XSF Discussion - 2022-10-07

Please excuse for my lack of knowledge if this topic has been discuss before. I have a couple of questions that relates to spreading the use of XMPP: 0. Does the user of XMPP has to know about XMPP in order to use it for instant messaging? 1. If Electronic Mail have a URI shorten down to `mailto:`, why does XMPP which is supposed to be the standard for Instant Messaging is shorten down to `xmpp:`? 2. Can we change it? If we can't change it since it has already been implemented in many software, can we add an alias ? 3. If it is possible to add such an alias, can we go for something with less syllables that can be easily and quickly pronouced in every human language? My suggestion is adding an alias for XMPP as `chatto:` or even just `chat:`. But I don't know enough about XMPP and standards and where else it is used so…

0. A user certainly doesn't have to know about the protocol. There's many examples of that in the wild already. Mostly closed silos. 1. I don't know. I guess because there was no other name for it at the time (or rather, they didn't want to reuse 'jabber' which had just been trademark'd?) 2. Can we change it? Maybe? We can certainly have software understand multiple schemes for the same protocol. 3. That'll depend on individual projects to implement it, but there can be a push from the community for it. https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml

Trung: ditching `xmpp:` definitely wouldn't fly, but adding things is always possible. that'd probably be IETF's business rather than XSF, though (disclaimer: I'm affiliated with neither). strictly speaking, the `mailto:` URI scheme sticks out like a sore thumb, because it describes an intent, which URI schemes, in general, arent. `chat:` is another matter tho

I personally don't think the scheme matters at all. People use https:// just fine

Or don't use it, rather

Yeah. I dont think many people are seeing mailto: links anyways

Just a button most of the time

they're just sufficiently trained :) http(s) is _everywhere_, to the point of people thinking "link == https"

Browsers are making lots of effort not to show these also

And one can type in a url without the scheme and it'll land. Worst case, google will find it for you..

meanwhile, http: and https:

Sure. http: and http: and even ws: and wss: has no problem because browsers are all following this standard. Meanwhile, mailto:user@domain.org and xmpp:user@domain.org looks very similar but use completely different software and protocol and user experience.

Crawler can't get to this link I think: https://chat.trung.fun/dang-ky?t=62MUmG9zF21_lIvSPSWr0sgH

My wife and my parents don't know what xmpp is and are using it, so users don't need to know what protocol they are using. But I agree that a snappy name for the eco system is missing nowadays. Previously Jabber was used…

if in the invite link above, I change `xmpp:user@domain.org` to `im:user@domain.org` or someth along that line, will there be some sort of police force that comes knocking on my door?

You can do what you want there

But clients won't understand it

im: is a different uri scheme tho (the syntax is different, afaik)

and yea, most importantly, it's not associated with xmpp clients :)

yeh that's why i'm throwing the topic here Menel. 😁

If you want to do this by the rules, follow the iana link I sent above

Otherwise nothing prevents clients from experimenting

If you write a clients, or change them to react on that, then if will work for your contacts that use your specific client.

I wouldn't mind if conversations would try to react on that..

wait a minute... https://www.iana.org/assignments/uri-schemes/perm/jabber

Would be even nicer if some think like thunderbird or Firefox would react on xmpp:

Menel: as long as the scheme is registered in the system, browsers in general try to pass it on (at least Firefox) ✏

ok I understand. Thank you everybody. I'll leave <a href="xmpp:user@domain.org">` as it is and will change the content to `im:`.

Uh, so I've some file somewehe where I can enter that? Good to know

sorry the link is in Vietnamese, I don't know enough Lua to mess about with the module yet.

Trung, fwiw, that may be confusing though, if people based on your (visual) example try to use im: and it doesn't work

so rather stay with the standard I guess

Menel: on freedesktop systems, you just register an app as a handler of, say, x-scheme-handler/xmpp MIME type. on windows, you add `xmpp` somewhere into registry ✏

The thing with schemes other than https? is that they don't matter anyway as long as web is the norm. It's almost impossible to leave a browser with another scheme. Chrome filters xmpp, and many others

(Or rather it allows quite a small set)

yeah I know it will cause confusion that's why we might want to discuss it and add it to the book before start implementation. But honestly, xmpp: means gibberish in human language doesn't matter which country you are coming from. People won't spread gibberish if they can't even pronouce the thing properly.

Changing the scheme now would just cause problems.

Also jabber is worse imo

I also don't see what the problem is.

I wouldnt mention either

I say the scheme doesn't matter. As I said above, "http" is used every day and nobody complains. It's invisible to most and people call that "web" anyway

pep.: for me, chromium asks if I wanna open the link with the external app (and says its name), no filtering 🤷️

`<a href="xmpp:alice@example.com">💬️ chat with Alice</a>`

Problem solved.

^ +1

> and says its name that is xdg-open!

or https://yax.im/i/#bob@example.com

https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler#browser_compatibility

the problem is user@domain.org means emails to most people.

Looks like Chrome does.. but not on android? And other things also don't support it

Woah, matrix: even is supported.. :/

and most people now relate user@domain.org to user@gmail.com or user@outlook.com

s/relate/have/

pep.: Navigator.registerProtocolHandler is a different thing from what I was talking about, it allows registering http urls to handle schemes in-browser

Hide it as a browser button seems a good choice

Yeah it's handy for movim, libervia, etc.

But you're right

mjk: thanks. Will add it there

mjk, please not xdg-open, that shell script doesn’t implement XDG specs, you should instead use a proper tool like `gio open`.

Menel: it should probably be there already. :) when you install, e.g., Gajim, Firefox will start asking if you wanna open the xmpp link in Gajim

Link Mauve: tell that to Google, I guess

I don’t speak much with Google.

idfk why does it ask me to open xmpp with xdg-open

Link Mauve: me neither, so, local patching it is!.. oh wait, I don't have a computer that can build it, nvm

> pep.: > Woah, matrix: even is supported.. :/ Makes sense matrix paid them to move to madric and they wanted to support it

madric :D

XD oups

I thought it was intentional

No :D

I found `im:` here: https://en.wikipedia.org/wiki/List_of_URI_schemes

it also has `xmpp:` in the note section which myself am now confused lol

that note _is_ confusing

> At the time this document was written, numerous instant messaging protocols were in use, and little interoperability between services based on these protocols has been achieved. (2004)

(<https://www.rfc-editor.org/rfc/rfc3860.html>)

(which doesn't mention xmpp at all)

See RFC 3922 ✏

And history is currently repeating itself, as the IETF is trying to spin up a new IM interoperability initiative

all this has happened before, and all will happen again, and again, and again

ok… for now I'll leave my inivte page as it is then. =]]]]

hopefully, this time is a bit different, given the current regulational background

> presentity RFCian is a weird language

mjk: hopefully, indeed. I'm not holding my breath 🙂

There is no indication of the regulations mandating any specific tech or standard, so currently as long as the giants publish some form of accessible (but proprietary) API, they can comply

And there is no indication that any of them are interested in whatever the IETF comes up with

yeah. the MIMI authors seem to merely express the hope themselves :D

So it could easily go the way of CPIM, regulation or not

https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml ← is the official page and does not have `chat:` right?

Trung: correct

> There is no indication of the regulations mandating any specific tech or standard, so currently as long as the giants publish some form of accessible (but proprietary) API, they can comply Speed of implementation is more important that what the ‘official’ is publishing, correct?

Important for capturing the market, or important in a correctness sense?

hmmm………………

https://chat.trung.fun/dang-ky?t=62MUmG9zF21_lIvSPSWr0sgH ← This is the same link as before. The `<a href=""` is still `xmpp:`, but I am now going to display `chat:`. I am now an ‘outlaw’ and I welcome all service providers and developers of clients and servers to join force. ✏

(Zash, quick and dirty win the race.)

Trung: a protocol scheme should specify the protocol, which `chat:` does not helpfully do

Email is not a single protocol, plus it predates everything, so we can let it get away with mailto:

Yeah. I think everyone regards mailto: as a mistake, but too established to change

what is `im:` then. there is also `facetime:` by the great big fuit

I am quite happy if we can go back to `jabber:` too if that's possible. As long as you can read the damn thing to another person, i could not care less what u name it.

Hi. I'm checking XEP-0391 (Jingle Encrypted Transport), and it's not clear to me how Transport Secret (TS) is made and exchanged. XEP-0391 can't be used alone right? Thus currently, we need to use XEP-0396 with it. However it's tight to legacy version of OMEMO, is there any plan to update to TWOMEMO? Thanks. cc vanitasvitae

Right. 391 only defines the JET security element and tells you that you need a way to protect the TS using some encryption method. 396 implements this protection using legacy OMEMO

It should be pretty straight forward to simply replace the legacy key transport element with a TWOMEMO element.

I'll add updating 396 to my todo list 😀

(perhaps JET could be replaced altogether with SCE encrypted jingle messages though?)

Not sure what implementors of Jingle would prefer

vanitasvitae: is any known implementation at the moment? In my case SCE is already implemented, so I'm happy if it's used.

is there any known implementation*

I'm not aware of any.

I think conversations opted for something completely different? cc Daniel

I'll go with current version for now, and make necessary changes when the updated version will be available, thanks vanitasvitae.

I thought we used JET. I can't check the code right now but I vaguely remembering sitting in a cafe with larma and implementing it

For file transfer or for AV?

I though AV used some DTLS stuff?

File transfer

Right, I can see some JET related stuff in the JFT implementation of Conversations

I think SCE for Jingle would be great, but I don't think SCE is properly specd for IQs yet

SCE doesn't completely solve jingle unless you use IBB right?

larma, I agree

Since I haven't created an implementation for IQs along with the spec, I sort of "blind drafted" 😛

singpolyma, you could encrypt the whole jingle init stanza with SCE and include a plain security element in there

singpolyma: it's just used to exchange keys, transfert is done out of band as usual (only it's encrypted).

goffi: oh yeah, that makes sense

For bits of binary it could encrypt the whole thing too, though at the expense of shrinking the max file size that works

for very small files, yes IBB could work out of the band with SCE

out of the box*

or BOB!

for the sake of genericism (is that even a word?) you probably don't want to SCE all the IBBs but instead negotiate a transport key and use that to protect the IBB session

You can do big files with IBB, just have to wait awhile ;)

So you can swap out IBB for another transport more easily

Server rate limits has entered the chat.

vanitasvitae: right, but you then end up with 2 layers of e2ee with IBB (SCE + JET).

why?

(+TLS!!!1)

You only SCE(Jingle Init + plain TS) and then JET(IBB)

vanitasvitae: except if I missed something, you would have to make an exception inside SCE for IBB, sure it's possible but I can imagine how this can go wrong easily.

anyway, IBB should hopefully be barely needed nowadays.

Ah now I see what you mean

IBB is pretty important, since it's the only thing that always works

I guess you are right. For IBB it probably makes sense to only use SCE then and use JET for out of band transports

I'd like to implement ice-tcp eventually, maybe some other stuff ✏

singpolyma: sure it's important to have it just in case, but the less it's used, the better.

goffi: I sort of agree, except that if it is used *too* little it doesn't get tested enough and starts to break in clients and then people who do need it their file transfers don't work

(test message please ignore)

NEVER

flow, you are one of the authors of OX, right?

If so, I'd appreciate if you took a look at this email thread: https://mail.jabber.org/pipermail/standards/2022-August/038949.html

(and everybody else who has experience with OX too)

Trung: may I suggest "snikket:" for a new url scheme

hahaha why the hell not hahahahaha let's start a monolopoly

Hehe. Only a brand

how about `xep:`?

it's not on the ‘official’ web page either.

xep: is obviously to link to a xep..

i think people can pronouce `xep:` much better than `xmpp:`

aaaa: would probably most accessible to pronounciation

yeah… i don't know man. the whole reason i register trung.fun was because i don't know which name to take and .fun was cheap so

`slash-colon-at-dot:`

and then later I realized that ‘fun’ if read in Vietnamese would be ‘phân’ which means ‘shit’ in English

too freakin late to change now =]]]]]]]]]

yes, naming is hard

How often do you say url schemes out loud

why yes visit my webpage at h t t p s colon forward slash forward slash w w w dot ...

Aech tee tee pee semicolon backslash backslash double yew double yew double yew dot

Sorry do you say XMPP to other people?

not that you say it out loud all the time, but we are providing a chat service and it is called ‘xmpp’ which is very difficult to say to another person. There are other chat services that are very easy to pass around which im sure u know already. ✏

Do WhatsApp users say "funxmpp but now with json" to each other? Strange

When people ask me for my website I don't start with "first you need a TCP stack then..."

My point is you are at the wrong protocol layer here, you don't tell people "contact me on XMPP" you say "install Snikket and send me a message" or whatever, same as every other chat system

Trung: it's all about context. If I'm talking about the network in a general way I'll say Jabber of course. More often I'm talking about a particular app. But URIs are technical details, it's about a protocol, and the protocol is named XMPP

Usually users don't need to see the URI at all, they can just click a link, etc

Unless you're printing on a business card or something maybe?

that's exactly my point. it's confusing with mail system

that's why people will have to see the uri

Why? Why would you show them the URI? What is the context?

bussiness card

u just said it

Ah, ok. So specifically if they still do business cards where you are then yeah. Though even then I'd probably write "Jabber ID: me@example.com" not a raw URI. Put the URI in a qr code

ok so we go for `Jabber ID:`

For labelling a jabber id that seems like the right label :)

i thought we don't want to use `jabber:`

Trung: not as a URI scheme

but mailto is not smtp

and pop and imap

I don't say jabber either, that's that old Cisco tool that doesn't work well

which level are we on lol

Trung: mailto is a mistake that's all

It's a bad URI scheme

But we can't fix it now

puffff what is `im:`

Has anyone ever seen mailto: on a business card? Not me

i have seen plenty

I haven't seen a business card this decade 🤷‍♂️

Just put you@your.domain on there and people will email you or send you an XMPP message, no problem

we can do `snikket:` if that's what u really up to mate. but mixing up mail and xmpp will cause confusion and it will be hard to spread. that's all i'm saying.

Trung: just recommend one client and tell them. About that. And advanced and later, you can tell them that you can actually use different apps because it's an open standard.. 🤯. One of the biggest problem is people trying all clients at once at the beginning and then saying the feature are buggy and bad.. Because they don't compare the best client with $alternative but always the worst.

Siskin currently is not getting notification mate 😁 it is already confusing enough ✏

↑ sorry ↑

For just an address stay with xmpp:... Because you don't change https:, do you?

It's some meaningless technical link.. It's more important what it does once someone presses it

ok i'll just remove the uri all together and let people be confused

I honestly don't get you. But do what you want, it's your service.

Trung: if you want to label it for humans to read, use a human label, that's all. A URI is for computers not mostly for humans

No label is also valid as some have said here, depending on context

Like https://search.jabber.network/rooms/1 There is no xmpp: visible.. But every link will just do that...

Yeah. This is why cheogram android also doesn't show just raw xmpp URIs in chats ✏

sorry i cannot be any clearer. it is confusing for people who already have emails to see that because they are used to seeing mailto: or email: attach to user@domain.org. I just want to minimize that. But that's what u guys suggesting then sure i'll remove the uri.

Trung: did you Visit > https://search.jabber.network/rooms/1 For inspiration? Maybe that would be an approach for you?

Trung: email: would be a label for humans, not a URI. Feel free to usefully label with the name of the thing, like Jabber ID

Menel: this is for printing on paper

Ah

the second point is it is difficult to spread the actual xmpp which at the current moment, a it-just-work user will be very confused when they are told they should try another app with the same account. because they might be confused with email apps too and it will cause more trouble.

i'm just pointing out the fact that people who doesn't understand all this uri stuff will be very freakin confused.

When you read a domain name do you often think "huh is that a website or a Java package name?" I don't think that's actually a problem in practice

People don't and shouldn't understand URI things, those are for clicking, only the computer needs to understand them

One can also print a website that has a button to the chat.. https://conversations.im/j/xsf@muc.xmpp.org

there is only one type of app for website. it's call browser

u get any browser u like the domain will return the website

Syndace, could you priortize your points somehow? I have seen the email but my main problem is that I don't have the time to provide a detailed answer for each point. and I somehow don't want to answer arbitrary question ✏

but if u try to send mail to an xmpp account, things don't go very well… ✏

Trung: there are definitely multiple browsers with different names. Though less than there used to be I understand

There is nothing you can do about that > but if u try to send mail to an xmpp account, things don't go very well…

BRB printing business cards with: > Firefox address: www.moparisthebest.com

> but if u try to send mail to an xmpp account, things don't go very well… Why not? My email and XMPP address are the same

Make your jabber id and email address be the same, that's what I do

well nothing we can do really?

Syndace, could you priortize your points somehow? I have seen the email but my main problem is that I don't have the time to provide a detailed answer for each point. and I somehow don't want to answer arbitrary questions ✏

No

Mine also works for SIP and someday AP

what if u just have an xmpp and no email

I'm working on that

Soon you'll be able to set an MX and get emails over xmpp if you don't have email otherwise

Jids won't be changed to some scheme not beeing local@server

me too i would like to get rid of emails all together

but we are not there yet

You'll need a text about : "open that link in this chat app: xmpp:....."

Syndace, but if I find time I may try to answer one point at a time. so please don't be surprised that you may not get a full answer immediately. I could also offer that we have a video chat sometimes, as I believe some questions require a more interactive answer

would that be an option for you?

Menel, I have that. But opening the app would mean they need to have an app first. So most will register through website then go to the clients page then figure out how they hell they can install it, then it doesn't work then download an app for email, then use whatsapp

flow: thanks, I'll respond tomorrow

Most things aren't super important - I'll just aim for compat with Gajim for noe

sorry people i'll stop spamming here coz i think i made it clear enough. thanks everybody.

Did you look at the snikket invite page? It seems to do exactly that. Steer the user to the app and automate the sign up

Menel, I'm doing exactly that too. The confusion problem comes when stuff don't work.

if it just works, they never ever have to download a new app to their device and that is it.

Syndace, kk