I figured I should show up for this council meeting since you'll be discussing advancing XEP-0368, I'll just stay quiet unless someone highlights me :)
Tobias
seems it's about time
Tobias
1) Roll call
daniel
here
Dave Cridland
Here, but not be for long.
Dave Cridland
(Daughter has a doctor's appt)
Kevhas left
Tobias
Link Mauve, SamWhited?
Tobias
maybe they'll join later
Tobias
2) Minute taker
Tobias
I offer to do it, if nobody else wants
Link Mauve
I’m here.
daniel
i was just about to say that it's my turn again. but I can do it next time
daniel
oh no actually I can't because i'm probably going to be on a train to brussels
Tobias
ok..last week we didn't clearly indicate that we wanted to vote on things..so here explitily again
Tobias
3) Voting to Advance XEP-0333 to Last Call
SamWhited
Sorry, here
Tobias
+1
daniel
+1
SamWhited
+1
Link Mauve
+1
Tobias
Dave Cridland, still there?
Dave Cridland
Yes, sorry. +1.
Tobias
perfect
Tobias
4) Voting to Advance XEP-0233 to Last Call
Tobias
+1
daniel
on list
Dave Cridland
+1.
Dave Cridland
Still confused as to why Mili Verma's not listed as an author, mind.
Kevhas joined
Link Mauve
On list too, I started reading the referenced specifications but I still don’t grasp all of the mechanisms there.
SamWhited
+1; Mind you, I don't feel that I have enough knowledge of Kerberos to know if this is a valid way to do things, or if it's used anywhere or if there have been deployment issues, etc. but I figure that's what LC is for.
Dave Cridland
SamWhited, Mili's edits basically were in response to developing this on WIndows and UNIX.
Dave Cridland
SamWhited, So I think it's well past ready.
Kevhas left
Tobias
5) Voting on moving XEP-0368 forward (issuing LC)
Link Mauve
+1
Kevhas joined
Tobias
+1
daniel
+1
SamWhited
+1
Kevhas left
Dave Cridland
+1
Kevhas joined
Kevhas left
Kevhas joined
Tobias
6) Short update on XEP-0300 fixing
Tobias
I've updated XEP-0300 https://github.com/xsf/xeps/commit/2f21fbef22d484d1651596aeb279b3386398c183 would be nice if people could give a quick overview sometime if they see issues with that, if not we can issue an LC to move that to draft in a couple weeks
Kevhas left
Kevhas joined
Kevhas left
Kevhas joined
Kevhas left
Kevhas joined
Kevhas left
Tobias
7) Voting on moving 2010 compliance suites to obsolete to prevent confusion while we work on the 2017 ones
Tobias
+1
SamWhited
+1
daniel
+1
SamWhited
for background, I plan on writing the 2017 ones on the flight to Brussels and withdrawing the 2016 ones
Link Mauve
I’ve read it earlier, I was wondering whether making sha3-256 and blake2b-256 mandatory is that sensible before every crypto library is well updated to support them.
Kevhas joined
Link Mauve
Re: 6)
Link Mauve
Tobias, +1.
Link Mauve
Tobias, also obsoleting the 2012 ones.
Dave Cridland
-0
SamWhited
Oh are there 2012 ones too? Yah, +1 to obsoleting both of them.
Dave Cridland
I don't really care, but I'm not sure it's worth the effort.
Dave Cridland
But absolutely not a hill for me to die on.
Tobias
Link Mauve, something for the next meeting to vote on then...don't want the topics/voting issues to change mid-meeting, especially not mid-voting
Link Mauve
Sure.
Tobias
8) Date of next
ralphmhas left
Tobias
Does next week work for everyone, or do we want to skip a week?
Link Mauve
I won’t be here next week, I’ll be on the train to Brussels.
Dave Cridland
I'm not here next week.
daniel
i have to check my train schedule again. but i'm fairly certain i'm on a train at 1600Z
SamWhited
We could have a small impromptu meeting a little bit later in the day next week
Dave Cridland
I'll be driving to Bristol. To take a plane to Amsterdam. To take a train to Brussels.
SamWhited
Or on the 2nd
Tobias
right, so it'll probably make sense to skip a week
Dave Cridland
How many of us are in Brussels on Thursday?
daniel
either move it back a couple of hours or skip it
daniel
Thursdays yes. also wednesday
Tobias
Dave Cridland, i guess everyone
Holgerhas joined
Dave Cridland
We have had a Council meeting in the Summit before, could be fun to do again - might get someone else to take minutes.
Link Mauve
Finally! \o/
SamWhited
Find a pub and rope someone in to take minutes with the promise that I'll buy them a beer :)
Tobias
sure..so sometime thursdays next week?
Link Mauve
Wfm.
daniel
yes
Tobias
great...even if we fail to arrange it, there'll still be a week afterwards :)
Tobias
9) AOB
Tobias
doesn't look like it
Tobiasbangs the gavel
SamWhited
Thanks!
Tobias
thanks everyone
daniel
thank you
Link Mauve
Thank you.
SamWhited
Tobias: RE 0300, I had the same thought as Link Mauve — how wide spread is sha3? I know the Go standard library has an implementation, but it tends to be ahead of other things. Eg. does Java have one? I don't think Rust does yet (not that that's very relavant, but it's the only other thing I really pay attention too)
Tobias
Link Mauve, what environments do you know of with bad sha3 support?
Link Mauve
None actually, but probably older openssl don’t have it yet.
Tobias
for anything C/C++ related it's probably a little issue as there's ready to use reference impementation code for sha3 and blake
SamWhited
Does stable Debian OpenSSL?
Zash
OpenSSL doesn't
Zash
There's code, but it's not exposed
Tobias
recent openssl has blake, they should have sha3 too, not?
SamWhited
Oh hey, I lied, Rust has sha3 in the standard library already.
Tobias
bouncycastle also has SHA3
SamWhited
or rather, it has an implementation already.
Link Mauve
OpenSSL apparently still doesn’t have it, according to https://github.com/openssl/openssl/issues/439
SamWhited
Personally I think it would be good to leave it as a SHOULD at least until OpenSSL has it.
Tobias
Oracle Java seems to have it since, earlier this month https://bugs.openjdk.java.net/browse/JDK-8004078 ^^
Zash
There's a keccak1600.c in the sources, however it's not used by anything
Link Mauve
daniel, any information about Android?
daniel
Link Mauve, not from the top of my head
SamWhited
If bouncy castle has it would it not work on Android?
daniel
SamWhited, if bc has it everything is fine
Link Mauve
Ok.
Link Mauve
Fyi, Python got both sha3 and blake2 only in 3.6.
Tobias
also the idea was having multiple algorithms set to MUST, so implementations strive to support as many of the MUST ones as possible...the it's more likely that there is matching support between two entities
Link Mauve
I’m not against it, I was just wondering whether it wouldn’t be a bit too early.
Tobias
Link Mauve, considering how rarely we seem to have updated XEP-0300 the idea was to make it more future proof :) but happy either way...but we should at least aggree on it before voting on it to LC
SamWhited
Hmm, I could go either way now. Future proof sounds good; I wouldn't want to block either way.
Link Mauve
Same, I’m fine with LC as is.
Zash
Isn't there some RFC / BCP you can point to for recommendations, so we don't need to update it as best practices change?
Tobias
great...also added a table for the textual names of the new hashes...IANA is a bit slow there, as their table was last updated 2006
Tobias
Zash, i don't know of one
Kevhas left
Tobias
Zash, I imagine the TLS spec has hash recommendations
Tobias
Zash, then again, RFCs don't get updated..only replaced by other RFCs