July 2025 - Standards

LAST CALL: XEP-0484 (Fast Authentication Streamlining Tokens)

by Daniel Gultsch

This message constitutes notice of a Last Call for comments on XEP-0484. Title: Fast Authentication Streamlining Tokens Abstract: This specification defines a token-based method to streamline authentication in XMPP, allowing fully authenticated stream establishment within a single round-trip. URL: https://xmpp.org/extensions/xep-0484.html This Last Call begins today and shall end at the close of business on 2025-01-27. Please consider the following questions during this Last Call and send your feedback to the standards(a)xmpp.org discussion list: 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol? 2. Does the specification solve the problem stated in the introduction and requirements? 3. Do you plan to implement this specification in your code? If not, why not? 4. Do you have any security concerns related to this specification? 5. Is the specification accurate and clearly written? Your feedback is appreciated!

18 hours, 39 minutes

6
20
0 0

LAST CALL: XEP-0440 (SASL Channel-Binding Type Capability)

by Daniel Gultsch

This message constitutes notice of a Last Call for comments on XEP-0440. Title: SASL Channel-Binding Type Capability Abstract: This specification allows servers to annouce their supported SASL channel-binding types to clients. URL: https://xmpp.org/extensions/xep-0440.html This Last Call begins today and shall end at the close of business on 2024-05-20. Please consider the following questions during this Last Call and send your feedback to the standards(a)xmpp.org discussion list: 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol? 2. Does the specification solve the problem stated in the introduction and requirements? 3. Do you plan to implement this specification in your code? If not, why not? 4. Do you have any security concerns related to this specification? 5. Is the specification accurate and clearly written? Your feedback is appreciated!

1 month, 2 weeks

9
30
0 0

XEP-0001 Changes to reflect current practice wrt XEP Authors

by Dave Cridland

Hey hey, Boring incoming: https://github.com/xsf/xeps/pull/1407 This is draft to avoid the XSF Board accidentally approving it before the community has had a chance to discuss. The main change is the paragraph added in Section 6 (Discussion Process), covering changes to the XEP during Experimental: The XEP author incorporates the feedback by creating source control patches > (such as Pull Requests), in line with the preferred method in &xep0143;. > Direct changes to an Experimental XEP, such as a contributor providing a > patch (or Pull Request on GitHub), are still the responsibility of the XEP > author, and are only applied if the XEP author agrees. If a XEP has > multiple authors, while agreement is sought from all authors, only those > opinions from responsive authors are considered. If the Approving Body > feels that the XEP author is not responsive, another author may be added > unilaterally by the Approving Body. This is trying to do two things: 1) Document the existing practice that the XMPP Council has followed, whereby changes to Experimental XEPs need "agreement" (PR approval, or similar) from the XEP Author. 2) Document the existing practice that the XMPP Council has followed. whereby if a XEP Author isn't responsive (ie, doesn't respond to emails, etc) the XMPP Council can add a new XEP Author. 3) Document the *new practice* that if a contribution isn't a PR, it's the XEP Author who is responsible to turn it into one. The rest of the changes surface and restate existing process/policy/URLs and aren't that interesting (well, even less interesting). There is one additional possible process deviation we should document (or call the Process Police out, or something). Submission of a XEP, as per XEP-0143, occurs via email tot he Editor. Is this really still the case? Or are these now by PR? That'll need changing in XEP-0143, which I'm happy to do if that's the case. It'd be nice to have a non-PR variant of the process (post here?) Dave.

4 months, 1 week

6
17
0 0

Situation of DOAP

by Schimon Jehudah

Good evening. I am working on a Python script which generates an Atom Syndication Format XML feed from XMPP DOAP files. I will further add to it an XSLT stylesheet to transform it to XHTML. I have attached that script, for those who are inqusitive about it. Problems -------- However, I did notice, that some DOAP files are not updated, and some are missing information. Proposal -------- I would suggest to add attributes for types of links (i.e. Gemini, HTTP, PubSub, etc.), because in near future, resources such as homepage, bug-database, developer-forum, developer-support, etc. will be hosted on PubSub services over XMPP, instead of HTTP. Question -------- Is there an automated DOAP generator software or service? Conclusion ---------- If there is no automated service yet, then I would create an XHTML software with forms that would do so. Afterwards, I would also create an XMPP service with Data Forms for that purpose. Please advise. Kindly, Schimon

4 months, 3 weeks

1
1
0 0

hey

by who knows

hello world

5 months

1
0
0 0

An XSLT file is missing over xmpp.org

by Schimon Jehudah

Administrators. Good day. Please copy file https://xmpp.org/extensions/xep.xsl to loccation https://xmpp.org/extensions/inbox/xep.xsl or create a link thereof. This is essential for XEPs that are located under /inbox/ directory. Kind regards, Schimon

5 months

1
0
0 0

Proposal to modernize and update the CAPTCHA XEP (XEP-0158)

by techmetx11

XEP-0158 has not been updated (in a major way) since late 2008, and ever since then, all of the challenge types can be easily broken with a neural network or ASICs/FPGAs/GPUs (for Hashcash). This makes out-of-band CAPTCHA sites the only feasible method of fending off bots. But requiring a user to visit a site to send a message or join a MUC doesn't make it as seamless for them, Therefore the XEP should be revamped in a way to still provide a seamless experience while also providing security against modern attackers. These are my suggestions in regards to this: 1) Deprecate OCR and recongition-based challenges and switch to more interactive challenges (such as: pointing to parts of a picture that matches a specified condition) 2) Add more Proof-of-Work algorithms and possibly deprecate Hashcash. There should be a requirement for choosing candidate algorithms, we can use Tor's requirements (from Equi-X's design notes) as an example: 1. The solution proof must be smaller than about 200 bytes. 2. Solution verification must be fast. 3. GPUs and FPGAs should not provide a large advantage for solving the puzzle - https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/ext/equix/devlog… Unfortunately, the second requirement may disqualify Argon2 from being used, due to its symmetry.

5 months

1
0
0 0

NEW: XEP-0505 (Data Forms File Input Element)

by Daniel Gultsch

Version 0.1.0 of XEP-0505 (Data Forms File Input Element) has been released. Abstract: This specification defines an element which can be used with data forms to let users upload one or more files. Changelog: Accepted as Experimental by Concil vote on 2025-07-08 (XEP Editor: dg) URL: https://xmpp.org/extensions/xep-0505.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

5 months, 1 week

1
0
0 0

NEW: XEP-0504 (Data Policy)

by Daniel Gultsch

Version 0.1.0 of XEP-0504 (Data Policy) has been released. Abstract: This document specifies metadata on how an entity handles its data (encryption, data retention, etc). Changelog: Accepted as Experimental by Concil vote on 2025-06-08 (XEP Editor: dg) URL: https://xmpp.org/extensions/xep-0504.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

5 months, 1 week

1
0
0 0

UPDATED: XEP-0363 (HTTP File Upload)

by Daniel Gultsch

Version 1.2.0 of XEP-0363 (HTTP File Upload) has been released. Abstract: This specification defines a protocol to request permissions from another entity to upload a file to a specific path on an HTTP server and at the same time receive a URL from which that file can later be downloaded again. Changelog: * Add optional upload purpose when requesting slots (dg) URL: https://xmpp.org/extensions/xep-0363.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

5 months, 1 week

1
0
0 0

2025

2024

2023

Standards July 2025