-
marc
πΆ
-
dwd
Ge0rG, FWIW, any "stanza" prior to authentication (and, indeed, prior to binding being complete) is ugly and scary in a server. I'd love to rid us of all of those.
-
Ge0rG
dwd: what's your suggested mechanism that has iq semantics, minus the routing?
-
jonasβ
<pre-auth-iq/> nonza!
-
pep.
Isn't it just a nonza if it's preauth?
-
pep.
Even if it's an iq
-
jonasβ
pep., but since it matches the filters for IQs, itβs scary
-
Ge0rG
> A XMPP stream element is a Nonza, if its element name is not 'message', 'iq' or 'presence'. From the nonza non XEP
-
Ge0rG
Apparently the author didn't have pre-auth in mind
-
Ge0rG
dwd: also IBR is using IQ and those are sufficiently close to each other to warrant using the same dirty hacks, IMVHO
-
jonasβ
Ge0rG, Iβm not so sure about that. Just because IBR made a mistake, we donβt have to repeat the same mistake all over again
-
dwd
Yeah, IBR is very sucky to implement in a server. It means you have rules and exceptions and exceptional rules. We are were we are, but that doesn't mean I'd like to double down on that mistake.
-
Ge0rG
dwd: so what's your alternative proposal?
-
jonasβ
<pre-auth-iq>✎ -
jonasβ
<pre-auth-iq/>? ✏
-
Ge0rG
IQ was very straightforward to implement on the client, response callback and error handling included.
-
dwd
I don't have one. I'd be tempted to reach for the Swiss Army Knife of SASL2, though.
-
Ge0rG
You can't even stuff stanza errors on a nonza.
-
Ge0rG
dwd: yes, please do that. Until then, I'll go on with pre-auth IQ.
-
jonasβ
Ge0rG, why not?
-
Ge0rG
jonasβ: because those are stanza errors.
-
dwd
And yes, I should run about and implement SASL2 in some useful servers. I even have a public implementation of it for Openfire.
-
jonasβ
so?
-
jonasβ
nothing prevents you from ebedding a stanza error element in a nonza
-
Ge0rG
jonasβ: you need to write your own parser for that special case.
-
dwd
Ge0rG, You know that XEP-0220 has stanza errors inside something that's not a stanza?
-
dwd
Ge0rG, I mean, sure, if you want to argue that stanza errors can only exist in stanzas, fine, but the evidence is strongly against you.
-
Ge0rG
dwd: no, I'm saying that it's impractical for client developers.
-
jonasβ
itβs not
-
jonasβ
trivial in aioxmpp
-
jonasβ
so your generalisation doesnβt hold
-
Ge0rG
jonasβ: I'm eagerly awaiting your PR for yaxim, replacing smack with aioxmpp
-
jonasβ
Ge0rG, me too!
-
Ge0rG
dwd: I tried to minimize the number of wheels you have to reinvent.
-
Ge0rG
With SASL2, it's not about reinventing but about inventing new wheels.
-
Ge0rG
And I remember the last time we decided to use a new stream element instead of an IQ to configure a session, and it backfired.
-
MattJ
You're thinking of CSI?
-
MattJ
Because that was an intentional decision
-
Ge0rG
I'm speaking of CSI, which isn't counted by 0198 and thus has to be explicitly reconfigured after resumption. Also you can't just send a CSI request to the server without checking for support. An IQ would just error back, but CSI will kill your stream
-
MattJ
It was intentional that the stream is in a defined state after resumption, it was intentional that there was no ack
-
MattJ
I did consider iq, but it forced an ack (for a thing which the client shouldn't care about), and increased noise in a protocol that aims to reduce noise
-
Ge0rG
MattJ: you could have gone with a message as well π
-
MattJ
Yeah, pre-auth message would have been just great
-
Ge0rG
I'm just saying that it's a tradeoff decision where there's no obvious right solution.
-
MattJ
I don't deny that there are trade-offs
-
MattJ
I totally understand that if you have iq code, you want to reuse it as much as possible
-
flow
> Ge0rG> Apparently the author didn't have pre-auth in mind Hu? What makes you think that?
-
MattJ
But from a server perspective, we don't want to be dealing with stuff that is usually routed in a context where it ought not to be routed
-
Ge0rG
flow: is an IQ prior to session binding a stanza or a nonza?
-
flow
> Ge0rG> jonasβ: you need to write your own parser for that special case. I also think that this is not strictly true
-
flow
Ge0rG, it's an IQ hence a stanza. But nothing prevents you from sending nonzas pre-auth with IQ semantics aka a required response
-
flow
But FWIW I am torn between using stanzas and nonzas pre-auth, both sides have valid arguments
-
flow
Although Smack recently got a mechanism to listen for nonza responses, as this is required anyway (pre and post auth)
-
Ge0rG
flow: no, but I need to write my own nonza filter and I need to integrate the stanza error parser and extension element parser into my special nonza parser
-
Ge0rG
And I'm not sure whether the error and extension parsers are even exposed for extensibility
-
flow
they are
-
flow
but you have a point here
-
flow
But so do the people who say that stanzas pre auth are harmful. Potentially XMPP is missing a generic container element for nonzas (non-routeable) with IQ semantics (mandatory response) that can be used pre-auth
-
Ge0rG
flow: yes
-
Ge0rG
We should rewrite all of session setup and encryption and compression in terms of that new pre-iq
-
Ge0rG
In XMPP 2.0
-
flow
but depending on the response, you may have to write a parser anyway
-
Ge0rG
While we are at it, we could use HTTP REST JSON as the underlying protocol. I've heard there is a matrix specification 1.0 out there
-
Ge0rG
Or people copy&paste their IBR code to the invite module and we get a running implementation in 2019
-
pep.
Today?
-
pep.
What ibr code? (/me looks at poezio)
-
Ge0rG
pep.: the modified 0401 is live on yax.im for a week now
-
Ge0rG
You can `/ad-hoc yax.im` to create an invitation
-
Ge0rG
And you can run yaxim from play beta to use that and to redeem invitation links
-
Ge0rG
You just can't render the QR code in poezio because something something ncurses
-
Daniel
iβm exhausted from 36c3 and from traveling and i canβt tell if user-defined data transfer is some elaborte joke or not
-
Daniel
i heard you like extensible protocol; so we defined an extensible protocol and put it into your protocol
-
Daniel
n
-
pep.
I was also under this impression
-
Neustradamus
Happy New Year Eve to all
-
Arc
Ge0rG: wait, there's an xmpp client using ncurses to create qr codes? that's fricken awesome!
-
Arc
I want that!
-
Arc
login to a server via ssh using oauth2 - they get a URL and associated qr code to login via website either on that device or mobile phone
-
Ge0rG
Arc: it's an experimental plugin for poezio
-
Ge0rG
``` Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β βββββββββββββββββββββββββββββββββ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β βββββββββββββββββββββββββββββββββ Β Β Β Β βββββββΒ Β Β βββββββΒ βββββββΒ Β Β Β ββββΒ βββββΒ ββββΒ βΒ βΒ ββΒ βββββΒ ββββ Β Β Β Β βΒ βββΒ βΒ βΒ ββΒ ββββΒ βΒ βββΒ βΒ Β Β Β ββββΒ βΒ Β Β βΒ βΒ βΒ Β ββββββΒ βΒ Β Β βΒ ββββ Β Β Β Β βΒ βββΒ βΒ ββΒ βΒ Β Β ββΒ βΒ βββΒ βΒ Β Β Β ββββΒ βββββΒ βΒ βββββββΒ βΒ βββββΒ ββββ Β Β Β Β βββββββΒ βββΒ βΒ βββΒ βββββββΒ Β Β Β ββββββββββββΒ βΒ βΒ βΒ ββββββββββββββ Β Β Β Β ββββββββΒ βΒ Β βββΒ βΒ ββββββΒ Β Β Β Β ββββΒ ββΒ Β Β βββββββββββββΒ βΒ βββββββ Β Β Β Β βΒ βΒ Β ββΒ βββββββββββΒ ββΒ ββΒ Β Β Β ββββΒ ββββΒ ββββΒ Β βΒ βββΒ βββββΒ Β ββββ Β Β Β Β ββΒ βΒ βββΒ ββββΒ βΒ Β βββββββΒ Β Β Β Β βββββββββΒ βββΒ Β βββββββΒ Β βββββββββ Β Β Β Β βΒ Β ββββββΒ βββΒ ββΒ Β ββββΒ ββΒ Β Β Β ββββΒ ββββββββββΒ βββΒ ββΒ Β Β Β ββΒ ββββ Β Β Β Β βΒ βββββΒ βββββββΒ ββββββββΒ Β Β Β Β ββββββββββββββββββββΒ βββΒ βΒ ββββββ Β Β Β Β βββββββΒ ββΒ Β βββΒ βΒ βΒ βββββΒ Β Β Β ββββΒ βββββΒ ββΒ βββΒ ββΒ βββΒ ββΒ Β ββββ Β Β Β Β βΒ βββΒ βΒ βββΒ βΒ βββββββββββΒ Β Β Β ββββΒ βΒ Β Β βΒ βΒ ββββββββΒ Β βΒ βββΒ ββββ Β Β Β Β βΒ βββΒ βΒ βββββΒ ββββΒ βΒ Β βΒ βΒ Β Β Β ββββΒ βββββΒ ββΒ βΒ βββΒ βββΒ ββββΒ ββββ Β Β Β Β βββββββΒ ββββΒ Β Β Β Β βββΒ ββββΒ Β Β Β βββββββββββββββββββββββββββββββββ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β βββββββββββββββββββββββββββββββββ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β βββββββββββββββββββββββββββββββββ ```