think so
-
Guus
I remember thinking: "didn't they already reach out?"
-
ralphm
We got a response from Charlotte Tucker on May 17.
-
ralphm
Where they mentioned that they were primarily working on awareness, nothing in depth, yet
-
Guus
I found that response to be somewhat of a disappointment.
-
Guus
it didn't show any relation with XMPP, other than "you have a website and we'd like to use you to boost SEO"
-
ralphm
Yes, indeed.
-
Seve
I was not sure how we could create those 'synergies' between us
-
Guus
(this is from memory, I might be off a tad, but that was what my impression was)
-
Guus
If there's potential for XMPP usage / evangelism, I'm interested in pursuing furher (that was my thought to the initial email)
-
ralphm
Is this really a new e-mail? Because I haven't seen a repeat.
-
Seve
I didn't see anything related to XMPP last time. Do you know if they were using XMPP?
-
Guus
the second email made me question if it'd be in our interest to move further.
-
ralphm
Guus: for me? no
-
nyco
to me it's disconnted
-
ralphm
It is the same text?
-
Guus
I'm unsure if there was really a new e-mail. Might be my email client acting up
-
Guus
in any case, this got me wondering: "We understand KEIO, our M-Sec partner (in CC), is already engaged with you."
-
Guus
I'd be interested in finding out what our relation with KEIO is.
-
Seve
Same here
-
nyco
https://github.com/nkzwlab
-
ralphm
Guus: I wrote this last time, so I think the answer is 'little':
-
ralphm
Thanks for reaching out to the XMPP Standards Foundation. The M-Sec Project seems like a great effort and looks interesting. I am aware that people at KEIO University have been involved with the XMPP community previously. E.g. around Efficient XML Interchange (EXI), internationalization of XMPP servers, as well as sensor networks over XMPP. Can you briefly go into how you think the XMPP Standards Foundation (or the XMPP community in general) could contribute to this project? Are you looking at using XMPP as a communication platform for chat (use case 2), sensor networks (use case 1), or the IoT use cases? Are you seeking guidance on the usage of protocols or libraries, or collaboration on defining new or improving existing XMPP Extension Protocols?
-
Seve
Did we get a reply?
-
ralphm
Yes:
-
ralphm
At this initial stage (the first year of the project), we would be interested in a primary communications collaboration, in which we mutually cross-promote project activities and results (on social media, blogs, intermediary contacts, etc.). At this point, we are building up awareness of the project. We could spread your news in our communities and help you to continue being positioned as a thought-leader in this sphere. Do you currently use these platforms? - Social - Blog - Newsletter - Other platforms On our side, we are building social accounts, a blog and newsletter, as well as leveraging our partners' already well-established platforms. Then, we would be interested to discuss the ways to collaborate that you have mentioned in the coming months. We are working on defining the use cases and how they will be implemented in the smart cities of Santander and Fujisawa. Our partners in the M-Sec project would step into the conversation at this time.
-
Guus
ah, yes, this, apart from any lack of XMPP references, is what put me off from Charlotte's response: "Do you currently use these platforms?" To me, that's them putting in zero effort to finding out what we do. That does not bode well for future collaboration, in my view.
-
ralphm
I have not responded to that one, unfortunately, but I don't feel my questions were actually answered.
-
Seve
Ahh, right
-
ralphm
So until I see a different type of message, that doesn't sound like SEO, I think we do nothing.
-
Guus
In my view, we either do nothing, or give it one shot and express our concern that this looks like a buckshot attempt at SEO.
-
ralphm
If you really feel the latter is needed, I could
-
Seve
I'm fine with the collaboration on social media and such, but it looks like it is just that :/ Would have been great if they could reply to your response, ralphm. I would see it as beneficial for us if they use XMPP, otherwise makes no sense we continue with it
-
Guus
I don't think it's needed - but if there's a chance that this might turn out beneficial for the XSF / XMPP, we might want to give it one last shot.
-
Guus
but I'm equally happy with just dropping it.
-
nyco
if they want to google-bomb "m-sec", they'll have to fight against "meter per second"... good luck... a name change would be better :)
-
ralphm
hehe
-
ralphm
Ok, I'll think about it for a bit. Moving on.
-
ralphm
4. Roadmap
-
ralphm
I'm back from vacation and will do this before next meeting.
-
ralphm
5. AOB
-
ralphm
?
-
MattJ
None here
-
Guus
Any updates from the German effort?
-
Guus
Ge0rG ?
-
Guus
I'd love for that to take form / shape, as I think it could benefit XMPP.
-
Seve
Indeed
-
ralphm
I think it hasn't been two months yet.
-
ralphm
I assume Ge0rG will ping us when there's news.
-
Guus
Sure, but if we can proactively support Alex and him, I'd love for us to be ready for that.
-
ralphm
Of course.
-
Ge0rG
No news. Sorry.
-
Guus
but lets discuss that with him present.
-
Guus
ah
-
ralphm
Ge0rG: so mostly waiting for now?
-
Ge0rG
I'd still like to know from Board what we would expect from that collaboration.
-
Ge0rG
ralphm: indeed.
-
Seve
Something we should have ready, I have to say. Just for when the time comes
-
ralphm
We'll, I'm mostly interested in what kind of things they want to 'fix' and what kind of regulation would help achieve this.
-
Ge0rG
ralphm: I suppose the goal is to enforce federation between IM networks, while preserving E2EE and user security and privacy.
-
ralphm
I mean, of course I'd love the whole world to use XMPP for all messaging, as people use SMTP for e-mail, but that seems a bridge too far for now.
-
Guus
I'm not expecting specifics, but I'd love for a result a la XMPP becoming the standard to be used by inter-governmental-agency communications.
-
ralphm
Right. I'm not even sure if that stated goal is actually achievable.
-
Ge0rG
indeed, mandating open standards for government IM needs, or even for all IM systems, would essentially mean XMPP
-
ralphm
But even if it is, what kind of 'features' are included in there? Just plain-text messages? Groups? Media?
-
Guus
let that be part of the to-be-had discussion with them.
-
Guus
let's first see if they're interested in moving towards something like this.
-
ralphm
So yeah, I'd like to participate asking such questions.
-
ralphm
Ge0rG: does that help at all?
-
Ge0rG
ralphm: a bit indeed. However I'm not sure how we can arrange such a discussion.
-
Ge0rG
This won't work easily if I'm a proxy.
-
Guus
if not a mandated solution, then at the very least recognision that XMPP is a good way to solve privacy / security IM issues within certain fields might be a nice outcome.
-
Ge0rG
In that case, we(the XSF) should rather prepare a list of questions and a list of demands/requirements
-
Ge0rG
And I can bring that in
-
ralphm
Ge0rG: after their response, I suppose?
-
Guus
Ge0rG - what are your own thoughts here?
-
Guus
as you've brought it up in the first place, you must have some sort of desired end-result?
-
Ge0rG
ralphm: I'd like to get one step ahead of them
-
Ge0rG
I also need to separate my own desires from the official XSF voice.
-
Seve
Which are?
-
Guus
sure, but maybe they overlap, at least partially 😃
-
Ge0rG
I'd like to have a law mandating that IM systems over a certain size must expose an API/federation mechanism based on open standards.
-
ralphm
Ge0rG: I feel anyone here can express their desires, and then we come up with a rough consensus.
-
Ge0rG
The representative was very interested in E2EE, and I fear OMEMO won't cut it.
-
Ge0rG
So maybe we need to have some kind of MLS based proposal
-
ralphm
Ge0rG: do you mean public services?
-
ralphm
Ge0rG: do business-oriented platforms like Slack count?
-
Guus
MLS?
-
Kev
Guus: Standardised E2E.
-
Kev
https://datatracker.ietf.org/wg/mls/about/
-
Ge0rG
ralphm: that's an excellent question
-
Seve
Ge0rG, https://datatracker.ietf.org/wg/mls/about/
-
Guus
If there's interest in E2EE, and there's an observed lack of that in XMPP, then maybe an outcome could be grants to work on improving that.
-
Seve
it was for Guus and also late... :) Thanks Kev
-
Ge0rG
ralphm: I'd say that all commercial providers should have to do that.
-
nyco
has the gavel been banged?
-
ralphm
nyco: not yet
-
Guus
Ge0rG maybe we should start to create some sort of document to capture motives like these
-
Ge0rG
ralphm: there might be a set of useful objective criteria when to require support for federation
-
MattJ
Yeah, I have to prep for a meeting starting in 10
-
Ge0rG
Guus: did you say "wiki"?
-
Guus
maybe something less public
-
Ge0rG
Does that matter? Do we expect to get gamed by Facebook?
-
Guus
I'd hate to see ideas that we're not going to pitch in the end, find their way to people that we didn't want to pitch those ideas too.
-
Ge0rG
Guus: alright. Can you arrange for something?
-
Seve
Should we find the way to work on this via email instead (so we can free the Board members)
-
Ge0rG
Seve: some kind of etherpad maybe, communicated via email to Board + X(?)
-
Guus
something like that would work for me
-
Guus
People said they needed to go though.
-
Guus
maybe wrap this up?
-
ralphm
Sure, or just a mailing list might suffice.
-
Ge0rG
Sure
-
Daniel
Some politicians in Germany seem eager to get some form of regulation going. So the question is not 'is regulation a good thing' but instead can we help them to at least make this less idiotic
-
ralphm
Wrapping up.
-
Seve
Ge0rG, yes
-
ralphm
6. Date of Next
-
ralphm
+1W
-
ralphm
7. Close
-
ralphm
Thanks all!
-
Guus
Daniel +!
- ralphm bangs gavel
-
nyco
thx
-
Seve
Perfect, thank you guys :)
-
Guus
I'm unsure if I can make it next week.
-
Guus
Thanks guys!
-
Daniel
Also if they are going to regulate anyway I'd rather have them use xmpp than for example wire or matrix
-
ralphm
Daniel: understood. Elections coming up?
-
Guus
MattJ - could you arrange for a private mailing list for this to be set up, with your iteam hat on?
-
Ge0rG
I'd prefer an etherpad actually.
-
Daniel
ralphm: not really.
-
Ge0rG
We want to make a document after all
- nyco has sent the minutes
-
Guus
Ge0rG fine, etherpad it is - I've never created/used one of those though
- nyco has sent the results for the compliance badges poll
-
Guus
Thanks nyco - seems like a clear outcome to me.
-
Guus
let's discuss next week how to proceed. I'd love to quickly engage the author and see if he's interested in completing these designs.
-
Ge0rG
nyco: where did you send it to?
-
Ge0rG
Ah, to board@. What a pity.
-
Guus
jonas’ would you mind trying to crawl igniterealtime.org again? DH key size should be better now.
-
jonas’
Guus, it runs into a timeout now, it appears my prosody isn’t getting a reply after it sent the stream header after STARTTLS
-
Guus
jonas’: that's odd. I've retreated away from the laptop, will investigate later
-
Guus
Thanks for trying
-
jonas’
you’re welcome
-
jonas’
Guus, FYI debug logs from my side https://paste.debian.net/hidden/fdf8e8df/
-
Guus
I noticed buffer sizing issues before, maybe that's what's going on here
-
jonas’
thinking about introducing a "critical" (= you need to understand this element, otherwise reply with feature-not-implemented) attribute in XMPP, it’s not that easy actually.
-
jonas’
for example, one can have content which is critical for a client to understand, but not for the servers (even possibly MUC servers, so the @to addressed entity) to understand, for example, a mandatory read receipt
-
jonas’
and then, one could imagine a thing which would need to be understood by a smart archive (for example, reactions), too
-
jonas’
or stuff which needs to be only understood by forwarding servers (i.e. both users servers), like extended addressing for server-side carbon-copying or something
-
Zash
You just need to invent a feature to advertise understanding of "critical" and mark it itself as critical `<feature var='critical' xmlns:critical='urn:xmpp:critical:sqrt(-1)' critical:critical='critical'/>`
-
jonas’
you could’ve just written urn:xmpp:critical:i ;P
-
Ge0rG
You forgot to make it ALL UPPERCASE
-
ralphm
Ge0rG, Kev, Seve is anyone in our community involved in MLS?
-
Ge0rG
I'm not, but I'd like to if I find the time
-
jonas’
ralphm, I think Dave participated in the earlier times on the mailing list
-
ralphm
I'm happy for the security mob to do their thing, but eventually we should probably have an XMPP proposal to use it.
-
Ge0rG
Yes
-
ralphm
Unsure when would be a good time to get involved, whether XMPP has particular properties that need to be taken into account.
-
ralphm
But I guess dwd might have a better idea on this.