XSF Discussion - 2022-10-01

  1. flow

    MattJ, I see talks about a pending token auth spec on standards@. Is that pre-published somewhere? (FWIW, It appears I wasn't subscribed to standards@ for the past weeks)

  2. MattJ

    flow, https://pad.nixnet.services/s/_HIPmMkXC

  3. MattJ

    Very much pre-published, that's basically my in-progress draft

  4. MattJ

    But I'm planning to begin a prototype implementation in Prosody this week

  5. moparisthebest

    First client (that I know of...) that natively supports XEP-467 QUIC is out https://github.com/conversejs/converse-tauri not bad for a night of work...

  6. Menel

    Now do that tauri thing with prosody 😀👍👍

  7. Menel

    Now do that tauri thing with ~prosody~ snikket 😀👍👍 ReBrand it, and you have an ecosystem with server and client

  8. moparisthebest

    Ah yea well it already works well with prosody, would be fairly easy (famous last words) to stick in a docker container with Snikket

  9. Guus

    Sigh. Java's SASL framework makes it next to impossible to distinguish between a missing initial response, and an empty/zero-length one. (Java devs, I'd love to be proven wrong here). Is this going to be a practical issue? In our existing EXTERNAL code, we challenge for an authzid when there is "no initial response data" (which triggers both for a missing initial and a zero-length one). I am trying to get that more specific, and only query when the initial response is indeed missing (as I like to be backwards compatible and retain the possibility to challenge for an authzid). Given Java's shortcomings here, I'm not seeing a way to do that.

  10. Guus

    For EXTERNAL specifically, it might be safe (?) to act as if the missing initial response is an empty one (and use the stream's 'from' attribute value), but that feels dodgy.

  11. Guus

    RFC4422 appendix-A specifically instructs to challenge upon missing initial response. :/