-
flow
MSavoritias fae.ve, I think there are multiple proposals. the problem isn't lack of proposals, it is lack of consensus (as so often) :)✎ -
flow
MSavoritias fae.ve, I think there are multiple proposals. the problem probably isn't lack of proposals, it is lack of consensus (as so often) :) ✏
-
MSavoritias fae.ve
maybe. also lack of a person with time to actually push this forward i would say
-
MSavoritias fae.ve
(not pointing any fingers obviously, we all have our own projects/things)
-
flow
sure
-
lovetox
> Well iirc some domains cannot be used in a jid ever is that true? the JID spec just points to the IDNA2003 spec ↺
-
singpolyma
lovetox: JIDs are encoded in unicode instead of using idna. JIDs also must pass stringprep...
-
lovetox
> lovetox: JIDs are encoded in unicode instead of using idna. JIDs also must pass stringprep... this sentence is on many levels wrong, maybe read https://xmpp.org/rfcs/rfc6122.html#addressing-domain As i wound have understood is, every domain is supported, especiall internationalized ones with non-ascii characters, should be no problem in xmpp ↺
-
singpolyma
lovetox: yes, that section easily describes the problem
-
lovetox
enlighten me?
-
singpolyma
The domainpart is encoded as unicode
-
singpolyma
And then we apply stringprep
-
singpolyma
it's the same problem as for resources, but for domain names
-
lovetox
you mean we apply the nameprep profile, the profile specifically made for Internationalized Domain Names ?
-
lovetox
and this would be only the case if you follow the obsolete rfc6122, if you follow the rfc7622 it completely offloads to the IDNA2008 spec
-
singpolyma
so you would interpret https://www.rfc-editor.org/rfc/rfc7622.html#section-3.2 to mean not to run nameprep?
-
moparisthebest
> and this would be only the case if you follow the obsolete rfc6122, if you follow the rfc7622 it completely offloads to the IDNA2008 spec Can't do it without fracturing the public federated network ↺
-
lovetox
as the whole section does not mention nameprep, it would be surprising to me if you read that
-
lovetox
> Can't do it without fracturing the public federated network i highly doubt it, the whole world moved from idna2003, to idna2008, email clients, browsers, etc., not saying that this is painless, but saying its impossible and no jid "ever" will be able to contain these characters .. is a bit hyperbolic ↺
-
lovetox
particular for domain names i think it would be not a big deal there exist even compatibility mappings which soften the transition
-
lovetox
https://www.unicode.org/reports/tr46/
-
lovetox
are we expecting many xmpp servers running on IDNA2008 incompatible domain names?
-
moparisthebest
It's been a long time since I looked up the details but iirc precis isn't backwards compatible with stringprep, validates and changes JIDs differently, and there's no negotiation so: 1. The entire network, all clients and servers, have to update all at once on a flag-day (never gonna happen) 2. Bits update individually breaking everyone (so never gonna happen)
-
lovetox
yes and there are IDNA2003 Domains that are incompatible with IDNA2008 domains, did the world have a flag day?
-
lovetox
if you think im proposing everyone should uncoordinate just go for precis and yolo it
-
moparisthebest
We not only have domains (we could roughly check those) but also localparts we cannot check
-
lovetox
no, of course not, but a plan can be formulated and then executed
-
lovetox
yes localparts are surley the biggest problem
-
moparisthebest
Please do so then, but I'm skeptical it can be done
-
lovetox
first step would be to give server operators a tool that lets them check if they even have incompatible localparts
-
moparisthebest
If you pulled off a miracle and got all code updated tommorow, Arch users would be running it next week and Debian users not for a decade
-
Zash
For domains, registrars can just not let you register domains where there would be idna 2003 vs 2008 problems
-
lovetox
moparisthebest, we could also propse a new rfc, that says localpart stays the same
-
lovetox
and only resources and domains are upgraded
-
Zash
I only heard of one case where ß was involved
-
lovetox
yeah i think domain is the least problem, i think all servers could simply check for idna2008 compatibility and its fine
-
lovetox
this transition was already done by other people for us
-
moparisthebest
lovetox: so when you find users that are broken... Then what?
-
moparisthebest
You can just migrate them to another jid with... Oh right that doesn't exist 💀
-
lovetox
Option 1: New spec that says localpart stays at strinprep, i see no problem with that, we dont need precis there. Option 2: Tell the users with a long perioid of time, to register a new account
-
lovetox
Option 3: Define new MUC spec that makes nickname independent from resource -> No precis for resource necessary
-
lovetox
there are 3 problems, and i think they should be split up into its own solutions
-
moparisthebest
https://xkcd.com/1172/
-
moparisthebest
> Option 2: Tell the users with a long perioid of time, to register a new account "Did you just tell me to go fuck myself?" "I believe I did, Bob" https://howfuckedismydatabase.com/nosql/
-
moparisthebest
I would be *very* annoyed if my jid, which is the same as my email, and my name, ever had to change ever...
-
moparisthebest
It's not a problem for me personally but I assume some Germans out there feel the same
-
lovetox
you picked a bad example, precis is better for german names
-
lovetox
there are only 4 special chars in german, ßöäü
-
lovetox
öäü behave the same between strinprep and precis
-
lovetox
and ß is mapped in strinprep to "ss" which means the user cannot have this char in his jid
-
lovetox
but with precis its now possible.
-
lovetox
so everything fine, german usernames -> ✅️
-
singpolyma
yeah, the localpart and resourcepart things are annoying from time to time, but the domain one is really my main concern. if no one is actually using nameprep in their code in practise then maybe it's fine?
-
Zash
Is there an example of an actual problem in real life?
-
lovetox
thats also was interesting, everyone is always stating theoretical problems .. lets get down to it, provide tools for server operators to check their userbase
-
lovetox
and get some stats on it
-
arne-brün
For example with my jid :). But actually it wasn't really a problem
-
Zash
IIRC there was a domain like straße.example (xn--something) where strasse.example was owned by a different party, but I believe registrars try harder to avoid that kind of thing these days.
-
Zash
There's also some kind of IDNA 2008 compatibility processing so ß == ss still
-
lovetox
Yes I posted the link above
-
Zash
tr46? ah, right yes precisely
-
singpolyma
> thats also was interesting, everyone is always stating theoretical problems .. lets get down to it, provide tools for server operators to check their userbase I mean, the question just comes down to if any servers or clients are currently running nameprep on jids or not
-
lovetox
In Gajim we accept both standards
-
lovetox
And so in my opinion every client should
-
lovetox
I see no reason for a client to strictly enforce stringprep
-
lovetox
I see the need sometimes to pre validate a jid in the GUI. But it's ok if this check is not 100%.
-
moparisthebest
lovetox: do you do any normalization for display though?
-
lovetox
for localparts? how would that be possible?
-
lovetox
this is not a reversible mapping
-
lovetox
for a reversible mapping we have XEP-0106
-
moparisthebest
Well, anything, might open up some impersonation attacks
-
Zash
have some http://www.unicode.org/reports/tr39/ for that
-
MSavoritias fae.ve
dont we have this problem "simply" because we have usernames and users can pick their name in a chat?
-
moparisthebest
It applies to muc nicks and JID localparts the same no?
-
lovetox
precis filters out look a likes
-
lovetox
or better said, maps them✎ -
lovetox
or better said, maps them to other characters ✏
-
lovetox
but to answer your question, no we dont have any measures for look a like usernames in Gajim
-
MSavoritias fae.ve
> It applies to muc nicks and JID localparts the same no? right that was my understanding
-
lovetox
here some stats i quickly gathered between precis and stringprep *just for localpart*
-
lovetox
Codepoints: Allowed 88476 Allowed only in nodeprep 6259 Allowed only in precis 43350 Allowed but differently mapped 72
-
lovetox
here i gathered all codepoints
-
lovetox
https://share.hoerist.com/philipp/pVfdRcGzuw4Js1hS/precis_nodeprep_analysis.txt
-
lovetox
i think the differnet mappings are not really a problem
-
lovetox
and its suprising what is allowed in nodeprep
-
lovetox
this is currently an allowed JID, ⢸⢸⢸⢸⢸⢸⢸⢸⢸⢸⢸⢸⢸@test.com
-
lovetox
:D
-
lovetox
or ⥂⥂⥂⥂@test.com
-
lovetox
i hope to god my jid preparation is not completely wrong :D
-
lovetox
here for resourceprep the analysis
-
lovetox
https://share.hoerist.com/philipp/JkU6D6KaNswNUr8j/resourceprep_preics_analysis.txt
-
lovetox
only 285 ! characters are only in resourceprep allowed
-
rion
lovetox: I'm working on a C++Qt PRECIS lib. Can you help me validate it when ready? :)
-
lovetox
i simply looped through the intergers 1 -> 1.000.000 and passed them to this python lib https://pypi.org/project/precis-i18n/