Hi,
Following what I've said yesterday at the summit, I would like to explain more
my idea, and get your feedback.
So basically the problem with presence in large MUC is that we get 2 things:
- initial presence when we join the room
- all the presence update when people join and leave, which is quite often
with people on mobiles.
So my point was that we are seeing MUC by the way it's used today. But we
don't have to.
We don't have to be actively in the room. What we want when we are in a large
room, is to be able to check it when we want, and be notified when we are
mentioned.
For smaller rooms, we may want to be notified on each new message.
The way I see it, we could have 2 ways to join a MUC: active and passive.
The active join would be what we do today, we get all the presence, and
updates, it's really bandwidth intensive.
The passive join, on the other hand, would only say "we are in the room". The
MUC service would then notify the client only in case of mention (or for any
message in case of "subscribed" room).
Benefit:
- we don't have presence spam anymore, the client does an active join only
when the user want to actually be in the room. So it's only one room at the
time.
- client doesn't have to actively parse message to look for mention, on mobile
it will get a push notification and wake up only when necessary
- It should be easy to implement on top on existing MUC implementation
- It's backward compatible: non-compatible client will just to "active" join
all the time, and get all the presence spam.
Probably we can also optimize the initial presence in case of active join, but
that's another topic.
I think that solves the presence issue. Let me know what you think about it.
Best,
Goffi
Hey all,
Some of you have heard me talk about this at the Summit, but I'd like to
revisit/reexamine our QUIC binding to improve performance of XMPP on low
bandwidth. I'm not sure we'll get to this at the Summit, and there's not
many who want to talk about it so I wondered if this summit topic could
have been an email. (Except then we discussed it anyway)
The primary concerns on low bandwidth - beyond sending fewer bytes on the
wire - are round-trips and head-of-line blocking.
I think XMPP has a good story on round-trips; we're down to very few during
authentication and connection setup, and during normal messaging operation
we don't worry about latency at all.
Head-of-Line blocking, or HoL Blocking, is when - in our case - packet loss
causes the stream to stall until the packet is retransmitted, which is at
least a round-trip away - and can be more due to bandwidth-delay product.
At the same time, we cannot eliminate this entirely (by, say, sending
stanzas over UDP directly) because if we do that we lose the ordering. Out
of order messages can be confusing, and lead to bad misunderstandings.
The rules on this are in RFC 6120, and are rather more complicated than we
normally worry about - normally, we just process everything on a strea, in
order, and this does satisfy the rules. But the rules allow us to process
stanzas in any order we like, as long as
So, what I'm thinking is a way to use the additional channels in QUIC such
that we open multiple channels on both C2S and S2S sessions, which would
form part of the same virtual stream, and we can distribute messages such
that we maintain ordering within messages where we need to, but allows us
to out-of-order (and avoid HOL Blocking) messages sent between unrelated
jids.
This differs to the existing XEP, where each channel maps to a single XML
Stream and XMPP session.
Notes from the Summit:
WEBTRANS would also be of interest, but "raw" QUIC has some advantages as
well, so we probably want both with a uniform approach.
So, my plan is to get an implementation together and a XEP.
Anyone else interested?
Dave.
The XMPP Extensions Editor has received a proposal for a new XEP.
Title: End-to-End Encrypted Contacts Metadata
Abstract:
This specification describes how to encrypt contacts metadata to
minimize server exposure.
URL: https://xmpp.org/extensions/inbox/contacts-e2e.html
The Council will decide in the next two weeks whether to accept this
proposal as an official XEP.
Greetings.
I advise to moderate people who have never posted to this mailing-list.
It is bad enough that there is only a single official mailing-list; and
Having issues with that single one will even worse.
Please advise.
Kindly,
Schimon
Hi,
I saw a talk by Sophia Longwe, who I believe works at Wikimedia
Germany, at 39C3 (Chaos Communication Congress). I saw the talk in
person, but there is a recording of it here:
https://media.ccc.de/v/39c3-who-runs-the-www-wsis20-and-the-future-of-inter…
The talk is a rudimentary overview of how the different bodies that
"steer" the internet work t ranging from UN committees and ICANN down
to mere mortals such as us. The XMPP Standards Foundation (XSF) was
not called out specifically, but our colleagues at the IETF and W3C
were mentioned.
In her talk, she criticized the lack of participation from "civil
society" in standardization work. She attributed this partially to
high barriers to entry at IETF events (high costs, fancy hotels) and
said (I’m paraphrasing) that it’s basically just rich FAANG employees.
Some of that doesn’t exactly match my own experience at the IETF, but
I don’t think any of what she said was in bad faith. I hope to meet
her in Vienna (IETF126) to discuss some of these things in person. And
who knows, maybe she is right.
Anyway, long story short, this got me thinking about our processes
here at the XSF (which, again, she didn’t mention at all):
I think the XMPP Standards Foundation is in a unique position where
many of our members can be described as "civil society" - people who
might describe themselves as activists or promoters of XMPP rather
than developers. (And/or people who do software development for a
living, but whose jobs are unrelated to XMPP and who joined the XSF
more in the capacity of a user.)
At the same time, I’m observing that a lot of our Last Calls (and
standards work in general) have few participants, at least relative to
our overall membership numbers. Furthermore, I've heard criticism that
the XSF doesn’t take the concerns of some minority groups seriously
enough. (Which may or may not be true; I don’t want to take sides on
that at this point.)
This leads me to a question: Can we kill two or three birds with one
stone here? Can we either rephrase some of the questions in the Last
Call or add new ones that explicitly invite feedback from "civil
society" (for lack of a better word)?
I just want to get the discussion started, so I don’t have a final
list, but the questions could go in a direction like this:
* Would you use this feature if it were implemented in the XMPP client
you currently use?
* Do you think an implementation of this feature could negatively
impact your community?
* Does this improve (make easier) the work you do in your community?
Cheers,
Daniel
Version 1.1.0 of XEP-0386 (Bind 2) has been released.
Abstract:
This specification provides a single-request replacement for several
activities an XMPP client needs to do at startup.
Changelog:
It's authorization-identifier not authorization-identity (dg)
URL: https://xmpp.org/extensions/xep-0386.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
This message constitutes notice of a Last Call for comments on
XEP-0377.
Title: Spam Reporting
Abstract:
This document specifies a mechanism by which users can report spam and
other abuse to a server operator or other spam service.
URL: https://xmpp.org/extensions/xep-0377.html
This Last Call begins today and shall end at the close of business on
2026-01-05.
Please consider the following questions during this Last Call and send
your feedback to the standards(a)xmpp.org discussion list:
1. Is this specification needed to fill gaps in the XMPP protocol
stack or to clarify an existing protocol?
2. Does the specification solve the problem stated in the introduction
and requirements?
3. Do you plan to implement this specification in your code? If not,
why not?
4. Do you have any security concerns related to this specification?
5. Is the specification accurate and clearly written?
Your feedback is appreciated!
