XSF Discussion - 2020-01-14

is members@ missing from https://xmpp.org/community/mailing-lists.html on purpose? there does appear to be public archives anyway https://mail.jabber.org/pipermail/members/

moparisthebest: only for members

The members@ archives are public.

pep., agreed, members@ would also work for me

Hello pep. :D I've been on holidays and also sick, still recovering, I haven't been able to follow what's going on, will try to catch up on the following days after I get better

Seve: ! :)

Also my phone broke, so it is even harder to keep up to date... Sorry about this!

If you look very closely this is partly about XMPP: https://www.ncia.nato.int/NewsRoom/Pages/20191106-Connecting-the-Dots-The-High-North.aspx

of course not mentioning it with a single letter

Of course not. But it says "chat", which is NATO-ese for XMPP.

:D

over STANAG? :)

I can't tell. It mentions "wideband high-frequency", which would be STANAG 5066, though NATO are here talking about a common IP bearer, which means no XEP-0365.

XEP-0001 §1 "The XSF's standards process can be outlined informally as follows: [..] 2. [..] and agrees to transfer ownership over the protocol [..]", is "over" a typo here?

Should be "of"?

jonas’, Also "Over STANAG" is like saying "Over RFC". :-)

pep., No, "over" is fine. You can have "ownership over X".

ah ok

Maybe we should mandate Simple English in our specs :)

> released a business opportunity for bidding that wording is very freaky

If you look very closely, you can find an XMPP reference on a whiteboard somewhere on these pictures: https://www.act.nato.int/cwix

dwd, sorry, I’m from a part of the amateur radio community where STANAG generally refers to some HF thing the NATO uses for communications over radio, which I assume is STANAG 5066. TIL, thanks. ✏

Ge0rG, Well, yes, NATO is terrifyingly bureaucratic. If you've done any government bidding, just imagine bidding for 28 governments simulataneously and you're about right.

jonas’, Ah, I vaguely knew there was some use of S'5066 in ham, but didn't realise it was quite that well known.

dwd: yeah, that comes on top. But "to release a business opportunity" is just weird turbo capitalism speak

Ge0rG, Oh, yes. It's a little bubble.

dwd, let’s say that was a rather specific corner

Would it hurt to have some content served on the URLs that match the namespaces that are defined in our registrar, where applicable? I think I've just received a request to remove namespaces from Openfire, since the links are broken anyway. I'd prefer to not have the discussion that I'm going to have more often, in the future.

I'm wondering if any content that's being served without a HTTP error that's not a schema will break / confuse tooling.

The discussion? That is "Please inform yourself about what a namespace is"?

Guus: that sounds like another request to fix our registry

It's not about the registry from what I understand

It's about people not knowing that a namespace doesn't have to resolve

right(?)

Yes.

Basically: can we have non-error content at URLs like https://www.jabber.org/protocol/geoloc

14 year old me was slightly confused about the urls not resolving as well. But I don't think that making the urls resolve would have helped my understanding

If anything it would have made it more confusing maybe

No, but it prevents me having awkward conversations with customers.

I suspect that them not resolving actually helps rather than hinders, in this case.

Because it forces understanding, rather than ploughing ahead on a basis of being ignorant about one's ignorance :)

maybe a redirect to https://xmpp.org/registrar/namespaces.html ?

> Because it forces understanding, rather than ploughing ahead on a basis of being ignorant about one's ignorance :) 👍

Guus: A redirect to namespaces might not be daft, though, yeah.

Guus, I'd love to see namespaces of XEPs being URLs that point to the related version of the xep

flow: I see the appeal in that. I'm worried it would add confusion (see ignorant ignorance comment) from those not 'in the know'. But I'm certainly not high-F against the idea.

I'm pretty sure they used to redirect (a very long time ago)

I'm not disagreeing with you all here - and there's something to be said for it, but I really don't want to fight this battle with everyone 🙂

I'm looking for a path of least resistance here 🙂

read: "Guus is chickening out"

"everyone" being the one customer that comes up with this in the past 5 years or so

(but for everyone that asks a question, 10 others wonder, but don't bother to ask)

Kev, I do not follow the "ignorant ignorance" comment. Could you rephrase it for me? I don't see how namespace values pointing to the document declaring and defining that protocol used by those values can be anything but a big win

flow: If the URL doesn't point anywhere, people are forced to understand that the URL doesn't mean what people think it does. OTOH if we put URLs there for the http-based namespaces, are we going to have people thinking that they can shove the URL to random web pages in there? What about urn:xmpp stuff?

I don't feel strongly about it, but I suspect anything we do will lead to confusion by someone.

Guus, also note that this happens only for namespaces that happen to be http.

pep. I am painfully, painfully aware...

And hmm, the XSF has an http -> https redirection in place right

Kev, I see, thanks

pep., See XEP-0419 §3.1 : https://xmpp.org/extensions/xep-0419.html#sect-idm46603442987040

context? ✏

Won't the uninformed think "oh the URL has died? (no wonder, Jabber is dying)" rather than "oh it points nowhere, must be just a namespace"?

ah, 419.

Context is: Ge0rG and dwd having fun.

Holger: Also possible.

dwd, yeah not what I'm saying.

Just saying confused customer gonna be confused

Still, serving a redirect to the registrar wouldn't be the worst idea?

The XSF doesn't have control over jabber.org though

it'd also have the benefit of what Flow proposes, although indirectly: a reference to the corresponding XEPs.

(without the downside that the URLs are added to documentation as Kev suggested, as they'd point to a generic landing page)

pep. I'm pretty sure we can approach the friendly sysops for jabber.org to make this change, if we want it.

I think Guus's suggestion is sound. The XSF doesn't have control over jabber.org, but this seems like something Peter isn't going to say 'no' to.

Guus, You mean just like we approached them to update their servers a while ago? :p

I suspect, anyway. I've been somewhat sidelined from recent jabber.org decisions.

pep. that's not helpful.

It is what it is

no-one here is very much opposed to this then?

I'm not.

I won't oppose that for sure. Not really in favor either

good enough for me 🙂

I'll poke some of the volunteers at jabber.org.

https://xmpp.org/about/xsf/ipr-policy.html I just realized there are two §3.3

a glitch in the Matrix ?

(pushed a fix)

The redirect is in place.

Thanks intosi !

So NATO uses xmpp for their chat?

https://xmpp.org/about/faq.html says so :)

For tactical chat, anyway, which doesn't imply all chat.

> For tactical chat, anyway, which doesn't imply all chat. What could be the reason for using it in tactical chat?

That's pretty nifty, I knew there was a chat product targeted at the military, but didn't realize it was a NATO thing.

Federation, open standards, good story for security labeling/rbac, constrained bandwidth.

mukt2, they probably didnt select XMPP

they have a contractor who offers a piece of software that does what NATO specified

and this contractor uses XMPP

lovetox: That is not the case :)

Is there a source/reference to this claim? (not disputing it, only curious to know more)

no? NATO has an IT dep that writes all the software themself? doubt it

lovetox, there’s a wide range of options between that

they could for example have made a survey of open chat standards and made a bidding for a contractor which can deliver that

not really, either you write it yourself, or you write user requirements and let it write someone else

XMPP could’ve been part of the requirements

yeah, fair could be

jonas’: (And is)

then the answer is obvious, probably because it is open and a standard

and is there really an alternative?

The last NATO bid I was part of was explicitly requiring XMPP, since that was an existing deployed and federated standard.

But as I mentioned above, XMPP has more going for it for that community than *just* being an open standard. It's an open standard that has desirable properties.

That was a looong time ago, but nothing's changed since.

jjrh, FWIW, it's awkward because it's very difficult to know what *can* be discussed openly (some of it certainly is classified) and what people *want* to be discussed openly, which is somewhat different. Often organisations like NATO default to assuming everything is not to be discussed.

jjrh, But if you search for "NATO XMPP" on a popular search engine of your choice, you'll very likely find things, and the Google search suggestions might even give you pointers...

> isode.com

I’m not surprised ;)

That is a place you might end up.

that’s the first two hits, then it’s xmpp.org

Honestly, the Google search suggestions is the bigger hint.

I get none for "nato xmpp" or "xmpp nato"

https://sotecware.net/images/dont-puush-me/y6MWvbJIbWJqEk7TWc0Ze6__bA2iuR8VVNhzGkumpEE.png

Oh, how disappointing.

dwd: Yeah, it's your history :)

search bubble'd

I thought I'd checked on icognito.

Half of my reason for asking for a source was that it would be useful to point to there from xmpp.org

https://nhqc3s.hq.nato.int/Apps/Architecture/NISP2/cpbprf.aspx?vndb=standards&vsbn=n&refid=fmn2&sbbs=y

All the stuff I'm finding using slightly more informed keywords is coming up behind walls, unfortunately.

So I'm not finding useful breadcrumbs either.

"Basic Text-based Collaboration Chatroom Profile" lists xeps

jjrh, we *did* have "Battle-tested" as part of the slogan on xmpp.org, but that was removed last year

That always did make me giggle.

Why!

https://github.com/xsf/xmpp.org/commit/39455a69d97601b5af091261a892e170c7c2ef62

github doesn’t show me the PR this belonged to ✏

I'm not especially proud of NATO using XMPP fwiw, but I'll leave it at that

jonas’: "W. Martin Borgert" it says doesn't it?

that doesn’t tell me which PR number this was

It usually does :/

proud isn't the right word, but it's a useful selling point to give people when they ask who's using XMPP.

jjrh, depending who you’re talking to, really

jonas’: Sorry, misunderstood the point you were making.

Kev, I recall that there was a brief discussion in the PR, and I wanted to link it

but I can’t find it

sometimes I hate github

"military grade" typically implies "of good quality".

jonas’, of course, /some/ people. but regardless of how you feel about NATO/military it does imply a certain amount of robustness and flexibility

jjrh, people are ready to ignore the implications in face of that

Guus, to be honest, nowadays, military grade mainly implies marketing to me when it’s about IM

jonas’, those people probably already got sold when you told them it's a IETF standard :)

"military grad encryption!!!k"

> proud isn't the right word, but it's a useful selling point to give people when they ask who's using XMPP. It's not just nato. It's also other government agencies. Lots of people 'who have something to hide'. But those people are never very chatty about that

jonas’: As far as I can see, there was no PR here.

jonas’ I can understand that if you read about something being advertised as 'military grade' without knowing if it's actually being used by the military. Apparently, for XMPP, it's the other way around.

Kev, I recall discussion on github, it must’ve been somewhere

Github might simply be lying to me.

XMPP can use AES, and we all know AES is "military grade" :)

> All the stuff I'm finding using slightly more informed keywords is coming up behind walls, unfortunately. > So I'm not finding useful breadcrumbs either. Maybe something open source must be written on the subject.

Most of it is fairly dry, like: https://aplits.disa.mil/docs/UC-XMPP2013C1.pdf

I know that there aren't many Windows users here, but there's a serious vulnerability in ECC in all versions of Windows, so make sure you're up on that.

yep https://kb.cert.org/vuls/id/849224/ for more context

https://nl.movim.eu/?about#statistics_tab Gajim is quite high actually !

ECC bad. AES good. Something something :)

you mean RSA but yea probably :)

Ref to the earlier "military grade" message ;)

Is it just me or does no link in the xmpp.org header work without allowing scripts from ajax.googleapis.com?

it’s just you

;-(

Oh, now it works.

Hello,

Why does it say XEP-0363 is still lastcall?

https://xmpp.org/extensions/xep-0363.html

What is the status of XEP-0363 currently?

tom, the status is that I need to re-issue the LC

thanks for reminding me

Ok

Thank you

But just to be clear, it's still not considered 'stable' yet or is at the last stage until stable?

please check the roadmap on the top right

LC is the stage before Draft

it is probably only not-draft for formal reasons and those should be resolved within the next month or so

Thanks for clarifying

sent a mail regarding that to standards@