Re: coordination call minutes for review

[Mark Nottingham <mnot@mnot.net>]

Did these go out?

Cheers,

On 29/02/2012, at 10:25 AM, Peter Saint-Andre wrote:

> Please send your feedback in the next ~48 hours so we can make these
> public. Thanks!
> 
> ###
> 
> W3C/IETF Coordination Call
> February 28, 2012
> 
> Participants:
> 
> Gonzalo Camarillo (GC)
> Stephen Farrell (SF)
> John Klensin (JCK)
> Philippe Le Hegaret (PLH)
> Mark Nottingham (MNOT)
> Pete Resnick (PR)
> Peter Saint-Andre (PSA)
> Robert Sparks (RJS)
> Thomas Roessler (TLR)
> 
> Agenda:
> 
> 1. HTTP/2.0 / recharter of IETF HTTPBIS WG
> 2. Web authentication (see lively discussion triggered by #1)
> 3. Concerns about the "CA system"
> 4. IETF IRI WG / W3C i18n Core WG / URL processing spec
> 5. WebSocket extensions / HYBI WG recharter
> 6. Update on work in IETF WebSec WG and W3C WebAppSec WG
> 7. SIP provider identity - does it matter for WebRTC?
> 8. Crypto API chartering, Identity meetings in Paris
> 9. Paris IETF / IAB plenary
> 10. Next meeting
> 11. Any Other Business
> 
> Notes:
> 
> 1. HTTP Recharter
> 
> MNOT: SPDY came out ~1 year ago, gained significant momentum in late
> 2011. Mark reached out to implementer community. Lots of interest and
> positive feedback. Mark worked on strawman charter and socialized it
> with Mike Belshe / SPDY folks, IETF ADs, W3C TAG, etc. Implementation is
> accelerating. Concern that input is needed sooner rather than later. Has
> been put before the IESG. Idea is to solicit proposals for HTTP/2.0 in
> the next few months. Open process to ensure that we're not just taking
> on SPDY, other approaches are welcome.
> 
> PSA: Any coordination issues with W3C/IETF here?
> 
> MNOT: Should make sure that HTML and HTTP/2.0 are well-coordinated.
> 
> PLH: Are there specific people we need to get involved or specific
> issues related to HTML5 and HTTP/2.0?
> 
> MNOT: No specific concerns here, probably involve Yves.
> 
> TLR: Concur about involving Yves.
> 
> 2. Web Authentication
> 
> PSA: Lots of discussion over time, not clear that we have all the right
> people at the table yet.
> 
> SF: I think it's gotten better. Might be useful to develop some
> experimental approaches / new auth schemes.
> 
> TLR: Could you provide a summary of the discussion?
> 
> SF: During external review of the proposed recharter, I raised the issue
> of perhaps developing new / better HTTP authentication approaches. This
> gives people an opportunity to introduce proposals to work on that
> during the work on HTTP/2.0. If so, the work would happen in HTTPBIS;
> for non-adopted, interesting proposals, we might decide to form an
> initiative in the IETF Security Area to work on experimental proposals
> (so they are not critical path for HTTP/2.0.)
> 
> TLR: Are there any implementers strongly interested here?
> 
> SF: We won't know until we see concrete proposals.
> 
> 3. CA Concerns
> 
> PSA: Could TLR/PLH fill us in?
> 
> TLR: No obvious venue for a productive conversation. Some ideas for the
> W3C to form an initiative, also discussions at IETF (therightkey mailing
> list). One additional piece: notion among some in the W3C community that
> the DNS is more brittle than others think it is.
> 
> PR: What parts do people think are brittle?
> 
> TLR: Concerns not as well-defined as I'd like them to be.  But heads-up,
> that discussion is going on.
> 
> PR: My slightly snarky response to the CA problem is the existence of
> the DANE WG effort at the IETF. I personally feel like it could solve
> the problem.
> 
> SF: DANE can change/improve stuff, but might not fix it.
> 
> TLR: Personally I think we need to start thinking about / working on
> things like JavaScript APIs for some of this.
> 
> SF: One wrinkle is that there are more unreliable registrars than
> unreliable CAs.
> 
> JCK: If you look at it in terms of percentages, it's ugly all around.
> 
> TLR: DANE appears to perhaps limit the attack surface. Also, this is a
> much longer discussion.
> 
> TLR: Changing topics, the CA/Browser Forum is discussing whether to form
> a more open venue for work on this topic and is soliciting proposals:
> http://cabforum.org/index.html
> 
> SF: Is there concrete W3C planning here?
> 
> TLR: Not yet. Counter-question: is there concrete planning at the IETF?
> 
> SF: Not yet, other than therightkey@ietf.org discussion list, but the
> proposals there are not yet stable and need more work before they can be
> reviewed more widely. Perhaps a W3C community group?
> 
> TLR: Might be worth discussing the possibility of a workshop or, yes, a
> community group.
> 
> 4. IRI
> 
> PSA: i18n Core WG has agreed to review the IRI WG documents starting
> around the time of IETF83.
> 
> JCK: ICANN IDN work important in this context.  Note that, if ICANN
> declares that some sets of names are to be considered/ treated as
> "equal", anything based on comparisons of URIs or IRIs moves from "hard
> and not necessarily reliable" into "surreal".
> 
> ACTION: PSA to pull together IRI / IDN folks for discussion around IETF
> 83, additional discussion later.
> 
> Useful participants: folks on this call, Thomas Narten, Suzanne Woolf,
> Dave Thaler, Andrew Sullivan, Gervase Markham, Klensin, Faltstrom.
> Maybe Vint, maybe Steve Crocker.
> 
> TLR: Where do we stand on the HTML5 / IRI front?
> 
> PSA: See http://dvcs.w3.org/hg/url/raw-file/tip/Overview.html - based on
> conversation with Mike Smith the other day, it is a bit early to provide
> detailed feedback on that spec now.
> 
> 5. WebSocket Extensions
> 
> PSA: HYBI WG has been rechartered, we might want to make sure that we
> continue coordination between HYBI WG and WebApps WG.
> 
> PLH: Main blocker now is tests, but progress is ongoing there.
> 
> 6. WebSec / WebAppSec
> 
> PSA: New version of Strict Transport Security.
> 
> TLR: Discussion of clickjacking and Content Security Policy, trying to
> get CORS done, reasonable intensity of work. Reasonably confident that
> things are going well.
> 
> 7. SIP Provider Identity and WebRTC
> 
> TLR: There was discussion about having an IANA registry for SIP
> providers. Do we have a sense of the use case?
> 
> RJS: I don't think you need to worry about it. The proponents for the
> SPID idea itself are continuing to pursue the idea, and I'll point you
> to the messages where they have making their motivating arguments. I
> have not seen any desire to bring this up in the WebRTC.
> 
> JCK: Please loop me in on this.
> 
> 8. W3C Crypto API
> 
> TLR: WG is under review by Advisory Community, still working to find an
> additional co-chair. Expect approved charter in relatively near future.
> Other issue is relationship to OAuth, OpenID Connect, possibility for
> additional and broader work. Side meeting at IETF 83 in Paris.
> 
> SF: Scheduled on the Thursday lunch break (1130-1300) in room 252A, just
> before the OAuth WG session.
> 
> PSA: Stephen, do you see any coordination issues from the IETF side?
> 
> SF: Definitely interest in seeing crypto in the browsers. Existence of
> such an API could have an impact in the future on OAuth design etc.
> 
> TLR: Also note OpenID connect meeting Sunday, overlapping with training
> sessions
> 
> 9. IETF 83 / IAB Plenary
> 
> TLR: Do we have insights into the agenda for the IAB Plenary? I've heard
> it's related to web security.
> 
> SF: We don't have details yet.
> 
> PSA: Who will be there?
> 
> TLR: Me part of the time, Philippe, Dominique for RTCWeb, Harry Halpin
> is local, Wendy Seltzer for a few days, Yves might be there too. I also
> expect a number of TAG members to be there since they are meeting in
> Europe the next week. Might be good to have a separate discussion about
> that with Yves and Larry.
> 
> ACTION: Thomas to check in with Yves on TAG activities at IETF.
> 
> 10. Next Meeting
> 
> ~4-5 weeks after IETF 83? Week of April 23rd or 16th might work. To
> coordinate on the list.
> 
> 11. Any Other Business
> 
> PLH: Possibility of HTML meeting in May/June timeframe.
> 
> TLR: There's been some discussion about impact of application work such
> as WebRTC on lower layers of the network, best practices for network
> usage, etc. Is this a general topic that comes up on the IETF side of
> the discussion or should there be some coordination here? There is a
> community group at http://www.w3.org/community/networkfriendly/
> 
> PR: Move to hallway discussion in Paris.
> 
> END
> 
> ###
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/