GuusFMUC wise, how can the state of federation be reflected to users in the chat? Currently the only way as a user to tell if you've lost federation is that you see people leave the chat, it seems?
GuusThanks. A quick reading does not make me confident that I get its meaning, but it seems at least partially related.
GuusWill look into it further
lovetoxGuus, i would say a user does not need to know that
Guuslovetox: why is that?
lovetoxbecause its nothing that should happen regulary, its a technical detail of the protocol and infrastructur
lovetoxyou dont get a whatsapp message when one of their server goes offline for a minute
lovetoxservice is not working, i guess the user will notice that if he cant see any people in a MUC anymore
lovetoxthats all he needs to know, and bug his admin afterwards
sonnyhas left
sonnyhas joined
KevI think you're making assumptions there about the nature of the deploymen.✎
KevI think you're making assumptions there about the nature of the deployment. ✏
KevFMUC is typically deployed places where it is something that may happen frequently, and that the users may well want to know.
KevGuus: From memory, we exit the users from the room with a show saying why.
GuusWhat Kev said, and: thanks Kev.
KevI don't *think* we inject a system message at the same time, but I might misremember that bit.
karoshihas left
karoshihas joined
GuusI am compiling a rather long text of XEP feedback - not very structured at the moment, but I guess I should post it somewhere
KevI've had a TODO to look at FMUC for ages, but as no-one else was implementing it it dropped way down my list.
KevSorry Guus.
GuusNo worries, that's only to be expected.
GuusI'm grateful for the feedback you've been giving me recently
mukt2has left
Andrzejhas left
mukt2has joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
sonnyhas left
sonnyhas joined
Nekithas left
Nekithas joined
mukt2has left
neshtaxmpphas left
mukt2has joined
karoshihas left
Andrzejhas joined
waqashas joined
neshtaxmpphas joined
jonas’classic IRC netsplit
jonas’lovetox, it happens "all the time" on IRC
jonas’and I’m not sure if FMUC can replay history, in which case you’d very well need to know what’s goin gon✎
jonas’and I’m not sure if FMUC can replay history, in which case you’d very well need to know what’s going on ✏
werdanhas joined
mukt2has left
krauqhas left
Shellhas left
Shellhas joined
karoshihas joined
debaclehas left
chynahas left
Yagizahas left
mukt2has joined
stpeterhas joined
Shellhas left
Shellhas joined
remkohas joined
krauqhas joined
chynahas joined
archas left
archas joined
neshtaxmpphas left
neshtaxmpphas joined
mukt2has left
adiaholic_has left
paulhas left
mukt2has joined
neshtaxmpphas left
neshtaxmpphas joined
adiaholic_has joined
Andrzejhas left
Andrzejhas joined
Wojtekhas joined
krauqhas left
krauqhas joined
krauqhas left
krauqhas joined
remkohas left
remkohas joined
Shellhas left
Shellhas joined
Shellhas left
Shellhas joined
Nekithas left
archas left
archas joined
Syndacehas left
werdanhas left
Andrzejhas left
Andrzejhas joined
remkohas left
remkohas joined
Andrzejhas left
Andrzejhas joined
mimi89999has left
Andrzejhas left
Andrzejhas joined
Shellhas left
Shellhas joined
alexishas left
Shellhas left
GuusThe history sync is awkward. I haven't figured that out in our implementation.
remkohas left
govanifyhas left
govanifyhas joined
chynahas left
Steve Killehas left
remkohas joined
Steve Killehas joined
govanifyhas left
govanifyhas joined
ZashMUC-to-MUC MAM?
govanifyhas left
govanifyhas joined
govanifyhas left
govanifyhas joined
emushas left
xeckshas left
HolgerMatrix.
ZashNot until start trying to merge those histories
HolgerMatrix in broken.
xeckshas joined
waqashas left
chynahas joined
emushas joined
Andrzejhas left
Andrzejhas joined
tomhas left
Shellhas joined
Andrzejhas left
Andrzejhas joined
Andrzejhas left
Andrzejhas joined
Andrzejhas left
Andrzejhas joined
Andrzejhas left
Andrzejhas joined
Andrzejhas left
Andrzejhas joined
Syndacehas joined
Andrzejhas left
Andrzejhas joined
Andrzejhas left
Andrzejhas joined
KevGuus: Is it that tricky? It's mostly the same as client history.
karoshihas left
GuusKev: which I've never implemented myself either. 😁
ZashKev: Gets tricky if there's history on both sides that the other doesn't have?
GuusWhat I wonder about is injection history mid-session, when a room with existing history and ongoing chat suddenly needs to interweave history from another source that joined.
mukt2has left
mukt2has joined
govanifyhas left
govanifyhas joined
karoshihas joined
chynahas left
chynahas joined
DebXWoodyHere little bit feedback / remarks / question for XMPP-OX: https://wiki.xmpp.org/web/Tech_pages/OX
lovetoxDebXWoody, after reading that my motiviation to implement OX is near zero
werdanhas joined
moparisthebestso you are saying there is a chance? >:)
lovetoxi tell you what i implement
lovetox- Client generates Key, user can't bring his own
- Key has no password
- There is only one public key accepted per contact, and the only source of it is PEP
flowDebXWoody, read it, pubsub get will get you the latest published item on a node, which is the latest version of the key
lovetoxIs it possible with pgp to change the expiry date on a key without changing the fingerprint?
flowyes
DebXWoodyyes
lovetoxhow does that work?! surley it has to be protected someway
flowlovetox, it's a signed packet added to the keyring
chynahas left
lovetoxsigned by who?
flowsigned by the master key
lovetoxand who signes the expiry date of the master key
chynahas joined
lovetoxor does the key i generate sign the packet itself
flowbasically yes
lovetoxOk, yeah then let me add to that list
- No expiry date on keys
flowyes expiries are typical not useful for the average user
Andrzejhas left
Andrzejhas joined
lovetoxi like OX i think its less complicated than OMEMO and i dont really need the benefits of OMEMO
flowdepends
DebXWoodylovetox, why near zero? I know what has been implemented (at least a little bit). I think your approach is not wrong. I see some pros on your implementation, but also some cons.
flowopenpgp provides a lot of freedom
lovetoxbut i fear that people go into that with their own ideas how openpgp in xmpp should work
lovetoxand the XEP basically lets many things open
flowand it could happen that OX is grated by different opinions which try to move it toward their choice
lovetoxand i fear this will make it not interoperable
mimi89999has joined
flowwhich would be sad, because I think the existing openpgp ecosystem shows that it is interoperable while allowing a high degree of freedom
lovetoxflow only if you have a client that supports all the freedom
flowno I don't think so
lovetoxwhich makes it less likely to implement
flowMUAs shows that this is possible
DebXWoodylovetox, I think we should fine a mix of it, this is the reason why I started this wiki page. I would like to use XMPP with my Nitrokey, this is basically the reason why I prefer to use my own keyring also.
lovetoxMUAs? whats that
flowmail clients
lovetoxFor me OX has to be implemented in a way that it is as invisible and easy to use as OMEMO
DebXWoodyyes
flowsure
lovetoxyeah but that rules some things out for me that people that use PGP do daily
flowprobably, but does that mean that your code will not be able to exchange openpgp secured messages with those people?
Andrzejhas left
Andrzejhas joined
chynahas left
lovetox- typing in a password daily to unlock the key
- depending on PGP trust states (not sure about that but my feeling is i want to have my own trustmanagement rather than what pgp offers)
lovetoxits not about sending messages flow, its about sharing your secret key with other devices
flowso you want a dedidcated key for xmpp? that's fine
flowkeyring even
lovetoxthere are the people that want to use their own key and dont trust the application (hence want to use stuff like PGP Agent)
Andrzejhas left
Andrzejhas joined
lovetoxand this needs totally different development approach
flowsure, those are then probably users that will not be happy with your implementation, if it does not allow for it
lovetoxyeah but that also means, if some clients support this, some not
lovetoxthey cannot work together
flowwhy not?
DebXWoodyThis is why I would like to talk about it.
chynahas left
flowwe maybe first have to define "this", but…
chynahas joined
lovetoxbecause when you put a password on your key, and i have no GUI where you can put in that passwod, that means you cannot use both clients with the same account
chynahas left
flowlovetox, how does your no password approach work with multiple devices?
DebXWoodylovetox, I think pinentry will do it.
chynahas joined
lovetoxi dont undestand the question flow
lovetoxhow is multiple device related to a password
Andrzejhas left
Andrzejhas joined
flowlovetox, do you want to support multiple devices?
lovetoxof course
flowlovetox, how does the onboarding work with your no password approach?
flowhow does a new device get a hold of the secret key material?
lovetoxare you talking about your AES backup code?
lovetoxAES encrypted secret key in the PEP node
lovetox?
lovetoxim not talking about that, that is fine
flowok, but then where is the problem?
lovetoxbut maybe you remember, you can put a password on a PGP key on creation, and then i have to additionally encrypt it with AES
flowif you want to store the key material unencrypted locally, that is your choice
flow(as developer)
Andrzejhas left
flowhow an openpgp implementation obtains the secret key material is outside the scope of OX and OpenPGP
flowso I don't see how this could cause that some clients are not able to work together
lovetoxhow is that out of scope, if you describe in your XEP how the secret key is obtained and even how it has to be encrypted
flowthat is only to fetch the secret key material if you don't have it
flowbut once you have it, you would usually store it locally
DebXWoodyI think this is not fully clearly defined.
lovetoxok so if you dont describe this, and i assume all material that i decrypt is not additional secured, and other implementation dont assume that and create only passworded keys
lovetoxthen both clients are incompatible
lovetoxregarding secret key sharing
chynahas left
chynahas joined
flownow you have really confused me
flowif the secret key material is shared via the PEP node as specified in xep373 § 5.4, then I'd argue it is clear for the implementations how the data should look like, and especially that it must be encrypted
flowstoring unencrypted openpgp secret key material in a PEP node would be not ideal
lovetoxyes obvious
chynahas left
lovetoxbut implementing this yields not necessarily a useable key
flowand why is that?
lovetoxbecause PGP keys can be password protected
flowyes, but the transferable key format (rfc4880 § 11.2) is unencrypted, and that is what xep373 § 5.4 specifies
flowwould be pretty silly to have another potential encryption layer here✎
flowwould be pretty silly to have another *optional* encryption layer here ✏
lovetoxahh i didnt know that
flowglad we could clarify that :)
lovetoxthis is another problem with the XEP for me, you refering to openpgp rfcs its fine, but you should add examples how one can get these transferable formats from gpg
lovetoxi think we can assume nobody that implement OX will write its own rfc4880 implementation
flowhopefully not, but you need to knowledge about the used building blocks✎
flowhopefully not, but you need some knowledge about the used building blocks ✏
flowbtw, I would recommend using sequoia pgp instead of gpg
neshtaxmpphas left
neshtaxmpphas joined
DebXWoodyflow, "please completely ignore the web of trust" why?
pep.Well that's up to the client, and I don't think it actually impacts how it's used on XMPP at all.
pep.As long as some more technical users don't force that on others for no reason
Shellhas left
Shellhas joined
pep.DebXWoody, it's also just possible for a client to use a freshly created keyring just for XMPP usage, and then a tech user can sign that key with their own if they really want to
Shellhas left
Shellhas joined
pep.It makes it easier for the client because it can use its own assumptions and doesn't have to plan for every all the various differences they can find in the real world✎
werdanhas left
pep.It makes it easier for the client because it can use its own assumptions and doesn't have to plan for all the various differences they can find in the real world ✏
remkohas left
remkohas joined
lovetoxflow, how do you get from https://tools.ietf.org/html/rfc4880#section-11.2
lovetoxthat this is unencrypted?
DebXWoodypep.: To sign a fresh key with a own key will not help to use for instance a OpenPGP SmartCard.
pep.DebXWoody, that might be a nice feature but then you're kinda condemning the account to use a key per device
pep.Or .. a key for the account and then a specific key for that device. Not sure how that would work
lovetoxflow further, i looked up the manual of gnupg, it lets me export the key in multiple formats PKCS#1, PKCS#8
lovetoxnone of the documentation refers to rfc4880 11.2
pep.DebXWoody, probably something to think about anyway. How to reconcile all these various use-cases..
pep.(or not, but signal it somehow)
lovetoxi doubt 11.2 says anything about if it should be encrypted or not
lovetoxit just states some packet order, one of the packets is the secret key packet, and it does not say what that packet should contain
lovetoxand if a secret key is ecnrypted or not, is defined inside the secret key packet
remkohas left
remkohas joined
DebXWoodyI can just say what I prefer, but this depends on the user. I think we should try to keep it open. I generate 2 keys. One key is a CA key, one key is my personal key. The CA has been generated on a Smartcard, no backup. My personal key has been moved on a Smartcard for the Desktop and on a Nitrokey for Laptop (an Smartphone). The CA will be used to sign my keys and all friends. The personal is for daily use. Anyway, I will try to write some more information.
neshtaxmpphas left
mukt2has left
marchas left
mukt2has joined
Mikaelahas left
DebXWoodyAnyway, I was able to send a message to gajim. It's 50% :-D
lovetoxDebXWoody, drop me a message if you need help debuging when something does not work
DebXWoodythx
mukt2has left
mukt2has joined
remkohas left
marchas joined
mukt2has left
Nekithas joined
mukt2has joined
archas left
archas joined
karoshihas left
karoshihas joined
marchas left
Danielhas left
Danielhas joined
remkohas joined
chynahas joined
archas left
archas joined
archas left
archas joined
marchas joined
krauqhas left
krauqhas joined
marchas left
marchas joined
dwdhas left
goffihas left
jonas’has left
lorddavidiiihas left
chynahas left
chynahas joined
chynahas left
chynahas joined
neshtaxmpphas joined
remkohas left
Andrzejhas joined
remkohas joined
alexishas joined
krauqhas left
krauqhas joined
remkohas left
stpeterhas left
Andrzejhas left
neshtaxmpphas left
stpeterhas joined
Danielhas left
Danielhas joined
stpeterhas left
karoshihas left
mukt2has left
adiaholic_has left
adiaholic_has joined
karoshihas joined
Danielhas left
Danielhas joined
stpeterhas joined
mukt2has joined
neshtaxmpphas joined
wurstsalathas left
mukt2has left
andyhas left
adiaholic_has left
archas left
archas joined
chynahas left
stpeterhas left
mukt2has joined
Danielhas left
Danielhas joined
neshtaxmpphas left
lovetoxhas left
karoshihas left
alexishas left
stpeterhas joined
alexishas joined
pep.It's possible to have one set of identifiers (login/passwd) and multiple Jids right?
Tobiashas left
pep.Something SASL authz? (just handwaving words I don't really understand)
ZashSort of
pep.I know, the next question is gonna be "what do I want", not entirely sure myself. For now I'm trying to see if it's possible to have just one account and multiple identities
neshtaxmpphas joined
archas left
archas joined
pep.Also anybody implemented burner jids yet?
pep.I'm curious if they can be reused. This requirement suggests they might: "As the author of a social website I want to allow users to create ephemeral identities which can be used to contact them even if they have not granted access to their personal information."
emushas left
emushas joined
mukt2has left
Danielhas left
Danielhas joined
stpeterhas left
mukt2has joined
lovetoxhas joined
stpeterhas joined
mukt2has left
Shellhas left
Shellhas joined
waqashas joined
pep.https://xmpp.org/extensions/xep-0045.html#createroom-reserved what on earth is a reversed room