XSF Discussion - 2019-12-21

  1. DebXWoody

    If the Server / Client doesn't support XEP-0313 and not XEP-0280. What will happen when Account 1 send a message to Account 2 while Account 2 is offline?

  2. pep.

    "It depends"

  3. pep.

    0280 is not actually for offline support

  4. pep.

    look at 0198

  5. Zash

    Offline message storage, delivered when they come back online.

  6. pep.

    Some implementations will return an error saying the recipient is not available also

  7. Zash

    Unless offline storage has been disabled,

  8. DebXWoody

    Where is the offline storage defined RFC / XEP?

  9. pep.

    0013 ?

  10. Zash


  11. Zash


  12. Zash

    Altho it's actually not a protocol, it's just a server implementation detail

  13. DebXWoody

    Ok,.. thanks.

  14. lovetox

    jonas’, your last email regarding char counting

  15. jonas’

    holy smokes that thread blew up

  16. lovetox

    maybe i dont get it, but i dont think it says what you want to say

  17. jonas’


  18. jonas’

    (I also only sent one mail, or is my MUA confused?)

  19. lovetox

    I think marvin, ralph and all other want to count *before* escaping, for the reasons detailed in this thread

  20. jonas’

    depends on the direction you’re looking at

  21. jonas’

    on the receiving side it’s after (un-)escaping

  22. jonas’

    I totally agree with ralph and marivn

  23. jonas’

    I can’t find my own mail tho

  24. jonas’

    ah, there it is

  25. lovetox

    yeah if you mean that its ok i guess, just saying i dont think many people will read this from your email

  26. jonas’

    okay, I’ll send a follow-up to clarify

  27. lovetox

    that (un-) is essential

  28. jonas’

    thanks for pointing it out

  29. jonas’

    I sent a clarification which should make more sense

  30. lovetox

    looks good !

  31. lovetox

    what are you all thinking about a XEP that lets you manage your uploaded files

  32. lovetox

    getting the list of files currently uploaded, and maybe their expiration date

  33. lovetox

    and having a option to delete them

  34. pep.

    Link Mauve had plans(tm) to integrate something like that into his account management client thingy, if/when that becomes a thing

  35. pep.


  36. pep.

    And yeah that'd be great.

  37. Link Mauve

    I already have it in there I think.

  38. pep.

    There were mentions of that during the GDPR paranoia period but nobody did anything about did

  39. Link Mauve

    Only listing and deletion so far.

  40. pep.

    Link Mauve, what standard?

  41. Link Mauve


  42. pep.

    lovetox, maybe if you look on standards@

  43. pep.

    Link Mauve, what standard on top of 0050?

  44. pep.


  45. Link Mauve

    Not written yet.

  46. lovetox

    adhoc is fine for that

  47. lovetox

    actually there is no need for a standard or? adhoc just returns dataforms

  48. lovetox

    if you can process one adhoc workflow you can process all

  49. lovetox

    though it probably would be good to have a well known command name for that functionality

  50. lovetox

    so we dont have to discover it

  51. pep.


  52. lovetox

    on the other hand this could be added to the httpupload disco result

  53. lovetox

    the adhoc command name i mean

  54. lovetox

    but probably easier to just define one name

  55. Link Mauve

    Yup, just like XEP-0133.

  56. Link Mauve

    Maybe we could just extend XEP-0133 with that.

  57. lovetox

    also another thing i thought aboujt

  58. lovetox

    some way to discover if a file is already on the server

  59. lovetox

    maybe with sending a hash

  60. lovetox

    and you get back the uri and the expiration date

  61. moparisthebest

    What about encrypted files

  62. lovetox

    depends on the encryption

  63. lovetox

    if the encryption is always the same you could still check the hash

  64. lovetox

    but thats not so likely

  65. lovetox

    but yeah that would not work for encrypted files, but thats no reason to not do it for unencrypted

  66. Zash

    If a hash is part of the upload slot request then the server could do integrity verification after the upload is completed, which seems like a nice thing.

  67. lovetox

    hm yeah but is this really a problem worth solving

  68. lovetox

    hm with http does the server know the difference between end of file

  69. Zash

    Almost every file upload thing I made before HTTP upload was a thing would base the URL on the hash of the content. Would have been nice to use those, but couldn't because the current scheme.

  70. lovetox

    and cancelled transfer?

  71. Zash

    It knows the size

  72. lovetox

    ah ..

  73. lovetox

    so yeah, i guess this never happens

  74. lovetox

    a full size transfered file where some bytes are what flipped to something else?

  75. Zash

    TLS (via HTTPS) also does a bunch for integrity

  76. moparisthebest

    It'd be nice if the rejected http upload encryption xep that every client currently implements anyway was accepted

  77. Zash

    moparisthebest, the aesgcm:// thing?

  78. Zash


  79. moparisthebest

    What would it take process wise to reboot that? Yep that's it

  80. Zash

    Yak number one: Fix the encryption scheme to allow encrypting more than just the body.

  81. lovetox

    on what grounds was it rejected, and how would a proper http upload encryption look if not that way?

  82. lovetox

    actually it has nothing to do with httpupload

  83. Zash

    https+vnd.something.omemo.aesgcm:// at the very least

  84. lovetox

    its just a way to communicate a key and url to another user

  85. Zash

    or register aesgcm with iana

  86. moparisthebest

    It was originally just https:// until someone complained I think

  87. lovetox

    i guess all info could be put into the fragment

  88. lovetox


  89. lovetox

    then it does not matter what the scheme is in front

  90. MattJ

    Non-OMEMO clients would just download garbage

  91. lovetox

    MattJ, non omemo clients can not see that message

  92. Zash

    MattJ, they wouldn't get the URL in the first place tho

  93. moparisthebest

    No they wouldn't get the link

  94. moparisthebest


  95. MattJ

    Ah right

  96. Zash

    because it'd be omemo-encrypted <body>

  97. Zash


  98. lovetox

    but yeah its all a ugly workaround for not having full stanza encryption

  99. moparisthebest

    Full stanza encryption would be great but that's a separate concern, you'd still need to encrypt the http upload

  100. lovetox

    but even if its ugly, it just works and is easy to implement

  101. lovetox

    so not really a top priority to fix in my opinion

  102. lovetox

    moparisthebest, but you dont need a XEP to encrypt a httpupload

  103. lovetox

    you just need a XEP to communicate to another party, how you encrypted content

  104. Zash

    Doesn't Jingle have stuff for this?

  105. lovetox

    yes, but we talk about http upload

  106. lovetox


  107. Zash

    Why does it need to matter what transport method you used?

  108. lovetox

    it doesnt

  109. lovetox

    you are right

  110. lovetox

    jingle does it, it sends a key transport omemo message

  111. lovetox

    which is an encrypted message that has a key in it

  112. lovetox

    this is not an encrypted body

  113. lovetox

    its something in the signal protocol layer

  114. lovetox

    then it starts jingle, and you know that keytransport message is the decryption key

  115. lovetox

    or something like that

  116. lovetox

    but you can do this with jingle because you are in some kind of session, and you know where this key transport message belongs to

  117. lovetox

    hard to do with just sending a url

  118. lovetox

    hm its doable ..

  119. lovetox

    you could put 2 encrypted omemo elements into one message

  120. lovetox

    one encrypts the body like always

  121. lovetox

    and the other is inside some <security> element

  122. lovetox

    and is the decryption key transport message

  123. lovetox

    then you just have to write a xep that tells you to look for it and to decrpyt it in the right order