XSF Discussion - 2019-12-31

  1. marc


  2. dwd

    Ge0rG, FWIW, any "stanza" prior to authentication (and, indeed, prior to binding being complete) is ugly and scary in a server. I'd love to rid us of all of those.

  3. Ge0rG

    dwd: what's your suggested mechanism that has iq semantics, minus the routing?

  4. jonas’

    <pre-auth-iq/> nonza!

  5. pep.

    Isn't it just a nonza if it's preauth?

  6. pep.

    Even if it's an iq

  7. jonas’

    pep., but since it matches the filters for IQs, it’s scary

  8. Ge0rG

    > A XMPP stream element is a Nonza, if its element name is not 'message', 'iq' or 'presence'. From the nonza non XEP

  9. Ge0rG

    Apparently the author didn't have pre-auth in mind

  10. Ge0rG

    dwd: also IBR is using IQ and those are sufficiently close to each other to warrant using the same dirty hacks, IMVHO

  11. jonas’

    Ge0rG, I’m not so sure about that. Just because IBR made a mistake, we don’t have to repeat the same mistake all over again

  12. dwd

    Yeah, IBR is very sucky to implement in a server. It means you have rules and exceptions and exceptional rules. We are were we are, but that doesn't mean I'd like to double down on that mistake.

  13. Ge0rG

    dwd: so what's your alternative proposal?

  14. jonas’


  15. jonas’


  16. Ge0rG

    IQ was very straightforward to implement on the client, response callback and error handling included.

  17. dwd

    I don't have one. I'd be tempted to reach for the Swiss Army Knife of SASL2, though.

  18. Ge0rG

    You can't even stuff stanza errors on a nonza.

  19. Ge0rG

    dwd: yes, please do that. Until then, I'll go on with pre-auth IQ.

  20. jonas’

    Ge0rG, why not?

  21. Ge0rG

    jonas’: because those are stanza errors.

  22. dwd

    And yes, I should run about and implement SASL2 in some useful servers. I even have a public implementation of it for Openfire.

  23. jonas’


  24. jonas’

    nothing prevents you from ebedding a stanza error element in a nonza

  25. Ge0rG

    jonas’: you need to write your own parser for that special case.

  26. dwd

    Ge0rG, You know that XEP-0220 has stanza errors inside something that's not a stanza?

  27. dwd

    Ge0rG, I mean, sure, if you want to argue that stanza errors can only exist in stanzas, fine, but the evidence is strongly against you.

  28. Ge0rG

    dwd: no, I'm saying that it's impractical for client developers.

  29. jonas’

    it’s not

  30. jonas’

    trivial in aioxmpp

  31. jonas’

    so your generalisation doesn’t hold

  32. Ge0rG

    jonas’: I'm eagerly awaiting your PR for yaxim, replacing smack with aioxmpp

  33. jonas’

    Ge0rG, me too!

  34. Ge0rG

    dwd: I tried to minimize the number of wheels you have to reinvent.

  35. Ge0rG

    With SASL2, it's not about reinventing but about inventing new wheels.

  36. Ge0rG

    And I remember the last time we decided to use a new stream element instead of an IQ to configure a session, and it backfired.

  37. MattJ

    You're thinking of CSI?

  38. MattJ

    Because that was an intentional decision

  39. Ge0rG

    I'm speaking of CSI, which isn't counted by 0198 and thus has to be explicitly reconfigured after resumption. Also you can't just send a CSI request to the server without checking for support. An IQ would just error back, but CSI will kill your stream

  40. MattJ

    It was intentional that the stream is in a defined state after resumption, it was intentional that there was no ack

  41. MattJ

    I did consider iq, but it forced an ack (for a thing which the client shouldn't care about), and increased noise in a protocol that aims to reduce noise

  42. Ge0rG

    MattJ: you could have gone with a message as well πŸ˜‰

  43. MattJ

    Yeah, pre-auth message would have been just great

  44. Ge0rG

    I'm just saying that it's a tradeoff decision where there's no obvious right solution.

  45. MattJ

    I don't deny that there are trade-offs

  46. MattJ

    I totally understand that if you have iq code, you want to reuse it as much as possible

  47. flow

    > Ge0rG> Apparently the author didn't have pre-auth in mind Hu? What makes you think that?

  48. MattJ

    But from a server perspective, we don't want to be dealing with stuff that is usually routed in a context where it ought not to be routed

  49. Ge0rG

    flow: is an IQ prior to session binding a stanza or a nonza?

  50. flow

    > Ge0rG> jonas’: you need to write your own parser for that special case. I also think that this is not strictly true

  51. flow

    Ge0rG, it's an IQ hence a stanza. But nothing prevents you from sending nonzas pre-auth with IQ semantics aka a required response

  52. flow

    But FWIW I am torn between using stanzas and nonzas pre-auth, both sides have valid arguments

  53. flow

    Although Smack recently got a mechanism to listen for nonza responses, as this is required anyway (pre and post auth)

  54. Ge0rG

    flow: no, but I need to write my own nonza filter and I need to integrate the stanza error parser and extension element parser into my special nonza parser

  55. Ge0rG

    And I'm not sure whether the error and extension parsers are even exposed for extensibility

  56. flow

    they are

  57. flow

    but you have a point here

  58. flow

    But so do the people who say that stanzas pre auth are harmful. Potentially XMPP is missing a generic container element for nonzas (non-routeable) with IQ semantics (mandatory response) that can be used pre-auth

  59. Ge0rG

    flow: yes

  60. Ge0rG

    We should rewrite all of session setup and encryption and compression in terms of that new pre-iq

  61. Ge0rG

    In XMPP 2.0

  62. flow

    but depending on the response, you may have to write a parser anyway

  63. Ge0rG

    While we are at it, we could use HTTP REST JSON as the underlying protocol. I've heard there is a matrix specification 1.0 out there

  64. Ge0rG

    Or people copy&paste their IBR code to the invite module and we get a running implementation in 2019

  65. pep.


  66. pep.

    What ibr code? (/me looks at poezio)

  67. Ge0rG

    pep.: the modified 0401 is live on yax.im for a week now

  68. Ge0rG

    You can `/ad-hoc yax.im` to create an invitation

  69. Ge0rG

    And you can run yaxim from play beta to use that and to redeem invitation links

  70. Ge0rG

    You just can't render the QR code in poezio because something something ncurses

  71. Daniel

    i’m exhausted from 36c3 and from traveling and i can’t tell if user-defined data transfer is some elaborte joke or not

  72. Daniel

    i heard you like extensible protocol; so we defined an extensible protocol and put it into your protocol

  73. Daniel


  74. pep.

    I was also under this impression

  75. Neustradamus

    Happy New Year Eve to all

  76. Arc

    Ge0rG: wait, there's an xmpp client using ncurses to create qr codes? that's fricken awesome!

  77. Arc

    I want that!

  78. Arc

    login to a server via ssh using oauth2 - they get a URL and associated qr code to login via website either on that device or mobile phone

  79. Ge0rG

    Arc: it's an experimental plugin for poezio

  80. Ge0rG

    ``` Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆβ–€β–€β–€β–€β–€β–ˆΒ Β Β β–„β–ˆβ–€β–ˆβ–„β–ˆβ–„Β β–ˆβ–€β–€β–€β–€β–€β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–„β–„β–„β–„β–„Β β–ˆβ–ˆβ–ˆβ–€Β β–„Β β–€Β β–€β–ˆΒ β–„β–„β–„β–„β–„Β β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ β–ˆβ–ˆβ–ˆΒ β–ˆΒ β–ˆΒ β–ˆβ–ˆΒ β–€β–„β–€β–€Β β–ˆΒ β–ˆβ–ˆβ–ˆΒ β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆΒ Β Β β–ˆΒ β–ˆΒ β–ˆΒ Β β–ˆβ–„β–€β–„β–„β–ˆΒ β–ˆΒ Β Β β–ˆΒ β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ β–€β–€β–€Β β–ˆΒ β–ˆβ–€Β β–„Β Β Β β–„β–ˆΒ β–ˆΒ β–€β–€β–€Β β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆβ–„β–„β–„β–ˆΒ β–ˆΒ β–„β–ˆβ–€β–ˆβ–ˆβ–ˆβ–€Β β–ˆΒ β–ˆβ–„β–„β–„β–ˆΒ β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–€β–€β–€β–€β–€β–€β–€Β β–ˆβ–„β–ˆΒ β–ˆΒ β–ˆβ–„β–€Β β–€β–€β–€β–€β–€β–€β–€Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆΒ β–€Β β–ˆΒ β–ˆΒ β–€β–„β–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆβ–„β–€β–ˆβ–ˆβ–ˆβ–€β–„Β β–„Β Β β–€β–„β–„Β β–„Β β–€β–ˆβ–€β–ˆβ–€β–„Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–€β–„Β Β Β β–„β–€β–ˆβ–€β–ˆβ–ˆβ–„β–€β–€β–ˆβ–€β–ˆβ–„Β β–„Β β–„β–€β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ β–„Β Β β–ˆβ–€Β β–„β–€β–ˆβ–ˆβ–„β–ˆβ–€β–€β–„β–ˆβ–€Β β–€β–€Β β–ˆβ–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆβ–€β–ˆβ–ˆΒ β–„β–ˆβ–€β–„Β Β β–€Β β–„β–„β–€Β β–„β–ˆβ–„β–„β–ˆΒ Β β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–„β–€Β β–„Β β–ˆβ–€β–€Β β–ˆβ–ˆβ–€β–€Β β–€Β Β β–€β–ˆβ–ˆβ–€β–„β–€β–€Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–€β–„β–ˆβ–€β–ˆΒ β–„β–„β–ˆΒ Β β–„β–„β–ˆβ–„β–ˆβ–ˆβ–„Β Β β–„β–€β–„β–„β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ Β β–€β–€β–„β–€β–€β–€Β β–€β–ˆβ–€Β β–„β–ˆΒ Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–€β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆβ–ˆβ–„β–„β–€β–„β–„β–„β–ˆβ–„Β β–„β–ˆβ–€Β β–ˆβ–ˆΒ Β Β Β β–ˆβ–„Β β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–€Β β–€β–€β–€β–€β–€Β β–„β–„β–€β–€β–„β–„β–„Β β–ˆβ–€β–€β–€β–ˆβ–„β–ˆβ–„Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–„β–ˆβ–„β–„β–„β–„β–„β–ˆβ–€β–€β–„β–„β–€β–€β–€β–ˆΒ β–„β–„β–„Β β–€Β β–€β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆβ–€β–€β–€β–€β–€β–ˆΒ β–„β–ˆΒ Β β–„β–ˆβ–€Β β–ˆΒ β–€Β β–ˆβ–€β–€β–ˆβ–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–„β–„β–„β–„β–„Β β–ˆβ–€Β β–ˆβ–ˆβ–€Β β–„β–ˆΒ β–ˆβ–„β–ˆΒ β–„β–„Β Β β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ β–ˆβ–ˆβ–ˆΒ β–ˆΒ β–ˆβ–„β–€Β β–€Β β–€β–€β–€β–ˆβ–ˆβ–€β–ˆβ–€β–€β–„β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆΒ Β Β β–ˆΒ β–ˆΒ β–€β–„β–ˆβ–„β–ˆβ–„β–„β–„Β Β β–„Β β–„β–„β–€Β β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–ˆΒ β–€β–€β–€Β β–ˆΒ β–€β–ˆβ–€β–ˆβ–€Β β–„β–ˆβ–„β–€Β β–ˆΒ Β β–€Β β–ˆΒ Β Β Β β–ˆβ–ˆβ–ˆβ–ˆΒ β–ˆβ–„β–„β–„β–ˆΒ β–ˆβ–„Β β–„Β β–„β–ˆβ–€Β β–€β–„β–ˆΒ β–ˆβ–ˆβ–„β–ˆΒ β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β β–€β–€β–€β–€β–€β–€β–€Β β–€β–€β–€β–€Β Β Β Β Β β–€β–€β–€Β β–€β–€β–€β–€Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–„β–„β–„β–„β–„β–„β–„β–ˆβ–„β–„β–„β–„β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–„β–„β–„β–ˆβ–„β–„β–„β–„β–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€β–€ ```