[00:51:45] tlyu joins the room
[00:53:09] nico joins the room
[01:05:51] <jhutz@jis.mit.edu/owl> whee!
[01:20:44] semery joins the room
[01:22:43] kurt.zeilenga joins the room
[01:23:35] kurt.zeilenga leaves the room
[01:23:55] kdz joins the room
[01:26:17] hartmans@jis.mit.edu/owl joins the room
[01:27:01] <semery> Do you see the slides on WebEx?
[01:27:11] <kdz> yes
[01:27:51] cnewman joins the room
[01:28:34] <tlyu> are we still waiting for alexey?
[01:29:36] <semery> Yes, I looked for him.
[01:30:47] PasiEronen joins the room
[01:31:26] <kdz> Tom, can you say something into the mics to be sure there is decent audio out here in WebEx land?
[01:32:01] <jhutz@jis.mit.edu/owl> Tom is not there in person, so he cannot talk into the mic
[01:32:05] <tlyu> i'm also on webex
[01:32:09] <tlyu> i'm attending remotely
[01:32:10] <jhutz@jis.mit.edu/owl> At present, I am hearing nothing via mp3
[01:32:15] <kdz> well, then someone else?
[01:32:34] <tlyu> i have audio on the mp3 stream, just very quiet because meeting hasn't started yet.
[01:32:39] <kdz> I'm just getting what I assume is background chatter.
[01:33:15] <cnewman> I can hear Alexey on the mic now clearly.
[01:33:41] <tlyu> not much audio is getting through to webex
[01:34:02] jimsch joins the room
[01:34:03] <jhutz@jis.mit.edu/owl> alexey sounds really quiet
can someone please actually talk into a mic?
[01:36:12] <jimsch> Document Status Page
[01:36:45] <kdz> 4422bis also kind on hold due to SASLprep.    That is, not sure what we want the spec to recommend.
[01:38:08] <jimsch> Slide: Tech discussion
[01:38:35] <nico> I should mention an interop problem that has come up recently w.r.t. RFC4752; I'll describe during Q&A if there's time, and if anyone cares
[01:39:11] resnick joins the room
[01:39:37] <jimsch> New Presentation:  StringPrep
[01:40:45] Min Huang joins the room
[01:40:46] <kdz> My basic requirement is that SASLprep (and basically for other profiles) is that for Profile(version, string), Profile(3.2, string) == Profile(any, string) for any string.
[01:40:51] <jimsch> Can you hear john?
[01:40:56] <tlyu> john needs to speak up a little
[01:41:08] <nico> my comments have been sent to the list
[01:41:18] <jhutz@jis.mit.edu/owl> john: much better
[01:41:33] <nico> http://en.wikibooks.org/wiki/Unicode/Versions
[01:41:43] <nico> a useful summary of changes in Unicode versions
[01:42:02] <jhutz@jis.mit.edu/owl> what, cuneiform scholars shouldn't be allowed to use cuneiform passwords?
:-)
[01:42:56] paul.aurich joins the room
[01:43:41] <nico> jhutz: passwords on dried clay tablets aren't... good passwords
[01:44:05] <nico> BTW, stringpreps are per-mechanism
[01:44:11] <nico> not for all of SASL
[01:44:19] <nico> <mic>
[01:44:25] stpeter joins the room
[01:45:08] <stpeter> Sam at the mic
[01:45:25] <nico> what's NFKC stability?
[01:45:27] <stpeter> Pete: not discussing specifics of normalizatino form we need
[01:45:35] <kdz> I tried to do a version independent SASLprep and stringprep but found that "exceptions" were needed.  Which is basically what IDNA found, yes?
[01:45:55] <stpeter> Pete: question of version independence depends on what we think we need out of it adn whether we think normalization forms might change over time
[01:46:32] <stpeter> Peter: if a new version changes the class, it may get normalized differently
[01:46:40] <nico> I thought NFs were supposed to be _stable_
[01:46:49] <semery> Have us channel by prefixing your question with "mic".
[01:47:00] <semery> Nico, did you want a channel?
[01:47:02] <nico> well, I asked for mic earlier
[01:47:09] <nico> I'll wait a bit
[01:47:10] <stpeter> Pete: if we want something more stable, then we should lock it down and not be version independent
[01:47:14] <nico> well, no
[01:47:16] <nico> I want the mic
[01:47:19] <nico> I'm on the phone
[01:47:24] <jhutz@jis.mit.edu/owl> > Have us channel by prefixing your question with "mic".

No, that's confusing, given that we've already told people to say <mic>
when they want a chance to speak via webex
[01:47:27] <stpeter> nico: sorry, I was not scribing / channeling
[01:47:53] <stpeter> Sam: one nice thing about IDNA is that they described what is special about DNS
[01:48:03] <stpeter> Sam: perhaps we can do something similar
[01:48:21] <stpeter> Jabberites! I can channel, just say <mic>
[01:48:39] <stpeter> (sorry, it took me a while to find the room IRL...)
[01:48:44] <nico> <mic> stringpre is per-SASL _mechanism_
[01:49:02] <nico> so we can always consider _new_ stringpreps
[01:49:23] <jhutz@jis.mit.edu/owl> >    I thought NFs were supposed to be _stable_

So, you could mean one of two things by "stable":
(1) NF(NF(x)) == NF(x) for all x
(2) NF(x) == NF'(x) provided that x contains no unassigned code points
[01:49:35] <nico> IMO RFC3454 needs updates to allow for stringpreps that have normalization-insensitivity and NFD, for example
[01:49:49] <stpeter> Sam: we need to clear on what the actual requirements are
[01:49:56] <nico> jhutz: (2)
[01:50:01] <stpeter> John: I think Sam has made the key point
[01:50:22] <nico> changes to existing stringpreps must be backwards compatible
[01:50:32] <jhutz@jis.mit.edu/owl> > Jabberites! I can channel, just say <mic>

This is confusing, because we already established the convention in the
last session that saying <mic> means you want a turn to speak via webex,
_not_ that you want someone to channel you.
[01:50:42] <jhutz@jis.mit.edu/owl> nico: OK; just checking
[01:50:47] <nico> just tell me when I can speak on the phone
[01:50:49] <stpeter> oh
[01:51:05] <stpeter> I didn't realize we had webex
[01:51:07] <nico> or maybe I should break in
[01:51:09] <nico> :)
[01:51:10] <tlyu> i think if you're on the phone you can just cut in
[01:51:25] <stpeter> right
[01:51:36] <stpeter> we can hear nico very well
[01:51:45] <stpeter> other than the background :)
[01:52:07] wilmer joins the room
[01:52:10] <jhutz@jis.mit.edu/owl> > if you're on the phone you can just cut in

_can_, yes
but that's rude; people on the phone should wait our turn,
just like people waiting at the physical mic, and the chair should
demultiplex
[01:52:48] <tlyu> hm, if people are using the webex ui, there's this "raise hand" thing.
[01:53:13] <resnick> Tom?
[01:53:20] <tlyu> go ahead
[01:54:25] <kdz> <mic>Version upgrade or version independence?
[01:55:12] <jhutz@jis.mit.edu/owl> I don't have time to figure out how to get the webex ui to work
[01:55:58] <stpeter> Sam: interested in requirement for NFKC stability, might want to consider UC's definition, which is that we want stability except when there are more important considerations
[01:56:53] Min Huang leaves the room
[01:56:58] <kdz> I basically don't mind SASLprep(3.2, string) != SASLprep(newer, string) for some very small set of strings that "don't matter", but for all strings that matter SASLprep(3.2, string) == SASLprep(newer, string).
[01:57:06] Min Huang joins the room
[01:57:14] <stpeter> Sam: maybe we break a well-known class of existing solutions but we make things simpler going forward
[01:57:21] <kdz> last comment can be put on <mic> if you like
[01:57:25] nico agrees with Sam's comments about stability
[01:57:33] <stpeter> John: example forthcoming...
[01:57:54] <nico> granted, if there are passwords using cuneiform characters, and the UC changes normalization for those, hey! you lose!
[01:57:55] <stpeter> John: sometimes scripts were botched so badly that they had to start over
[01:58:04] <kdz> of course, "matters or not" is not necessarily easy to determine
[01:58:44] <stpeter> John: you end up with incompabilities despite the stability rules
[02:00:10] <stpeter> John: better to clean things up now rather than waiting until there are larger numbers of users
[02:03:10] <stpeter> Sam: I think we might be in violent agreement
[02:03:24] <stpeter> Pete: can we state what the violent agreement is
[02:03:33] <stpeter> Sam: that stability is a tradeoff
[02:03:44] <stpeter> Pete: not violent agreement on the solution, only the problem
[02:04:05] <stpeter> Alexey: Nico, do you have other requirements?
[02:04:24] <stpeter> Nico: in my experience, normalizing as late as possible is good
[02:04:49] <stpeter> Nico: on the client, that happens to be early
[02:05:12] <stpeter> Nico: many have optimized for NFC, but in long term we should prefer NFD
[02:05:21] <stpeter> Nico: not sure what I think of K mappings
[02:05:29] <stpeter> Nico: not clear what we gain from them
[02:05:52] <stpeter> Nico: maybe helpful in file names, but not in usernames and passwords
[02:06:23] <stpeter> John: only argument against normalize as late as possible, someone somewhere in the path might change it before you get to it
[02:07:27] <stpeter> John: with regard to K conversions, many of the compatibility characters are there so that people can write their names as they expect
[02:08:31] <stpeter> Nico: that's why I think we don't need them in security technologies
[02:08:53] <stpeter> Nico: do you have an example of someone getting to it before you do?
[02:10:42] <stpeter> John: one can pretend that glitches in Unicode don't exist and figure that those will get fixed eventually
[02:12:09] <stpeter> Sam: what we found in MIT Kerb was that had to normalize late (because of ASN.1 problems) and in fact that turned out to be useful
[02:12:29] <stpeter> Sam: the server was in a position to know what was expected
[02:13:08] <stpeter> Sam: there were surprises that some things compared equal, but that was OK
[02:13:32] <stpeter> Sam: and better position to cope with the bugs
[02:13:42] <stpeter> Nico: that explains what I was looking for
[02:14:08] <stpeter> John vigorously nods his head
[02:15:19] <nico> <mic>
[02:15:20] <tlyu> ...15 minutes left; we should sum up and get some action items
[02:15:24] <kdz> NEXT STEPS?
[02:15:34] <stpeter> John: in these contexts, what matters is comparison rather than mapping early to forestall potential problems
[02:15:45] <stpeter> Nico: we're in violent agreement
[02:15:57] <stpeter> Nico: RFC 3454 is IDNA-specific in this sense
[02:16:22] <stpeter> Nico: it would be nice if we could define stringprep profiles that are not IDNA-driven
[02:16:31] <hartmans@jis.mit.edu/owl> Although for scram  and digest-md5, we do have this backward compat issue
[02:17:49] <kdz> <mic>we need to update stringprep!  a key question is version upgrade only or version independent
[02:17:53] <stpeter> John: thinking in terms of stringprep gets us on the wrong track -- what matter is comparison, not mapping
[02:19:49] <stpeter> Alexey: maybe we need a BoF in Anaheim to get consensus on whether we want to do this (either update stringprep or take a different path)
[02:20:03] <stpeter> Sam: we need consensus of people who are using SASL, not just working on SASL
[02:20:04] <kdz> <mic>even if we just update SASLprep, version update only or version independent is still a key question.   The latter is bear in either case.
[02:20:39] <kdz> which is a fine question for discussion at a BoF.
[02:21:24] stpeter nods to kdz
[02:22:56] <kdz> Last time we tried to move CRAMMD5 to historic we got contention... is that contention resolved.
[02:24:08] <kdz> We had the document passed WG LC and then found contention and dropped it.
[02:24:13] <stpeter> Kurt: I channeled your point
[02:24:32] <stpeter> John: moving something to historic if it is so widely used is problematic
[02:24:51] <stpeter> John: perhaps create a short applicability statement for CRAM-MD5
[02:25:38] <stpeter> Sam: historic doesn't mean don't use it
[02:25:47] Min Huang leaves the room
[02:26:00] Min Huang joins the room
[02:26:30] <jhutz@jis.mit.edu/owl> Eh.  I feel like moving to historic ought to mean it is already not used
[02:27:10] <jimsch> I think that moving to historic should also mean -- you really shouldn't be using this.
[02:27:32] <kdz> <mic>one alternative is to move it to historic without an I-D
[02:27:41] <stpeter> Alexey: if it's too difficult we might as well drop it
[02:27:45] <nico> how much time do we have left?
[02:27:55] <nico> why would it be difficult?
[02:28:06] nico agrees with Sam
[02:28:18] <nico> do we have Q&A time?
[02:28:32] <resnick> 2 minutes
[02:28:39] <jimsch> go
[02:28:40] <resnick> yes
[02:29:31] PasiEronen leaves the room
[02:30:54] paul.aurich leaves the room
[02:31:41] resnick leaves the room
[02:32:13] <stpeter> ok we're done
[02:32:24] cnewman leaves the room
[02:32:36] <jhutz@jis.mit.edu/owl> shawn still ehre?
[02:32:40] jimsch leaves the room
[02:32:41] stpeter leaves the room: Logged out
[02:33:58] kdz leaves the room
[02:34:36] <semery> Yes.
[02:34:37] <jhutz@jis.mit.edu/owl> Hello, is anyone still there?
Can someone please ask Shawn to answer me, so I can leave?
I have to drive home before the next meeting
[02:34:44] <jhutz@jis.mit.edu/owl> Oh, there you are
[02:35:25] Min Huang leaves the room
[02:36:02] nico leaves the room
[02:45:27] semery leaves the room
[02:55:44] wilmer leaves the room
[05:57:31] tlyu leaves the room
[06:30:43] stpeter joins the room
[07:02:03] stpeter leaves the room