fippo"Things get complicated for SIP because it has neither of the above: it has neither the reliable discovery mechanisms of XMPP, nor the mandatory support for trickling that WebRTC comes with."
fippopoor old sip
MattJ:'(
stpeterheh
stpeterspeaking of which, would it be helpful to finish off the Server IP Check XEP?
ZashOh, hadn't seen that there was a new version of that
stpeternewish, anyway
stpeterall it really does is give you a hint that your IP address might not be what you think it is, thus the acronym "sic" ;-)
MattJClever :)
stpeterI love clever acronyms -- maybe I should've gone into marketing or advertising ;-)
intosihas left
intosihas joined
Alexhas left
bearBoard meeting in 5 minutes, I suspect it may be a fast one
stpeterwhy do you suspect so? ;-)
beari'm just being an optimist
dwdWe can soon correct that one, though.
stpeterhttp://webrtchacks.com/trickle-ice/ mentions Jingle Relay Nodes -- another spec we need to update
dwdgrabs thinking-pencil
dwdWhat with SRTP-DTLS and stuff, a relay is unable to snoop on the conversation, I suppose?
bearyou can buy those!?!
dwdbear, Don't know, but you should be able to. Then again, I also want a hex bit pencil and pen set, and I can't find those anywhere.
bearchecks for quorum
bearralphm, simon, dwd, laura?
dwdwaves appendages.
Simonis here
ralphmhi
LauraHere
bearsweet! everyone ready to start?
ralphmgo
stpeterwow, cool, text from Laura appeared before she joined the chatrom
stpeter+o
dwdstpeter, Then your client had a MUC sync failure.
bearyea, I just noticed she was not in the admin affiliates list
bearso made the change just as she was responding
dwdstpeter, You saw the role change as a entry.
stpeteranyway
stpetertopics for today?
SimonBear: I'd like to add a discussion about the XSF involvement with the securing of XMPP to the agenda.
bearon the agenda:
dwdSimon, Good call.
bearGSoC update
bearFOSDEM quick update
bearGoogle outreach response/update
dwdneeds to largely vanish at 1700UTC (ie, 30 mins) to go cook the children's food.
bearand XSF being active with the XMPP ubiquitous security thingy
bearok, first item - GSoC
bearlet's make this a Kev inspired meeting then - 30 minutes and done
beari'll do minutes later tonight
bearthe mailing list had quite a response
Simon+1 for a fast meeting.
bearso I want to make sure tonight the gsoc wiki page has items
bearand then poke the responders to start updating it
ralphmyeah, looks good
beari'll do that tonight
Simonthen we should mail out to the list(s) too?
dwdIt'd be nice to get some concrete support and suggestions.
Simon+1
Simonok -happy to start adding concrete when the page is ready.
jabberjockehas joined
bearyes, if you all want, email me what lists I should target and I'll do them (or volunteer to help cover them)
bearyea, that is better, update the wiki wth the lists and then we can coordinate
bearanything else on GSoC ?
stpeter(as to agenda items, I'd like to chat briefly about the various liaison relationships that might be forming)
bearadds to agenda
SimonBear: happy with that for GSOC / nothing else
ralphmisn't that like g outreach?
bearok, next item - google outreach results
bearmy take is that we are hitting a possible political stonewall ?
dwdWell, no.
SimonUpdate: Email doesn't reach google people/ G+ does. Ade pinged a couple of people inside google and "they are aware of what is happening" was the most I could get out.
dwdThe wheels of Google grind slowly, etc.
SimonI'd tried to email quite a few people including their head of open souce Chris DiBona. Nothing back.
dwdIt's not so much a political stonewall, it's just the momentum of the juggernaut is hard to change.
fippoi'd note https://twitter.com/juberti/status/401971677321367552 as well
stpeterI did reach out to Justin Uberti and he said he would find out if it's possible / feasible for them to support s2s encryption
SimonWhat about we take a different approach - of asking that they enable TLS without cert checking. But at this point I'm somewhat inclinded to say fuckit.
bearok, so my question would be this then: do we continue with another round of polite-behind-the-scenes contacts or do we start getting noisier on the G+ scene?
dwdSimon, I don't think we've got anywhere close to that yet.
stpeterSimon: that is what I suggested to Justin as a good place to start
dwdbear, I'm nervous about becoming confrontational in public.
fippostpeter: they have it implemented. It worked a couple of years ago
stpeterbut, to Dave's point, we don't even know if they have anyone working on Talk any longer
stpeterfippo: ah, I had forgotten about that
dwdbear, I think the counter-reaction would be bad, basically.
SouLhas left
stpeterI see no reason for a confrontation
dwdWhat might be interesting is to try to get Google participation from the Chris DiBona/Ade types at the SUmmit.
bearI wasn't suggesting bashing
stpeterideally we can bring along Google, although IMHO it might not happen as quickly as we'd like
SouLhas joined
bearI was suggesting just taking some of the questions to G+ and starting a dialog
dwdI know it'll be too late for the 4th Jan test day, but getting to chat face to face might prove much more effective.
stpeterand BTW it's not just Google -- other providers like GMX and Dreamhost are relevant here, too
fippostpeter: i'll poke some people about GMX again.
dwdbear, I think it'd end up a disaster, TBH. We just cannot control how other people pitch into a public conversation.
SimonI can go an know on GMX's door here in Munich.
stpeterSimon: :-)
Simonis serious.
ralphmdwd: agreed
bearok, so the push back i'm hearing is that we keep it direct until the first test day is over?
bearand then regroup?
stpeterthat seems reasonable
dwdRight, but I'd reiterate that if we can ply some Googlers with beer in Brussels I think it'd lubricate more than throats.
jabberjockehas left
stpeter:)
fippodwd: and london :-)
ralphmthe point is that we are effectively not having a conversation, not even no-comment
SimonSounds good. A nice report from the first test day explaining how we've tried to reach out to some of the larger providers wouldn't go amiss too.
dwdralphm, Well, we've had a to, and a fro. It's not great, but it's a start.
ralphmthose googlers we are talking to are not involved
stpeterralphm: methinks I'll post on +
stpeterdwd: agreed
SimonMy post on G+ got an instant reaction.
stpeterSimon: yes
ralphmdwd: I chat with Ade all the time, that's easy
bearok, so the status is "still poking" with more pokes to happen and to keep it on a one-to-one level for now and let the sleeping giant that is our awesome membership quiet for the moment?
Simonposting and linking to http://xmpp.net/result.php?domain=gmail.com&type=server (when it's finished testing).
stpeterheh
fipposimon: use google.com instead
dwdHmmm. xmpp.net isn't over https. No irony there.
stpeterit doesn't force https
ralphmheh
stpeterwe can fix that
ralphmlet's
dwdBut I digress...
bearok, moving on
stpeterok, done with that topic?
stpeter(I will try to resurrect some DreamHost contacts)
bearralphm - can you give a quick FOSDEM update?
ralphmno change
SimonI'd like us to talk about the security effort though as part of the XSF. This security stuff is important to get right. At the moment we spoke about it at the summit, in the board meetings and in the mailing lists. If it's purely Peter's manifesto and the XSF isn't endorsing that, then we look indecicive. And this stuff is important and we should be endorsing it.
bearnicely quick - thanks ralph
bearpasses the mic to simon
KevSimon: FWIW, I don't think the manifesto as it stands is 'right'.
SimonI can't think of a more important cause that we should be focusing on and championing.
bearkev - what part of the manifesto do you not agree with?
dwdSimon, I'd be concerned that too many of the operators are not committed to it - in part because of the Google (and GMX, and ... ) issues.
bearthe non-technical bits?
SimonOr put another way, is there anything more important than focusing on security right now?
KevI've sent an Isode position to Peter a few weeks back to give him a chance to comment before making such a thing publicly.
dwdSimon, Think of the children.
stpeterpersonally I'm not really a fan of manifesto as communication method, but it's been good as a way to start the conversation and set some goals
KevBut my personal position, which may or may not be similar to Isode's, is that it states the requirements too firmly without nuance.
beari.e., can we endorse the testing and interoperability of the Security Test Day without waving the manifesto as our flag?
dwdbear, Not really. Or at least, we can, but nobody will understand that.
KevThere are significant (non-Internet) deployments that do not need, or should not have, TLS, and the manifesto simply says they need to use TLS. If the XSF endorses that, it's saying it doesn't recognise any of these deployments as valid, and that was Not Be Good.
stpeterKev: likely something is lost in my inbox and I need to reply, sorry about that
Simona) write a manifesto b) decide that security is an important selling point for XMPP c) XSF announces secure connections on the network test days. d) XMPP is secure.
LauraWhat about seeing the manifesto as a work-in-progress?
ralphmMaybe we can change the effort to an informational XEP and then have XSF announce test days
LauraLook for engagement through involevemt?
stpeterLaura: I definitely see it that way, but it perhaps hasn't been presented properly
Kevstpeter: I think you replied saying "Will look at this", and then lost it, then :)
dwdI personally see the manifesto as a kind of bargaining position. It's a statement of our ideal for internet services.
dwdThe trouble is, the way it's worded leaves little compromise.
LauraDoes it say that clearly? "This is a statement of our ideal…" etc?
Kevdwd: But because it places requirements on software, not just deployment, that is not clear.
stpeterKev: as to non-Internet deployments, the manifesto doesn't talk about those since it's about the public XMPP network
bearI can get behind the XSF creating a best-practices XEP and then starts to support interop testing to implement it
SimonKev: The manifesto calls for securing public servers that interconnect - don't think it mentions "behind the firewall" installs.
Kevstpeter: No, it's about software too.
dwdAnd I think that lack of compromise is seen as worrying by a considerable portion of the deployed servers out there.
stpeterKev: yes, we need the software to support the features and configuration options that make it possible for public XMPP services to encrypt traffic
Kevstpeter: Yes, but some of the software points are not 'support', they're 'do'.
SimonI see it more as "if you want to talk to my users, you jolly well ought to take their privacy seriously and use TLS"
dwdSimon, Right, but that's not what it says.
KevI am not opposed to the ideas in the manifesto, but the wording is Not Quite Right to my eye.
Kevstpeter: You have some comments on this in your inbox :)
LauraPlease tell me it actually uses the phrase "you jolly well ought to"
Simon:)
stpeterKev: I'm sure
stpeteranyway
dwdLaura, No, it says "you must and I will not compromise".
dwdTHough I paraphrase.
LauraScary
LauraWhat about "we will help you to…"?
stpeterKev: the only "do" I see is "no more SSLv2 and SSLv3", but I think the "and SSLv3" can be removed -- it's SSLv2 that is bad
LauraMore encouraging?
stpeterin any case, this is not the place to wordsmith
stpeterand 27 minutes have gone by in this meeting :-)
Kevstpeter: Are you happy for me to share the mail more widely, or would you like to read it first?
stpeteraction item for me is to review all feedback and propose changes to the manifesto
KevOK.
SimonMy original point is that the XSF needs to be seizing this moment to fix security on s2s links (I don't care what you do on your c2s links)
stpeterKev: I'm fine with public discussion -- transparency is always better IMHO
dwdstpeter, Right. But I think the point is that it's not clear that the XSF can wholeheartedly support it in its current form, which is unfortunate, because the goals of it seem very well aligned.
bearcan we get some wordsmithing on this in the lists and take this up again next week?
stpeterdwd: I'm not sure what it means for the XSF to support such a thing -- does that mean the membership needs to vote, or can the Board voice its support?
stpeterbear: sure
dwdSimon, "Do this or go home" has the unfortunate problem that many people seem happy enough to take the latter option, judging by the lists.
stpeterthe idea is very much to give us some aspirational goals, *not* to split the network!!
dwdstpeter, I would argue that the Board shoudl probably judge consensus, rather than ask for a formal vote in most cases.
Simondwd: I was thinking about that. And yes, there are some vocal opponents. But I think we risk loosing the voice of the vast majority of silent suporters that would like secure connections.
stpeterbut the text in the manifesto about unauthenticated encryption seems to make this uncontroversial
dwdstpeter, " the idea is very much to give us some aspirational goals" - right, totally behind you on this. I think it's the absolutism, as it were, that's causing the discomfort.
bearlooks at the time
bearok, if we can get the wordsmithing fixed
stpeterdwd: OK, I will revisit the text and see if I can propose some scrubbing to remove any remaining traces of absolutism
SimonI think the manifest is right - this is a network and at some point one has to force the issue - it's been many years now and the state of XMPP security has rumbled on in an insecure hodgepodge.
bearthen we will have a chance next week to talk about what/how we as the board can get the membership to support the effort?
stpeterSimon: yes, *but* IMHO we should be able to at least get to unauthenticated encryption using even anonymous DH
stpeterbear: yes
dwdstpeter, +1.
stpetershuts up about security
ralphmheh
bearthat sounds like a best-practices XEP for sure
bearso people can be pointed to it as a HOW-TO once they get their F from xmpp.net
fippobear: i pestered dwd about starttls+dialback already
dwdIf we're done with this, does that mean we're done-done?
Simon(peter: what's happening on Jabber.org's upgrade?)
bearok, that was the last agenda item
Simonmoves soapbox to the side.
stpeterquick update about the liaison agreements
bearany agenda bashing?
bearmoves box to peter's side
stpeterI have received communication from the UPnP Forum about a liaison agreement with them
stpeterI'm working on this with someone from Cisco who is involved in UPnP Forum
stpeterwe'll do a bit of back and forth in the next day or two
stpeterthen I think I can send a proposed document to the Board
stpeterthey have a template for such things, we just need to fill in some of the details
stpeterI haven't really reviewed it yet, just received it yesterday
stpeterbut it's in the works
stpeterand you saw my note about their UPnP Cloud initiative
stpeterso that's all good, I think
stpeterI need to follow up with both ISO TC 122 and IEC TC 57
stpeterI apologize for taking last week off ;-)
ralphmany more text on that?
stpeterthat = ISO and IEC?
ralphmupnp+xmpp
bearsmacks peter with the "you should take more time off" bat
ralphmapart from the news page
stpeteroh, BTW, UPnP Forum is very interested in conformance / compliance testing and might be able to contribute code in this area for XMPP stuff
dwdstpeter, Do we have to approve your vacation time as your management?
stpeterralphm: I have two presentations (PPT format) that I can probably share -- the rest has all been verbal chats I've had with some folks at UPnP Forum
ralphmright
stpeterthey've had quite a few technical questions about MUC, pubsub, security, naming, etc.
stpetereven Jingle stuff
stpeterI think they basically want to accomplish the vision that Dirk Meyer was working on a few years ago
ralphmcool
stpeteryep
dwdMy children are hungry; but I think we just ask the Council to select some folk in readiness on the assumption Peter will sort out the legal mumbo jumbo.
stpeteryes
bearcool, sounds like a +1 to peter's plan
stpeterwe can discuss more next week
stpeterI just wanted to provide a quick update
bearnext week, same time and place?
dwdSomeone (COuncil or us) should put out a call for volunteers to serve on these things.
dwd(to members@)
stpeterseems like a Council thing
dwdbear, Yes.
stpeterlet's put that on their agenda for next week's Council meeting :-)
dwdstpeter, Happy for it to be Council, they're doing the selection.
stpeterWFM
beark, i'll send an email to membership@ asking council to add it to agenda
bearok, we are done then - thanks all!
dwdDoesn't that effectively act as a call for volunteers?
bearnope, just a public way of getting it on the council agenda
stpeter:)
KevYes, just make sure that anything going on Council agends reaches me via email please (either directly, to council@ or to members@ with a clear subject line) so I notice it.
bear+1
stpeteryay
beark, i'll write up the minutes after work using the new Kev method
stpetersuper
stpeterthanks, all!
stpetergood discussion
bearand the i'll do the calendar additions for next week
Simonthanks all
bearyep, thanks everyone
LauraBye all
stpeterit's great to see such passion about XMPP after all these years :-)
bear+1
KevSo, post meeting...Board could use more bios :)
KevI'm happy to put them in place if people send them to me, or everyone probably has access to do it themselves.
LauraTried to log in to do mine but couldn\t get in. I have my password - is the user name email address?
LauraIt didn't like me
KevI don't believe so - who created your account?
KevBug them about it :)
bearlooks at laura's account
bearlaura: your username is "laura" and the email is listed as "laura.gill@surevine.com"
LauraThank you bear
stpeterupdates the Board calendar
Laura*makes note to do my homework*
stpeterLaura: hopefully these meetings aren't too crazy for you -- we have a certain style of communicating and it can be difficult to follow, I think :-)
bearit does take some getting used to
KevAt least we don't communicate by yelling (much) :)
stpeterhmph, I have a dentist appointment next Wednesday morning, I am not sure how I schedule such a thing at that time :(
beardo you want a schedule change before/after?
stpeterI can provide information by email beforehand and the Board can proceed, I think
beark
stpetermaybe I can join via mobile or show up early and use their wifi
bearI'm up for sliding the meeting up an hour if the others are ok with it
stpeterI'm going to see if (a) the dentist has wifi or (b) I can move the appointment
KevHahahaha
stpeterif we have a 30-minute meeting, we should be fine :-)
KevSentences you never expect to see "I'm going to see if the dentist has wifi".
stpeterheh yeah
stpeterI'll work it out on my end
stpeterBoard calendar updated
bearhas sent email to members@ asking for council time
KevThanks bear.
bearyw
bearthe gsoc wiki page has been created by jabberjocke - \o/
ralphmhas left
bearproofreads the new page for typos and spelling
bearsends blurb to members@ about GSOC project ideas
Simonhas left
Laurahas left
Laurahas joined
Simonhas joined
Laurahas left
Simonhas joined
Alexhas joined
Simonhas left
Zashhas left
Zashhas joined
Ashley Wardhas left
tatohas joined
tatohas left
tatohas joined
tatohas left
tatohas joined
SouLhas left
fippokev: the agenda for the next meeting is going to be pretty heavy
fippothree submissions from me ;-)
tatohas left
KevYay.
tatohas joined
MattJdwd, can you expand "with strong identity being considerably more prevalent that it was"? (assuming s/that/than/)
SMhas joined
dwdWe have a big push for proper certificates that seems to be working.
dwdBut you know, I thought I'd make it sound exciting and technical.
jabberjockehas joined
Ashley Wardhas joined
tatohas left
ralphmhas left
bearhas left
Simonhas joined
Simonhas left
Ashley Wardhas left
MattJSo now we need to get the discussion over to the security list somehow
XSF Discussion - 2013-12-04