- Standards

LAST CALL: XEP-0484 (Fast Authentication Streamlining Tokens)

by Daniel Gultsch

This message constitutes notice of a Last Call for comments on XEP-0484. Title: Fast Authentication Streamlining Tokens Abstract: This specification defines a token-based method to streamline authentication in XMPP, allowing fully authenticated stream establishment within a single round-trip. URL: https://xmpp.org/extensions/xep-0484.html This Last Call begins today and shall end at the close of business on 2025-01-27. Please consider the following questions during this Last Call and send your feedback to the standards(a)xmpp.org discussion list: 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol? 2. Does the specification solve the problem stated in the introduction and requirements? 3. Do you plan to implement this specification in your code? If not, why not? 4. Do you have any security concerns related to this specification? 5. Is the specification accurate and clearly written? Your feedback is appreciated!

1 week, 1 day

5
14
0 0

Splitting XEP-0455 (Service Outage Status)

by Mathieu Pasquet

Hi everyone, I have been thinking lately about updating XEP-0455 (and getting around to implementing it), and I find the initial semantics that I came up with a bit murky. My plan now is to remove the in-band events and outage planning entirely, to only keep the signaling part (using 0128) and the json format to describe an ongoing outage. I would also update the wording to say that a client should fetch the external address only if it does not manage to connect to the server. This way, the XEP will do one thing and do it quite efficiently, and the in-band events and planning can go into another XEP without being constrained by the requirements for (complete and ongoing) outages from 0455. Writing this to the list to collect some thoughts on the matter, or if anyone would be more interested in implementing this reduced version. Cheers, mathieui

2 weeks, 1 day

1
0
0 0

XEP-0377: New option for Spam Reporting

by Guus der Kinderen

Hello, XEP-0377 describes a mechanism to report spam or abusive content to the local domain. While implementing the server-sided part of this, I was trying to think of useful processes that could follow a report. Some of those actions could include sharing the report with third parties, such as the origin server of the spam, or a centralized spam-related collection service (like xmppbl). There is a privacy aspect to this. An end-user that flags a particular message or entity might not realize or even appreciate that their report is being forwarded to others than the local domain. I suggest having an additional field added to the data structure that is already defined in the XEP. This field is used by the reporter to signal if they agree to share the report with third parties. Clients could present this option as a checkbox that reads something like "Allow this report to be shared with relevant third parties" (or better words). Kind regards, Guus

2 weeks, 1 day

1
1
0 0

LAST CALL: XEP-0424 (Message Retraction)

by Daniel Gultsch

This message constitutes notice of a Last Call for comments on XEP-0424. Title: Message Retraction Abstract: This specification defines a method for indicating that a message should be retracted. URL: https://xmpp.org/extensions/xep-0424.html This Last Call begins today and shall end at the close of business on 2025-01-06. Please consider the following questions during this Last Call and send your feedback to the standards(a)xmpp.org discussion list: 1. Is this specification needed to fill gaps in the XMPP protocol stack or to clarify an existing protocol? 2. Does the specification solve the problem stated in the introduction and requirements? 3. Do you plan to implement this specification in your code? If not, why not? 4. Do you have any security concerns related to this specification? 5. Is the specification accurate and clearly written? Your feedback is appreciated!

2 weeks, 3 days

9
26
0 0

XEP-0484: Fast Authentication Streamlining Tokens and TLS Early Data example

by Michael Uvarov

Hi, I cannot figure out how to use early data in XEP-0484. Main question, which part does go into the early data? <authenticate/> stanza? And how does it combine with XML stream start? How does the server should reply and when? It would be nice to have the complete example for successful auth, including indication of what goes into early data and what does not. Maybe people who already implemented early data in XEP-0484 could comment. https://xmpp.org/extensions/xep-0484.html

2 weeks, 3 days

2
2
0 0

UPDATED: XEP-0474 (SASL SCRAM Downgrade Protection)

by Daniel Gultsch

Version 0.4.0 of XEP-0474 (SASL SCRAM Downgrade Protection) has been released. Abstract: This specification provides a way to secure the SASL and SASL2 handshakes against method and channel-binding downgrades. Changelog: * Use better value delimiter (tm) URL: https://xmpp.org/extensions/xep-0474.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

3 weeks, 6 days

1
0
0 0

UPDATED: XEP-0424 (Message Retraction)

by Daniel Gultsch

Version 0.4.2 of XEP-0424 (Message Retraction) has been released. Abstract: This specification defines a method for indicating that a message should be retracted. Changelog: * Use a XEP-0425 /me command in the fallback body * State that a tombstone's <retracted/> element's 'id' attribute should match the retraction message's 'id'. * Specify XEP-0359 as a dependency and require that the stanza 'id' be used instead of the origin-id. * Update the "Security Considerations" to mention the risk of non- unique message IDs. (jcb) URL: https://xmpp.org/extensions/xep-0424.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

3 weeks, 6 days

1
0
0 0

Proposed XMPP Extension: Gateway Relayed Encryption

by Daniel Gultsch

The XMPP Extensions Editor has received a proposal for a new XEP. Title: Gateway Relayed Encryption Abstract: This specification describes a mechanism for end-to-end encryption with gateways that is compatible with third-party networks. URL: https://xmpp.org/extensions/inbox/gateway-relayed-encryption.html The Council will decide in the next two weeks whether to accept this proposal as an official XEP.

1 month

5
10
0 0

Media sharing with Metalinks

by Schimon Jehudah

Greetings! I am drafting a post to next Tuesday evening about Metalink. I did a superficial search, and I did not find a mention of Metalink in the XEP index. Metalink is known as standard RFC 5854, and RFC 6249. > Metalink supports listing of multiple partial and full file hashes > along with PGP signatures. It supports listing any URI (i.e. FTP, > Gemini, HTTP, rsync, BitTorrent, eD2k, IPFS, magnet link etc.). It also has a "description" field, which is crucial in messaging system, as it can save the effort of sending an extra message to describe the content. This saves in half the number of messages upon sharing files via messages. See the example Metalink file in the following post. https://portal.mozz.us/gemini/woodpeckersnest.space/~schapps/journal/2024-1… In the example Metalink file, the content is available via BitTorrent, eD2k, FTP, HTTP, and Kad. Handling Metalink would be of benefit to XMPP. Sending of a file: > http://hfu.xmpp.i2p/StealThisFilm.Part1.avi > This is the first part of the movie "Steal This Film I" from 2006. Sending of a Metalink file: > http://hfu.xmpp.i2p/StealThisFilm.Part1.metalink XMPP client parses the Metalink file (StealThisFilm.Part1.metalink), and displays the given description which is found in that file. I advise to create an XEP for handling of Metalinks. I would be greateful to whom who would want to intstruct me. Kind regards, Schimon

1 month

1
1
0 0

STABLE: XEP-0421 (Occupant identifiers for semi-anonymous MUCs)

by Daniel Gultsch

Version 1.0.0 of XEP-0421 (Occupant identifiers for semi-anonymous MUCs) has been released. Abstract: This specification defines a method that allows clients to identify a MUC participant across reconnects and renames. It thus prevents impersonification of semi-anonymous users. Changelog: Accept as Stable as per Council Vote from 2025-01-14. (XEP Editor (dg)) URL: https://xmpp.org/extensions/xep-0421.html Note: The information in the XEP list at https://xmpp.org/extensions/ is updated by a separate automated process and may be stale at the time this email is sent. The XEP documents linked herein are up-to- date.

1 month, 1 week

1
0
0 0

2025

2024

2023

Standards ----- 2025 ----- February 2025 January 2025 ----- 2024 ----- December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 ----- 2023 ----- December 2023

Standards