-
Ge0rG
I might be a bit late.
-
jonas’
ok
-
jonas’
1) Roll Call
-
Zash
Awake!
-
jonas’
who do we have? A delayed Ge0rG, an apologized dwd, a present Zash, a potential daniel and a chairy jonas’?
-
daniel
hi
- Ge0rG is semi there
-
jonas’
alright, let’s get to it
-
jonas’
2) Agenda Bashing
-
jonas’
the absence of agenda points is still making me uneasy
-
jonas’
so I put something in the AOB section
-
jonas’
any other addendas✎ -
jonas’
any other addenda? ✏
-
jonas’
probably not
-
jonas’
3) Editor’s Update
-
jonas’
nada
-
jonas’
4) Items for Voting
-
Ge0rG
I have some 280 tasks on my agenda, all unfinished
-
jonas’
none
-
jonas’
5) Date of Next
-
jonas’
+1w wfm
-
Zash
+1w wfm
-
daniel
+¹
-
Ge0rG
+1
-
jonas’
cool
-
jonas’
6) AOB
-
jonas’
https://github.com/xsf/xeps/pull/1059/files
-
jonas’
I was thinking, what are the security/privacy implications of that one?
-
Zash
It Depends™
-
Ge0rG
More ways to enumerate accounts?
-
jonas’
not quite enumeration, but confirmation
-
jonas’
Zash, do you have an idea what it may depend on?
-
Zash
There were concerns raised before about correlating MUC participants, that might apply.
-
jonas’
ok
-
jonas’
I might put it to the list then
-
jonas’
thanks
-
jonas’
AO-AOB?
-
daniel
so much in OX is up for interpretation (on how to use it exactly) that the security implications may vary widely
-
Zash
I also remember something about reuse of a "normal" pgp key leaking stuff that way.
-
daniel
for example it is unclear if you are going to reuse the pgp key that you use in email for example
-
daniel
if you do an open access model will leak your identity
-
daniel
but that's entirely unclear. i don’t think there are best practices yet
-
daniel
i'd just leave it to the authors to steer that one into what ever direction they deem fit
-
jonas’
ok
-
jonas’
I’ll still ask them to write a note in the security considerations
-
Zash
+1
-
jonas’
and maybe point the list at it
-
jonas’
either way
-
jonas’
7) Ite Meeting Est
-
jonas’
thanks everyone
-
Zash
Thanks jonas’