[01:54:29] --- mrichardson has joined
[02:13:16] --- mrichardson has left
[05:48:18] --- dcrocker has left: Replaced by new connection
[05:48:24] --- dcrocker has joined
[07:10:58] --- psavola has joined
[07:17:27] --- psavola has left
[08:04:47] --- dcrocker has left
[08:32:28] --- mrichardson has joined
[08:35:03] --- mrichardson has left
[08:35:11] --- mrichardson has joined
[10:00:11] --- Olafur has joined
[10:03:23] --- Olafur has left: Replaced by new connection
[10:04:39] --- thomasm has joined
[10:04:57] --- thomasm has left
[11:31:30] --- thomasm has joined
[12:28:17] --- xiaodong has joined
[12:45:37] --- hpditt has joined
[12:55:10] --- fenton has joined
[12:59:38] <thomasm> get ready, get set?
[13:01:00] --- dcrocker has joined
[13:01:14] --- xiaodong has left: Replaced by new connection
[13:02:17] --- xiaodong has joined
[13:02:23] --- resnick has joined
[13:02:23] --- resnick has left
[13:02:23] --- resnick has joined
[13:02:30] <thomasm> is the meeting about to start?
[13:02:54] * resnick will attempt to jabber for the room
[13:02:55] <fenton> Yes, Real Soon Now.
[13:03:27] <resnick> Starting from 1317
[13:03:36] --- doug_trend@jabber.org has joined
[13:03:38] <resnick> Ignoring the greyed out (resolved) items
[13:04:09] <resnick> #25: talks about "other clues" - drop it
[13:04:11] --- miaofy has joined
[13:04:49] --- tlr has joined
[13:05:03] <resnick> ยง6.1 - bad sign with no good == no sig. "local policy" confusing?
[13:05:26] <resnick> #27 create "canonicalized copy" fixed
[13:05:43] <resnick> (Do people really need me re-typing all of the things that are in the slides?)
[13:06:07] <resnick> So far nobody objecting to these changes for 1317.
[13:06:28] <resnick> (Slide 23, I believe)
[13:06:57] --- sftcd has joined
[13:07:04] <resnick> Crocker on #33: Why is this in the main doc instead of SSP?
[13:07:16] <resnick> Allman: It's just in an Appendix.
[13:07:24] <resnick> Crocker: I'll review.
[13:07:43] --- patchvonbraun has joined
[13:08:08] <resnick> 1318: Is "s=" really needed. Yes.
[13:08:23] <resnick> 1319: Section 5 rewritten with less normative language.
[13:08:51] <resnick> 1320: IANA Considerations expanded to be specific. Crocker contributed text.
[13:09:47] <resnick> 1321: Fixed ABNF for g= and p=. Suggestion that h= tag take wildcarding.
[13:10:15] <resnick> Chair: Is there other support for this?
[13:10:19] <resnick> Bring it to the list.
[13:10:32] <resnick> 1322: Details added for key record format
[13:10:58] <resnick> 1323: Dots in selectors vs. DNS labels. Added text to resolve.
[13:11:44] <resnick> Hoffman makes sure that we didn't say that they really were labels. Will check text.
[13:12:03] <resnick> CNAMES OK? Consensus was same semantics as usual.
[13:12:07] <resnick> Don't mention them
[13:12:51] <resnick> 1325: g= arbitrary wildcarding might not be a good plan. Propose limit to a single wildcard anywhere in the string.
[13:13:01] <resnick> No complaints.
[13:13:10] <thomasm> sounds good to me
[13:13:13] <resnick> New: Do we drop relaxed body canonicalization.
[13:13:19] <resnick> ?
[13:13:21] --- mrichardson has left
[13:13:21] --- mrichardson has joined
[13:13:57] --- marz has joined
[13:14:21] <resnick> Do we pull this into a separate doc?
[13:14:25] --- stpeter has joined
[13:14:26] <thomasm> I'm here
[13:14:32] <resnick> Do we fold it in?
[13:15:01] --- raeburn has joined
[13:15:15] --- jis has joined
[13:15:45] <resnick> Mike has just posted example to the mailing list.
[13:16:15] <resnick> Hoffman: Pull it out and get it right.
[13:17:14] --- leiba has joined
[13:17:25] <stpeter> especially given that there are 3 different versions of XML canonicalization :-)
[13:17:31] * leiba has changed the subject to: DKIM WG at IETF 66
[13:17:42] <resnick> Hansen: Reminded of CTEs. Keep it in the base.
[13:17:42] <thomasm> tell Tony to speak up
[13:18:54] <resnick> Baker: Limited number of canonicalizations. Take it out unless there is someone who really needs it in now.
[13:20:06] <resnick> Chair channeling Mike: Leave it in and make it mandatory.
[13:20:47] <resnick> Jim: EOL rules need to go into both simple and relaxed. So that doesn't really make a case for relaxed.
[13:21:15] <thomasm> MIC: I could live with that, but it makes simple not quite as secure
[13:21:19] <resnick> Allman: Example - Binary data could have raw CRs. Simple needs to stay simple.
[13:21:33] --- tonyhansen has joined
[13:21:53] <thomasm> pete -- can you send my MIC comment?
[13:21:59] <resnick> Sent.
[13:22:02] <thomasm> thx
[13:22:03] <thomasm> yes
[13:22:14] --- alexeymelnikov has joined
[13:23:56] <resnick> Concerns about multipart. S/MIME's choice was do it once and anyone else who touches the message is screwed.
[13:24:23] <resnick> Barry: Either roll into simple or push on mail implementors.
[13:24:31] <resnick> Allman: Bring it to the list.
[13:25:02] <resnick> Otis: Collapse both modes into one.
[13:25:25] <resnick> Could use different canonicalizations for different parts of the message.
[13:25:33] <thomasm> yuck!!!
[13:25:35] <resnick> Bring it back to the list.
[13:26:05] <resnick> New: wildcarding in h= tag so that you could prevent addition of any new headers.
[13:27:45] --- Jelte has joined
[13:27:58] --- weiler has joined
[13:27:58] <thomasm> I was saying yuck to different canonicalizations in different parts of the body
[13:28:04] <leiba> OK
[13:28:05] <resnick> Jim: Not necessarily in code. Could be a config file.
[13:28:05] <thomasm> but yuck to this too
[13:28:09] <leiba> OK
[13:29:11] * resnick grumbles for himself
[13:29:26] --- ogud has joined
[13:29:38] --- ogud is now known as Olafur
[13:29:41] <doug_trend@jabber.org> It seems sticking with the present scheme and adding whatever tweaks are needed would be a better choice for canonicalizations.
[13:29:42] <resnick> Crocker: This is an MUA topic. Don't touch it.
[13:30:18] <resnick> Crocker: Either way, don't do this.
[13:30:30] <resnick> Chair: No support in the room to do it.
[13:30:55] <resnick> Last call ends Friday next week. Get comments in now.
[13:31:11] --- mrex has joined
[13:31:49] <resnick> Looking over rest of agenda.
[13:31:50] --- narten has joined
[13:32:43] --- Lisa has joined
[13:32:51] <resnick> Chair: Mentioning the jabber sessions we've had (~6 times)
[13:33:13] <resnick> Worked really well, made quicker process. Will probably continue.
[13:33:25] <resnick> Comments?
[13:33:34] --- ajsaf@jabber.org has joined
[13:33:39] <thomasm> MIC!
[13:33:42] <resnick> Russ: Please post a statement about the experience to the wgchairs list.
[13:33:57] <resnick> Hoffman: More notice of agenda.
[13:34:16] <resnick> West coast times were awful.
[13:35:04] <resnick> Jim Fenton on singing penguins......uh......signing practices.
[13:35:28] <Lisa> Great. A clueless woman.
[13:35:42] <resnick> Problem: What do I do with an unsigned message?
[13:35:52] <resnick> (The patriarchy hard at work, Lisa.)
[13:35:58] <stpeter> :-)
[13:36:03] <resnick> (Gotta support stereotypes when you can.)
[13:36:26] * stpeter cheers for the jabber meetings :-)
[13:36:33] <resnick> What does "suspicious" really mean?
[13:36:34] <Lisa> I really should re-de-sensitize myself. Ignorance/oblivion is bliss in these cases.
[13:37:08] <resnick> SSP also allows for 3rd party sigs. What's that mean?
[13:37:36] <resnick> (Fight the good fight Lisa. Us broken-chromosome people need constant reminding.)
[13:38:25] <resnick> SSP allows for saying, "Don't expect 3rd party sigs"
[13:38:30] --- Randall Gellens has joined
[13:38:54] <resnick> Caveats: Some "suspicious" messages are legit.
[13:39:04] <resnick> Best not to over react.
[13:40:02] <resnick> SSP is found at _policy._domainkey.<right hands side of message From>
[13:40:20] <resnick> (Violates the subdomain of _domainkey subdomain.)
[13:41:13] <resnick> SSP has inheritance.
[13:41:48] <resnick> This makes a new RR a much better idea.
[13:42:16] <resnick> Don't need to do SSP lookup if a valid sig is found.
[13:43:04] <resnick> (valid origination address sig, that is)
[13:45:26] <resnick> Crocker: Ends up requiring lots of lookups that will fail.
[13:45:42] <thomasm> MIC: this isn't a big problem in practice
[13:46:14] <thomasm> yes, we are and it's not a problem
[13:46:34] --- eric has joined
[13:47:00] <resnick> Baker: Given how much is going on now, this would be better.
[13:47:36] <resnick> Koch: No real operational issue wrt these queries.
[13:47:51] <resnick> koch: Problem with tree climbing.
[13:48:15] <resnick> Koch: But accumulated latencies for the mail system might be an issue.
[13:48:31] <resnick> Hoffman: Negative caching is only your friend for an exceptionally large cache.
[13:48:57] <thomasm> I haven't noticed any problem with MTCC.COM, a very unsprawling site
[13:49:57] <resnick> (Whoops, missed a slide)
[13:50:00] <resnick> Open questions:
[13:50:09] <resnick> How DKIM specific should SSP be?
[13:50:22] <resnick> Should it be a prefixed DNS TXT record or a new RR?
[13:50:39] <resnick> Do we need other policies? (e.g., name other domains)
[13:51:08] <resnick> Should user level practices be defined?
[13:51:21] <resnick> Should there be reporting addresses?
[13:51:28] --- healthyao2000 has joined
[13:52:27] <resnick> Baker on Policy Considerations:
[13:52:35] <resnick> Choice 1: Don't break it.
[13:52:41] <resnick> Choice 2: Do it right.
[13:53:14] <resnick> Should be an architecture that works across protocols. Have a master plan.
[13:54:03] <resnick> If we have to change, we should have a layered architecture.
[13:54:09] <thomasm> so Phill wants an inside the beltway protocol? :)
[13:54:15] <resnick> ;)
[13:54:51] <resnick> Reuseable policy and discovery policy.
[13:55:12] <resnick> Need security policy.
[13:56:12] <resnick> (SSL has such a policy -- HTTPS vs. HTTP, but can't do that with S/MIME or PGP)
[13:57:00] <resnick> Tree walking is a problem.
[13:57:15] <resnick> Right now, it's 3 step discovery:
[13:57:31] <resnick> 1 - look at policy record at the node
[13:57:38] <resnick> 2- if you don't find it, look for PTR
[13:57:51] <resnick> 3. if you find it, look for policy record there
[13:58:53] <resnick> Not saying dump SSP. Just don't boil the ocean.
[13:59:21] <resnick> And if we dump SSP, architect.
[14:00:12] <thomasm> MIC: can I encourage Phill to write up how this PTR thing would work?
[14:00:51] <thomasm> ok
[14:01:18] <resnick> Otis on Block spoofs & avoiding DoS
[14:01:40] <resnick> Another use of PTR
[14:01:45] <sftcd> PHill's draft: http://www.ietf.org/internet-drafts/draft-hallambaker-dkimpolicy-00.txt
[14:02:01] <thomasm> thanks... I guess I missed it going by
[14:03:37] <resnick> Special items like "." etc on the RHS of PTR
[14:04:03] * resnick is having trouble translating this into Jabber
[14:04:14] <sftcd> I think Doug's draft is: http://www.ietf.org/internet-drafts/draft-otis-smtp-name-path-00.txt
[14:04:19] <resnick> thx
[14:05:10] --- nico has joined
[14:05:45] <resnick> _oasd._smpt.<email-domain>. PTR <dkim-domain-1>.<dkim-domain-2>."*."
[14:06:04] <resnick> That's an open-ended list
[14:07:58] <resnick> I'm going to have to refer people to the draft and the PPT, because I don't know enough about this to get it clearly into jabber.
[14:08:31] --- ajsaf@jabber.org has left
[14:09:57] <resnick> Olaf: PTR have specific semantics and application. They point back to do further lookup. PHB's is sort-of-as-intended (though will check for problems).
[14:10:22] <resnick> Otis proposal might cause leaks, especially when the RHS has "."
[14:11:33] <resnick> Summary: Olaf thinks the Otis proposal is a bad idea.
[14:12:26] <resnick> Baker: If there's a problem with PTR record, I could be persuaded to use a new RR; it's only an enhancement.
[14:13:18] <resnick> Disagree that it usurps other uses of PTR. It's intended to be used by any other protocol and limiting semantics on PTR.
[14:13:47] <resnick> Olaf/Phil: We need to check for skeletons in the closet.
[14:14:01] <resnick> Koch: RFC 1101 might be that skeleton.
[14:14:10] <resnick> Koch: Don't overload PTR.
[14:16:23] <resnick> Crocker: Not clear that any of this stuff will work. (Over-simplification)
[14:16:50] <resnick> Otis: This isn't going to bar the doors.
[14:17:02] <dcrocker> Pete: sorry i didn't make my real point clear.
[14:17:27] <resnick> But this is trying to address 3rd parties.
[14:17:47] <dcrocker> (working on reply)
[14:17:50] <resnick> (Dave: Speaking for a room and speaking to translate into Jabber is a different thing)
[14:18:15] <dcrocker> My real point is that a) we have not specified the protocol entities -- ie, system components -- adequately, or
[14:18:56] <dcrocker> b) the nature and scope of the problems being addressed, or c) justification for why we believe we understand the characteristics of the relevant entities. (more coming on this last.)
[14:19:20] <resnick> Hoffman: Don't expect universal adoption. Folks aren't expected to use SSP.
[14:19:30] <dcrocker> we do routing protocols and other networking black-art areas of expertise only carefully and with very strong empirical basis.
[14:19:47] <resnick> Is this still useful if 20% or more folks don't use SSP?
[14:20:00] <dcrocker> however we seem inclined to dive into so-called email policy work without having that empricial basis, as if organizational and human dynamics were already well understood. //
[14:20:30] <resnick> No more comments.
[14:20:38] <resnick> Back to opening questions:
[14:20:49] <resnick> (Those from Jim Fenton)
[14:21:00] <stpeter> Pete: thanks for scribing to the room, you rock!
[14:21:22] <thomasm> MIC
[14:21:51] <resnick> (Scribing for people without word economy is rather painful for me. :-) )
[14:22:33] <thomasm> me?
[14:22:35] <thomasm> no
[14:22:37] <fenton> yes, you
[14:22:44] <thomasm> no, I meant speak into the MIC
[14:22:47] <resnick> Ah!
[14:22:53] <fenton> I will channel for you
[14:23:10] <resnick> s/MIC/Louder please!
[14:23:16] <fenton> (glad it's not called a Jim)
[14:23:17] <thomasm> k :)
[14:23:30] --- STW has joined
[14:23:30] <resnick> Is Dave audible here?
[14:23:33] <thomasm> yes
[14:24:17] <resnick> And now I've missed 2 more people's comments....
[14:24:20] <resnick> (Bad scribe)
[14:24:38] <resnick> Richardson: Big general solutions don't get used.
[14:24:59] <tonyhansen> (whap whap with a wet noodle)
[14:25:18] <resnick> Baker: Compare x.509/PKIX with SAML.
[14:25:55] <thomasm> MIC: I'm somewhat symapathetic to Phill's idea, but only insofar as it carved out a namespace for all of this and an access method, but not try to guess anything else about semantics other than DKIM itself
[14:25:57] <resnick> X.509 has 5 components, but aren't unified. SAML has a single assertion framework.
[14:26:11] --- miaofy has left: Replaced by new connection
[14:26:30] <resnick> SAML is now being talked about for a general assertion framework.
[14:27:43] <resnick> Baker (responding to Mike): Just trying to eliminate very specific uses (a la Otis).
[14:28:18] <resnick> Hoffman: Are the gates open for SSP? Chairs: Yes.
[14:28:23] <resnick> Get in drafts.
[14:29:17] --- miaofy has joined
[14:29:19] <resnick> Otis will help contribute to new RR drafts.
[14:30:13] <resnick> Allman: Can I pass off my draft?
[14:30:30] <resnick> Next agenda item: Tony Hansen on DKIM Overview doc.
[14:31:05] <resnick> Everyone out there can hear?
[14:31:06] <thomasm> yep we can hear
[14:31:10] <resnick> Good.
[14:31:36] <resnick> Outline of overview (I won't repeat it here)
[14:31:44] <resnick> (Somebody have the URL for the doc?)
[14:31:54] <resnick> Issues:
[14:32:23] <resnick> - Various suggestions (already adopted)
[14:32:36] <resnick> - I/O vs. CPU boundedness
[14:33:10] <resnick> - Wording wrt failure situations, trust, reputation.
[14:33:20] <doug_trend@jabber.org> http://www.ietf.org/internet-drafts/draft-ietf-dkim-overview-01.txt
[14:33:28] <resnick> Looking for feedback whether overall jist is right.
[14:33:33] <resnick> (thx doug)
[14:33:51] <resnick> What's missing?
[14:34:03] <resnick> - ML admins section
[14:34:08] <resnick> What else?
[14:34:20] <resnick> Chair: This is informational, not standards.
[14:34:53] --- weiler has left
[14:35:02] --- Antoin has joined
[14:35:05] <resnick> Hoffman: Is this meant to be the last document out of the WG? Are there other things coming that we might want to hold this document for.
[14:35:06] <resnick> ?
[14:35:49] <resnick> Chair: Starting now, but will be filled in and be the last thing out.
[14:36:01] <thomasm> MIC: would this actually be a BCP instead?
[14:36:20] <resnick> Baker: On futures section - Happy if this generated new items.
[14:37:24] <resnick> Answer to Mike: No, that would probably be John Levine's doc.
[14:37:36] --- olaf@jabber.secret-wg.org has joined
[14:38:09] <resnick> Crocker: We need a substantial subset of this doc is needed sooner rather than later.
[14:38:17] <resnick> Best not to wait until the end.
[14:38:31] <olaf@jabber.secret-wg.org> On a less serious note: a print of early Washington DC might be the cover of choice for that particular O'Reilly
[14:38:45] --- raeburn has left: Disconnected
[14:39:10] <resnick> Hoffman on new group;
[14:39:20] <resnick> Domain Assurance Council (DAC) just launched.
[14:39:32] <resnick> Directed by Paul Hoffman and John Levine
[14:39:47] <resnick> Association for folks who want to vouch for other people.
[14:41:21] <stpeter> http://www.domainassurance.org/
[14:41:46] <resnick> Going to use a new RFC 822 header (which would obviously be signed by DKIM).
[14:42:49] * mrichardson wants to know who will vouch for the vouching organizations...
[14:43:03] <resnick> Turtles all the way down.
[14:43:16] <thomasm> the nsa
[14:43:29] --- dcrocker has left
[14:43:38] --- hpditt has left
[14:43:52] <stpeter> http://ceas.cc/
[14:43:56] --- Antoin has left
[14:43:57] <resnick> And we are done.
[14:43:59] --- patchvonbraun has left
[14:44:03] <stpeter> thanks Pete!
[14:44:06] --- doug_trend@jabber.org has left: Logged out
[14:44:09] <thomasm> send up the balloons!
[14:44:20] --- Randall Gellens has left
[14:44:24] --- Olafur has left
[14:44:42] --- leiba has left
[14:44:53] <stpeter> heh
[14:44:54] --- stpeter has left
[14:45:03] --- sftcd has left
[14:45:58] --- Jelte has left
[14:46:01] --- fenton has left
[14:46:05] --- marz has left: Disconnected.
[14:46:35] --- Lisa has left: Logged out
[14:46:42] --- nico has left: Disconnected
[14:46:52] --- resnick has left
[14:47:26] --- xiaodong has left
[14:48:01] --- jis has left
[14:48:35] --- STW has left
[14:49:23] --- thomasm has left
[14:50:42] --- tlr has left
[14:52:02] --- xiaodong has joined
[14:53:18] --- eric has left: Logged out
[14:58:05] --- mrex has left
[14:59:41] --- olaf@jabber.secret-wg.org has left: Logged out
[14:59:56] --- alexeymelnikov has left: Replaced by new connection
[15:01:04] --- miaofy has left
[15:06:16] --- narten has left
[15:10:35] --- tonyhansen has left
[15:13:24] --- hpditt has joined
[15:16:54] --- xiaodong has left
[15:23:06] --- hpditt has left
[15:23:10] --- Olafur has joined
[15:26:04] --- Olafur has left
[15:27:40] --- xiaodong has joined
[15:43:31] --- healthyao2000 has left
[15:50:43] --- hpditt has joined
[15:51:52] --- mrichardson has left
[16:10:05] --- dcrocker has joined
[16:21:25] --- dcrocker has left
[16:26:26] --- xiaodong has left
[16:30:34] --- hpditt has left
[16:43:23] --- xiaodong has joined
[17:05:10] --- dcrocker has joined
[17:15:07] --- LOGGING STARTED
[17:17:03] --- dcrocker has joined
[18:09:43] --- mrichardson has joined
[18:23:19] --- mrichardson has left
[18:32:04] --- leiba has joined
[18:32:16] * leiba has changed the subject to: DKIM
[18:32:28] --- leiba has left
[18:35:19] --- dcrocker has left
[18:37:17] --- mrichardson has joined
[18:38:04] --- mrichardson has left
[18:55:31] --- Olafur has joined
[18:56:44] --- Olafur has left
[18:56:53] --- dcrocker has joined
[19:34:49] --- dcrocker has left
[21:07:46] --- dcrocker has joined