XSF Discussion - 2024-05-09


  1. squishee

    thats called ur subconscious

  2. agh

    hah

  3. jonas’

    https://xmpp.org/extensions/xep-0136.html#streamfeature

  4. jonas’

    this is a fractal of confusing things

  5. jonas’

    no wait

  6. jonas’

    nevermind

  7. nicola

    > nicola: would you mind sending an updated note to the members@ list? Basically your original board@ note but updated to reflect discussion since then. That would be great! I emailed XSF members just now with the entire thread exchanged with the Board.

  8. Guus

    Does XEP-0030 Section 8, item 2a ( https://xmpp.org/extensions/xep-0030.html#security ) : > In response to a disco#items request, the server MUST return an empty result set if: [...] The target entity does not exist clash with RFC 6121 paragraph 8.5.2 (link https://xmpp.org/rfcs/rfc6121.html#rules-localpart-nosuchuser ): > If the user account identified by the 'to' attribute does not exist, how the stanza is processed depends on the stanza type. [...] For an IQ stanza, the server MUST return a <service-unavailable/> stanza error to the sender.

  9. Zash

    Generally, XEPs override the RFCs I would assume

  10. moparisthebest

    Uh doesn't that RFC 6121 RFC rule also allow trivial enumeration of JIDs ? I think it should be silently ignored like the rest? :/

  11. Zash

    Isn't there some other rule that says disco requests to accounts you don't have a presence subscription to should also be denied and behave as if the user does not exist?

  12. Zash

    Maybe that's the RFC rule 🤷️

  13. Guus

    Zash, those are other rules in XEP-0030 section 8.

  14. Guus

    No, that's not right

  15. Guus

    No, that _is_ right.

  16. Guus

    sigh.

  17. Zash

    When in doubt, do whatever seems best for privacy? :)

  18. Guus

    I would prefer to depend on standards to not have to make that judgement call myself.

  19. Zash

    moparisthebest, this isn't what allows testing whether an account exists, OMEMO with public key-stuffs nodes does that.

  20. moparisthebest

    Zash: that needs fixed too but one thing at a time I guess :'(

  21. Zash

    Fixing that breaks OMEMO in groups