-
thilo.molitor
hi everyone. I wanted to make some editorial changes to my pull request, regarding the xml schema in xep 0353,but I'm not sure if I understand xml schema sufficiently enough to do the right thing.
-
thilo.molitor
https://github.com/tmolitor-stud-tu/xeps/commit/ea90fd54c063c341ae41586901fb1d6b841a8048
-
thilo.molitor
the reason element is copied over from the main jingle xep, but I want to reference the jingle schema and use it rather than copying the parts needed over to xep 0353. Is my commit correct or did I make some xml schema mistakes?
-
emus
jonas’
-
jonas’
I don't speak XML schema very well myself, but I'll take a look when I look at the PR
-
flow
due the recent "superseed" changes to the XEPs, I became aware that we are probably missing a nice disclaimer that this XEP is superseeded by another in the XEP header (you know, just like RFCs / I-Ds have such a thing)
-
flow
hmm it's probably not so hard to xslt such a thing™
-
larma
> https://xmpp.org/extensions/xep-0403.html#usecase-iq-relay > The MIX channel will modify the JIDs in the outgoing message, so that the 'to' is the full JID of the recipient Last time I checked, MIX room members are registered by their bare jid not full jid. How is this supposed to work?
-
larma
> https://xmpp.org/extensions/xep-0403.html#usecase-vcard > The MIX service will then address the vCard request to the user's server (using bare JID) So the MIX service will need to have special handling for vCard and not just handle it like every IQ?
-
larma
I kinda get the feeling that MIX replicates all the dirty quirks we already have in MUC implementations today rather than fixing them properly...
-
flow
larma, not that I know the answer, but is the MIX server maybe subscribed to the user's presence?
-
larma
And what happens when you have two devices online?
-
flow
magic :)
-
larma
> MIX replicates all the dirty quirks we already have in MUC
-
flow
but yes, that seems to be fragile and maybe it should be clarified that it only works under certain conditions
-
larma
Maybe just accept that IQs are not meant for (semi-)anonymous groups?
-
larma
and vCards
-
flow
I can only assume that the authors intention was to allow for certain established use-cases
-
larma
I mean... vCards are literally about sharing your personal details which is the opposite to staying anonymous...
-
mjk
B- but muh muc avatar!
-
flow
larma, I am curious what you have in mind what "fixing them properly" could mean here
-
larma
Either allow the sender to decide which resource/device the IQ should be sent to (or that it should go to the bare jid) or just don't do IQs. If you want vCards or avatars in semi-anonymous groups, allow users (optionally and per room) to upload those to the group server.
-
mjk
> If you want vCards or avatars in semi-anonymous groups, allow users (optionally and per room) to upload those to the group server. This sounds like it'd also fix the one-vcard-many-rooms problem (having different avatars & stuff in different rooms). Awesome
-
flow
yep, I think that would be an improvement, but also complicates the protocol. not sure if it's worth it, I currently tend to be happy with IQs not working in semi-anonymous rooms
-
flow
however, people want avatars everywhere, even in semi-anonymous rooms where they could be a way to de-anonymize them…
-
larma
flow, that's probably because most people don't care if they are semi-anonymous in the room
-
mjk
Yea, avatar is like an extension of nickname
-
larma
I mean, you are also writing on public mailing lists without anonymity.
-
mjk
Matrix seems to make that assumption too, which numerous xmpp users take issue with (me incl.)
-
larma
I'm not against semi-anonymous rooms, just that we either should keep that promise or give it up. not the current mix where someone with sufficient resources can deanonymize room members based on vCard and PEP
- mjk wholeheartedly nods
-
larma
btw, even if we got rid of semi-anonymous rooms entirely, we still have other means of joining rooms anonymously, like 0383 burner jids
-
huhn
#
-
lovetox
larma, not that its the right solution, but the problem goes away we storing your vcard and avatar on pubusb
-
lovetox
and making the node only accesible for people you share presence with
-
lovetox
that gives people who dont care about anonymity the choice to show their avatar to anyone, and the others not to
-
lovetox
if i think about it, no it does not feel right to disallow a service to request private data
-
lovetox
you should store your private data in a place where you can set permissions
-
lovetox
that xmpp not offered such a place was a lack of the protocol
-
lovetox
but it does now
-
lovetox
so now its on you if you dont use it
-
larma
lovetox, the problem does not go away, we still have weirdly broken IQ rules for MUC services. Your suggestion just solves the deanonymisation issues in MUC at the cost of features unrelated to MUCs.
-
lovetox
yes thats what i meant, the problem of deanonymisation
-
lovetox
this goes definitly away
-
lovetox
weird IQ rules, i agree, but i dont see how they hurt people
-
larma
Let's say I want to share my vCard with everyone that has my JID, but still want to be (semi-)anonymous in MUCs.
-
lovetox
please dont invent now use cases
-
larma
That's not new, that's reality
-
lovetox
so store it on pubsub accessmodel=open?
-
lovetox
then everybody can request it
-
lovetox
but also the muc
-
lovetox
if you need fine grained permission management you need to use whitelist
-
larma
I don't want fine-grained permission management, I want MUCs to not make everything more complicated
-
lovetox
and if you really need your use case, then you need to add a new protocol for that
-
Zash
If you go to a public place, you show your face but don't advertise your home address. Like here, avatars shown but not JIDs.
-
lovetox
larma, its not complicated, i store my vcard on pubsub so only people I WANT can access it
-
lovetox
what is there complicated?
-
lovetox
and a MUC is just "people"
-
larma
To complete Zash's example: If people already know my home address, I'm fine with them being able to ring the bell to discover my face.
-
lovetox
yeah valid use case, but i dont see how thats easily possible
-
lovetox
the problem with the protocol is that identitys are not easily identifiable
-
lovetox
there is no sure way how you even can identify a user account
-
lovetox
what you would need is some way to treat requests from a MUC or non-user-accounts, differently
-
lovetox
but its still possible with pubsub, but its a burden on the client developer
-
lovetox
hm no
-
lovetox
no its not possible, you basically want, the world to read your vcard, but not if they share it with others ..
-
lovetox
its not in your control what they do after you showed them your vcard
-
thilo.molitor
jonas’ do you think I should incorporate my changes into the already open pull request or ceate a new one once the old one was merged?
-
thilo.molitor
I also added a disco feature in a separate branch...same question: should I include that n the aleady open PR or should Iceate a new one for this?
-
larma
lovetox: you are thinking it the wrong way round. You want to restrict access to data for services that forward it to others, when instead we could just get rid of those services.
-
larma
Because MUCs are the only services that forward data to users that don't have your real jid.
-
lovetox
but you cant, this is a decentralized protocol, your approach would be to share your vcard and then say, pretty please dont share it
-
lovetox
it would be a solution, but not a very stable one
-
lovetox
its a solution depending on developers honoring your wishes
-
lovetox
when in reality you want your server to guard your data, and you should be in control with whom you share it
-
larma
Normally, services don't have my JID except when I explicitly tell them. And I won't tell arbitrary them when I don't believe they will follow the rules that we agreed on.✎ -
larma
Normally, services don't have my JID except when I explicitly tell them. And I won't tell them when I don't believe they will follow the rules that we agreed on. ✏
-
larma
Same as with semi-anonymous rooms I believe they won't share my real JID to everyone but just to moderators and admins
-
lovetox
so what are you saying? get rid of anonym mucs because they are not really anonym because you cant decide to not share your JID with them?
-
larma
No, I say clients should stop relying on IQs in MUCs for vCard and avatars, so MUC servers can default to disable IQs
-
lovetox
yeah as i said, thats just hoping for developers honoring your wishes
-
lovetox
dont know if hope is a good thing to depend on if at stake is your privacy
-
larma
That's not hope. I already trust servers to follow the protocol. The problem is that the protocol just doesn't provide an important feature here.
-
lovetox
feature? nobody forces a MUC to relay IQ requests ?
-
larma
The standard does
-
larma
Or at least suggests doing it would be good
-
larma
And clients rely on it, so they will do
-
larma
Server developers are not at fault here, they're just doing what client developers ask them to do
-
larma
> I say clients should stop relying on IQs in MUCs for vCard and avatars, so MUC servers can default to disable IQs
-
lovetox
i dont agree with your trust argument, no case comes to mind where i trust a MUC server to do anything
-
lovetox
thats why we have e2e
-
larma
When you join semi-anonymos MUCs that announces to have logs disabled, do you expect it to publish the chat history including your real JID on a website?
-
lovetox
no i dont expect it, but that shifts the goal, do you want to fullfill expectations? yes then i agree get rid of IQ routing rules
-
lovetox
do you want to have privacy? then this is just a bandaid
-
lovetox
im not arguing that iq routing rules are something good here
-
larma
I want privacy when I join MUC servers where I trust the operators. Like in this MUC.
-
lovetox
i just think the vcard case to show it, is not a very good one
-
lovetox
but yeah lets do both
-
lovetox
use pubsub AND fix routing rules
-
lovetox
its nothing that is in opposition to each other
-
larma
Yep
-
jonas’
thilo.molitor, small PRs are nice for review, I can merge them all at once if they fit the requirements – just make sure to *not* include a revision block then
-
Thilo Molitor
jonas’: okay, thanks :)
-
bung
XMPP <3
-
Link Mauve
Re 0363, at no place it specifies that HTTP headers are case insensitive, would it be useful to say that?
-
Link Mauve
I took HTTP for granted, but I’m reviewing an implementation which only accepts Title-Case headers.
-
jonas’
Link Mauve, what. yeah.
-
jonas’
might be worth making it explicit, in addition to the fact that multiple values may be present and that their order must be preserved and they must all be passed to the HTTP server
-
Link Mauve
I couldn’t figure out how to say that in the schema though.
-
Link Mauve
Do we have any other similar case in the protocols?
-
jonas’
I don't think so
-
jonas’
but the schema is non-normative™✎ -
jonas’
but The Schema Is Not Normative™ ✏
-
Link Mauve
jonas’, https://github.com/xsf/xeps/pull/1135
-
jonas’
order?
-
Link Mauve
Done.
-
jonas’
thanks
-
jonas’
editor is on vacation until next week though :)
-
Link Mauve
There is no hurry. :)
-
Link Mauve
Editor can take his time, I won’t come knocking to his door all angry or anything.
-
jonas’
that's good
-
Neustradamus
thilo: https://github.com/tmolitor-stud-tu/xeps/commit/ea90fd54c063c341ae41586901fb1d6b841a8048#commitcomment-62599720
-
Zash
https://www.yes-www.org/
-
Holger
Esp. <https://www.yes-www.org/why-use-www/>. Then again we redirect www.xmpp.org to xmpp.org.
-
Holger
And it should be https:// I guess. Neustradamus you overlooked that?!?!
-
Link Mauve
Also TLS.
-
Link Mauve
Holger, ^5
-
Holger
🙂
-
Neustradamus
https://xmpp.org/extensions/xep-0166.html
-
Neustradamus
XML Schema for the 'jingle' namespace: <http://xmpp.org/schemas/jingle.xsd>
-
Holger
Everything is broken.
-
Zash
I'm in it to increase web related suffering as revenge for not adopting SRV records! 😉
-
Ellenor Malik
???
-
Holger
Ellenor Malik, there's SRV records such as `_xmpp-client._tls.example.com` to point XMPP clients to the server handling the example.com domain, which might be `xmpp.example.com`. There's no `_http._tcp` record to point browsers querying https://example.com to the actual server handling that query, e.g. www.example.com. The absence of support for such SRV records is part of the reason why the `www.` subdomain got popular.
-
Ellenor Malik
;w;
-
Holger
_tls? _tcp even.
-
Ellenor Malik
There's no HTTP/_tartTLS.✎ -
Ellenor Malik
There's no HTTP/StartTLS. ✏
-
Holger
Yes, there's HTTPS, which would require `_https._tcp` records, if there was SRV support in the first place.
-
Zash
There was starttls for http somewhere
-
mjk
`Location: https://...`?
-
mjk
Wait, disregard that
-
Link Mauve
It might be useful to add HSTS Preload to our HSTS header, so that xmpp.org would be included in the list of domains which always want TLS on HTTP, shipped with browsers.
-
mjk
> www. in URLs is that it serves as a gentle reminder that there are other services than the Web I prefer `web.` for that. More explicit and doesn't suggest the domain serves a site _about_ w3
-
Zash
I'm a fan of this myself ``` set $should_upgrade "$https$http_upgrade_insecure_requests"; if ($should_upgrade = "1") { return 307 https://$host$request_uri; } ```
-
Link Mauve
I stopped serving anything on port 80 some year ago, after years of doing that redirect, and nothing broke because of HSTS Preload.
-
Holger
mjk, I'm not sure how large the proportion of users is that will be confused by "www" suggesting a site about the web technology 😉
-
mjk
Link Mauve: do browser vendors actually harvest the interwebs for HSTS headers? My impression of the technology always was that each browser installation learns on its own
-
Link Mauve
Which freed it for certificate retrieval as well as the occasional proxy bypass port.
-
Holger
But the whole reminder idea is nonsense of course, except that you might be happy about being reminded if you knew anyway.
-
Link Mauve
mjk, no, you go to https://hstspreload.org/ and request your domain to be added there.
-
Link Mauve
It will check that you do serve the HSTS Preload header, so that no one but the website owner can include this header in browsers’ lists.
-
mjk
Holger: probably in minus 6th order of 10. :) But I sleep better
-
Holger
🙂
-
Link Mauve
mjk, the process is explained on that website.
-
mjk
Link Mauve: ah, TIL, thanks
-
jonas’
Link Mauve, also firefox now has that annoying behaviour to try https if something goes wrong on http. (which adds to the "not serving port 80 doesn't break anything")
-
jonas’
it is about as annoying as it adding .com or whatnot to a domain name if something goes wrong
-
Link Mauve
Oh, TIL about this behaviour.
-
mjk
Annoying for debugging port 80 issues, I guess. But the .com thing is just... ugh, whyyyy
-
jonas’
mjk, it's also annoying for developing locally when your dev server just crashed and you get "redirected" by firefox to https and you don't notice and then f5 won't do anthing anymore because it's going to 443 instead of 80 now.
-
Ellenor Malik
fuckerfox✎ -
jonas’
Ellenor Malik, watch your language
-
Ellenor Malik
*sigh* ✏
-
Ellenor Malik
LMC'd
-
mjk
jonas’: that... is suspiciously specific :D
-
Ellenor Malik
Firefox should do better. It should say "port 80 doesn't work" and _offer_ preloading 443.
-
mjk
jonas’: browser.fixup.fallback-to-https seems the tweak for that
-
jonas’
thanks, toggled <3
-
Link Mauve
Thanks!