Re: [Standards] UPDATED: XEP-0278 (Jingle Relay Nodes)
Hey Thiago, is this protocol still in use? I've always liked it. ;-) On 9/15/17 11:39 AM, Jonas Wielicki (XSF Editor) wrote: > Version 0.2 of XEP-0278 (Jingle Relay Nodes) has been released. > > Abstract: > This documents specifies how Jingle Clients can interact with Jingle > Relay Nodes Services and how XMPP entities can provide, search and > list available Jingle Relay Nodes. > > Changelog: > Added TURN Credentials Service Support. (tc) > > URL: https://xmpp.org/extensions/xep-0278.html > ___ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > ___ > signature.asc Description: OpenPGP digital signature ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] Call for Experience for XEP-0368: SRV records for XMPP over TLS
On Tue, Sep 19, 2017, at 11:15, Jonas Wielicki wrote: > * Do we need to interact with some registry to get xmpps-server and > xmpps- > client SRV record service names registered? From my understanding, SRV > records > can use the names as assigned in [3] or "locally defined" (whatever that > means!). Does what we do classify as "locally defined" and is sufficient? > If > not, we should probably get xmpps-server / xmpps-client registered > somewhere. IANA has been contacted and the designated expert has said he's fine with the registration from the XEP. Presumably he just hasn't gotten around to publishing it yet. —Sam ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] Call for Experience for XEP-0368: SRV records for XMPP over TLS
Now with my client developer hat on. > 1. What software has XEP-0368 implemented? I implemented XEP-0368 support in aioxmpp [1] (which is under LGPLv3 license). > 2. Have developers experienced any problems with the protocol as defined > in XEP-0368? I did not have outstanding issues (the ones I had have been clarified since then). I did not implement ALPN support though (which is a SHOULD in the spec), because I didn’t have a chance to look into how to do that yet. > 3. Is the text of XEP-0368 clear and unambiguous? I think so. > Are more examples > needed? Is the conformance language (MAY/SHOULD/MUST) appropriate? Have > developers found the text confusing at all? Two final remarks: * I find that the ALPN protocol ID registration still hasn’t gotten through to the official IANA registry [2]. * Do we need to interact with some registry to get xmpps-server and xmpps- client SRV record service names registered? From my understanding, SRV records can use the names as assigned in [3] or "locally defined" (whatever that means!). Does what we do classify as "locally defined" and is sufficient? If not, we should probably get xmpps-server / xmpps-client registered somewhere. Otherwise I find the XEP short and precise, understable, and easy to implement. kind regards, Jonas [1]: https://github.com/horazont/aioxmpp/blob/ 97b34721585e2f761195ce1df5b2fc7dd42d3ef9/aioxmpp/node.py#L106 [2]: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids [3]: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt signature.asc Description: This is a digitally signed message part. ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
[Standards] Call for Experience for XEP-0368: SRV records for XMPP over TLS
Dear list, With my XEP Editor hat on, we’d like to issue a Call for Experience for XEP-0368. This is the step taken before proposing advancement of a XEP to Final status to Council. During the Call for Experience, please answer the following questions: 1. What software has XEP-0368 implemented? Please note that the protocol must be implemented in at least two separate codebases (at least one of which must be free or open-source software) in order to advance from Draft to Final. 2. Have developers experienced any problems with the protocol as defined in XEP-0368? If so, please describe the problems and, if possible, suggested solutions. 3. Is the text of XEP-0368 clear and unambiguous? Are more examples needed? Is the conformance language (MAY/SHOULD/MUST) appropriate? Have developers found the text confusing at all? Please describe any suggestions you have for improving the text. If you have any comments about advancing XEP-0368 from Draft to Final, please provide them by the close of business on Tuesday, October 3rd, 2017. After the Call for Experience, this XEP might undergo revisions to address feedback received, after which it will be presented to the XMPP Council for voting to a status of Final. You can review the specification here: https://www.xmpp.org/extensions/xep-0368.html Please send all feedback to the standards@xmpp.org discussion list. Thanks! Jonas P.S.: Procedural note: I’m not entirely clear on what is allowed to trigger a CFE (I don’t think that’s spelled out in XEP-0001). In this specific case, the author asked for it. signature.asc Description: This is a digitally signed message part. ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XMPP Meetup during T-DOSE in Eindhoven (NL) in November
Hi all, A quick update on T-DOSE 2017. As the amount of responses to Tim's suggestion to have a meetup was very low, we've opted to not follow-up on the offer of a dedicated room for XSF/XMPP. We did, however, request a booth. If you're interested in joining us there, please let us know (either here, or at https://wiki.xmpp.org/web/T-DOSE_2017 ) Regards, Guus On 22 August 2017 at 09:59, Timothée Jaussoinwrote: > Hello everyone, > > I've created a page on the Wiki for the project > https://wiki.xmpp.org/web/T-DOSE_2017. > If you are interested to come, do a conference, a XMPP meetup or something > related, please put it on this page :) > > Regards, > > Timothée > > Le lundi 31 juillet 2017 à 12:18 +0200, Guus der Kinderen a écrit : > > Hi Timothée, > > > > Thanks for taking the time to organize this! I'd certainly be interested > in attending. > > > > As for XSF support: what exactly do you need? This year, the XSF created > the SCAM (somethingsometing, Conferences And Meetups) > > workgroup (of which I may or may not be a part). I am not aware of any > activity of that workgroup other than its inception. This > > event might be a good first event to get SCAM-things going though. > > > > Regards, > > > > Guus > > > > On 30 July 2017 at 22:50, Timothée Jaussoin wrote: > > > Hi everyone, > > > > > > I'm currently in contact with an organizer of the T-DOSE event. For > those that don't know T-DOSE. > > > > > > T-DOSE is a free and yearly event held in The Netherlands to > promote use and development of Open Source Software. During this > > > event > > > Open Source projects, developers and visitors can exchange ideas > and knowledge. This years event will be held at the Fontys > > > University of Applied Science in Eindhoven on November 18 and 19. > > > > > > More info here http://www.t-dose.org/. > > > > > > I think that it could be a nice opportunity to meet-up there and maybe > have conferences to promote the XMPP protocol :) > > > The organizers told me that they have classrooms available where we > could talk and that they are open for conferences proposal > > > (deadline September 30). > > > > > > For those that are interested to take part of it and help with the > organization do not hesitate to answer that mail. > > > I don't have a clear idea how we organize our participation into such > event in the XSF, should I create a Wiki page? Is it possible > > > to > > > put it in the agenda for the next meeting? > > > > > > On my side I can help with the communication with the T-DOSE team, I'm > also interested to propose a conference (around > > > Movim/social- > > > networking on XMPP…) and participate in discussion if we meet-up to > talk about the current XEP in progress. > > > > > > Kind regards, > > > > > > Timothée Jaussoin > > > ___ > > > Standards mailing list > > > Info: https://mail.jabber.org/mailman/listinfo/standards > > > Unsubscribe: standards-unsubscr...@xmpp.org > > > ___ > > > > > > > ___ > > Standards mailing list > > Info: https://mail.jabber.org/mailman/listinfo/standards > > Unsubscribe: standards-unsubscr...@xmpp.org > > ___ > ___ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: standards-unsubscr...@xmpp.org > ___ > ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XEP-0384 OMEMO questions
On 19.09.2017 12:35, Remko Tronçon wrote: > > The original authors of the XEP worked on a follow up version [1] which > put the wire format into the XEP > > > This follow-up version is in its current state even more underspecified > than the libsignal one (for example, it's impossible to know how to > authenticate the sent payload IIRC). If that's the case then lets improve it. > and was based (mostly) on the Signal > specification, which is a open standard [2]. > > > Signal's wire format is not an open standard AFAIK. For example, the > first byte of a key is used to define the key format, which is only > hinted in some of the specs. Possibly, but that is exactly why people wanted to put the wire format into the XEP while reusing the basic ratchet mechanism that is already widely used by existing OMEMO implementations. > could reimplement everything from scratch (if they want) > > > I don't remember arguments that XEdDSA could not be reimplemented. Any well specified open standard can be implemented. If you don't feel comfortable implementing it yourself, and are not able to use an existing library, then I'm sure you would find a skilled programmer that you can pay to implement it. The arguments I've heard against XEdDSA where something like 1. "It's not widespread" and 2. "There is no permissive license library". Both are IMHO not worth the trade-off to switch to something else, because 1. it is widely used, and 2. if you aren't happy with the existing library ecosystem, then you are free to create an new one (you probably have to put some money on the table). But OMEMO, using XEdDSA, is obviously no problem for open source projects, otherwise we wouldn't have nearly half a dozen implementations finished and many more to come [1]. - Florian 1: https://omemo.top/ signature.asc Description: OpenPGP digital signature ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XEP-0384 OMEMO questions
> The original authors of the XEP worked on a follow up version [1] which > put the wire format into the XEP This follow-up version is in its current state even more underspecified than the libsignal one (for example, it's impossible to know how to authenticate the sent payload IIRC). > and was based (mostly) on the Signal > specification, which is a open standard [2]. Signal's wire format is not an open standard AFAIK. For example, the first byte of a key is used to define the key format, which is only hinted in some of the specs. could reimplement everything from scratch (if they want) Remko ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XEP-0384 OMEMO questions
On 19.09.2017 11:37, Dave Cridland wrote: > On 19 September 2017 at 09:21, Klaus Herberthwrote: >>> Hi Klaus, >> Hi Andrey, >> >>> What do you mean by "libsignal"? There are at least 4(+1) libraries: >> With libsignal I referred to your linked implementations of WhisperSystems. >> >>> Note, javascript favor is already available. >> I know, but it is GPL and this doesn't work for everyone. >> >>> BTW, why is it terrible? >> It's terrible, because the wire format of those implementations aren't >> documented (as far as I know) and therefore it's quite hard to implement >> such protocol by your own. I think a protocol should be like an Internet >> Standard defined in RFC1310: >> >> "In general, an Internet Standard is a specification that is stable >> and well-understood, is technically competent, has multiple, >> independent, and interoperable implementations with operational >> experience, enjoys significant public support, and is recognizably >> useful in some or all parts of the Internet." >> >> I think "multiple independent and interoperable implementations" are >> currently missing for the "signal protocol". If we would have some kind >> of documentation for the wire format and a clear hint in the XEP that >> libsignal is needed it would be a great help for everyone who wants to >> implement this XEP. >> > > I entirely and unreservedly agree with you. > > For what its worth, the XMPP Council originally rejected this XEP > because it was reliant on a single library; while we were assured that > this was not the case anymore, and anyone could easily (I believe the > word "trivially" was used multiple times) implement a fully > independent implementation and have it interoperate, you are sadly > proving that this is not the case. You are only telling half of the story. The original authors of the XEP worked on a follow up version [1] which put the wire format into the XEP and was based (mostly) on the Signal specification, which is a open standard [2]. The existing OMEMO implementations could trivially upgrade to what is specified in [1], and new implementations, like the one Klaus tries to write, could reimplement everything from scratch (if they want), since the ultimate goal of [1] was it to have all parts openly and well specified. Or, of course, new implementations could reuse the existing Axolotl/Signal/OMEMO ecosystem of libraries. Sadly that change was torpedoed by a small group (including you). - Florian 1: https://github.com/xsf/xeps/pull/460 2: https://signal.org/docs/ signature.asc Description: OpenPGP digital signature ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XEP-0384 OMEMO questions
On 19 September 2017 at 09:21, Klaus Herberthwrote: >> Hi Klaus, > Hi Andrey, > > >> What do you mean by "libsignal"? There are at least 4(+1) libraries: > With libsignal I referred to your linked implementations of WhisperSystems. > >> Note, javascript favor is already available. > I know, but it is GPL and this doesn't work for everyone. > >> BTW, why is it terrible? > It's terrible, because the wire format of those implementations aren't > documented (as far as I know) and therefore it's quite hard to implement > such protocol by your own. I think a protocol should be like an Internet > Standard defined in RFC1310: > > "In general, an Internet Standard is a specification that is stable > and well-understood, is technically competent, has multiple, > independent, and interoperable implementations with operational > experience, enjoys significant public support, and is recognizably > useful in some or all parts of the Internet." > > I think "multiple independent and interoperable implementations" are > currently missing for the "signal protocol". If we would have some kind > of documentation for the wire format and a clear hint in the XEP that > libsignal is needed it would be a great help for everyone who wants to > implement this XEP. > I entirely and unreservedly agree with you. For what its worth, the XMPP Council originally rejected this XEP because it was reliant on a single library; while we were assured that this was not the case anymore, and anyone could easily (I believe the word "trivially" was used multiple times) implement a fully independent implementation and have it interoperate, you are sadly proving that this is not the case. >> It's not that uncommon a program can be compiled only with openssl >> (and even not with the latest version). > Please correct me if I'm wrong, but everything in openssl is documented > somewhere. There is no magic happening inside this library and therefore > the comparison doesn't work. Also openssl is under Apache License which > makes it a lot easier to use it in combination with other software. As far as I am aware, OpenSSL is based entirely on well-known and fully documented protocols and algorithms. Even the API has some documentation, increasingly accurate as well these days. There are numerous TLS libraries, and numerous implementations of the cryptographic primitives used by OpenSSL. I, like you, have no idea why anyone would consider this a useful comparison. Dave. ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] XEP-0384 OMEMO questions
> Hi Klaus, Hi Andrey, > What do you mean by "libsignal"? There are at least 4(+1) libraries: With libsignal I referred to your linked implementations of WhisperSystems. > Note, javascript favor is already available. I know, but it is GPL and this doesn't work for everyone. > BTW, why is it terrible? It's terrible, because the wire format of those implementations aren't documented (as far as I know) and therefore it's quite hard to implement such protocol by your own. I think a protocol should be like an Internet Standard defined in RFC1310: "In general, an Internet Standard is a specification that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet." I think "multiple independent and interoperable implementations" are currently missing for the "signal protocol". If we would have some kind of documentation for the wire format and a clear hint in the XEP that libsignal is needed it would be a great help for everyone who wants to implement this XEP. > It's not that uncommon a program can be compiled only with openssl > (and even not with the latest version). Please correct me if I'm wrong, but everything in openssl is documented somewhere. There is no magic happening inside this library and therefore the comparison doesn't work. Also openssl is under Apache License which makes it a lot easier to use it in combination with other software. Cheers, Klaus signature.asc Description: OpenPGP digital signature ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___