Peter WaherAnybody knows when the council meeting will start?
Peter Waherconfused about time zones and summer/winter time in different hemispheres
stpeterPeter Waher: should be in ~30 minutes
Peter Waherthanks
stpeteris on a conference call but should be done by then
Dave Cridlandhas joined
bearhas joined
KevTrying to review protoXEPs while exhausted is almost more fun than I can describe :)
Tobiaswhy did we get rid of pipelining for BOSH?
fippokev: get over to paris and listen to people talking about RCS and IMS!
KevAIUI, because no-one did it and it's not legal.
Kevfippo: Revision Control System? :)
fipporich communication suite
KevI like mine better.
TobiasKev, pidgin did it at one point, if darkrain didn't remove it....will ask him about that :)
KevI think I need to review colibri some time that's not now.
Tobiasquite a big agenda this tiem
Tobiasquite a big agenda this time
TobiasKev, will there be a LMC update?
Dave CridlandKev, Pipelining POST, you mean? That's a SHOULD NOT in the spec, and we had reasons aplenty - I don't think we were breaking the spec with that.
winfried@Tobias: BOSH makes POST requests and you may not pipeline POST
Tobiaswinfried, ah..okay
KevDave Cridland: Ignoring a SHOULD NOT /is/ breaking the spec, IMHO.
Tobiaswasn't always a should not, at least not in the BOSH spec...but don't know for sure...i implemented it eons ago
KevNo, we used to say in bosh that you should.
stpeter'tis time?
Tobiashammer time
Kev'tis time.
Kev1) Roll call.
Dave CridlandKev, Well, *ignoring* is not the same as acknowledging but doing it anyway. The rule is there for good reason - start pipelining POSTs at something that's not expecting it and all manner of things can go boom. But between consenting adults it's fine.
Lancehere
Tobiashereo
Kevfippo was in doubt.
KevMatt sends apologies.
Kevfippo: You here?
stpeterfippo is in Paris for WebRTC stuff right now, no?
Kevstpeter: Yes, he didn't know if he'd be Councilling.
KevThere's been some amount of confusion over there. I'm not opposing objecting.
KevUhm.
KevNot opposing *publishing*.
Lance+1 for going experimental
Tobiaswhat's the expected locale if the XEP says one shouldn't localize?
Tobiasregardless of that i'm +1 for experimental
KevTobias: Then I suggest asking on list :)
Kev3) http://xmpp.org/extensions/diff/api/xep/0124/diff/1.11rc1/vs/1.11rc2
http://xmpp.org/extensions/diff/api/xep/0124/diff/1.10/vs/1.11rc2
With changes since last meeting.
fippokev: here, but not physically. will vote on list :-/
KevI'm +1 on this.
Kevfippo: Thanks.
Lance+1 on the changes
Tobias+1 on XEP-0124
Kev4) http://xmpp.org/extensions/diff/api/xep/0156/diff/1.1rc1/vs/1.1rc2
Changes since last meeting.
KevI'm +1 here too.
LanceWe do still need a legend/explanation from m&m for the chart though in 124
Lance+1 on 156
stpeterare some patches still missing / issues not addressed for BOSH specs? Winfried's message suggested so
Peter WaherTobias: Sorry, all very quick... What do you mean with "what's the expected locale if the XEP says one shouldn't localize"?
stpeteris still on his conference call
Tobiaswonder why XEP-0156 defaults to unsecure HTTP and unsecure DNS for retrieval of connection methods
TobiasPeter Waher, it says you shouldn't localized messages, does that mean that all are supposed to be in english? or in the language of the original software but never translated? or what exactly?
KevTobias / Peter Waher: If this isn't blocking publication, I suggest we take it to the list to move things along.
Tobiaswouldn't it be sensible to expect lookup of those via HTTPS/DNSSEC if possible?
Peter Waheryou can localize messages. What you shouldn't do is localize event IDs, for instance
Peter Waher"event IDs should never be localized"
Peter Waher"tag names should never be localized"
Tobias+1 on 156, will disuss it with lance later, if he wants
Peter Wahereverything else can be localized
KevThanks.
stpeterTobias: yes, it would, but the security considerations say:
Entities that use these connection methods need to ensure that they conform to the security considerations of each method (e.g., by preferring to use 'https' or 'wss' URLs that are protected using Transport Layer Security).
KevI'm -1 just for the RFC examples reason, again.
Tobiashere i was surprised by the urnietf:rfc:5576
Tobiashere i was surprised by the urn:ietf:rfc:5576
Tobiasdoes that have to be registered somwhere?
stpeterTobias: we already do urn:ietf:rfc:3264
Tobiasstpeter, ahh..ok. didn't know about that
Lance+1 once the rfc legal stuff is resolved
Tobiassame as lance...+1 then
stpeterTobias: http://tools.ietf.org/html/rfc2648
Kev9) Board requests for liaisons.
fippotobias: rfc 2648 defines that
stpeteryes
Kevbear / stpeter: This one's for one of you.
stpeterI have been in communication with the UPnP Forum about a liaison relationship
stpetertheir spec-in-progress references the core XMPP stuff as well as various pubsub-related specifications
stpeterthey *might* also hope for some input regarding Jingle
stpeterthat's less clear right now
stpeterI can work with the Council regarding a call for volunteers
Kevstpeter: How many people in this liason? One or more?
stpetercan be more than one
KevAnd does this happen in public or private?
stpeterin this case, I might say "should be more than one"
stpeterthis work happens within the UPnP Forum, and their work is not public -- they have a working group made up up UPnP members and invited "observers" (which would include the people we name)
stpeterI think it would be best for now if we name only XSF members, too
stpeternot just general people we find on the street :-)
Tobiasheh
stpeteri.e., we are treating this liaison group as a "Work Team" per http://xmpp.org/about-xmpp/xsf/xsf-bylaws/
stpeterI think that I can send a PDF of the proposed liaison agreement to the membership
KevI'd be inclined to say that it'd be sensible to try to have someone from Council, and someone not.
stpeterI will check on that
KevBut let's ask for volunteers and see what happens.
stpeterKev: sure
KevSo, date of next?
Peter Waherand dynamic forms?
stpeterKev: IMHO the process is, Council asks for volunteers, chooses the liaison team, and proposes it to the Board for approval
Kevstpeter: Right.
stpeter(keeping in mind that we're going to have liaison relationships with UPnP Forum, ISO, and IEC by the looks of it, so we can't burden the same people with all the work IMHO)
KevPeter Waher: Has been covered in previous meetings, no objections.
Kevstpeter: Yes.
KevSo, date of next?
Peter Waher(y)
Lancenext week, usual time is good for me
KevI'm inclined at this point to suggest we go for the new year, but we can do next week if people like.
KevYeah, ok, let's do that.
KevAny other business?
stpeterWFM
TobiasKev, next week wfm
stpeterno AOB here
Peter Waherso both can have numbers and be published as experimental?
KevExcellent.
stpeterPeter Waher: I think so
Peter Waherexcellent :)
Peter Waherthanks
KevPeter Waher: Need the two people not present to express an opinion for logging.
stpetermy other conf call just finished (went 30 minutes over), sorry about the divided attention
KevRight, we're done.
KevThanks all!
Kevbangs the gavel.
Tobiasthank you
stpeterthanks, Kev!
Peter Waherhas left
LanceTobias: what was the issue you had with 156?
Peter Waherhas joined
stpeterLance: that it should be done over HTTPS or DNSSEC if possible
stpeterI think the security considerations talk about that, but perhaps not strongly enough for his taste
Tobiasstpeter, i think they basically say that if you originally intended to do a secure connection you should also only choose secure alternative methods
Tobiasbut i doesn't say, at least i haven't read it that way, that you should use secure methods to discover the alternative methods
stpeterTobias: that does make some sense
Tobiasi mean sure, DNSSEC isn't here....but HTTPS has some availability ^^
stpeter"Entities that use these connection methods need to ensure that they conform to the security considerations of each method (e.g., by preferring to use 'https' or 'wss' URLs that are protected using Transport Layer Security)."
stpeterthat could be worded more strongly
Tobiasstpeter, that still only talks about the choice among the provided methods, right?
Dave CridlandTobias, You're talking about using https to do the XEP-0156 discovery, right?
Tobiasright
Dave CridlandTobias, Not merely using https for BOSH.
Tobiasrequesting the json file via HTTPS
Tobiasor requesting that TXT record via DNSSEC
stpeterTobias: yes, agreed
Lanceah, right. yeah, adding a sentence for that should be done
Lancetechnically that should bubble up from RFC 6415 for the host-meta stuff
stpeterLance: right, let's check what the RFCs say for sure
Lancestpeter: 6415 says if authentication is necessary for what's in the host-meta file, HTTPS only MUST be used
Tobias"Applications utilizing the host-meta document where the authenticity
of the information is necessary MUST require the use of the HTTPS
protocol and MUST NOT produce a host-meta document using other means.
In addition, such applications MUST require that any redirection
leading to the retrieval of a host-meta document also utilize the
HTTPS protocol." they have this in their sec. considerations
Tobiasbut it wouldn't hurt to also mention it in the XEP, and that way we can add DNSSEC to it too
LanceTobias +1
stpeterTobias: agreed, thanks for pressing the issue
Peter Waherhas left
m&mhas left
MattJhas joined
Zashhas joined
Kevhas left
Lancehas joined
winfriedhas left
Lancehas joined
Tobiashas left
Tobiashas joined
Dave Cridlandhas left
stpeterhas left
Dave Cridlandhas joined
Neustradamushas left
Lancehas joined
Neustradamushas joined
Lancehas joined
Neustradamushas left
Lancehas joined
Dave Cridlandhas left
stpeterhas joined
Lancehas joined
stpeterhas left
fippostpeter: "no burden the same people" means you cant be on it :-)
XMPP Council - 2013-12-11