XSF Discussion - 2022-05-29

  1. flow

    the trick is not to make IDs collision resistant, but to make them resitant to spoofing

  2. lovetox

    why flow? in what scenario can someone spoof a archive id

  3. flow

    lovetox, anyone could add a stanza-id with any 'by' and 'id' value, the question is, if hops sanitize them and if receiving entities check the values for plausibility

  4. lovetox

    thats not a question, thats what the standard mandates

  5. flow

    same with the rfc stanza id and origin-id, you can only use its id within the scope of the sending entity (as discussed with jc recently here)

  6. lovetox

    if you question this, then you can not use xmpp anymore, because then you need to question alot more

  7. flow

    the point is not that it's not impossible, but that it's prone to implementation errors

  8. flow

    my prime example is a +1 rection based on an id, and somebody else sends another message with a different content but the same id

  9. flow

    my prime example is a +1 reaction based on an id, and somebody else sends another message with a different content but the same id

  10. flow

    the fear is that there will be implementations that apply the +1 reaction onto the other (newer) message

  11. flow

    kinda reminds me to the carbons stanza forward issues we saw (even though, atm I can't explain why I feel like it is similar…)

  12. qy

    flow: But how is that any different with origin-id?

  13. emus

    End of month is approaching, please use your chance to add your May news to the XMPP Newsletter 🙂 https://github.com/xsf/xmpp.org/pull/1137

  14. Maranda

    > <flow> lovetox, anyone could add a stanza-id with any 'by' and 'id' value, the question is, if hops sanitize them and if receiving entities check the values for plausibility that doesn't solve at all the principal flaw: having to deal with three different kinds of IDs

  15. flow

    qy: spoof resistence of origin-id is probably equal to rfc stanza id, but origin-id signals that it is globally unique, where the rfc stanza id may only be unique within the scope of the stream of the sending entity

  16. flow

    Maranda, it wasn't meant to solve this "flaw". my point was merely that id-consuming entities must be careful when processing IDs, and that creating and sending collision resistant IDs is easy (assuming we are talking about involuntary collisions)

  17. rebeld22

    Bye bye Magdeburgo! lol Benfica european champions!

  18. Zash

    ???

  19. qy

    Troll alert

  20. qy

    This guy's banned from disroot for being a monumental moron