[epoberezkin]

> but leaves some important security aspects under-specified

Not sure what you mean by underspecified - it is specified to the level of wire encodings. Possibly you looked at the wrong doc?

> There is nothing immediately wrong about it, but it's hardly state-of-the-art either: there's no CBOR to reduce overhead, no JSON-LD to improve extensibility, no MIME types to account for different types of attachment.

We considered all that, and it seems that they all offer a bad value, compared with lower ubiquity. Also given that messages are padded to fixed 16kb size, there is no value in reducing JSON overhead, and files are sent as binary anyway. Being boring where it doesn't matter is good.

> avoid what has happened to Matrix

Messaging clients are hard to implement indeed, and forking the UI is usually easier than rebuilding it. We purposefully don't want to encourage the development of alternative clients too early, before the spec stabilised, to avoid the fragmentation that happened both with XMPP and with Matrix.

[Arathorn]

> to avoid the fragmentation that happened both with XMPP and with Matrix.

what fragmentation are you thinking of with Matrix? to my knowledge, we have zero fragmentation so far. some clients implement more features than others, but we don’t have any classic “my client sends different reactions to yours” or “my client archives messages differently” or “my encryption is incompatible” style problems. otherwise this smells a bit FUDy…

[Zash]

> we have zero fragmentation so far. some clients implement more features than others

The Matrix spec has many versions and many features. Clients implement and keep up with varying parts of it due to varying reasons usually involving varying amounts of manpower and funding. Same as with XMPP. I don't see the difference.

[Arathorn]

The difference is that Matrix is curated as a single spec (currently at v1.7: https://matrix.org/blog/2023/05/25/matrix-v-1-7-release/), which ensures that competing implementations for new features don’t fragment incompatibly but only a single one-true-way to talk a given feature exists. Anything else is a transient experiment. Meanwhile, we’ve never yet broken backwards compatibility in the spec, meaning that in theory any client can talk to any other client as long as it has implemented the required features. The inspiration here is HTML5 (albeit with versioned releases, and a clearer spec proposal process).

In other words, I’m defining fragmentation to be incompatible features - not just clients/servers which haven’t yet implemented a given feature (which is inevitable, just like browsers lag behind specced HTML and CSS features)

One way of putting this is that we’ve traded off the risk of fragmentation (but with free-for-all governance) for the risk of more centralised governance by the Matrix.org Foundation, with associated high drama when folks don’t agree with the curation decisions we make in what gets merged into the official spec.

Both are valid approaches with different tradeoffs; I was just trying to flag the confusion upthread accusing Matrix of being fragmented when it really isn’t (to a fault!)