1Observations on implementing XMPP
2=================================
3After spending the last two and a half month basically writing my own XMPP
4library from scratch I decided to share some of the observations I made in the
5process.. In part this article can be seen as a response to a blog post made by
6Dr. Ing. Georg Lukas. The blog post introduces a couple of XEP (XMPP Extensions)
7which make the life on mobile devices a lot easier but states that they are
8currently very few implementations of those XEPs. So I went ahead and
9implemented all of them in my Android XMPP client.
10
11General observations
12--------------------
13The first thing I noticed is that XMPP is actually okish designed. If you were
14to design a new chat protocol today you probably wouldn’t choose XML again
15however the protocol basically consists of only three different packages which
16are quickly hidden under some sort of abstraction layer within your library.
17Getting from zero to sending messages to other users actually was very simple
18and straight forward. But then came the XEPs.
19
20Multi-User Chat
21---------------
22The first one was XEP-0045 Multi-User Chat. This is the one XEP of the XEPs I’m
23going to mention in my article which is actually wildly adopted. Most clients
24and servers I know of support MUC. However the level of completeness varies.
25MUC actually introduces access and permission roles which are far more complex
26than what some of us are used to from IRC but a lot of clients just don’t
27implement them. I’m not implementing them myself (at least for now) because I
28somewhat doubt that someone would actually use them. (How ever this might be
29some sort of chicken or egg problem.) I did find some strange bugs though which
30might be interesting for other library developers. In theory a MUC server
31implementation can allow a single user (same jid) to join a conference room
32multiple times with the same nick from different clients. This means if someone
33wants to participate in a conference from two different devices (mobile and
34desktop for example) one wouldn’t have to name oneself userDesktop and
35userMobile but just user. Both ejabberd and prosody support this but with
36strange side effects. prosody for example doesn’t allow a user to change its
37name once two clients are “merged” by having the same nick.
38
39Carbons and Stream Management
40-----------------------------
41Two of the other XEPs Lukas’ mentions - Carbons (XEP-0280) and Stream Management
42(XEP-0198) - were actually fairly easy to implement. The only challenges were to
43find a server to support them (I ended up running my own prosody server) and a
44desktop client to test them with. For carbons there is a patched mcabber version
45and gajim. After implementing stream management I had very good results on my
46mobile device. I had sessions running for up to 24 hours with a walking outside,
47loosing mobile coverage for a few minutes and so on. The only limitation was
48that I had to keep on developing and reinstalling my app.
49
50Off the record
51--------------
52And then came OTR... This is were I spend the most time debugging stuff and
53trying to get things right and compatible with other clients. This is the part
54were I want to help other developers not to make the same mistakes and maybe
55come to some sort of consent among XMPP developers to ultimately increase the
56interoperability. OTR has some down sides which make it difficult or at times
57even dangerous to implement within XMPP. First of all it is a synchronous
58protocol which is tunneled through a different protocol (XMPP). Synchronous
59means - among other things - auto replies. (An OTR session begins with “hi I’m
60speaking otr give me your key” “ok cool here is my key”) And auto replies - we
61know that since the first time an out of office auto responder went postal - are
62dangerous. Things really start to get messy when you use one of the best
63features of XMPP - multiple clients. The way XMPP works is that clients are
64encouraged to send their messages to the raw jid and let the server decide what
65full jid the messages are routed to. If in doubt even all of them. So what
66happens when Alice sends a start-otr-message to Bobs raw jid? Bob receives the
67message on his notebook as well as his cell phone. Both of them answer. Alice
68gets two different replies. Shit explodes. Even if Alice sends the message to
69bob/notebook chances are that Bob has carbon messages enabled and still receives
70the messages on both devices. Now assuming that Bobs client is clever enough not
71to auto reply to carbonated messages Bob/cellphone will still end up with a lot
72of garbage messages. (Essentially the entire conversation between Alice and
73Bob/notebook but unreadable of course) Therefor it should be good practice to
74tag OTR messages as both private and no-copy. (private is part of the carbons
75XEP, no-copy is a general hint. I found that prosody for some reasons doesn’t
76honor the private tag on outgoing messages. While this is easily fixed I presume
77that having both the private and the no-copy tag will make it more compatible
78with servers or clients I don’t know about yet)
79
80
81To summarize my observations on implementing OTR in XMPP let me make the
82following three statements.
83
84
851. While it is good practice for unencrypted messages to be send to the raw jid
86and have the receiving server or user decide how they should be routed OTR
87messages must be send to a specific resource. To make this work the user should
88be given the option to select the presence (which can be assisted with some
89educated guessing by the client based on previous messages).
90
91Furthermore a client should encourage a user to choose meaningful presences
92instead of the clients name or even random ones. Something like /mobile,
93/notebook, /desktop is a greater assist to any one who wants to start an otr
94session then /Gajim, /mcabber or /pidgin
95
962. Messages should be tagged private and no-copy to avoid unnecessary traffic or
97otr error loops with faulty clients. This tagging should be done even if your
98own client doesn’t support carbons.
99
1003. When dealing with “legacy clients” - meaning clients which don’t follow my
101advise a client should be extra careful not to create message loops. This means
102to not respond with otr errors if a client is not 100% sure it is the only
103client which received the message