Re: Google, etc, and their proprietary protocols
Dave Cridland <dave@cridland.net> Sat, 28 November 2020 12:20 UTC
Return-Path: <dave@cridland.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18FEA3A0D35 for <ietf@ietfa.amsl.com>; Sat, 28 Nov 2020 04:20:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-gyOVk6fTM5 for <ietf@ietfa.amsl.com>; Sat, 28 Nov 2020 04:20:23 -0800 (PST)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B26C03A0D2C for <ietf@ietf.org>; Sat, 28 Nov 2020 04:20:22 -0800 (PST)
Received: by mail-wr1-x42d.google.com with SMTP id k14so8392102wrn.1 for <ietf@ietf.org>; Sat, 28 Nov 2020 04:20:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2I7ak+zo5q3QmM6mtyqXzdY+BBr4N0dtC2dcRk5s/5Y=; b=YGBNdEa9Bq6gCdg7S/WlO6HO+tMmZinx10HL3SnyqFKXTvBiPfrRBsS83kkRhZAfBj fea0XMAKIUa9lHekTBBAk6NIOR8InS2qYscwd6esp8S6pzFNmRojdCvSkIbCC/6PtPka q5l6eKOEG0idjfc8DlMVU0TJlSiMvAGYLJekc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2I7ak+zo5q3QmM6mtyqXzdY+BBr4N0dtC2dcRk5s/5Y=; b=eeGv6pBKI6MuxGvMlAC3EIGJPU8vkmELPFFcnCjo5l6KYspGmI7z4vGG2Dn38lUAT/ 1LVMck62bbg0tvJRY/9qEpz1rzmQfh0I1tys3z47bmEkn8EItF0dgciwmPUFGN6EBgjf v4BXYTFM8ryg07fM+0g6hfUAz7IrsKMK+LExirZbVJ9LGRc/i5Vayzn2TK8cxmMc8l5t 3tPWCtLPycsOsCtQgGWq2HgnzLLgFv+01auVPMsmrV8dy35yJ4KwwyHqU4J2IhIf/7Ly IhiHhctHp6w4HLb5FJNCaC2W0wYWYzolC2KNVzNK4tkCVlfH98nMjFtvHTHHoh2zlEL7 8YAA==
X-Gm-Message-State: AOAM533MhFpCJ22f9DBslGxjbk1KvYpDwY3izyuE1jUQkgEDklYI6fDy hergcrTFjl1U9bKbzpkvWvNZ9DcjVlPNgssdd6Yahw==
X-Google-Smtp-Source: ABdhPJx3LfBGP1oNTDutyFi2BOM6eLxGAKRcsiJfKq4tN3RUshL5t5PA+7OT0muc2isMHwYJSJMvFj5hXY7LoFbno90=
X-Received: by 2002:a5d:560e:: with SMTP id l14mr17288310wrv.191.1606566020818; Sat, 28 Nov 2020 04:20:20 -0800 (PST)
MIME-Version: 1.0
References: <d00258b3-ef73-ee93-a47d-2831738d32d1@mtcc.com> <CAHw9_iLcYFkOuRgiyKLH-OnBs1i+Y-8L4ds3areJiT9EbxFs+w@mail.gmail.com> <20201128040004.GA11260@mit.edu>
In-Reply-To: <20201128040004.GA11260@mit.edu>
From: Dave Cridland <dave@cridland.net>
Date: Sat, 28 Nov 2020 12:20:09 +0000
Message-ID: <CAKHUCzyqMiRysomeN4U8_QdtO4KSvTAGqMKwximVqYFPnZUBnw@mail.gmail.com>
Subject: Re: Google, etc, and their proprietary protocols
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fabebd05b529cc0f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/9q3EG5F5e4mK7sVp2I-Cv-cbRjQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2020 12:20:25 -0000
On Sat, 28 Nov 2020 at 04:00, Theodore Y. Ts'o <tytso@mit.edu> wrote: > And sometimes being open to standards makes things worse, not better. > For example, Google's Chat product used to interoperate with the > IETF-standardized XMPP protocol. Unfortunately, federation made it > easy for spammers to send unwanted messages to Google Chat users. And > the XMPP protocol was terrible from a power consumption perspective on > mobile devices. Sure, the protocol could be changed to allow for more > battery-friendly implementations, but see the "years and years and > years" problem described above. And finally, did customers switch in > droves from the closed Apple iMessage ecosystem to the "open" Google > Chat just because it was open, and based on an IETF standard? > Oh, you can't expect me to keep quiet if you're sharing that - I'm afraid it has very little correlation with fact. Google never implemented any form of serious security for XMPP S2S - that is, the federation protocol - making it a lucrative and easy target for spammers. Instead, while the rest of the community were trying to enforce strict TLS authentication, Google didn't offer TLS at all. Instead, the vanishingly small amount of communication the community got from Google was that they wanted to be able to multiplex sessions heavily and allow indirect certificate auth, which resulted in POSH and other efforts being driven by the community to address these concerns. The community literally bent over backwards to help Google. Google barely participated in the work, and did not implement any of it. All Google needed to do was implement and mandate TLS security, and the vast majority of their spammers would have vanished. They did not. This was not the only problem with the federation code - for example popular services outside of Google would be inundated with multiple S2S connections as, apparently, Google Talk's buffers would fill and connections would be terminated before they could handle the messages. Again, this suggests that it was not the spamming that was the problem, it was that effort was simply not put into the federation code. Perhaps it was seen as a cost not worth paying, but it was not any kind of technical problem. Furthermore, XMPP was not, and is not, terrible on mobile. That's pure rubbish, and there is no evidence for it, and plenty of evidence that it performs very well indeed on battery-limit devices. XMPP communication patterns involve server-initiated, lazily acknowledged messages, which is ideal for battery consumption, high latency communications, and adverse network conditions. Individual stanzas (PDUs) are small, and often fit into the small buffers required for cheaper radio states on mobile devices. Having multiple apps perform uncoordinated network activity *is* detrimental to battery life, and so the ideal solution for the entire device is to have a single arbiter of network traffic for backgrounded apps - hence "push" - but holding a TCP session open has no significant battery cost. If a messaging app is going to send only high-priority (ie, immediate wake and delivery) messages over the push channel, then the battery advantages of centralized push rapidly vanish, and the security and complexity issues come to dominate. Speaking as someone who has spent significant time on mobile device power management for instant messaging apps, it's very efficient to have the app keep the XMPP session open and re-establish it on demand. It's why we spent a lot of effort in getting XEP-0198 and similar solid; work that started in 2007 and was ready long before Google terminated Google Talk. WhatsApp is still loosely based on XMPP. Most if not all device push systems have been based on XMPP at some point, and many still are (for example, Nintendo Switch). As far as I can tell, the only people ever to have said that XMPP is a poor choice on mobile were the team who replaced Google Talk with Google Hangouts (not a relation of the video meeting solution, of course, which used XMPP for years and quite possibly still does in its rebrand as Meet). Finally, consumers might not have switched to or from Google Talk because of its Open Standards capability, but plenty of people used their own clients to connect - a "Client Choice" concept that Google themselves promoted heavily (see, inter alia: https://support.google.com/code/answer/55690?hl=en) - which allowed Google Talk to expand onto platforms Google didn't want to commit the resources to support (like desktops), and allowed ecosystemic options such as Google Talk SIP gatewaying to be added by third parties. Apple's iChat, by the way, was also XMPP - they switched to the proprietary iMessage at about the same time as Google Talk switched to Google Hangouts - and you could connect iChat to Google Talk, so no need for users to "switch" at all. Amongst those who developed new features to support this was Microsoft, who provided Google Talk integration into Skype For Business at one point via the Open Standard C2S interface as well as the S2S interface that was supported anyway. Shortly thereafter, Google announced they were killing Google Talk entirely. I genuinely think this was a coincidence, actually - I've always put the demise of Google Talk down to a series of internal power struggles and poor technical investment in Google's IM products, which continues to this day - which goes some way to explain why none of us can keep track of what any of them were or are called. In summary: * Federation on Google Talk was insecure, and they wouldn't fix it - hence it was an easy target for spammers. * XMPP was, and is, significantly more efficient from a power consumption perspective on mobile devices than most other solutions - which is why it's still used so heavily. * People didn't switch to Google Talk "just because it was open", true, but consumers did see benefits from the use of open standards, and I believe those advantages helped drive growth. In your specific example, people did indeed connect iChat to Google Talk. Dave.
- Google, etc, and their proprietary protocols Michael Thomas
- Re: Google, etc, and their proprietary protocols Vittorio Bertola
- Re: Google, etc, and their proprietary protocols Warren Kumari
- Re: Google, etc, and their proprietary protocols Miles Fidelman
- Re: Google, etc, and their proprietary protocols Michael Thomas
- Interoperability and competition [was: Google, et… Mark Nottingham
- Long time to standard (was: Re: Google, etc, and … Christian Huitema
- Re: Google, etc, and their proprietary protocols Theodore Y. Ts'o
- Re: Interoperability and competition [was: Google… Keith Moore
- Re: Google, etc, and their proprietary protocols Dave Cridland
- Re: Google, etc, and their proprietary protocols Michael Thomas
- Re: Long time to standard (was: Re: Google, etc, … Michael Thomas
- Re: Long time to standard (was: Re: Google, etc, … Jeff Tantsura
- Re: Interoperability and competition [was: Google… Vittorio Bertola
- Re: Interoperability and competition [was: Google… Mark Nottingham