XSF Discussion - 2020-04-18

flow, role and affiliation has to be in all presences

as these elements can only be in a muc#user extension, the answer is yes

XEP-0373: OpenPGP for XMPP Is it ok to add a body stanza for XEP-0373? (e.g.: https://codeberg.org/xmpp-messenger/xmppc/src/branch/master/src/mode/openpgp.c#L74) It's not defined in the XEP.

read XEP-0380 and follow it

oh,... next XEP :-) I will check, thx

I think the namespace for OMEMO is wrong in https://xmpp.org/extensions/xep-0380.html#protocols. Has been changed in XEP-0384 V 0.4.0?

yes Link Mauve ^

it's not "wrong", it's still very much a thing

also https://github.com/xsf/xeps/pull/907

jonas’, why doesn't https://xmpp.org/extensions/xep-0390.html#algorithm-input talk about sorting in the actual algorithm?

uhh

oversight I guess

ah, it does

> Join the resulting octet strings together, ordered from lesser to greater.

ahh, i greped for sort

yeah, me too :D

and asumed the sorting happened before the "for each" loop

Hi, would you have any comments on PrivacyTools delisting XMPP due to E2EE-by-default not being required by any XEP currently? https://github.com/privacytoolsIO/privacytools.io/pull/1836 Personally I am unable to approve this PR in good conscience as I see federation more important to privacy than E2EE-by-default, but I have opened a tracking issue in case that will happen picking up promising looking XEPs from the future development of compliance suites https://github.com/privacytoolsIO/privacytools.io/issues/1838

ugh people really need to stop confusing spec and implementations

Mikaela, there is no standards venue where requiring E2EE would be acceptable.

XMPP is more than just instant messaging, and the XSF has to consider this.

A specification which requires E2EE by default would be tricky at least. It could be on Informational track, it would stay controversial, and may or may not make it into IM-Core.

there are also situations where high security demands of a group counter the E2EE interests of the individual, making E2EE impossible to use.

so, no, it wouldn’t make it into IM-Core

probably not IM-Advanced

so yeah, it’s not going to happen.

not under the XSF umbrella either way

I was wondering if some compliance suite would be a place for it, but that is in line with my thoughts

(my personal judgement of the situation mostly)

I still think that basing the PrivacyTools decision on this is wrong though

yes

I agree

Conversations has it by default, they can list it there

Snikket, too?

sure..

Snikket would be a thing to place there

more than XMPP itself anyways

snikket, and maybe things like Tigase things, Xabber things, (if they do e2ee by default, dunno)

Xabber thinks E2EE is for drug dealers only

it's all good then, it's private :)

But they would implement OMEMO for 2 bitcoins

Mikaela: thanks for keeping an eye on this btw :)

you're welcome 💜️, it's kind of my responsibility

I see compliance suite has added STUN & TURN discovery as informational result, is this due to the planned support of VoIP Calls in Conversations?

Jeybe, not sure if this is the right channel for that question. but yes

ahh the other compliance suites, not xep423

Did you mean the Conversations Compliance test tool?

Zash: Yes, a STUN TURN test has been added to caas

so xep128 is not really clear if there can be multiple forms. or am I wrong? xep115/390 algo however handles multiple forms. should this be clarified in xep128?

Clarification good.

flow, disco#info uc.xmpp.zombofant.net for an example of multiple forms

I suppose many http upload services have that because of differing versions

(though I’m not sure if uc.xmpp.zombofant.net federates)

here’s a textual representation: extensions: urn:xmpp:http:upload:0 var='max-file-size' values=['104857600'] urn:xmpp:http:upload var='max-file-size' values=['104857600']

> No certificate provided by uc.xmpp.zombofant.net

right

it’s not configured for federation for obvious reasons :)

adding explicit wording in '128 is certainly not bad; it was quite obvious for me though that '128 allows multiple forms

>Did you mean the Conversations Compliance test tool? Zash‎, yes, meant the compliance checker, not the suite. pardon

Could someone remind me why XEP-0353 appears to be stuck in Proposed?

we last called that a while ago; council rejected it

and then editor fogot probably

seems realistic

hi

jumplkuter‎, hello

.v

wrong chat =)

Mikaela: I feel that XMPP is unfairly demoted on privacytools.io. The Matrix section more or less assumes Riot and briefly mentions other clients may not (in my experience always are not) up to the same standard

A fair comparison would be better against specific XMPP implementations, with a similar note

A simple improvement (from a usability perspective also) would be to indicate which listed XMPP clients have default E2EE, instead of just bucketing them all as "inconsistent"

That would help guide people to the more privacy-conscious implementations

If you value privacy (or really any single property) over all else with no compromises your choinces tend to be limited.

Well I think it is good to give people informed choice