[04:50:39] --- dcrocker has joined
[10:20:00] --- eric has joined
[10:53:59] --- thomasm has joined
[10:54:03] --- Stephen Farrell has joined
[10:54:22] <Stephen Farrell> Hi there all (or few)
[10:54:29] * Stephen Farrell has set the topic to: DKIM Meeting in 5
[10:56:20] <Stephen Farrell> Agenda today is: a) new milestones ok? b) ssp-reqs issues c) Prague topics? d) AOB
[10:59:04] <Stephen Farrell> I see Dave, Eric, Mike and me. Are you all ready to go?
[10:59:08] --- paul.hoffman@gmail.com has joined
[10:59:14] <Stephen Farrell> Hi Paul
[10:59:17] <eric> yep
[10:59:30] * Stephen Farrell has set the topic to: DKIM Meeting starting
[10:59:38] <paul.hoffman@gmail.com> Give it another minute.
[11:00:28] <Stephen Farrell> Sure - but even if we don't have a lot of people I want to try make progress anyway - everything being subject to the list of course
[11:00:54] <Stephen Farrell> BTW Barry won't make today but has pencilled in this slot for the next few weeks in case we want to do this again
[11:01:00] <Stephen Farrell> We can figure that out at the end
[11:01:06] <paul.hoffman@gmail.com> And I have to disappear in half an hour.
[11:01:20] <Stephen Farrell> So let's start, the agenda is:
[11:01:44] <Stephen Farrell> a) new milestones ok? b) ssp-reqs issues c) Prague topics? d) AOB
[11:01:51] <Stephen Farrell> any changes needed to that?
[11:01:58] <thomasm> seems ok to me
[11:02:03] <Stephen Farrell> (And we aim to finish in 45-60 mins)
[11:02:13] <paul.hoffman@gmail.com> Remind us of the new milestones? or URL to the message in the archive?
[11:02:34] <Stephen Farrell> (going there..)
[11:02:46] <Stephen Farrell> Mar 2007 WG last call on SSP requirements May 2007 WG adoption of SSP protocol draft Jul 2007 WG last call on SSP protocol Nov 2007 WG last call on overview document
[11:03:14] <Stephen Farrell> Can you say "ok" if you like em?
[11:03:24] <paul.hoffman@gmail.com> Too soon on the protocol, I bet.
[11:03:28] <thomasm> seems a little aggressive on the last call of the protocol
[11:03:32] <eric> i suspect these are too aggressive
[11:03:35] <eric> date wise
[11:03:41] <paul.hoffman@gmail.com> Phill vs. Doug could take a tad longer than we might like.
[11:03:42] <eric> but the milestones look good
[11:03:49] <Stephen Farrell> So Jul->Nov for that?
[11:03:55] <paul.hoffman@gmail.com> +1 on the requirements dates
[11:04:17] <thomasm> I'm not sure how many open issues there are from my standpoint
[11:04:26] <Stephen Farrell> tracker has 13 I think
[11:04:31] <eric> stephen: again aggressive, but probably doable.
[11:04:33] <paul.hoffman@gmail.com> Oct or Nov for WG last call on SSP protocol
[11:04:57] <Stephen Farrell> Nov synchs with the IETF meeting better I think
[11:05:05] <paul.hoffman@gmail.com> What we don't want is a permaWG that will invite people to keep changing things.
[11:05:17] <paul.hoffman@gmail.com> Ah, good point. Nov seems good then.
[11:05:26] <Stephen Farrell> Ok, so this then:
[11:05:31] <Stephen Farrell> Mar 2007 WG last call on SSP requirements May 2007 WG adoption of SSP protocol draft Nov 2007 WG last call on SSP protocol Nov 2007 WG last call on overview document
[11:05:46] <thomasm> seems ok to me
[11:05:53] <eric> +1
[11:06:12] <Stephen Farrell> I'll take that as ok and will forward to list & Russ
[11:06:29] <Stephen Farrell> Next thing is agenda b) open issues from the tracker
[11:06:37] <Stephen Farrell> go through them one-by-one?
[11:07:00] <Stephen Farrell> First one is: https://rt.psg.com/Ticket/Display.html?id=1356
[11:07:12] <Stephen Farrell> ...or "What is the purpose of SSP?"
[11:07:41] <Stephen Farrell> Dave - can we close this with -02? (It predates the I-D)
[11:08:06] <paul.hoffman@gmail.com> To me, the purpose is *only* to allow the sender to state preferences. It has nothing to do with what the receiver wants to hear.
[11:08:20] <thomasm> I thought this one was to be closed -- we should go back through the notes of the last jabber
[11:08:49] --- pk has joined
[11:08:56] <Stephen Farrell> when was that/got a URL?
[11:09:17] <thomasm> grumble... no I need to look it up... let me see if I can find it
[11:09:41] <Stephen Farrell> think it was this: http://www.ietf.org/meetings/ietf-logs/dkim/2006-11-07.html
[11:10:42] <Stephen Farrell> ok: that jabber log says: "dave will take an action to confirm these actions are closed - this week. [12:22:12] <pigdog> this includes 1356, 1357, 1362 and 1363"
[11:10:58] <Stephen Farrell> But dave's attention seems to be elsewhere for now...?
[11:11:42] <Stephen Farrell> Will someone take an action to hassle Dave on those?
[11:11:49] <thomasm> I think that was my action
[11:12:17] <Stephen Farrell> Ok, ACTION on Mike to check with Dave wrt 1356, 1357, 1362 and 1363, hopefully CLOSING them
[11:12:35] <Stephen Farrell> Just send a mail to the list when its done and Eliot will handle the tracker
[11:12:48] <Stephen Farrell> Next on is https://rt.psg.com/Ticket/Display.html?id=1360
[11:13:25] <thomasm> I think this is one that we had consensus to close on jabber but was to be taken to the list
[11:13:30] <thomasm> and it never got closed
[11:13:43] <Stephen Farrell> I think this is now ok to CLOSE (subject to the list not objecting to the notes of this session)
[11:13:50] <thomasm> k
[11:13:59] <Stephen Farrell> So CLOSE 1360 unless objections
[11:14:25] <Stephen Farrell> Next: https://rt.psg.com/Ticket/Display.html?id=1364
[11:14:32] <paul.hoffman@gmail.com> It makes no sense to me.
[11:15:15] <thomasm> you mean 1364?
[11:15:20] <Stephen Farrell> Last thing in the tracker is an action on Mike to see if this is already done
[11:15:24] <Stephen Farrell> yes 1364
[11:15:26] <paul.hoffman@gmail.com> No, was still reading 1360
[11:15:49] <paul.hoffman@gmail.com> For 1364, I don't see how to change the current draft to implement it. Seems right, but I don't see changes.
[11:16:04] <thomasm> let's me take 1364 as another to close with dave
[11:16:07] <Stephen Farrell> Yep - so Mike will you add that to your other ACTION to check with Dave
[11:16:16] <Stephen Farrell> grand so next is...
[11:16:32] <Stephen Farrell> https://rt.psg.com/Ticket/Display.html?id=1365
[11:16:42] <Stephen Farrell> about typos - anything else there?
[11:17:05] <eric> drop "never send mail"
[11:17:19] <Stephen Farrell> It says that a rewording of 5.4 should be in the offing that still right?
[11:17:38] <thomasm> I think I've already done the typos it's the other part
[11:18:15] <Stephen Farrell> Ok so can someone else revive the action Doug took? I don't recall list conensus on it but i may be wrong
[11:18:32] <eric> i can revive
[11:18:33] <Stephen Farrell> the bit I mean is "Second part was to delete 5.3 requirement 2 where we didn't have consensus (more agreeing with deletion than disagreeing) and Doug took an action to bring this to the list (DONE). Meanwhile 1365 stays OPEN."
[11:18:40] <paul.hoffman@gmail.com> I tend to agree with Eric about dropping "never sends mail". Michael's text on it being slightly different that #2 is right, but it's only a slight difference and can easily be subsumed by #2 and therefor isn't needed
[11:19:11] <Stephen Farrell> Ok ACTION on Eric - check on list if we have consensus to drop 5.3 requirement 2, 1365 stays open pending that
[11:19:22] <Stephen Farrell> Next is: https://rt.psg.com/Ticket/Display.html?id=1383
[11:19:32] <thomasm> note that we can always drop this as a requirement but leave it to the protocol
[11:19:52] <Stephen Farrell> I think we decided this in San Diego - ssp-reqs is to become informational after wglc
[11:20:05] <Stephen Farrell> so we can CLOSE 1383 - ok?
[11:20:06] <thomasm> right that's mine too
[11:20:15] <eric> agree
[11:20:34] <Stephen Farrell> Next is: https://rt.psg.com/Ticket/Display.html?id=1386
[11:21:09] <Stephen Farrell> Issue is whether crypto stuff goes in ssp or not
[11:21:16] <paul.hoffman@gmail.com> Disagree with Doug on 1386; no surprise there
[11:21:32] <paul.hoffman@gmail.com> It *can* go into SSP; it is not a requirement to do so.
[11:21:34] <Stephen Farrell> 1386 was PHB's
[11:21:51] <paul.hoffman@gmail.com> Really? Yuck.
[11:22:18] <thomasm> yeah -- I'd sort of like to get closure on this as it will be less back end loading
[11:22:22] <eric> i'm not sure i even understand it.
[11:22:24] <paul.hoffman@gmail.com> So, he has a deployment scenario but not a requirement. I don't know what that means for this doc.
[11:22:37] <eric> is this saying "if you get a signature using a crypto alg that I don't use, reject it"?
[11:22:51] <Stephen Farrell> would I be right to say we here have consensus to CLOSE/REJECT this?
[11:23:01] <Stephen Farrell> (don't worry Phill will take us up on this on the list)
[11:23:10] <thomasm> I don't think so quite yet
[11:23:40] <Stephen Farrell> So what to do...
[11:23:43] <paul.hoffman@gmail.com> I don't think we have consensus on that.
[11:23:54] <eric> bring it back up on the list.... stir the pot a bit.
[11:24:02] <thomasm> but it might be worthwhile to put the onus back on phb
[11:24:03] <paul.hoffman@gmail.com> I think we need to say "tell us what therequirement is or drop it"
[11:24:11] <eric> agreed
[11:24:12] <Stephen Farrell> who's taking the action to start that thread?
[11:24:22] <paul.hoffman@gmail.com> Not me
[11:24:32] <eric> i volunteer thomasm
[11:24:35] <Stephen Farrell> I'd rather not do it since I do disagree with him on this
[11:24:44] <paul.hoffman@gmail.com> Same for me
[11:24:54] <thomasm> let's put it in the notes here and point it out that he needs to start it up again
[11:25:15] <Stephen Farrell> ok, but who's going to point that out? (its in the notes already)
[11:25:30] <thomasm> I can send him mail, I suppose
[11:25:33] <paul.hoffman@gmail.com> More generic question: what does it mean for this document to have a scenario that isn't supported by the three listed requirements?
[11:25:47] <Stephen Farrell> Ok - ACTION Mike to mail PHB to bring this to the list or drop it
[11:25:55] <paul.hoffman@gmail.com> (Sorry to ask such a big question just before I leave, which I will in 2 mins)
[11:25:56] <Stephen Farrell> Paul - I didn't ge that?
[11:26:34] <Stephen Farrell> Ok, paul's run away it seems
[11:26:37] <paul.hoffman@gmail.com> I think other of the scenarios in section 5 would require more than what is listed in section 4
[11:27:00] <paul.hoffman@gmail.com> Are the scenarios "requirements" themselves?
[11:27:05] <thomasm> paul -- no
[11:27:15] <paul.hoffman@gmail.com> Then why are they here?
[11:27:24] <thomasm> requirements are derived from the use scenarios
[11:28:11] <paul.hoffman@gmail.com> Disappearing; see you on the list.
[11:28:12] --- paul.hoffman@gmail.com has left
[11:30:48] <thomasm> are we still here?
[11:31:02] <eric> i am.... waiting for the next item....
[11:31:19] <thomasm> yeah, I'm reading it now
[11:31:31] <eric> Mike: you're on 1398?
[11:31:50] <thomasm> yes -- the payload is the last paragraph
[11:32:11] <eric> thanks.
[11:32:28] <eric> is "DKIM signing complete" defined?
[11:32:57] <thomasm> yes in the draft
[11:33:11] <eric> thx. i haven't read it in so long that i don't remember it.
[11:33:14] <thomasm> it means everything is signed on outbound
[11:33:36] <thomasm> I'm not exactly sure that his req makes sense though
[11:33:40] <eric> i think we may need to ask Frank for clarification.
[11:33:52] --- Stephen Farrell has left: Replaced by new connection
[11:34:03] --- Stephen Farrell has joined
[11:34:14] <thomasm> I think you're right eric
[11:34:15] <Stephen Farrell> I'm back
[11:34:32] <eric> we've concluded that 1398 needs clarification from Frank.
[11:34:33] <thomasm> on 1398 -- I think the action is to get frank to clarify what he means
[11:34:51] <eric> i can take that one.
[11:35:35] <eric> did we lose Stephen again?
[11:35:48] <Stephen Farrell> Nah - I'm trying to restart browser etc
[11:37:04] <eric> well in the meantime.... mike, 1399 is yours, but it looks to me a lot like PHBs downgrade
[11:37:25] <Stephen Farrell> 1398 - who's going to take it to the list?
[11:37:36] <eric> i already volunteered.
[11:37:39] <thomasm> no not really -- it's just saying that the protocol needs to be explict the binding of i= to From:
[11:37:51] <Stephen Farrell> ACTION: Eric to raise 1398 on the list (ta)
[11:38:00] <thomasm> the last time I read the ssp draft it was sort of oblique
[11:38:23] <thomasm> my only question is whether it deserves a mention here
[11:38:29] <eric> i'm not understanding how this ties into i=.
[11:38:38] <Stephen Farrell> me neither
[11:38:52] <thomasm> how do you determine whether to do an SSP lookup or not?
[11:39:01] <thomasm> given a signature with a given i=
[11:39:21] <Stephen Farrell> Ok - so the requirement is that the protocol be clear on this is it?
[11:39:31] <thomasm> yes
[11:39:32] <eric> ok, so this is really a question of when you consult SSP.
[11:39:39] <thomasm> yes
[11:39:47] <eric> thanks, got it now.
[11:39:54] <Stephen Farrell> I'd be ok with adding a requirement that the protocol MUST be crystal clear on why SSP is invoked
[11:39:54] <thomasm> my question is whether this is obvious and belongs in -req or not
[11:40:13] <eric> i'm with stephen.
[11:40:14] <Stephen Farrell> oops s/why/when/ in my last
[11:40:26] <eric> although it seems obvious that the protocol should be clear on that.
[11:40:47] <Stephen Farrell> maybe - but the sentence gives us leverage on weasel words if we find them later
[11:40:54] <thomasm> ok... I'll add a new one and we can see what happens -- it's mostly pedantic so is mostly harmless
[11:41:25] <Stephen Farrell> grand: ACTION mike to add a requirement that the protocol MUST be crystal clear on when SSP is invoked and then CLOSE 1399
[11:41:44] <Stephen Farrell> Next is: https://rt.psg.com/Ticket/Display.html?id=1402
[11:42:00] <thomasm> ah this one: big issue/little discussion :)
[11:42:22] <thomasm> imo the requirements draft needs to settle this one way or the other
[11:42:33] <eric> it's painful because it means you need to do an SSP lookup on pretty much every message, signed or not.
[11:42:33] <Stephen Farrell> I'd be happy if it did
[11:42:46] <Stephen Farrell> (did being settle not lookup all the time)
[11:43:00] <Stephen Farrell> item for prague?
[11:43:01] <thomasm> it doesn't require lookup on signed
[11:43:17] <thomasm> it's the subtree walk issue
[11:43:21] <eric> sure it does. what if "example.com" says "strict: i sign nothing"
[11:43:32] <eric> s/sign/send/
[11:43:41] <eric> and mail.example.com sends something.
[11:43:56] <thomasm> that's misconfiguration if you ask me
[11:44:00] <thomasm> or compromise
[11:44:02] <eric> or an attack.
[11:44:07] <thomasm> and?
[11:44:07] <Stephen Farrell> is this also related to Doug's DSD stuff - .co.uk covering for example.co.uk ?
[11:44:18] <thomasm> not really stephen
[11:44:24] <thomasm> separate issue
[11:44:36] <eric> i think this is definitely a discussion item for prague.
[11:44:39] <thomasm> I think
[11:44:51] <thomasm> at the very least this needs to be brought up on the list again
[11:45:02] <Stephen Farrell> ok, so I'll say taht to the list indicating its a prague topic
[11:45:17] <Stephen Farrell> ACITON Stephen to raise 1402 onthe list indicating that its a talking point in prague most likely
[11:45:28] <Stephen Farrell> Last one!
[11:45:36] <Stephen Farrell> Next is: https://rt.psg.com/Ticket/Display.html?id=1408
[11:46:04] <thomasm> I think this is in the same category of misconfiguration
[11:46:17] <eric> so for this attack to work, a baddie would have to have a valid signature.
[11:46:21] <thomasm> if you don't want l=, don't sign with l=
[11:46:27] <thomasm> yes
[11:46:34] <eric> I think Mike is right on this one.
[11:46:36] <Stephen Farrell> tend to agree
[11:46:43] <eric> If you can do this, you can do it without l=
[11:46:51] <eric> since you already have a valid signing key
[11:46:57] <Stephen Farrell> So CLOSE 1408 (modulo list agreeement, there being only three of us active here)
[11:46:58] <thomasm> yep and thus you're already hosed
[11:47:19] <Stephen Farrell> So, we've a bunch of actions - when's it possible to get a -03 out?
[11:47:29] <thomasm> when is draft cutoff?
[11:47:39] <Stephen Farrell> checking
[11:48:00] <Stephen Farrell> March 5 ( I fibbed on the list before:-)
[11:48:14] <thomasm> yikes - not far.
[11:48:38] <thomasm> I've got a lot of me non-dependencies, but I'll get one out before cutoff for sure, but not sure if they'll all be closed
[11:49:13] <Stephen Farrell> if we can have -03 and start WGLC on it before/during prague that'd be great
[11:49:29] <thomasm> sounds good
[11:49:33] <Stephen Farrell> ok to start WGLC here with issues remaining open
[11:49:37] <Stephen Farrell> Great so
[11:49:47] <Stephen Farrell> ACTION: Mike to issue -03 before cutoff (March 5)
[11:50:01] <Stephen Farrell> Think that's all the isuses, next agendum was...AOB
[11:50:12] <eric> wasn't there "topics for Prague"?
[11:50:26] <Stephen Farrell> oops - ok c) topics for prague
[11:50:29] <eric> I think we've only brought up one here, maybe two.
[11:50:47] <thomasm> I think it's probably useful to start on the selection since we're pretty close on req?
[11:50:51] <Stephen Farrell> I'll take a pass and send a request for items to the list (ACTION stephen do that)
[11:50:56] <eric> 1402
[11:51:05] <eric> WGLC on -03
[11:51:24] <eric> we should probably do something to push along the overview as well.
[11:51:32] <Stephen Farrell> sure that's a default
[11:51:41] <eric> how long is our slot?
[11:51:46] <Stephen Farrell> 2.5 hr
[11:52:01] <thomasm> what about starting BCP work?
[11:52:01] <Stephen Farrell> should we get updates on the candidates or how they match reqs?
[11:52:04] <eric> ok, plenty of time.
[11:52:13] <thomasm> stephen -- yes
[11:52:17] <eric> stephen: sounds good
[11:52:22] <Stephen Farrell> suggest BCP stuff if you like (and are will to do slides:-)
[11:52:25] <eric> mike: isn't the BCP == overview?
[11:52:37] <thomasm> I didn't get that impression?
[11:52:54] <thomasm> stephen: is it yours?
[11:53:05] <eric> well, it's not on the milestones then.
[11:53:18] <Stephen Farrell> BCP is worth a slot - suspect some will want to wait more before starting
[11:53:26] <thomasm> right, but I thought this was an implicit agreement with the iesg for -base
[11:53:39] <Stephen Farrell> that got finessed in the end
[11:53:42] <eric> it should probably be on the list of output documents then.
[11:54:11] <Stephen Farrell> ok let's discuss BCPs in prague too, incl. what and when to do
[11:54:24] <Stephen Farrell> AOB?
[11:54:40] <eric> big party in prague to celebrate -base?
[11:54:51] <Stephen Farrell> t-shirts
[11:55:23] <eric> "i survived draft-ietf-dkim-base-XX"
[11:55:33] <Stephen Farrell> ok - I could do with finishing up - I'll send notes to the list in a bit (maybe tomorrow)
[11:55:51] <Stephen Farrell> see ya in Prague then!
[11:55:52] <thomasm> I'm done too
[11:55:56] <eric> ciao
[11:56:02] --- Stephen Farrell has left
[11:59:21] --- eric has left
[12:01:06] --- pk has left
[13:27:59] --- thomasm has left