XSF Discussion - 2022-04-18

If namespaces were dropped, would there be any name collisions in practice? I mean <mechanisms> is unique even without the namespace being specified, isn't it. Are there currently any tags that would conflict were namespaces not there?

kurisu: it's how XEPs are versioned

And also how uncoordinated extensibility is achieved

XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur

(Or element names would need to be long and ugly themselves. :) Oh and attribute names too) ✏

Also, I'm pretty sure any normal stanza fits into a network packet just fine, even without compression

I'm not sure that's the case

> XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur Have they?

kurisu: yes, for every xep that has multiple different versions

Child elements named 'x' or 'query' are pretty common.

<enable> is used in various protocols

There are certainly many examples of collisions to find

Why was xhtml-im deprecated?

Because clients, especially web clients, would just put the contents into the web page at worst, or incorrectly sanitize it at best

So if someone was using a web client, you could, for example, send them a <script> which would get executed - and that script would have full access to their XMPP account, etc.

Some people believe this the fault was of the developers, some of the libraries, and some believe it was the design of the protocol

The rationale for deprecation was "let's replace it with something completely unlike HTML, so clients are forced to translate it... and therefore always emit safe HTML"

kurisu, search for which XEPs use `<query/>` :)

also, pubsub alone uses at least three differently namespaced `<pubsub/>` elements.

>> XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur > Have they? Outside of XEPs, that's pretty much umknowable. People and companies use xmpp in all sorts of (weird) ways, and it's not unheard of that those things get to interop with xmpp software that follows _only_ the rfcs and xeps

Are those using namespaces tho?

They should, is my point

At least it's not html

With <script>s

Although who knows if the implementation just does eval on these attrs

flow: about openpgp xep, how would encrypting files and using http upload work?

with omemo we send a aesgcm:// link to the contact, and then he knows this is encrypted, with openpgp we could probably do something nicer and build on some of the filetransfer metadata xeps

because we have fullstanza encryption

lovetox, 454 isn't bound to OMEMO

but im not aware that anything anywhere is specified

But yeah there's certainly better than that

sfs?

of course it is pep.

it says that in the name lol

No it's not? It's basically just aes encryption..

it's just that the transport should be encrypted to send the link

So you can use whatever

https://xmpp.org/extensions/xep-0447.html and https://xmpp.org/extensions/xep-0448.html otherwise

hm true

448 looks good

yeah

thanks

lovetox: when using pgp why not just use pgp file encryption

moparisthebest, its not about how to encrypt, its about how to tell the other person that it is encrypted

but 0448 seems to solve that

lovetox: well when it ends with .pgp they know