Version 1.0.0 of XEP-0398 (User Avatar to vCard-Based Avatars
Conversion) has been released.
Abstract:
This specification describes a method for using PEP based avatars and
vCard based avatars in parallel by having the user’s server do a
conversion between the two.
Changelog:
Accept as Stable as per Council Vote from 2024-04-30. (XEP Editor
(dg))
URL: https://xmpp.org/extensions/xep-0398.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Hi folks,
I'm forwarding this email that was posted to the IETF working group
responsible for SASL improvements, because I think it is quite relevant to
people here, yet many are probably not following the kitten mailing list.
I'm aware that by now most XMPP projects have received feature requests to
implement what are essentially obscure flavours of SCRAM, without much
rationale beyond what can be paraphrased as "the numbers are bigger, and
therefore better".
If we decide to move the protocol and ecosystem beyond SCRAM-SHA-1 (which
is required by the current RFC) and possibly SCRAM-SHA-256, it should be
with the necessary attention paid to interoperability and security. All
current feature requests I've seen lack this.
---------- Forwarded message ---------
From: Simon Josefsson <simon=40josefsson.org(a)dmarc.ietf.org>
Date: Thu, 2 May 2024, 09:20
Subject: [kitten] SCRAM-SHA512 and SCRAM-SHA3
To: <kitten(a)ietf.org>
Hi
I'm seeing push on implementers to add support for these variants, and I
noticed new drafts were published recently. I want to repeat some
earlier concerns. I believe the cost of having these two mechanisms as
standard mechanisms in the ecosystem costs more than any advantages we
would get out of them. There is still no cryptographic attack on
HMAC-MD5, yet alone the HMAC-SHA1 or HMAC-SHA256 that are used in
SCRAM-SHA1 and SCRAM-SHA256 that we are still seeing deployment of.
Adding SCRAM-SHA512/SHA3 variants create additional requirements on
hashed password database formats and APIs, since they are not compatible
with SCRAM-SHA1 and SCRAM-SHA256. Parametrization of security protocols
and algorithms are generally a bad idea as it adds complexity which
reduce security. There is the negotiation interop problem if a server
has one credential but not the other for a subset of users. If some
people are using these variants, I would agree that having them
documented is useful. Then I believe the category should be
Informational rather than standards track, and warnings about the
problems should be added.
/Simon
_______________________________________________
Kitten mailing list
Kitten(a)ietf.org
https://www.ietf.org/mailman/listinfo/kitten
Version 1.0.1 of XEP-0388 (Extensible SASL Profile) has been released.
Abstract:
This document describes a replacement for the SASL profile documented
in RFC 6120 which allows for greater extensibility.
Changelog:
Fixed typos (md)
URL: https://xmpp.org/extensions/xep-0388.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Good morning Council Members,
the next XMPP Council Meeting will take place on, Tuesday, April 23
2024 at 16:00 UTC in xmpp:council@muc.xmpp.org?join
The Agenda is as follows:
1) Roll call
2) Agenda Bashing
3) Editors update
* STABLE: XEP-0334 (Message Processing Hints)
* STABLE: XEP-0333 (Displayed Markers)
4) Items for voting
a) Issue Last Call on 'XEP-0421: Anonymous unique occupant identifiers for MUCs'
5) Pending votes
Marvin on
* XEP-0388: Fix typo (PR) (Expires today)
* Move 'XEP-0398 (User Avatar to vCard-Based Avatars Conversion)' to stable
* Issue Last Call on 'XEP-0440: SASL Channel-Binding Type Capability'
See the spreadsheet of Doom:
https://docs.google.com/spreadsheets/d/1H310M8z6Kdo6XyNf2DwafzrSLuwhaLNvzfa…
6) Date of Next
7) AOB
8) Close
Version 1.0.0 of XEP-0334 (Message Processing Hints) has been
released.
Abstract:
This document defines a way to include hints to entities routing or
receiving a message.
Changelog:
Accept as Stable as per Council Vote from 2024-04-17 (XEP Editor (dg))
URL: https://xmpp.org/extensions/xep-0334.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Version 1.0.0 of XEP-0333 (Displayed Markers) has been released.
Abstract:
This specification introduces a method to let the sender, or multiple
participants in a group chat, know that a client has displayed
messages up to a certain point.
Changelog:
Accept as Stable as per Council Vote from 2024-04-17. (XEP Editor
(dg))
URL: https://xmpp.org/extensions/xep-0333.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Good morning Council Members,
the next XMPP Council Meeting will take place on, Tuesday, April 16
2024 at 16:00 UTC in xmpp:council@muc.xmpp.org?join
The Agenda is as follows:
1) Roll call
2) Agenda Bashing
3) Editors update
Minor updates to XEP-0444 (Message Reactions) and XEP-0440 (Channel Binding)
4) Items for voting
a) Move 'LAST CALL: XEP-0398 (User Avatar to vCard-Based Avatars
Conversion)' to stable
b) Issue Last Call on 'XEP-0440: SASL Channel-Binding Type Capability'
5) Pending votes
Marvin on
* Move 'XEP-0334 (Message Processing Hints)' to stable
* Move 'XEP-0333 (Displayed Markers)' to stable
* XEP-0388: Fix typo (PR)
See the spreadsheet of Doom:
https://docs.google.com/spreadsheets/d/1H310M8z6Kdo6XyNf2DwafzrSLuwhaLNvzfa…
6) Date of Next
7) AOB
8) Close
Version 0.2.1 of XEP-0444 (Message Reactions) has been released.
Abstract:
This specification defines a way for adding reactions to a message.
Changelog:
fix grammar and spelling (wb)
URL: https://xmpp.org/extensions/xep-0444.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Version 0.4.1 of XEP-0440 (SASL Channel-Binding Type Capability) has
been released.
Abstract:
This specification allows servers to annouce their supported SASL
channel-binding types to clients.
Changelog:
Recommend the usage of tls-exporter over tls-server-end-point
(fs)
URL: https://xmpp.org/extensions/xep-0440.html
Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
Good morning Council Members,
the next XMPP Council Meeting will take place today on, Tuesday, April
9 2024 at 16:00 UTC in xmpp:council@muc.xmpp.org?join
The Agenda is as follows:
1) Roll call
2) Agenda Bashing
3) Editors update
* STABLE: XEP-0386 (Bind 2)
* STABLE: XEP-0388 (Extensible SASL Profile)
* UPDATED: XEP-0333 (Displayed Markers)
4) Items for voting
a) Move 'XEP-0334 (Message Processing Hints)' to stable
b) Move 'XEP-0333 (Displayed Markers)' to stable
c) XEP-0388: Fix typo https://github.com/xsf/xeps/pull/1338
5) Pending votes
none
See the spreadsheet of Doom:
https://docs.google.com/spreadsheets/d/1H310M8z6Kdo6XyNf2DwafzrSLuwhaLNvzfa…
6) Date of Next
