XSF Discussion - 2019-12-31

😶

Ge0rG, FWIW, any "stanza" prior to authentication (and, indeed, prior to binding being complete) is ugly and scary in a server. I'd love to rid us of all of those.

dwd: what's your suggested mechanism that has iq semantics, minus the routing?

<pre-auth-iq/> nonza!

Isn't it just a nonza if it's preauth?

Even if it's an iq

pep., but since it matches the filters for IQs, it’s scary

> A XMPP stream element is a Nonza, if its element name is not 'message', 'iq' or 'presence'. From the nonza non XEP

Apparently the author didn't have pre-auth in mind

dwd: also IBR is using IQ and those are sufficiently close to each other to warrant using the same dirty hacks, IMVHO

Ge0rG, I’m not so sure about that. Just because IBR made a mistake, we don’t have to repeat the same mistake all over again

Yeah, IBR is very sucky to implement in a server. It means you have rules and exceptions and exceptional rules. We are were we are, but that doesn't mean I'd like to double down on that mistake.

dwd: so what's your alternative proposal?

<pre-auth-iq/>? ✏

IQ was very straightforward to implement on the client, response callback and error handling included.

I don't have one. I'd be tempted to reach for the Swiss Army Knife of SASL2, though.

You can't even stuff stanza errors on a nonza.

dwd: yes, please do that. Until then, I'll go on with pre-auth IQ.

Ge0rG, why not?

jonas’: because those are stanza errors.

And yes, I should run about and implement SASL2 in some useful servers. I even have a public implementation of it for Openfire.

so?

nothing prevents you from ebedding a stanza error element in a nonza

jonas’: you need to write your own parser for that special case.

Ge0rG, You know that XEP-0220 has stanza errors inside something that's not a stanza?

Ge0rG, I mean, sure, if you want to argue that stanza errors can only exist in stanzas, fine, but the evidence is strongly against you.

dwd: no, I'm saying that it's impractical for client developers.

it’s not

trivial in aioxmpp

so your generalisation doesn’t hold

jonas’: I'm eagerly awaiting your PR for yaxim, replacing smack with aioxmpp

Ge0rG, me too!

dwd: I tried to minimize the number of wheels you have to reinvent.

With SASL2, it's not about reinventing but about inventing new wheels.

And I remember the last time we decided to use a new stream element instead of an IQ to configure a session, and it backfired.

You're thinking of CSI?

Because that was an intentional decision

I'm speaking of CSI, which isn't counted by 0198 and thus has to be explicitly reconfigured after resumption. Also you can't just send a CSI request to the server without checking for support. An IQ would just error back, but CSI will kill your stream

It was intentional that the stream is in a defined state after resumption, it was intentional that there was no ack

I did consider iq, but it forced an ack (for a thing which the client shouldn't care about), and increased noise in a protocol that aims to reduce noise

MattJ: you could have gone with a message as well 😉

Yeah, pre-auth message would have been just great

I'm just saying that it's a tradeoff decision where there's no obvious right solution.

I don't deny that there are trade-offs

I totally understand that if you have iq code, you want to reuse it as much as possible

> Ge0rG> Apparently the author didn't have pre-auth in mind Hu? What makes you think that?

But from a server perspective, we don't want to be dealing with stuff that is usually routed in a context where it ought not to be routed

flow: is an IQ prior to session binding a stanza or a nonza?

> Ge0rG> jonas’: you need to write your own parser for that special case. I also think that this is not strictly true

Ge0rG, it's an IQ hence a stanza. But nothing prevents you from sending nonzas pre-auth with IQ semantics aka a required response

But FWIW I am torn between using stanzas and nonzas pre-auth, both sides have valid arguments

Although Smack recently got a mechanism to listen for nonza responses, as this is required anyway (pre and post auth)

flow: no, but I need to write my own nonza filter and I need to integrate the stanza error parser and extension element parser into my special nonza parser

And I'm not sure whether the error and extension parsers are even exposed for extensibility

they are

but you have a point here

But so do the people who say that stanzas pre auth are harmful. Potentially XMPP is missing a generic container element for nonzas (non-routeable) with IQ semantics (mandatory response) that can be used pre-auth

flow: yes

We should rewrite all of session setup and encryption and compression in terms of that new pre-iq

In XMPP 2.0

but depending on the response, you may have to write a parser anyway

While we are at it, we could use HTTP REST JSON as the underlying protocol. I've heard there is a matrix specification 1.0 out there

Or people copy&paste their IBR code to the invite module and we get a running implementation in 2019

Today?

What ibr code? (/me looks at poezio)

pep.: the modified 0401 is live on yax.im for a week now

You can `/ad-hoc yax.im` to create an invitation

And you can run yaxim from play beta to use that and to redeem invitation links

You just can't render the QR code in poezio because something something ncurses

i’m exhausted from 36c3 and from traveling and i can’t tell if user-defined data transfer is some elaborte joke or not

i heard you like extensible protocol; so we defined an extensible protocol and put it into your protocol

n

I was also under this impression

Happy New Year Eve to all

Ge0rG: wait, there's an xmpp client using ncurses to create qr codes? that's fricken awesome!

I want that!

login to a server via ssh using oauth2 - they get a URL and associated qr code to login via website either on that device or mobile phone

Arc: it's an experimental plugin for poezio

```                                  █████████████████████████████████                                  █████████████████████████████████     █▀▀▀▀▀█   ▄█▀█▄█▄ █▀▀▀▀▀█    ████ ▄▄▄▄▄ ███▀ ▄ ▀ ▀█ ▄▄▄▄▄ ████     █ ███ █ █ ██ ▀▄▀▀ █ ███ █    ████ █   █ █ █  █▄▀▄▄█ █   █ ████     █ ▀▀▀ █ █▀ ▄   ▄█ █ ▀▀▀ █    ████ █▄▄▄█ █ ▄█▀███▀ █ █▄▄▄█ ████     ▀▀▀▀▀▀▀ █▄█ █ █▄▀ ▀▀▀▀▀▀▀    ████▄▄▄▄▄▄▄█ ▀ █ █ ▀▄█▄▄▄▄▄▄▄████     █▄▀███▀▄ ▄  ▀▄▄ ▄ ▀█▀█▀▄     ████ ▀▄   ▄▀█▀██▄▀▀█▀█▄ ▄ ▄▀█████     █ ▄  █▀ ▄▀██▄█▀▀▄█▀ ▀▀ ██    ████ █▀██ ▄█▀▄  ▀ ▄▄▀ ▄█▄▄█  ████     ▄▀ ▄ █▀▀ ██▀▀ ▀  ▀██▀▄▀▀     ████▀▄█▀█ ▄▄█  ▄▄█▄██▄  ▄▀▄▄█████     █  ▀▀▄▀▀▀ ▀█▀ ▄█  ████ ▀█    ████ ██▄▄▀▄▄▄█▄ ▄█▀ ██    █▄ ████     ▀ ▀▀▀▀▀ ▄▄▀▀▄▄▄ █▀▀▀█▄█▄     ████▄█▄▄▄▄▄█▀▀▄▄▀▀▀█ ▄▄▄ ▀ ▀█████     █▀▀▀▀▀█ ▄█  ▄█▀ █ ▀ █▀▀██    ████ ▄▄▄▄▄ █▀ ██▀ ▄█ █▄█ ▄▄  ████     █ ███ █ █▄▀ ▀ ▀▀▀██▀█▀▀▄█    ████ █   █ █ ▀▄█▄█▄▄▄  ▄ ▄▄▀ ████     █ ▀▀▀ █ ▀█▀█▀ ▄█▄▀ █  ▀ █    ████ █▄▄▄█ █▄ ▄ ▄█▀ ▀▄█ ██▄█ ████     ▀▀▀▀▀▀▀ ▀▀▀▀     ▀▀▀ ▀▀▀▀    ████▄▄▄▄▄▄▄█▄▄▄▄█████▄▄▄█▄▄▄▄████                                  █████████████████████████████████                                  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ```