-
kurisu
If namespaces were dropped, would there be any name collisions in practice? I mean <mechanisms> is unique even without the namespace being specified, isn't it. Are there currently any tags that would conflict were namespaces not there?
-
moparisthebest
kurisu: it's how XEPs are versioned
-
mjk
And also how uncoordinated extensibility is achieved
-
mjk
XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur
-
mjk
(Or element names would need to be long and ugly themselves :))✎ -
mjk
(Or element names would need to be long and ugly themselves. :) Oh and attribute names too) ✏
-
mjk
Also, I'm pretty sure any normal stanza fits into a network packet just fine, even without compression
-
moparisthebest
I'm not sure that's the case
-
kurisu
> XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur Have they?
-
moparisthebest
kurisu: yes, for every xep that has multiple different versions
-
Guus
Child elements named 'x' or 'query' are pretty common.
-
MattJ
<enable> is used in various protocols
-
MattJ
There are certainly many examples of collisions to find
-
kurisu
Why was xhtml-im deprecated?
-
MattJ
Because clients, especially web clients, would just put the contents into the web page at worst, or incorrectly sanitize it at best
-
MattJ
So if someone was using a web client, you could, for example, send them a <script> which would get executed - and that script would have full access to their XMPP account, etc.
-
MattJ
Some people believe this the fault was of the developers, some of the libraries, and some believe it was the design of the protocol
-
MattJ
The rationale for deprecation was "let's replace it with something completely unlike HTML, so clients are forced to translate it... and therefore always emit safe HTML"
-
jonas’
kurisu, search for which XEPs use `<query/>` :)
-
jonas’
also, pubsub alone uses at least three differently namespaced `<pubsub/>` elements.
-
mjk
>> XSF isn't a central authority on what can go into the stream, so without long namespace names collisions will occur > Have they? Outside of XEPs, that's pretty much umknowable. People and companies use xmpp in all sorts of (weird) ways, and it's not unheard of that those things get to interop with xmpp software that follows _only_ the rfcs and xeps
-
Zash
Are those using namespaces tho?
-
mjk
They should, is my point
- Zash remembers the recent example of attributes stuffed with JSON and cries
-
mjk
At least it's not html
-
mjk
With <script>s
-
mjk
Although who knows if the implementation just does eval on these attrs
-
lovetox
flow: about openpgp xep, how would encrypting files and using http upload work?
-
lovetox
with omemo we send a aesgcm:// link to the contact, and then he knows this is encrypted, with openpgp we could probably do something nicer and build on some of the filetransfer metadata xeps
-
lovetox
because we have fullstanza encryption
-
pep.
lovetox, 454 isn't bound to OMEMO
-
lovetox
but im not aware that anything anywhere is specified
-
pep.
But yeah there's certainly better than that
-
pep.
sfs?
-
lovetox
of course it is pep.
-
lovetox
it says that in the name lol
-
pep.
No it's not? It's basically just aes encryption..
-
pep.
it's just that the transport should be encrypted to send the link
-
pep.
So you can use whatever
-
pep.
https://xmpp.org/extensions/xep-0447.html and https://xmpp.org/extensions/xep-0448.html otherwise
-
lovetox
hm true
-
lovetox
448 looks good
-
pep.
yeah
-
lovetox
thanks
-
moparisthebest
lovetox: when using pgp why not just use pgp file encryption
-
lovetox
moparisthebest, its not about how to encrypt, its about how to tell the other person that it is encrypted
-
lovetox
but 0448 seems to solve that
-
moparisthebest
lovetox: well when it ends with .pgp they know