The XMPP Newsletter

Everyone go for decentralisation! 03 Apr 2020

Intro

Welcome to the XMPP newsletter covering the months of February and March 2020.

This is a big one!

Help us sustain this as a community effort, which process is fully documented.

Anyway, we are always happy to contributors - just come along and talk to us in the Comm-Team MUC and thereby help us sustain this as a community effort, which process is fully documented.

Subscribe to receive the next edition in your inbox!

Newsletter translations

The translations of the XMPP Newsletter will be released here:

Articles

A nice and short summary about XMPP - en español!

Marvin Schirrmacher analysed WhatsApp's VoIP protocol. He extracted cryptographic keys and also showed that code obscurity does not finally protect against attackers. Further readings on GitHub here, here and here.

Mobile Kommunikation: zeitgemäß und rechtskonform: A German article about mobile communication in authorities mentioning MOKA/XMPP.

Daniel Gultsch (iNPUTmice) published several posts commenting on the situation on OMEMO initial vectors.

A discussion (Spanish) on Quey compared the performance of XMPP and Matrix. Seems that XMPP outperforms easily!

Liz Flynn scheduled a notification for IETF-107 for Messaging Layer Security (MLS). You can read the current architecture draft here.

After a recent secruity flaw in WhatsApp groups, the FSFE recommends XMPP as decentral and open alternative amd solution. The XSF tweeted about this already.

Stefan Kropp (debxwoody) has started to build a place for German users of XMPP including social media, mailing list, homepage and a blog. He is calling for supporters!

After the Prosody team released Snikket, Alexander Gnauck explains how to run it on your NAS.

Sam Whited wrote about the Go XMPP library.

Turns out Grindr uses #XMPP for their in-app chat

Edward Maurer (emus) created a blog post from his brainstorming and talk on a vision for XMPP he created during the Berlin "Online" Sprint.

Events

After the work from Düsseldorf sprint OMEMO has been released to version 0.4 - Congratulations to the authors! Further readings of their notes on NEWMEMO and OMEMO:1 Requirement. Paul Schaub luckily alo could not refuse to again published his summary: OMEMO Specification Sprint.

On 1-2 February, FOSDEM, was held in Brussels, Belgium. As usual the XMPP community coordinated the Real-Time Lounge, a corner where several open source projects around Real Time Communication can present themselves. At the XMPP booth there were lots of nice conversations with FOSDEM visitors. The easy onboarding of Snikket was one of the eye catchers at the booth. In the Real Time developers room thee was a talk about the modularity of the XMPP protocol by Winfried Tilanus.

As usual, before FOSDEM a part of the XMPP community gathered for XMPP summit 24. Over the course of two days many aspects of the XMPP protocol were discussed, including onboarding, 'rich presence', several aspects of encryption, MIX, Bind/SASL, Stickers and rich markup. The attendants regarded this summit as very productive and many of the discussions already resulted in proposed protocol extensions and patches to existing extensions.

The Berlin "Online" Sprint is over! No chance for COVID-19 - it was a non-voluntary situation, but great experience and impressive amount of people attended. Tim Schrock from the DBJR published a short summary of our virtual sprint.

Software releases

Servers

Jackal (XMPP server written in Go) was released in version 0.82.

The Ignite Realtime Community releases version 4.5.1 of Openfire with fixes and improvements you can review in their changelogs. REST API Openfire plugin was also released in version 1.4.0.

Erlang Solutions wrote about improvements of push notifications within MongooseIM. Mongoose also release MongooseIM version 3.6.1 and MongoosePush version 2.0.1.

ProcessOne released go-xmpp in version 0.5.0. And on top of that their xmpp-notifer v1.0.0 which allows to send notification to XMPP.

During the Berlin Online XMPP Sprint, version 0.0.4 of sms4you, the personal SMS gateway, has been prepared and released. sms4you forwards text messages to and from XMPP, or alternatively to and from email. It is already in Debian "sid".

Clients and applications

Tigase has released new versions of BeagleIM and Siskin.

Goffi has released his SàT progress note 2020-W08.

A bunch of clients have switch OMEMO IV 16 byte to 12 byte. Those were Conversations, Gajim, Psi and Profanity.

Chris Ballinger release version 5.0.1 of ChatSecure.

The release of Movim 0.17 - Catalina includes global chatroom search, a night theme, message retractation and UI changes.

Pix-Art Messenger will remove its OTR legacy code by mid of 2020. Experts on any future OTRv4 implementation are invited to contribute new code.

Profanity has release notes for version 0.8.0 and 0.8.1 as well as a blog post. Continue reading about their last message correction.

Gajim Development News February 2020: Redesigned invites, color improvements and a new Flatpak Nightly

Gajim Development News March 2020: New account creation wizard with server suggestions, support for WebSocket and many bugfixes!

Again, this month many changes and improvements were implemented into Monal 4.3 and 4.4. The app was refactored on Catalyst with fixes, removing of Google Talk, comeback of the app in France again and UI changes to name the important blog posts and changes! Monal can now read OMEMO 12-bytes IV but from now limits it to iOS 12 and 13.

Pàdé 1.6.0 was release by the Ignite Realtime community.

BeagleIM was released in version 3.7 and SiskinIM in version 5.7. Improved bookmarks!

Libraries

Smack now supports Direct MUC Invitations, Stanza Content Encryption, Message Fastening and Message Retraction. Read Paul Schaub's (vanitasvitae) blog post which is also about the recent OMEMO's 12 bytes of IV changes. You want to implement a XEP to Smack? Start reading here!

The switch from OMEMO IV 16 byte to 12 byte goes on for Smack and Python.

XMPP library for Go.

Other

As already previously mentioned: Snikket!

The title says everything: A history of end-to-end encryption and the death of PGP

How to setup Conversations - på svenska!

Services

JabberPL.org turns 15 - Congratulations! For their users they also improved their service.

Extensions and specifications

Updated

  • Version 0.3.1 of XEP-0343 (Signaling WebRTC datachannels in Jingle) has been released. Abstract: This specification defines how to use the ICE-UDP Jingle transport method to send media data using WebRTC DataChannels, so technically uses DTLS/SCTP on top of the Interactive Connectivity Establishment (ICE) methodology, which provides robust NAT traversal for media traffic.

  • Version 0.4.0 of XEP-0384 (OMEMO Encryption) has been released. Abstract: This specification defines a protocol for end-to-end encryption in one-to-one chats, as well as group chats where each participant may have multiple clients per account.

  • Version 1.1.2 of XEP-0167 (Jingle RTP Sessions) has been released. Abstract: This specification defines a Jingle application type for negotiating one or more sessions that use the Real-time Transport Protocol (RTP) to exchange media such as voice or video. The application type includes a straightforward mapping to Session Description Protocol (SDP) for interworking with SIP media endpoints.

Miscellaneous

ProtoXEP

The XMPP Extensions Editor has received the following proposals:

  • Simple JSON Messaging: This specification proposes a simple mechanism by which applications can transfer data safely, without needing additional protocol design work. It is intended to provide a protocol that is trivial to implement and can be driven with a simple API.

  • Extended Channel Search: This specification provides a standardised protocol to search for public group chats. In contrast to XEP-0030 (Service Discovery), it works across multiple domains and in contrast to XEP-0055 (Jabber Search) it more clearly handles extensibility.

  • Trust Messages: This document specifies a way to communicate the trust in public long- term keys used by end-to-end encryption protocols from one endpoint to another.

  • MUC Presence Versioning: This specification defines a versioning mechanism which reduces the amount of presence traffic in a XEP-0045 MUC.

Experimental

Version 0.1.0 of XEP-0434 (Trust Messages) has been released. Abstract: This document specifies a way to communicate the trust in public long- term keys used by end-to-end encryption protocols from one endpoint to another. Changelog: Accepted by vote of Council on 2020-02-19. (XEP Editor (jsc))

Active

  • Version 1.0.0 of XEP-0345 (Form of Membership Applications) has been released. Abstract: This specification outlines the form and mandatory content of membership applications. Changelog: Voted to Active by Board on 2019-03-07. Sorry for the delay in the editor queue. (XEP Editor (jsc))

Draft

  • Version 1.0.0 of XEP-0363 (HTTP File Upload) has been released. Abstract: This specification defines a protocol to request permissions from another entity to upload a file to a specific path on an HTTP server and at the same time receive a URL from which that file can later be downloaded again. Changelog: Accepted as Draft standard by the XMPP Council. Voted on 2020-01-29. (XEP Editor (jsc))

  • Version 1.0.0 of XEP-0363 (HTTP File Upload) has been released. Abstract: This specification defines a protocol to request permissions from another entity to upload a file to a specific path on an HTTP server and at the same time receive a URL from which that file can later be downloaded again. Changelog: Accepted as Draft standard by the XMPP Council. Voted on 2020-01-29. (XEP Editor (jsc))

Call for Experience

The XEP Editor would like to Call for Experience before presenting it to the Council for advancing it to Final status. During the Call for Experience, please answer the following questions each on:

Thanks all!

This XMPP Newsletter is produced collaboratively by the community.

Thanks to Aleja, emus, Licaon_Kter, MDosch, Neustradamus, Nyco, pep, Sven, Vanitasvitae, Winfried, Wurstsalat for their help in creating it!

Please share the news on "social networks":

License

This newsletter is published under CC by-sa license: creativecommons.org/licenses/by-sa/4.0/

Posted by emus on April, 03, 2020 - filed under Newsletter