Re: coordination call minutes for review

[Peter Saint-Andre <stpeter@stpeter.im>]

I recall sending them.

On 4/24/12 11:50 PM, Mark Nottingham wrote:
> Did these go out?
> 
> Cheers,
> 
> On 29/02/2012, at 10:25 AM, Peter Saint-Andre wrote:
> 
>> Please send your feedback in the next ~48 hours so we can make these
>> public. Thanks!
>>
>> ###
>>
>> W3C/IETF Coordination Call
>> February 28, 2012
>>
>> Participants:
>>
>> Gonzalo Camarillo (GC)
>> Stephen Farrell (SF)
>> John Klensin (JCK)
>> Philippe Le Hegaret (PLH)
>> Mark Nottingham (MNOT)
>> Pete Resnick (PR)
>> Peter Saint-Andre (PSA)
>> Robert Sparks (RJS)
>> Thomas Roessler (TLR)
>>
>> Agenda:
>>
>> 1. HTTP/2.0 / recharter of IETF HTTPBIS WG
>> 2. Web authentication (see lively discussion triggered by #1)
>> 3. Concerns about the "CA system"
>> 4. IETF IRI WG / W3C i18n Core WG / URL processing spec
>> 5. WebSocket extensions / HYBI WG recharter
>> 6. Update on work in IETF WebSec WG and W3C WebAppSec WG
>> 7. SIP provider identity - does it matter for WebRTC?
>> 8. Crypto API chartering, Identity meetings in Paris
>> 9. Paris IETF / IAB plenary
>> 10. Next meeting
>> 11. Any Other Business
>>
>> Notes:
>>
>> 1. HTTP Recharter
>>
>> MNOT: SPDY came out ~1 year ago, gained significant momentum in late
>> 2011. Mark reached out to implementer community. Lots of interest and
>> positive feedback. Mark worked on strawman charter and socialized it
>> with Mike Belshe / SPDY folks, IETF ADs, W3C TAG, etc. Implementation is
>> accelerating. Concern that input is needed sooner rather than later. Has
>> been put before the IESG. Idea is to solicit proposals for HTTP/2.0 in
>> the next few months. Open process to ensure that we're not just taking
>> on SPDY, other approaches are welcome.
>>
>> PSA: Any coordination issues with W3C/IETF here?
>>
>> MNOT: Should make sure that HTML and HTTP/2.0 are well-coordinated.
>>
>> PLH: Are there specific people we need to get involved or specific
>> issues related to HTML5 and HTTP/2.0?
>>
>> MNOT: No specific concerns here, probably involve Yves.
>>
>> TLR: Concur about involving Yves.
>>
>> 2. Web Authentication
>>
>> PSA: Lots of discussion over time, not clear that we have all the right
>> people at the table yet.
>>
>> SF: I think it's gotten better. Might be useful to develop some
>> experimental approaches / new auth schemes.
>>
>> TLR: Could you provide a summary of the discussion?
>>
>> SF: During external review of the proposed recharter, I raised the issue
>> of perhaps developing new / better HTTP authentication approaches. This
>> gives people an opportunity to introduce proposals to work on that
>> during the work on HTTP/2.0. If so, the work would happen in HTTPBIS;
>> for non-adopted, interesting proposals, we might decide to form an
>> initiative in the IETF Security Area to work on experimental proposals
>> (so they are not critical path for HTTP/2.0.)
>>
>> TLR: Are there any implementers strongly interested here?
>>
>> SF: We won't know until we see concrete proposals.
>>
>> 3. CA Concerns
>>
>> PSA: Could TLR/PLH fill us in?
>>
>> TLR: No obvious venue for a productive conversation. Some ideas for the
>> W3C to form an initiative, also discussions at IETF (therightkey mailing
>> list). One additional piece: notion among some in the W3C community that
>> the DNS is more brittle than others think it is.
>>
>> PR: What parts do people think are brittle?
>>
>> TLR: Concerns not as well-defined as I'd like them to be.  But heads-up,
>> that discussion is going on.
>>
>> PR: My slightly snarky response to the CA problem is the existence of
>> the DANE WG effort at the IETF. I personally feel like it could solve
>> the problem.
>>
>> SF: DANE can change/improve stuff, but might not fix it.
>>
>> TLR: Personally I think we need to start thinking about / working on
>> things like JavaScript APIs for some of this.
>>
>> SF: One wrinkle is that there are more unreliable registrars than
>> unreliable CAs.
>>
>> JCK: If you look at it in terms of percentages, it's ugly all around.
>>
>> TLR: DANE appears to perhaps limit the attack surface. Also, this is a
>> much longer discussion.
>>
>> TLR: Changing topics, the CA/Browser Forum is discussing whether to form
>> a more open venue for work on this topic and is soliciting proposals:
>> http://cabforum.org/index.html
>>
>> SF: Is there concrete W3C planning here?
>>
>> TLR: Not yet. Counter-question: is there concrete planning at the IETF?
>>
>> SF: Not yet, other than therightkey@ietf.org discussion list, but the
>> proposals there are not yet stable and need more work before they can be
>> reviewed more widely. Perhaps a W3C community group?
>>
>> TLR: Might be worth discussing the possibility of a workshop or, yes, a
>> community group.
>>
>> 4. IRI
>>
>> PSA: i18n Core WG has agreed to review the IRI WG documents starting
>> around the time of IETF83.
>>
>> JCK: ICANN IDN work important in this context.  Note that, if ICANN
>> declares that some sets of names are to be considered/ treated as
>> "equal", anything based on comparisons of URIs or IRIs moves from "hard
>> and not necessarily reliable" into "surreal".
>>
>> ACTION: PSA to pull together IRI / IDN folks for discussion around IETF
>> 83, additional discussion later.
>>
>> Useful participants: folks on this call, Thomas Narten, Suzanne Woolf,
>> Dave Thaler, Andrew Sullivan, Gervase Markham, Klensin, Faltstrom.
>> Maybe Vint, maybe Steve Crocker.
>>
>> TLR: Where do we stand on the HTML5 / IRI front?
>>
>> PSA: See http://dvcs.w3.org/hg/url/raw-file/tip/Overview.html - based on
>> conversation with Mike Smith the other day, it is a bit early to provide
>> detailed feedback on that spec now.
>>
>> 5. WebSocket Extensions
>>
>> PSA: HYBI WG has been rechartered, we might want to make sure that we
>> continue coordination between HYBI WG and WebApps WG.
>>
>> PLH: Main blocker now is tests, but progress is ongoing there.
>>
>> 6. WebSec / WebAppSec
>>
>> PSA: New version of Strict Transport Security.
>>
>> TLR: Discussion of clickjacking and Content Security Policy, trying to
>> get CORS done, reasonable intensity of work. Reasonably confident that
>> things are going well.
>>
>> 7. SIP Provider Identity and WebRTC
>>
>> TLR: There was discussion about having an IANA registry for SIP
>> providers. Do we have a sense of the use case?
>>
>> RJS: I don't think you need to worry about it. The proponents for the
>> SPID idea itself are continuing to pursue the idea, and I'll point you
>> to the messages where they have making their motivating arguments. I
>> have not seen any desire to bring this up in the WebRTC.
>>
>> JCK: Please loop me in on this.
>>
>> 8. W3C Crypto API
>>
>> TLR: WG is under review by Advisory Community, still working to find an
>> additional co-chair. Expect approved charter in relatively near future.
>> Other issue is relationship to OAuth, OpenID Connect, possibility for
>> additional and broader work. Side meeting at IETF 83 in Paris.
>>
>> SF: Scheduled on the Thursday lunch break (1130-1300) in room 252A, just
>> before the OAuth WG session.
>>
>> PSA: Stephen, do you see any coordination issues from the IETF side?
>>
>> SF: Definitely interest in seeing crypto in the browsers. Existence of
>> such an API could have an impact in the future on OAuth design etc.
>>
>> TLR: Also note OpenID connect meeting Sunday, overlapping with training
>> sessions
>>
>> 9. IETF 83 / IAB Plenary
>>
>> TLR: Do we have insights into the agenda for the IAB Plenary? I've heard
>> it's related to web security.
>>
>> SF: We don't have details yet.
>>
>> PSA: Who will be there?
>>
>> TLR: Me part of the time, Philippe, Dominique for RTCWeb, Harry Halpin
>> is local, Wendy Seltzer for a few days, Yves might be there too. I also
>> expect a number of TAG members to be there since they are meeting in
>> Europe the next week. Might be good to have a separate discussion about
>> that with Yves and Larry.
>>
>> ACTION: Thomas to check in with Yves on TAG activities at IETF.
>>
>> 10. Next Meeting
>>
>> ~4-5 weeks after IETF 83? Week of April 23rd or 16th might work. To
>> coordinate on the list.
>>
>> 11. Any Other Business
>>
>> PLH: Possibility of HTML meeting in May/June timeframe.
>>
>> TLR: There's been some discussion about impact of application work such
>> as WebRTC on lower layers of the network, best practices for network
>> usage, etc. Is this a general topic that comes up on the IETF side of
>> the discussion or should there be some coordination here? There is a
>> community group at http://www.w3.org/community/networkfriendly/
>>
>> PR: Move to hallway discussion in Paris.
>>
>> END
>>
>> ###
>>
>>
>>