- Lance has joined
- tato has left
- tato has joined
- Lance has joined
- bear has left
- Lance has left
- SouL has left
- Alex has joined
- Alex has left
- Alex has joined
- Alex has left
- jabberjocke has joined
- SouL has joined
- Simon has joined
- jabberjocke has left
- Simon has left
- Simon has joined
- Simon has left
- Simon has joined
- dwd has joined
- jabberjocke has joined
- Simon has joined
- stpeter has joined
- stpeter has left
- Simon has left
- Simon has joined
- Zash has joined
- Ashley Ward has joined
- Zash has left
- Simon has joined
- Zash has joined
- Simon has left
- Simon has joined
- Simon has joined
- SouL has left
- SouL has joined
- SouL has left
- SouL has joined
- SouL has left
- tato has left
- jabberjocke has left
- Alex has joined
- Simon has left
- Simon has joined
- Simon has joined
- stpeter has joined
- stpeter has left
- SouL has joined
- intosi has left
- intosi has joined
- Zash has left
- stpeter has joined
- stpeter has left
- stpeter has joined
- Laura has joined
- Zash has joined
- bear has joined
-
fippo
http://webrtchacks.com/trickle-ice/
-
fippo
"Things get complicated for SIP because it has neither of the above: it has neither the reliable discovery mechanisms of XMPP, nor the mandatory support for trickling that WebRTC comes with."
-
fippo
poor old sip
-
MattJ
:'(
-
stpeter
heh
-
stpeter
speaking of which, would it be helpful to finish off the Server IP Check XEP?
-
Zash
Oh, hadn't seen that there was a new version of that
-
stpeter
newish, anyway
-
stpeter
all it really does is give you a hint that your IP address might not be what you think it is, thus the acronym "sic" ;-)
-
MattJ
Clever :)
-
stpeter
I love clever acronyms -- maybe I should've gone into marketing or advertising ;-)
- intosi has left
- intosi has joined
- Alex has left
-
bear
Board meeting in 5 minutes, I suspect it may be a fast one
-
stpeter
why do you suspect so? ;-)
-
bear
i'm just being an optimist
-
dwd
We can soon correct that one, though.
-
stpeter
http://webrtchacks.com/trickle-ice/ mentions Jingle Relay Nodes -- another spec we need to update
- dwd grabs thinking-pencil
-
dwd
What with SRTP-DTLS and stuff, a relay is unable to snoop on the conversation, I suppose?
-
bear
you can buy those!?!
-
dwd
bear, Don't know, but you should be able to. Then again, I also want a hex bit pencil and pen set, and I can't find those anywhere.
- bear checks for quorum
-
bear
ralphm, simon, dwd, laura?
- dwd waves appendages.
- Simon is here
-
ralphm
hi
-
Laura
Here
-
bear
sweet! everyone ready to start?
-
ralphm
go
-
stpeter
wow, cool, text from Laura appeared before she joined the chatrom
-
stpeter
+o
-
dwd
stpeter, Then your client had a MUC sync failure.
-
bear
yea, I just noticed she was not in the admin affiliates list
-
bear
so made the change just as she was responding
-
dwd
stpeter, You saw the role change as a entry.
-
stpeter
anyway
-
stpeter
topics for today?
-
Simon
Bear: I'd like to add a discussion about the XSF involvement with the securing of XMPP to the agenda.
-
bear
on the agenda:
-
dwd
Simon, Good call.
-
bear
GSoC update
-
bear
FOSDEM quick update
-
bear
Google outreach response/update
- dwd needs to largely vanish at 1700UTC (ie, 30 mins) to go cook the children's food.
-
bear
and XSF being active with the XMPP ubiquitous security thingy
-
bear
ok, first item - GSoC
-
bear
let's make this a Kev inspired meeting then - 30 minutes and done
-
bear
i'll do minutes later tonight
-
bear
the mailing list had quite a response
-
Simon
+1 for a fast meeting.
-
bear
so I want to make sure tonight the gsoc wiki page has items
-
bear
and then poke the responders to start updating it
-
ralphm
yeah, looks good
-
bear
i'll do that tonight
-
Simon
then we should mail out to the list(s) too?
-
dwd
It'd be nice to get some concrete support and suggestions.
-
Simon
+1
-
Simon
ok -happy to start adding concrete when the page is ready.
- jabberjocke has joined
-
bear
yes, if you all want, email me what lists I should target and I'll do them (or volunteer to help cover them)
-
bear
yea, that is better, update the wiki wth the lists and then we can coordinate
-
bear
anything else on GSoC ?
-
stpeter
(as to agenda items, I'd like to chat briefly about the various liaison relationships that might be forming)
- bear adds to agenda
-
Simon
Bear: happy with that for GSOC / nothing else
-
ralphm
isn't that like g outreach?
-
bear
ok, next item - google outreach results
-
bear
my take is that we are hitting a possible political stonewall ?
-
dwd
Well, no.
-
Simon
Update: Email doesn't reach google people/ G+ does. Ade pinged a couple of people inside google and "they are aware of what is happening" was the most I could get out.
-
dwd
The wheels of Google grind slowly, etc.
-
Simon
I'd tried to email quite a few people including their head of open souce Chris DiBona. Nothing back.
-
dwd
It's not so much a political stonewall, it's just the momentum of the juggernaut is hard to change.
-
fippo
i'd note https://twitter.com/juberti/status/401971677321367552 as well
-
stpeter
I did reach out to Justin Uberti and he said he would find out if it's possible / feasible for them to support s2s encryption
-
Simon
What about we take a different approach - of asking that they enable TLS without cert checking. But at this point I'm somewhat inclinded to say fuckit.
-
bear
ok, so my question would be this then: do we continue with another round of polite-behind-the-scenes contacts or do we start getting noisier on the G+ scene?
-
dwd
Simon, I don't think we've got anywhere close to that yet.
-
stpeter
Simon: that is what I suggested to Justin as a good place to start
-
dwd
bear, I'm nervous about becoming confrontational in public.
-
fippo
stpeter: they have it implemented. It worked a couple of years ago
-
stpeter
but, to Dave's point, we don't even know if they have anyone working on Talk any longer
-
stpeter
fippo: ah, I had forgotten about that
-
dwd
bear, I think the counter-reaction would be bad, basically.
- SouL has left
-
stpeter
I see no reason for a confrontation
-
dwd
What might be interesting is to try to get Google participation from the Chris DiBona/Ade types at the SUmmit.
-
bear
I wasn't suggesting bashing
-
stpeter
ideally we can bring along Google, although IMHO it might not happen as quickly as we'd like
- SouL has joined
-
bear
I was suggesting just taking some of the questions to G+ and starting a dialog
-
dwd
I know it'll be too late for the 4th Jan test day, but getting to chat face to face might prove much more effective.
-
stpeter
and BTW it's not just Google -- other providers like GMX and Dreamhost are relevant here, too
-
fippo
stpeter: i'll poke some people about GMX again.
-
dwd
bear, I think it'd end up a disaster, TBH. We just cannot control how other people pitch into a public conversation.
-
Simon
I can go an know on GMX's door here in Munich.
-
stpeter
Simon: :-)
- Simon is serious.
-
ralphm
dwd: agreed
-
bear
ok, so the push back i'm hearing is that we keep it direct until the first test day is over?
-
bear
and then regroup?
-
stpeter
that seems reasonable
-
dwd
Right, but I'd reiterate that if we can ply some Googlers with beer in Brussels I think it'd lubricate more than throats.
- jabberjocke has left
-
stpeter
:)
-
fippo
dwd: and london :-)
-
ralphm
the point is that we are effectively not having a conversation, not even no-comment
-
Simon
Sounds good. A nice report from the first test day explaining how we've tried to reach out to some of the larger providers wouldn't go amiss too.
-
dwd
ralphm, Well, we've had a to, and a fro. It's not great, but it's a start.
-
ralphm
those googlers we are talking to are not involved
-
stpeter
ralphm: methinks I'll post on +
-
stpeter
dwd: agreed
-
Simon
My post on G+ got an instant reaction.
-
stpeter
Simon: yes
-
ralphm
dwd: I chat with Ade all the time, that's easy
-
bear
ok, so the status is "still poking" with more pokes to happen and to keep it on a one-to-one level for now and let the sleeping giant that is our awesome membership quiet for the moment?
-
Simon
posting and linking to http://xmpp.net/result.php?domain=gmail.com&type=server (when it's finished testing).
-
stpeter
heh
-
fippo
simon: use google.com instead
-
dwd
Hmmm. xmpp.net isn't over https. No irony there.
-
stpeter
it doesn't force https
-
ralphm
heh
-
stpeter
we can fix that
-
ralphm
let's
-
dwd
But I digress...
-
bear
ok, moving on
-
stpeter
ok, done with that topic?
-
stpeter
(I will try to resurrect some DreamHost contacts)
-
bear
ralphm - can you give a quick FOSDEM update?
-
ralphm
no change
-
Simon
I'd like us to talk about the security effort though as part of the XSF. This security stuff is important to get right. At the moment we spoke about it at the summit, in the board meetings and in the mailing lists. If it's purely Peter's manifesto and the XSF isn't endorsing that, then we look indecicive. And this stuff is important and we should be endorsing it.
-
bear
nicely quick - thanks ralph
- bear passes the mic to simon
-
Kev
Simon: FWIW, I don't think the manifesto as it stands is 'right'.
-
Simon
I can't think of a more important cause that we should be focusing on and championing.
-
bear
kev - what part of the manifesto do you not agree with?
-
dwd
Simon, I'd be concerned that too many of the operators are not committed to it - in part because of the Google (and GMX, and ... ) issues.
-
bear
the non-technical bits?
-
Simon
Or put another way, is there anything more important than focusing on security right now?
-
Kev
I've sent an Isode position to Peter a few weeks back to give him a chance to comment before making such a thing publicly.
-
dwd
Simon, Think of the children.
-
stpeter
personally I'm not really a fan of manifesto as communication method, but it's been good as a way to start the conversation and set some goals
-
Kev
But my personal position, which may or may not be similar to Isode's, is that it states the requirements too firmly without nuance.
-
bear
i.e., can we endorse the testing and interoperability of the Security Test Day without waving the manifesto as our flag?
-
dwd
bear, Not really. Or at least, we can, but nobody will understand that.
-
Kev
There are significant (non-Internet) deployments that do not need, or should not have, TLS, and the manifesto simply says they need to use TLS. If the XSF endorses that, it's saying it doesn't recognise any of these deployments as valid, and that was Not Be Good.
-
stpeter
Kev: likely something is lost in my inbox and I need to reply, sorry about that
-
Simon
a) write a manifesto b) decide that security is an important selling point for XMPP c) XSF announces secure connections on the network test days. d) XMPP is secure.
-
Laura
What about seeing the manifesto as a work-in-progress?
-
ralphm
Maybe we can change the effort to an informational XEP and then have XSF announce test days
-
Laura
Look for engagement through involevemt?
-
stpeter
Laura: I definitely see it that way, but it perhaps hasn't been presented properly
-
Kev
stpeter: I think you replied saying "Will look at this", and then lost it, then :)
-
dwd
I personally see the manifesto as a kind of bargaining position. It's a statement of our ideal for internet services.
-
dwd
The trouble is, the way it's worded leaves little compromise.
-
Laura
Does it say that clearly? "This is a statement of our ideal…" etc?
-
Kev
dwd: But because it places requirements on software, not just deployment, that is not clear.
-
stpeter
Kev: as to non-Internet deployments, the manifesto doesn't talk about those since it's about the public XMPP network
-
bear
I can get behind the XSF creating a best-practices XEP and then starts to support interop testing to implement it
-
Simon
Kev: The manifesto calls for securing public servers that interconnect - don't think it mentions "behind the firewall" installs.
-
Kev
stpeter: No, it's about software too.
-
dwd
And I think that lack of compromise is seen as worrying by a considerable portion of the deployed servers out there.
-
stpeter
Kev: yes, we need the software to support the features and configuration options that make it possible for public XMPP services to encrypt traffic
-
Kev
stpeter: Yes, but some of the software points are not 'support', they're 'do'.
-
Simon
I see it more as "if you want to talk to my users, you jolly well ought to take their privacy seriously and use TLS"
-
dwd
Simon, Right, but that's not what it says.
-
Kev
I am not opposed to the ideas in the manifesto, but the wording is Not Quite Right to my eye.
-
Kev
stpeter: You have some comments on this in your inbox :)
-
Laura
Please tell me it actually uses the phrase "you jolly well ought to"
-
Simon
:)
-
stpeter
Kev: I'm sure
-
stpeter
anyway
-
dwd
Laura, No, it says "you must and I will not compromise".
-
dwd
THough I paraphrase.
-
Laura
Scary
-
Laura
What about "we will help you to…"?
-
stpeter
Kev: the only "do" I see is "no more SSLv2 and SSLv3", but I think the "and SSLv3" can be removed -- it's SSLv2 that is bad
-
Laura
More encouraging?
-
stpeter
in any case, this is not the place to wordsmith
-
stpeter
and 27 minutes have gone by in this meeting :-)
-
Kev
stpeter: Are you happy for me to share the mail more widely, or would you like to read it first?
-
stpeter
action item for me is to review all feedback and propose changes to the manifesto
-
Kev
OK.
-
Simon
My original point is that the XSF needs to be seizing this moment to fix security on s2s links (I don't care what you do on your c2s links)
-
stpeter
Kev: I'm fine with public discussion -- transparency is always better IMHO
-
dwd
stpeter, Right. But I think the point is that it's not clear that the XSF can wholeheartedly support it in its current form, which is unfortunate, because the goals of it seem very well aligned.
-
bear
can we get some wordsmithing on this in the lists and take this up again next week?
-
stpeter
dwd: I'm not sure what it means for the XSF to support such a thing -- does that mean the membership needs to vote, or can the Board voice its support?
-
stpeter
bear: sure
-
dwd
Simon, "Do this or go home" has the unfortunate problem that many people seem happy enough to take the latter option, judging by the lists.
-
stpeter
the idea is very much to give us some aspirational goals, *not* to split the network!!
-
dwd
stpeter, I would argue that the Board shoudl probably judge consensus, rather than ask for a formal vote in most cases.
-
Simon
dwd: I was thinking about that. And yes, there are some vocal opponents. But I think we risk loosing the voice of the vast majority of silent suporters that would like secure connections.
-
stpeter
but the text in the manifesto about unauthenticated encryption seems to make this uncontroversial
-
dwd
stpeter, " the idea is very much to give us some aspirational goals" - right, totally behind you on this. I think it's the absolutism, as it were, that's causing the discomfort.
- bear looks at the time
-
bear
ok, if we can get the wordsmithing fixed
-
stpeter
dwd: OK, I will revisit the text and see if I can propose some scrubbing to remove any remaining traces of absolutism
-
Simon
I think the manifest is right - this is a network and at some point one has to force the issue - it's been many years now and the state of XMPP security has rumbled on in an insecure hodgepodge.
-
bear
then we will have a chance next week to talk about what/how we as the board can get the membership to support the effort?
-
stpeter
Simon: yes, *but* IMHO we should be able to at least get to unauthenticated encryption using even anonymous DH
-
stpeter
bear: yes
-
dwd
stpeter, +1.
- stpeter shuts up about security
-
ralphm
heh
-
bear
that sounds like a best-practices XEP for sure
-
bear
so people can be pointed to it as a HOW-TO once they get their F from xmpp.net
-
fippo
bear: i pestered dwd about starttls+dialback already
-
dwd
If we're done with this, does that mean we're done-done?
-
Simon
(peter: what's happening on Jabber.org's upgrade?)
-
bear
ok, that was the last agenda item
- Simon moves soapbox to the side.
-
stpeter
quick update about the liaison agreements
-
bear
any agenda bashing?
- bear moves box to peter's side
-
stpeter
I have received communication from the UPnP Forum about a liaison agreement with them
-
stpeter
I'm working on this with someone from Cisco who is involved in UPnP Forum
-
stpeter
we'll do a bit of back and forth in the next day or two
-
stpeter
then I think I can send a proposed document to the Board
-
stpeter
they have a template for such things, we just need to fill in some of the details
-
stpeter
I haven't really reviewed it yet, just received it yesterday
-
stpeter
but it's in the works
-
stpeter
and you saw my note about their UPnP Cloud initiative
-
stpeter
so that's all good, I think
-
stpeter
I need to follow up with both ISO TC 122 and IEC TC 57
-
stpeter
I apologize for taking last week off ;-)
-
ralphm
any more text on that?
-
stpeter
that = ISO and IEC?
-
ralphm
upnp+xmpp
- bear smacks peter with the "you should take more time off" bat
-
ralphm
apart from the news page
-
stpeter
oh, BTW, UPnP Forum is very interested in conformance / compliance testing and might be able to contribute code in this area for XMPP stuff
-
dwd
stpeter, Do we have to approve your vacation time as your management?
-
stpeter
ralphm: I have two presentations (PPT format) that I can probably share -- the rest has all been verbal chats I've had with some folks at UPnP Forum
-
ralphm
right
-
stpeter
they've had quite a few technical questions about MUC, pubsub, security, naming, etc.
-
stpeter
even Jingle stuff
-
stpeter
I think they basically want to accomplish the vision that Dirk Meyer was working on a few years ago
-
ralphm
cool
-
stpeter
yep
-
dwd
My children are hungry; but I think we just ask the Council to select some folk in readiness on the assumption Peter will sort out the legal mumbo jumbo.
-
stpeter
yes
-
bear
cool, sounds like a +1 to peter's plan
-
stpeter
we can discuss more next week
-
stpeter
I just wanted to provide a quick update
-
bear
next week, same time and place?
-
dwd
Someone (COuncil or us) should put out a call for volunteers to serve on these things.
-
dwd
(to members@)
-
stpeter
seems like a Council thing
-
dwd
bear, Yes.
-
stpeter
let's put that on their agenda for next week's Council meeting :-)
-
dwd
stpeter, Happy for it to be Council, they're doing the selection.
-
stpeter
WFM
-
bear
k, i'll send an email to membership@ asking council to add it to agenda
-
bear
ok, we are done then - thanks all!
-
dwd
Doesn't that effectively act as a call for volunteers?
-
bear
nope, just a public way of getting it on the council agenda
-
stpeter
:)
-
Kev
Yes, just make sure that anything going on Council agends reaches me via email please (either directly, to council@ or to members@ with a clear subject line) so I notice it.
-
bear
+1
-
stpeter
yay
-
bear
k, i'll write up the minutes after work using the new Kev method
-
stpeter
super
-
stpeter
thanks, all!
-
stpeter
good discussion
-
bear
and the i'll do the calendar additions for next week
-
Simon
thanks all
-
bear
yep, thanks everyone
-
Laura
Bye all
-
stpeter
it's great to see such passion about XMPP after all these years :-)
-
bear
+1
-
Kev
So, post meeting...Board could use more bios :)
-
Kev
I'm happy to put them in place if people send them to me, or everyone probably has access to do it themselves.
-
Laura
Tried to log in to do mine but couldn\t get in. I have my password - is the user name email address?
-
Laura
It didn't like me
-
Kev
I don't believe so - who created your account?
-
Kev
Bug them about it :)
- bear looks at laura's account
-
bear
laura: your username is "laura" and the email is listed as "laura.gill@surevine.com"
-
Laura
Thank you bear
- stpeter updates the Board calendar
-
Laura
*makes note to do my homework*
-
stpeter
Laura: hopefully these meetings aren't too crazy for you -- we have a certain style of communicating and it can be difficult to follow, I think :-)
-
bear
it does take some getting used to
-
Kev
At least we don't communicate by yelling (much) :)
-
stpeter
hmph, I have a dentist appointment next Wednesday morning, I am not sure how I schedule such a thing at that time :(
-
bear
do you want a schedule change before/after?
-
stpeter
I can provide information by email beforehand and the Board can proceed, I think
-
bear
k
-
stpeter
maybe I can join via mobile or show up early and use their wifi
-
bear
I'm up for sliding the meeting up an hour if the others are ok with it
-
stpeter
I'm going to see if (a) the dentist has wifi or (b) I can move the appointment
-
Kev
Hahahaha
-
stpeter
if we have a 30-minute meeting, we should be fine :-)
-
Kev
Sentences you never expect to see "I'm going to see if the dentist has wifi".
-
stpeter
heh yeah
-
stpeter
I'll work it out on my end
-
stpeter
Board calendar updated
- bear has sent email to members@ asking for council time
-
Kev
Thanks bear.
-
bear
yw
-
bear
the gsoc wiki page has been created by jabberjocke - \o/
- ralphm has left
- bear proofreads the new page for typos and spelling
- bear sends blurb to members@ about GSOC project ideas
- Simon has left
- Laura has left
- Laura has joined
- Simon has joined
- Laura has left
- Simon has joined
- Alex has joined
- Simon has left
- Zash has left
- Zash has joined
- Ashley Ward has left
- tato has joined
- tato has left
- tato has joined
- tato has left
- tato has joined
- SouL has left
-
fippo
kev: the agenda for the next meeting is going to be pretty heavy
-
fippo
three submissions from me ;-)
- tato has left
-
Kev
Yay.
- tato has joined
-
MattJ
dwd, can you expand "with strong identity being considerably more prevalent that it was"? (assuming s/that/than/)
- SM has joined
-
dwd
We have a big push for proper certificates that seems to be working.
-
dwd
But you know, I thought I'd make it sound exciting and technical.
- jabberjocke has joined
- Ashley Ward has joined
- tato has left
- ralphm has left
- bear has left
- Simon has joined
- Simon has left
- Ashley Ward has left
-
MattJ
So now we need to get the discussion over to the security list somehow
-
MattJ
and then jingle, and the WG list
-
stpeter
:P
- Zash has joined
- tato has joined
- Lance has joined
- tato has left
- tato has joined
- Lance has joined
- bear has left
- Lance has left
- SouL has left
- Alex has joined
- Alex has left
- Alex has joined
- Alex has left
- jabberjocke has joined
- SouL has joined
- Simon has joined
- jabberjocke has left
- Simon has left
- Simon has joined
- Simon has left
- Simon has joined
- dwd has joined
- jabberjocke has joined
- Simon has joined
- stpeter has joined
- stpeter has left
- Simon has left
- Simon has joined
- Zash has joined
- Ashley Ward has joined
- Zash has left
- Simon has joined
- Zash has joined
- Simon has left
- Simon has joined
- Simon has joined
- SouL has left
- SouL has joined
- SouL has left
- SouL has joined
- SouL has left
- tato has left
- jabberjocke has left
- Alex has joined
- Simon has left
- Simon has joined
- Simon has joined
- stpeter has joined
- stpeter has left
- SouL has joined
- intosi has left
- intosi has joined
- Zash has left
- stpeter has joined
- stpeter has left
- stpeter has joined
- Laura has joined
- Zash has joined
- bear has joined
- intosi has left
- intosi has joined
- Alex has left
- jabberjocke has joined
- SouL has left
- SouL has joined
- jabberjocke has left
- ralphm has left
- Simon has left
- Laura has left
- Laura has joined
- Simon has joined
- Laura has left
- Simon has joined
- Alex has joined
- Simon has left
- Zash has left
- Zash has joined
- Ashley Ward has left
- tato has joined
- tato has left
- tato has joined
- tato has left
- tato has joined
- SouL has left
- tato has left
- tato has joined
- SM has joined
- jabberjocke has joined
- Ashley Ward has joined
- tato has left
- ralphm has left
- bear has left
- Simon has joined
- Simon has left
- Ashley Ward has left
- Zash has joined
- tato has joined