Re: [Standards] XEP-0234: Add option to request hash of offered file.

[Sam Whited]

On Tue, Aug 15, 2017, at 11:14, Paul Schaub wrote:
> Do you think it might be a good idea to add a session-info element which
> can be used to specifically request the checksum of a file?

My guess is that the reasoning for allowing the checksum to be sent
later is that the server (or some file-store-to-XMPP-proxy) might not
know the checksum if it doesn't actually have the file locally, or the
overhead of reading the entire file twice (before sending to calculate
the checksum and again to send the file) may not be acceptable. Instead
it can read the file and pipe it to the network connection and be
calculating the checksum at the same time. Being able to request the
checksum would break this just like requiring it to be in the payload
before the file is sent.

Maybe instead having a way for a server to indicate that it will always
provide the checksum upfront (for servers that can do this) would be
appropriate?

—Sam
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

[Standards] XEP-0234: Add option to request hash of offered file.

[Paul Schaub]

Hi!

While I played around with XMPP to create a file sync application for
demonstration purposes (for GSoC) [1,2], I figured that it would be nice
to have a way to explicitly request the hash of an offered file.

XEP-0234 states, that the checksum of a file MIGHT be sent inside the
session-initiate, otherwise it can be send later. As it might be
inefficient for weaker computers (like embedded systems), to read the
whole file they want to send in order to calculate the checksum prior to
the beginning of the transmission, this makes perfectly sense.

However in my use-case I'd like to be able to request the hash of a file
before sending a session-accept, so that I can decide based on filename,
size and hash, whether I want to accept the file or not (the latter in
case I already have the file).

Do you think it might be a good idea to add a session-info element which
can be used to specifically request the checksum of a file?

Greetings vv


[1]: https://blogs.fsfe.org/vanitasvitae/2017/08/14/149/
[2]: https://github.com/vanitasvitae/xmpp_sync




signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] XEP-0388 (SASL2) Update

[Dave Cridland]

On 15 August 2017 at 17:08, Sam Whited  wrote:
> On Tue, Aug 15, 2017, at 10:12, Dave Cridland wrote:
>> *  now talks about "tasks" rather than special SASL
>> mechanisms. Tasks have essentially the same interface as SASL mechs,
>> but do different things - trying to shoehorn them into the same thing
>> wasn't mentally working for me, and for some reason everything got
>> simpler after I stopped pretending.
>
> These do seem like the same thing to me (although I don't have a strong
> opinion on this either way); what are the differences as you see them?

You can't use the post authentication tasks as normal SASL mechanisms,
and normal SASL mechanisms don't work as tasks either.

For example, a normal SASL mechanism decides what authorization
identifier to use; a task can't change that, and uses that as input.

So using a stock SASL framework, like Java's or Cyrus, to drive these
just breaks everywhere.

Dave.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] XEP-0388 (SASL2) Update

[Sam Whited]

On Tue, Aug 15, 2017, at 10:12, Dave Cridland wrote:
> *  now talks about "tasks" rather than special SASL
> mechanisms. Tasks have essentially the same interface as SASL mechs,
> but do different things - trying to shoehorn them into the same thing
> wasn't mentally working for me, and for some reason everything got
> simpler after I stopped pretending.

These do seem like the same thing to me (although I don't have a strong
opinion on this either way); what are the differences as you see them?

—Sam
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

[Standards] XEP-0388 (SASL2) Update

[Dave Cridland]

GitHub PR: https://github.com/xsf/xeps/pull/493

Folks,

I've had a bit of a crack at implementing SASL2 in Openfire, with a
view to getting "Password change at next login" and (in the future)
TOTP support in place around SASL2. I've also implemented it in
stanza.io.

In the course of this, I found various things about the design which
either didn't work, or else caused rather more effort than I really
wanted.

The main changes I've made are:

* I did away with the "=" encoding for empty strings. It was daft, as
Alexey suggested, and wasn't required.
*  is now followed immediately by .
Otherwise it's very hard to decide what to do next. There's no stream
restart, so this is still keeping the RTTs down.
*  now talks about "tasks" rather than special SASL
mechanisms. Tasks have essentially the same interface as SASL mechs,
but do different things - trying to shoehorn them into the same thing
wasn't mentally working for me, and for some reason everything got
simpler after I stopped pretending.

These changes made it fairly straightforward to implement.

Comments welcome...

Dave.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] Call for participation for a XMPP-based EU Funded project on data portability

[Guus der Kinderen]

I think it'd be interesting to have XMPP be used as an EU standard for data
portability (or for any other purpose, for that matter). That sounds like a
good opportunity to further improve and promote the application of XMPP.
I'm hopeful that the Board will act on this. I'm certainly interested in
contributing to the effort.

 - Guus

On 10 August 2017 at 11:57, edhelas  wrote:

> Hi everyone,
>
> I already talked with some of you about a really interesting project that
> could involve people from the XMPP community or the XSF itself. I really
> think that this project can brings interest on the XMPP protocol regarding
> data portability within the European Union and can boost its deployment in
> related infrastructures and services.
>
> Here is more details about it, if you are interested, please answer this
> message (or send me a message directly) I'll put you in contact with the
> responsible of the project.
>
> *What we are applying for?*
> „Cybersecurity PPP: privacy, data protection, digital identities“ under
> „Horizon 2020“, look up at: http://ec.europa.eu/research/
> participants/portal/desktop/en/opportunities/h2020/topics/ds-08-2017.html
> The call at 24th of August 2017.
>
> *What we are planing to do?*
> We are planning to develop a best practice implementation of the new user
> right to data portability (Art. 20 GDPR) based on XMPP within a project
> duration of 24 months.
>
> *What we are searching for?*
> We are searching for a company within the EU that is offering XMPP-based
> services such as IM, video conference system, IoT etc. to their customers
> and that would like to participate in a 24-months project that is funded by
> the European Union. We are searching for a company that wants to
> participate especially in the designing the architecture, in implementing
> and evaluating as well as being in contact with the relevant
> standardization such as XSF. The minimum participation should be 12 person
> months within the 24-months project (= 1 person works 50% of it´s time on
> the project, 2 persons work 25% of their time for the project etc.), the
> maximum participation should be 24 person months.
>
> Pro: The proposal is almost done. The company we are searching for
> therefore does not need to participate much in the proposal (we only need
> you to register with the EU Horizon 2020 and send us a description of your
> expertise and planned work). So its minimal work for potentially a maximum
> outcome of being funded 24 months.
>
> Con: We need your final decision until 15th of August.
>
> *What else are we searching for?*
> We would be interested in the XSF, as an organization itself, to join our
> project´s External Advisory Board. The EAB would meet twice within the
> projects duration to discuss the main ideas and outcome of the project. The
> travel costs of one XSF-member (hotel and plane) to those two workshops can
> be funded.
>
> Kind regards,
>
> Timothée Jaussoin
>
> ___
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: standards-unsubscr...@xmpp.org
> ___
>
>
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___