Logs for httpbis, 2007-07-24

[08:18:47] --- alexeymelnikov has joined
[08:19:17] * alexeymelnikov has changed the subject to: Revision of RFC 2616 and friends
[08:19:34] --- alexeymelnikov has left
[08:54:45] --- julian.reschke has joined
[09:10:35] --- mnot has joined
[09:10:41] <mnot> hey
[09:10:57] <julian.reschke> Good morning. I hear you, in case you have a question for me.
[09:11:06] <mnot> just setting up :)
[09:11:19] --- alexeymelnikov has joined
[09:17:03] <julian.reschke> Yes.
[09:17:30] <julian.reschke> There's a delay.
[09:22:54] --- mnot has left
[09:37:41] --- bernard.desruisseaux has joined
[10:01:04] --- mnot has joined
[10:01:23] --- hardie@jabber.psg.com has joined
[10:01:52] <hardie@jabber.psg.com> I will scribe discussion as best I can; anyone else in the room who ccan assist with that would be welcome
[10:02:13] <hardie@jabber.psg.com> Bernard, if you see me at the mic, I'd really appreciate you taking it up
[10:02:17] <hardie@jabber.psg.com> Now at Agenda Bash
[10:02:46] --- masinter has joined
[10:02:54] <hardie@jabber.psg.com> Shows posted agenda
[10:03:17] <hardie@jabber.psg.com> Request from some blind guy for larger fonts
[10:03:23] <julian.reschke> <http://www3.tools.ietf.org/agenda/69/httpbis.html>
[10:03:56] <hardie@jabber.psg.com> Agenda structured into two broad parts: identified issues & chartering discussion/issues with charter that have come up on the list
[10:05:01] <hardie@jabber.psg.com> Showing the people depending on HTTP for the work (cconstelation of related work)
[10:05:15] --- harald has joined
[10:05:23] --- hartmans@jis.mit.edu/owl has joined
[10:05:23] <hardie@jabber.psg.com> A decade ago, the use profile of HTTP was restricted; now it is ubiquitous and used for many things
[10:05:33] --- barryleiba@gmail.com has joined
[10:05:41] <hardie@jabber.psg.com> Browing---to things that are now testing the limits
[10:05:48] <masinter> (controlling coffee pots)
[10:05:57] <hardie@jabber.psg.com> Constellation of implementations shown
[10:06:06] --- tlr has joined
[10:06:30] <hardie@jabber.psg.com> New implementations light up the sky; many of the folks producing them are re-interpretting 2026, as they don't have context.
[10:07:25] <hardie@jabber.psg.com> We have an opportunity to clarify HTTP; needed for that audience, useful for everyone.
[10:07:54] <hardie@jabber.psg.com> review of 2626bis-03 draft now up
[10:08:55] <julian.reschke> Yves' slides: <http://www.w3.org/2007/Talks/ietf-2407-yl/>
[10:09:22] <hardie@jabber.psg.com> Thanks for posting the URI
[10:10:11] --- nico has joined
[10:10:28] --- rlbob has joined
[10:11:10] <alexeymelnikov> [Slides for the subsequent presentation (HTTP Authentication): <http://people.mozilla.com/~sayrer/2007/auth.html>]
[10:11:13] --- mrichardson has joined
[10:11:28] <hardie@jabber.psg.com> Discussion of creation of a new xml master, and source for the diffs; also source to incorporate the erata list.
[10:12:02] <hardie@jabber.psg.com> View of the list in the -00 list
[10:13:00] <hardie@jabber.psg.com> Reviewing the updates in -01, 02, and 03
[10:13:33] <hardie@jabber.psg.com> discussion on the ietf-http-wg@w3.org mailing list; collective work, but not a formal working group
[10:14:18] <hardie@jabber.psg.com> where we are: 47 active issues; 24 closed
[10:14:55] --- bernard.desruisseaux has left: Replaced by new connection
[10:15:46] <hardie@jabber.psg.com> ekr asks a clarifying question about what the consensus means for "closed"
[10:16:09] --- cyrus_daboo has joined
[10:16:17] <hardie@jabber.psg.com> they are closed for the drafts; a working group could reconsider and these closures would not stand against that
[10:16:24] --- ryu has joined
[10:16:32] --- bernard.desruisseaux has joined
[10:16:36] <hardie@jabber.psg.com> Eliot jokes that without working groups there are no issues
[10:16:43] --- Lisa has joined
[10:16:46] <masinter> even before these drafts, there were issues that were raised, discussed, and 'closed' insofar as they made it into the errata
[10:16:53] <hardie@jabber.psg.com> Yves goes through types of issues (e.g. lwsp)
[10:17:02] <masinter> and the errata has some official standing
[10:17:05] <hardie@jabber.psg.com> Larry, do you want that reflected to the room?
[10:17:10] <masinter> sure
[10:17:16] <hardie@jabber.psg.com> ok
[10:17:44] <hardie@jabber.psg.com> in line
[10:18:07] <hardie@jabber.psg.com> harald is procedure police
[10:18:26] <hardie@jabber.psg.com> design team metaphor or thios work
[10:18:56] --- michaelpeck has joined
[10:19:26] --- cnewman@jabber.org has joined
[10:19:38] --- shep has joined
[10:19:59] --- bnsmith has joined
[10:20:11] <hardie@jabber.psg.com> I was in line while Harald was speaking, but he says the design team vision is that this is the "definitive opinion" of the "design team" and input
[10:20:21] --- alexis.hildebrandt has joined
[10:20:28] <hardie@jabber.psg.com> Paul Hoffman asks whether this has any relation to the W3C HTTP working group
[10:20:41] <hardie@jabber.psg.com> Are we moving forward from their work?
[10:20:52] --- fenton has joined
[10:20:59] <hardie@jabber.psg.com> Can we get status on that
[10:21:10] --- eric has joined
[10:21:25] <hardie@jabber.psg.com> Yves notes that when there was a joint working group, it was always under IETF process
[10:21:52] <hardie@jabber.psg.com> There is currently *no* w3c working group; there are w3c team members who contribute
[10:21:57] <hardie@jabber.psg.com> That clarifies it for Paul.
[10:22:22] <masinter> (the IETF work in HTTP-WG wasn't a W3C group at the time, either)
[10:22:52] <masinter> (side note to Paul)
[10:23:22] <hardie@jabber.psg.com> Robert sayre reviews web auth mechanisms (specifically mandatory to implement security)
[10:23:36] <hardie@jabber.psg.com> The draft did not hit the queue in time, but he'll review his draft
[10:24:33] <Lisa> It was posted here: http://lists.w3.org/Archives/Public/ietf-http-wg/2007AprJun/0132.html
[10:24:35] <hardie@jabber.psg.com> His review does not cover any ratholes related to good or bad, just who what when where for the mechanisms
[10:25:20] <hardie@jabber.psg.com> Why: secure access ; resource conservation ; affinity programs
[10:25:41] <hardie@jabber.psg.com> Some deployment have requirements from each of these and they sometimes conflict.
[10:26:28] <hardie@jabber.psg.com> Forms and cookies; html forms with sessions keys in cookies
[10:26:51] <hardie@jabber.psg.com> html4 is support, xhtml and later html versions not
[10:27:34] <hardie@jabber.psg.com> why? discussed
[10:27:39] <hardie@jabber.psg.com> (Currently on slide 5)
[10:30:57] --- lminiero has joined
[10:31:18] --- Glenn Parsons has joined
[10:32:26] <hardie@jabber.psg.com> ekr and robert discuss the forms vs. basic question
[10:32:38] <hardie@jabber.psg.com> they will talk offline on the relative quality issues.
[10:32:48] <hardie@jabber.psg.com> Discussion now is digest benefits (slide 10)
[10:32:51] <nico> draft-johansson-http-tls-cb draft-johansson-http-gss are I-Ds that folks should read who interested in improving authentication in HTTP apps w/o taking away presentation control from web pages
[10:33:09] <hardie@jabber.psg.com> nico: do you want that reflected?
[10:33:21] <nico> I'm in the grand ballroom
[10:33:39] <nico> so if I want it said at the mic I'll get up and say it :)
[10:33:54] <nico> (I just want this in the jabber record)
[10:34:18] <hardie@jabber.psg.com> okay, thanks
[10:34:24] <nico> thank you
[10:35:50] <hardie@jabber.psg.com> ekr notes that digest is vulnerable to offline dictionary attacks only when used over insecure transports
[10:36:53] <hardie@jabber.psg.com> it is still dramatically better than basic; the problem is that some folks do not recognize the need to run it over a secure transport because it is so much better than basic.
[10:37:11] <hardie@jabber.psg.com> Other challenge response mechs put up
[10:37:26] <nico> it is, but if you're looking at better solutions all around then digest doesn't look so good
[10:37:27] <hardie@jabber.psg.com> sophisticated forms and cookies (still phishing possibilities there)
[10:37:46] <nico> but yes, much, much, much better than basic
[10:37:50] <hardie@jabber.psg.com> discussion of user behavior
[10:38:02] --- frank has joined
[10:38:21] --- mnot has left
[10:39:27] <hardie@jabber.psg.com> Caching a nd cookies discussion starting soon
[10:39:39] <Lisa> How does the construction sound on the audio feed? :(
[10:39:39] <hardie@jabber.psg.com> Yngve Pettersen presenting
[10:39:58] --- spturner has joined
[10:40:35] <hardie@jabber.psg.com> background on the need for state management
[10:41:30] --- spturner has left
[10:41:55] <hardie@jabber.psg.com> two issues: limiting which servers receive cookies; no general method
[10:41:57] <nico> lisa: I don't know, but it sounds awful in the room
[10:42:02] <hardie@jabber.psg.com> Can someone scribe a second
[10:42:13] <masinter> (no slides?)
[10:42:14] <nico> jack hammering in the middle of a conference is not acceptable
[10:42:15] <Lisa> I can scribe
[10:42:17] <hardie@jabber.psg.com> never mind
[10:42:22] <Lisa> ok
[10:42:25] <hardie@jabber.psg.com> I decided not to go to the mic
[10:42:26] <nico> masinter: there are slides
[10:42:39] <nico> on "cookie domain problems" slide
[10:42:49] <nico> or jumping aroung
[10:42:50] <hardie@jabber.psg.com> But for the jabber room, Brian Behlendorf and I both get an "I told you so" chit for this.
[10:42:59] --- resnick has joined
[10:45:00] <harald> Ted: I think there's a large number of people to share that cookie with. Better bring 2 bags.
[10:45:11] <hardie@jabber.psg.com> Cookie domain solutions: dns heuristics, lists of tld domain hierarchies, new cookie specification
[10:45:53] <hardie@jabber.psg.com> Harald: A chit isn't a cookie, it's just a slip of paper to allow you to claim your (bag, laundry, "i told you so"). We can mint them freely....
[10:46:04] <hardie@jabber.psg.com> for this, anyway.
[10:46:10] <harald> :-)
[10:46:12] <hardie@jabber.psg.com> Minting them for your laundry isn't a good idea
[10:46:54] <Lisa> But if you mint chips too freely, can they be used to track you across working groups?
[10:47:04] <Lisa> Mmm, mint chip cookies.
[10:47:08] <hardie@jabber.psg.com> Discussion of managing sessions: "log in", perform tasks, "log out" is a common approach
[10:47:33] <harald> the idea of mint-flavoured laundry strikes me as slightly off-topic for this chatroom.....
[10:47:44] <hardie@jabber.psg.com> some services want log out to mean documents are purged from memeory; workarounds to achieve this are available, but reduce usability
[10:48:42] <hardie@jabber.psg.com> What's the icon that keep bouncing? I'm assuming an IM client, but don't recognize it.
[10:49:29] <hardie@jabber.psg.com> Solving the session problem: associate urls with a named context, include cookies and other credentials in the context, server controlled expiration, also automatic expiration
[10:50:27] <hardie@jabber.psg.com> Questions? None
[10:50:57] <hardie@jabber.psg.com> Final issue: brief review of Etag semantics, especially when used for write.
[10:51:14] <hardie@jabber.psg.com> HTTP etag on PUT issues
[10:51:45] <hardie@jabber.psg.com> What does a strong ETag on PUT mean?
[10:52:11] <hardie@jabber.psg.com> Refer to the content that the client wrote? or the data actually stored? Server rewriting means that these may differ.
[10:52:45] <hardie@jabber.psg.com> In caldav or carddav, the clients want to know who the server re-writes their data for synchronization purposes.
[10:52:53] <julian.reschke> (related draft: <http://tools.ietf.org/html/draft-reschke-http-etag-on-write-07>)
[10:52:53] <hardie@jabber.psg.com> put/get is the current mechanism
[10:53:38] <hardie@jabber.psg.com> solutions: explicitly define what the meaning is. At the moment, caldav/cardav made choices and stated them; so did ATOMPUB. The two aren't the same
[10:53:59] <hardie@jabber.psg.com> Alternatively: define a new header for the stored ETag
[10:54:09] <julian.reschke> Actually, ATOMPUB does not state that, but XCAP did.
[10:54:29] <hardie@jabber.psg.com> Alternatively, allow the client to request the server to return the data in the put response if it changed, along with the etag
[10:54:42] <hardie@jabber.psg.com> pointer to julian's draft, above
[10:54:52] <hardie@jabber.psg.com> Julian: Do I need to reflect that to the room?
[10:55:15] <julian.reschke> Hardie: nope; thanks.
[10:55:39] <hardie@jabber.psg.com> Paul hoffman: jumps gun, asks how much this needs work in 2616bis, as opposed to in usage profiles?
[10:56:09] --- michaelpeck has left
[10:56:12] <hardie@jabber.psg.com> Cyrus responds that it needs at least a clarification; it may need more
[10:56:17] <julian.reschke> I think we need a clarification + an extension.
[10:56:39] <hardie@jabber.psg.com> Cyrus agrees with Julian that we need a clarification
[10:56:51] <hardie@jabber.psg.com> Other topic: whether extensions belong in same effort as clarification
[10:57:27] <hardie@jabber.psg.com> Harald suggests that "the data stored on the server" is a bad way of looking at it. Refering to it as what will be returned to the next GET is better.
[10:57:39] <tlr> well, there's also the difference between a representation and a resource.......
[10:58:24] <hardie@jabber.psg.com> ekr asks whether there is some interest in defining a header with generally clear semantics
[10:58:55] <masinter> My memory was that the etag applied to the message body, and had nothing to do with what was 'stored' anywhere
[10:59:19] <hardie@jabber.psg.com> weak, strong, and md5 headers discussed; there is a need for a token for synchronization. this one or another is a question for the group
[10:59:31] <hardie@jabber.psg.com> Larry: reflected to the room?
[10:59:43] <masinter> yes, sure. The 'e' in etag was for the entity in the message
[10:59:53] <hardie@jabber.psg.com> (folks who want things reflected to the room, preface with room:)
[10:59:56] <julian.reschke> Larry: that's IMHO incorrect, as ETag is a response header as defined in http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.6.2.
[11:00:33] <julian.reschke> room: that's IMHO incorrect, as ETag is a response header as defined in http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.6.2.
[11:00:37] <masinter> room: and when you ask with GET it doesn't have anything to do with the server state, it had to do with what the result would have been
[11:00:52] --- leifj has joined
[11:01:22] <harald> larry: cyrus used "actually stored" verbally. I don't think it's in the specs, or even in the slides.
[11:01:26] <hardie@jabber.psg.com> (I've moved closer to the mic)
[11:01:30] <julian.reschke> room: this minimally proves we need a clarification.
[11:02:00] <hardie@jabber.psg.com> On to discussion.
[11:02:21] <hardie@jabber.psg.com> Alexey: the assumption here is that there is some desire to form one or more working groups
[11:02:21] --- levigner has joined
[11:02:31] --- bernard.desruisseaux has left: Replaced by new connection
[11:02:50] <hardie@jabber.psg.com> ekr: as a matter of form, can we hum to see if there is interest in doing the work
[11:03:03] <hardie@jabber.psg.com> Alexey asks for a show of hands
[11:03:07] <julian.reschke> URI for proposed charter: <http://lists.w3.org/Archives/Public/ietf-http-wg/2007AprJun/0118.html>
[11:03:26] --- bernard.desruisseaux has joined
[11:03:32] <hardie@jabber.psg.com> ekr: can we narrow that to "raise your hand for doing something substantial"
[11:04:02] --- Glenn Parsons has left
[11:04:06] <hardie@jabber.psg.com> Harald: we should go through the charter first, as some of the variants may indicate paths that will be more or less interesting to participants
[11:04:19] <hardie@jabber.psg.com> Alexey: scope first, then details of charter?
[11:04:21] --- randy has joined
[11:04:41] <nico> also, is there enough work?
[11:04:43] <hardie@jabber.psg.com> Kurt Z. suggests we talk about work items, get a sense of who is willing to work on them
[11:04:47] <nico> for a WG that is
[11:04:51] <hardie@jabber.psg.com> then discuss organizational issues
[11:04:59] <nico> take authentication out and I think there is not
[11:05:03] <hardie@jabber.psg.com> hum from Pete? on that
[11:05:13] <resnick> That was me.
[11:05:18] <nico> and as for authentication, scroll up for my comments on Leif's drafts
[11:05:20] <frank> Julian: thanks, I hope "improve editorial quality" means "use proper ABNF" :-)
[11:05:36] <hardie@jabber.psg.com> Lisa says something with AD hat on
[11:06:10] <hardie@jabber.psg.com> there would be some groundrules that will guide things.
[11:06:19] <julian.reschke> Frank: actually, I wouldn't put that under "Editorial Q.", but it's on the ToDo list nevertheless.
[11:06:44] <hardie@jabber.psg.com> No new features, remove unused/broken featurs, clarify, fix contradictions, "small" functional changes for interop are fine.
[11:06:53] <harald> julian: it's on the issues list, as open issue.
[11:07:03] --- eric has left
[11:07:05] <hardie@jabber.psg.com> Side-effect is that replacemnet of features can be done, but not in this wg (at least until re-charter)
[11:07:33] <hardie@jabber.psg.com> eliot notes he is not lisa and ekr concurs
[11:07:44] <resnick> Thank god for that.
[11:07:45] <hardie@jabber.psg.com> Eliot: about the no new feature issue
[11:08:08] <julian.reschke> harald: Yes. We even have a plan, but there are lots of details to take care of: <http://lists.w3.org/Archives/Public/ietf-http-wg/2007JanMar/0295.html>
[11:08:20] <hardie@jabber.psg.com> Sam has done work on the webauth document, but we are not there yet for replacing, but we will be there at some point
[11:08:38] <hardie@jabber.psg.com> The last thing we want to see is 2616bis then 2616ter
[11:09:20] <hardie@jabber.psg.com> Eliot thinks we are early in the process for auth changes; we don't know whether it could be a rev or a clarification or what. Too early to nail down.
[11:10:09] <hardie@jabber.psg.com> Mark notes that he also gets scared by the scope, but does not believe we should wait on the work.
[11:10:36] <hardie@jabber.psg.com> Eliot: we need a goal that we need a clear understanding of what we are setting out to do.
[11:11:40] <hardie@jabber.psg.com> Sam Hartman, as technical contributor, thinks that having twice-revved http is better than pressure on the creation of new auth mechanisms to meet the time table.
[11:56:21] --- LOGGING STARTED
[11:57:00] --- harald has joined
[11:57:38] --- nico has joined
[11:57:51] --- julian.reschke has joined
[11:57:53] --- leifj has joined
[11:58:16] --- adam@xmpp.estacado.net has joined
[11:58:19] --- rlbob has joined
[11:58:28] <harald> room working again?
[11:58:32] <rlbob> seems to be
[11:58:39] <nico> yes
[11:58:39] <rlbob> someone tell ted
[11:58:49] --- lminiero has joined
[11:59:21] <rlbob> ps: i've been scribing locally also
[11:59:22] --- ldondeti has joined
[11:59:23] --- alexeymelnikov has joined
[11:59:56] --- harald has left: Lost connection
[12:01:12] --- ldondeti has left
[12:02:42] --- adam@xmpp.estacado.net has left
[12:10:40] --- randy has joined
[12:11:43] --- bhoeneis has joined
[12:12:28] --- mnot has joined
[12:12:29] --- lisa has joined
[12:12:29] --- masinter has joined
[12:12:42] --- sam.silberman has joined
[12:12:50] --- dthaler has joined
[12:13:34] --- fenton has joined
[12:15:14] --- alexeymelnikov has left
[12:16:18] <julian.reschke> (agree with Harald)
[12:16:52] --- frank has joined
[12:16:55] --- bruce has joined
[12:18:02] --- bruce has left
[12:22:33] --- =JeffH has joined
[12:23:15] <=JeffH> i couldn't get dhcp to give me an addr until just not
[12:23:16] <=JeffH> now
[12:23:30] --- fenton has left
[12:24:23] <=JeffH> is this the httpbis room really?
[12:24:26] --- bnsmith has joined
[12:24:35] <julian.reschke> yes
[12:24:56] <julian.reschke> but scribing stopped when it went down ~ 1 hour ago
[12:25:13] <=JeffH> ah ha
[12:25:15] <=JeffH> thx
[12:26:34] --- bhoeneis has left
[12:26:36] --- cyrus_daboo has joined
[12:26:52] --- randy has left
[12:29:50] --- bernard.desruisseaux has joined
[12:30:06] --- lisa has left: Computer went to sleep
[12:31:45] --- lminiero has left
[12:33:24] --- cyrus_daboo has left
[12:33:49] --- leifj has left
[12:34:16] --- bernard.desruisseaux has left
[12:34:38] --- rlbob has left
[12:35:12] --- mnot has left
[12:36:15] --- =JeffH has left
[12:36:38] --- julian.reschke has left
[12:36:53] --- sam.silberman has left
[12:36:53] --- frank has left
[12:37:10] --- nico has left
[13:13:06] --- dthaler has left
[13:19:49] --- masinter has left
[13:43:41] --- dthaler has joined
[13:49:52] --- levigner has joined
[13:54:12] --- dthaler has left
[13:54:19] --- dthaler has joined
[13:57:36] --- dthaler has left
[14:10:56] --- levigner has left
[14:38:40] --- michaelpeck has joined
[14:39:00] --- michaelpeck has left