- Tobias has left
- m&m has joined
- Neustradamus has left
- m&m has left
- Kev has joined
- stpeter has joined
- m&m has joined
- ralphm has joined
-
m&m
T - ~5 minutes
-
stpeter
15?
-
m&m
/isgh
-
m&m
yesh
-
stpeter
you need last message correction!
-
m&m
I was testing you all
-
m&m
(-:
-
stpeter
a use case!
-
stpeter
I really really need to spend some quality time with XEP-0301 again
-
m&m
I think there needs to be a lock-down on 301 updates for a week or two
-
stpeter
heh
-
ralphm
i'm about to set up a filter
-
stpeter
'tis time?
-
ralphm
indeed
-
Kev
It is.
-
Kev
1) Roll call
-
Kev
MattJ sends apologies.
-
ralphm
here
-
m&m
absent
-
m&m
*presente
-
ralphm
it's getting old quickly now^Uhaha
-
Kev
Tobias: ?
-
m&m
It's just getting started
-
Tobias
yes.here
-
m&m
s/it's just getting started/indeed/
-
Kev
Right.
-
Kev
2) Matt's IETF report.
-
m&m
so
-
m&m
2.1) E2E — still progressing, mostly in JOSE not XMPP directly
-
m&m
by the way, if anyone is interested in a solution here, I would recommend joining the jose@ietf.org mailer and commenting on any non-OpenId use cases
-
m&m
2.2) DNA — Stpeter and I wrote up a series of drafts for domain name associations (formerly assertions)
-
m&m
they are light on examples, and there is desire for more guidelines; which to do first, signaling preferences, etc
-
m&m
also includes prooftypes using DNSSEC/DANE and POSH
-
stpeter
POSH being "PKIX over Secure HTTP" -- basically parking your certificate at a well-known URI
-
m&m
thank you
-
m&m
2.3) 6122bis — mostly waiting on PRECIS, but there are some changes to processing order, and what to do with certain classes of code points (e.g. full- and half-width)
-
ralphm
to be sure, this is the certificate proving that a host may act for a particular domain, right?
-
m&m
ralphm: yes, by virtue of HTTPS 30x redirects
-
m&m
request https://mydomain.com/.well-known/posh._xmpp-client._tcp.cer , get redirected to https://thathostingcomany.net/.well-known/posh._xmpp-client._tcp.cer
-
m&m
DNSSEC is our existing SRV lookups, but with the expectation the record(s) are signed (valid)
-
Kev
Oh, that's a bit icky isn't it?
-
m&m
Kev: it's not perfect, but it is deployable
-
Kev
Requiring people not just to know how to get to the final resource, but also to keep track of how HTTP panned out getting there, I mean.
-
Kev
Well-known-URIs are themselves icky, but I can hold my nose for that.
-
m&m
most HTTP libraries will let you know when a redirect is followed, and how
-
Kev
Does this allow more than one jump?
-
m&m
that right now is not specified … it could, and we'll probably need to put some limits around it
-
Kev
I've got a feeling of general unease about redirects and proofs, because you need to keep track of cert trust at each hop and blah.
-
ralphm
indeed. There have been issues with this in other protocols
-
m&m
Kev: alternate suggestions welcome
-
Kev
Not that this is a deal-breaker, I just enter it with trepidation.
-
m&m
so do most of us
-
m&m
but
-
m&m
it's at least something that could get implemented and deployed before universal IPv6
-
stpeter
well, universal DNSSEC
-
stpeter
(and DANE)
-
Kev
xmpp:jabber.org has IPv6.
-
m&m
I assert that universal DNSSEC will happen just after universal IPv6
-
Kev
Anyone using HE can't route to it...
-
m&m
Kev: that's not universal
-
m&m
d-:
-
m&m
POSH is one possible approach, DNSSEC/DANE is another
-
m&m
both have the potential to make dialback even more relevant than before
-
Kev
OK. I need to use my time machine to create some more time to look at this better.
-
m&m
Kev: I know exactly what you mean (-:
-
Kev
Was that the IETF report done with?
-
ralphm
Kev: go back further and tell those IPv4 people to do it right
-
Kev
ralphm: I think the IPv4 people /did/ do it right.
-
Kev
IPv6 is much more contentious.
-
m&m
re IETF report — there's probably some things happening in PRECIS that are relevant to us also
-
m&m
oh!
-
ralphm
Kev: point
- m&m finds link
-
m&m
http://tools.ietf.org/html/draft-marques-l3vpn-end-system-06
-
m&m
this is a draft for using XMPP pubsub for propagating layer-3 VPN information
-
ralphm
+1
-
Kev
Oh, neato.
-
m&m
well, it's a lot of things, but XMPP is in there
-
m&m
they do need some help, though
-
Kev
Maybe this XMPP lark will take off.
-
m&m
HTTP(s) is the One True Protocol™
-
m&m
anyway, I would recommend those enthusiastic about pubsub to read that draft ...
-
ralphm
oh collection nodes
-
m&m
… and contact Pedro Marques <roque@contrailsystems.com> with corrections, suggestions, questions, etc
-
m&m
ralphm: yeah, although I don't think they actually need them for what they are doing
-
ralphm
m&m: pretty unlikely
-
m&m
Also, anyone interested in end-to-end encryption and signing should pay attention to JOSE
-
m&m
and that is all
-
Kev
Perhaps if I didn't lose the best part of a day to dealing with DDoS attacks I'd have time for this.
-
Kev
*grumble*
-
Kev
OK, thanks Matt.
-
stpeter
yeah
-
Kev
3) Date of next meeting.
-
m&m
SBTSBC WFM
-
Kev
We'll have 308's LC ended by next Wednesday, so we should have something to discuss...
-
m&m
/nod
-
Kev
SBTSBC works for me, I think.
-
Tobias
WFM
-
ralphm
+1
-
Kev
Great.
-
Kev
4) Any other business?
-
m&m
not for me
-
Kev
OK, we're done then.
-
Kev
Thanks all
- Kev bangs the gavel.
-
stpeter
yes, thanks
-
m&m
gracias
-
ralphm
thanks!
- m&m has left
- m&m has joined
- ralphm has left
- m&m has left