[Standards] Council Voting Summary 2019-07-28

Kevin Smith kevin.smith at isode.com
Wed Jul 31 15:35:53 UTC 2019



> On 29 Jul 2019, at 02:15, Tedd Sterr <teddsterr at outlook.com> wrote:
> 
> 
> 2019-07-17 (expiring 2019-07-31)
> 
> Proposed XMPP Extension: Anonymous unique occupant identifiers for MUCs -https://xmpp.org/extensions/inbox/occupant-id.html
> Dave: [pending]
> Georg: +1 (would rather see occupant IDs in the form of JIDs, maybe even passed in a 'jid' attribute in the XEP-0045 item tag)
> Jonas: +1
> Kev: [pending]
> Link: +1

I’m -0 on this at the moment. I’m concerned that there’s an assumption here that it’s desirable to be able to (effectively) de-anonymise semi-anonymous MUCs (they might be set semi-anonymous deliberately), and there’s a lack of security considerations about the cross-muc implications of poor generation, or of rainbow attacks with poor hash choices.

> Proposed XMPP Extension: Message Reactions - https://xmpp.org/extensions/inbox/reactions.html
> Dave: [pending]
> Georg: +0 (for now; still undecided)
> Jonas: +1 (details can be ironed out)
> Kev: [pending]
> Link: +1 (issues can be ironed out before Draft)

This is definitely not the Right Way to do this, as we need a general way of referencing a previous message for assorted things, of which reactions are only one, and to use that everywhere, while the reactions syntax is not reusable. This mechanism could be references, or could be attaching, or could be something else, but a reactions-only syntax is definitely unhelpful when we need to be collating all the different types of meta-data responses and exposing them in archives. As-is at the moment, without that half of the puzzle solved (such as the collation stuff from the Summit), reactions are limited. I’m very concerned that not doing it Right at first when it goes Experimental is going to lead to a situation where it gets deployed and is almost impossible to fix the holes later due to inertia-once-implemented.

Council had a long and heated discussion about this today, and I think the best thing I can do is -1. My suggested remediation is to a) Get general agreement that either references or attaching can be our Future Mechanism For All The Things (I think we’re pretty much there) b) use Attaching (367) in reactions.

As a recompense for the -1, I’m willing to make the change to the protoXEP myself, if desired.

/K


More information about the Standards mailing list