-
moparisthebest
I figured I should show up for this council meeting since you'll be discussing advancing XEP-0368, I'll just stay quiet unless someone highlights me :)
-
Tobias
seems it's about time
-
Tobias
1) Roll call
-
daniel
here
-
Dave Cridland
Here, but not be for long.
-
Dave Cridland
(Daughter has a doctor's appt)
-
Tobias
Link Mauve, SamWhited?
-
Tobias
maybe they'll join later
-
Tobias
2) Minute taker
-
Tobias
I offer to do it, if nobody else wants
-
Link Mauve
I’m here.
-
daniel
i was just about to say that it's my turn again. but I can do it next time
-
daniel
oh no actually I can't because i'm probably going to be on a train to brussels
-
Tobias
ok..last week we didn't clearly indicate that we wanted to vote on things..so here explitily again
-
Tobias
3) Voting to Advance XEP-0333 to Last Call
-
SamWhited
Sorry, here
-
Tobias
+1
-
daniel
+1
-
SamWhited
+1
-
Link Mauve
+1
-
Tobias
Dave Cridland, still there?
-
Dave Cridland
Yes, sorry. +1.
-
Tobias
perfect
-
Tobias
4) Voting to Advance XEP-0233 to Last Call
-
Tobias
+1
-
daniel
on list
-
Dave Cridland
+1.
-
Dave Cridland
Still confused as to why Mili Verma's not listed as an author, mind.
-
Link Mauve
On list too, I started reading the referenced specifications but I still don’t grasp all of the mechanisms there.
-
SamWhited
+1; Mind you, I don't feel that I have enough knowledge of Kerberos to know if this is a valid way to do things, or if it's used anywhere or if there have been deployment issues, etc. but I figure that's what LC is for.
-
Dave Cridland
SamWhited, Mili's edits basically were in response to developing this on WIndows and UNIX.
-
Dave Cridland
SamWhited, So I think it's well past ready.
-
Tobias
5) Voting on moving XEP-0368 forward (issuing LC)
-
Link Mauve
+1
-
Tobias
+1
-
daniel
+1
-
SamWhited
+1
-
Dave Cridland
+1
-
Tobias
6) Short update on XEP-0300 fixing
-
Tobias
I've updated XEP-0300 https://github.com/xsf/xeps/commit/2f21fbef22d484d1651596aeb279b3386398c183 would be nice if people could give a quick overview sometime if they see issues with that, if not we can issue an LC to move that to draft in a couple weeks
-
Tobias
7) Voting on moving 2010 compliance suites to obsolete to prevent confusion while we work on the 2017 ones
-
Tobias
+1
-
SamWhited
+1
-
daniel
+1
-
SamWhited
for background, I plan on writing the 2017 ones on the flight to Brussels and withdrawing the 2016 ones
-
Link Mauve
I’ve read it earlier, I was wondering whether making sha3-256 and blake2b-256 mandatory is that sensible before every crypto library is well updated to support them.
-
Link Mauve
Re: 6)
-
Link Mauve
Tobias, +1.
-
Link Mauve
Tobias, also obsoleting the 2012 ones.
-
Dave Cridland
-0
-
SamWhited
Oh are there 2012 ones too? Yah, +1 to obsoleting both of them.
-
Dave Cridland
I don't really care, but I'm not sure it's worth the effort.
-
Dave Cridland
But absolutely not a hill for me to die on.
-
Tobias
Link Mauve, something for the next meeting to vote on then...don't want the topics/voting issues to change mid-meeting, especially not mid-voting
-
Link Mauve
Sure.
-
Tobias
8) Date of next
-
Tobias
Does next week work for everyone, or do we want to skip a week?
-
Link Mauve
I won’t be here next week, I’ll be on the train to Brussels.
-
Dave Cridland
I'm not here next week.
-
daniel
i have to check my train schedule again. but i'm fairly certain i'm on a train at 1600Z
-
SamWhited
We could have a small impromptu meeting a little bit later in the day next week
-
Dave Cridland
I'll be driving to Bristol. To take a plane to Amsterdam. To take a train to Brussels.
-
SamWhited
Or on the 2nd
-
Tobias
right, so it'll probably make sense to skip a week
-
Dave Cridland
How many of us are in Brussels on Thursday?
-
daniel
either move it back a couple of hours or skip it
-
daniel
Thursdays yes. also wednesday
-
Tobias
Dave Cridland, i guess everyone
-
Dave Cridland
We have had a Council meeting in the Summit before, could be fun to do again - might get someone else to take minutes.
-
Link Mauve
Finally! \o/
-
SamWhited
Find a pub and rope someone in to take minutes with the promise that I'll buy them a beer :)
-
Tobias
sure..so sometime thursdays next week?
-
Link Mauve
Wfm.
-
daniel
yes
-
Tobias
great...even if we fail to arrange it, there'll still be a week afterwards :)
-
Tobias
9) AOB
-
Tobias
doesn't look like it
- Tobias bangs the gavel
-
SamWhited
Thanks!
-
Tobias
thanks everyone
-
daniel
thank you
-
Link Mauve
Thank you.
-
SamWhited
Tobias: RE 0300, I had the same thought as Link Mauve — how wide spread is sha3? I know the Go standard library has an implementation, but it tends to be ahead of other things. Eg. does Java have one? I don't think Rust does yet (not that that's very relavant, but it's the only other thing I really pay attention too)
-
Tobias
Link Mauve, what environments do you know of with bad sha3 support?
-
Link Mauve
None actually, but probably older openssl don’t have it yet.
-
Tobias
for anything C/C++ related it's probably a little issue as there's ready to use reference impementation code for sha3 and blake
-
SamWhited
Does stable Debian OpenSSL?
-
Zash
OpenSSL doesn't
-
Zash
There's code, but it's not exposed
-
Tobias
recent openssl has blake, they should have sha3 too, not?
-
SamWhited
Oh hey, I lied, Rust has sha3 in the standard library already.
-
Tobias
bouncycastle also has SHA3
-
SamWhited
or rather, it has an implementation already.
-
Link Mauve
OpenSSL apparently still doesn’t have it, according to https://github.com/openssl/openssl/issues/439
-
SamWhited
Personally I think it would be good to leave it as a SHOULD at least until OpenSSL has it.
-
Tobias
Oracle Java seems to have it since, earlier this month https://bugs.openjdk.java.net/browse/JDK-8004078 ^^
-
Zash
There's a keccak1600.c in the sources, however it's not used by anything
-
Link Mauve
daniel, any information about Android?
-
daniel
Link Mauve, not from the top of my head
-
SamWhited
If bouncy castle has it would it not work on Android?
-
daniel
SamWhited, if bc has it everything is fine
-
Link Mauve
Ok.
-
Link Mauve
Fyi, Python got both sha3 and blake2 only in 3.6.
-
Tobias
also the idea was having multiple algorithms set to MUST, so implementations strive to support as many of the MUST ones as possible...the it's more likely that there is matching support between two entities
-
Link Mauve
I’m not against it, I was just wondering whether it wouldn’t be a bit too early.
-
Tobias
Link Mauve, considering how rarely we seem to have updated XEP-0300 the idea was to make it more future proof :) but happy either way...but we should at least aggree on it before voting on it to LC
-
SamWhited
Hmm, I could go either way now. Future proof sounds good; I wouldn't want to block either way.
-
Link Mauve
Same, I’m fine with LC as is.
-
Zash
Isn't there some RFC / BCP you can point to for recommendations, so we don't need to update it as best practices change?
-
Tobias
great...also added a table for the textual names of the new hashes...IANA is a bit slow there, as their table was last updated 2006
-
Tobias
Zash, i don't know of one
-
Tobias
Zash, I imagine the TLS spec has hash recommendations
-
Tobias
Zash, then again, RFCs don't get updated..only replaced by other RFCs