Tuesday, March 28, 2017< ^ >
fenton has set the subject to: UTA Meeting - IETF 96
Room Configuration
Room Occupants

[19:43:34] Meetecho joins the room
[19:45:08] David I joins the room
[19:45:08] Lorenzo Miniero joins the room
[19:45:08] Mark Risher joins the room
[19:45:09] Viktor Dukhovni joins the room
[19:45:10] Aaron Zauner joins the room
[19:45:12] Daniel Margolis joins the room
[19:45:41] Dan York joins the room
[19:45:52] Binu Ram joins the room
[19:46:13] Mark Risher leaves the room
[19:46:14] Mark Risher joins the room
[19:48:53] Ken Murchison joins the room
[19:51:10] Janet Jones joins the room
[19:52:13] Ryoh Akiyoshi joins the room
[19:52:15] fenton joins the room
[19:52:30] fenton has set the subject to: UTA Meeting - IETF 98
[19:53:13] <Mark Risher> are we supposed to be able to hear?
[19:53:22] <fenton> Nothing to hear yet
[19:53:34] brong joins the room
[19:53:37] <fenton> they're getting the presentations queued up
[19:54:26] <Janet Jones> i can hear them
[19:54:35] <Mark Risher> I hear muttering ;)
[19:54:48] Aditya M joins the room
[19:54:49] <brong> If you have anything you want read out, let me know, I'm doing the jabberwatchy
[19:55:00] <Janet Jones> thx
[19:55:04] <brong> we're just muttering right now
[19:55:38] <fenton> can you hear Leif?
[19:55:46] <Janet Jones> yes
[19:55:55] Roger Murray joins the room
[19:55:55] John Levine joins the room
[19:56:04] rsalz joins the room
[19:56:05] Ned Freed joins the room
[19:56:54] <brong> can you hear Daniel?
[19:56:59] <Janet Jones> yes
[19:57:11] Andrew Fregly joins the room
[19:57:28] Nicolas Lidzborski joins the room
[19:57:41] Ned Freed leaves the room
[19:58:13] <fenton> Are we talking about TLSRPT?
[19:58:28] Ned Freed joins the room
[19:58:36] <John Levine> yes, see order in agenda
[19:58:55] Clyde Wildes joins the room
[19:59:12] <Viktor Dukhovni> I sure hope the slides will not be dwarfed by the browser "chrome". Surely someone knows how to make the slides "full screen".  This worked in other sessions...
[19:59:17] dkg joins the room
[19:59:22] Y G joins the room
[19:59:29] sftcd joins the room
[19:59:42] <dkg> i'm willing to jabber-scribe no one else has offered yet
[20:00:01] <brong> I did, but feel free if you want
[20:00:26] Roland Shoemaker joins the room
[20:01:31] <brong> we're on slide 3
[20:01:44] Simon Pietro Romano joins the room
[20:02:08] Simon Pietro Romano leaves the room
[20:02:14] <Aaron Zauner> there're no slides in the agenda page for this session
[20:02:19] <Aaron Zauner> FYI
[20:02:23] Okke Timm joins the room
[20:02:25] Simon Pietro Romano joins the room
[20:02:35] <Aaron Zauner> ah sorry there are
[20:02:35] <brong> OK, I can't see the URL any more... I can try to transcribe fast!
[20:02:37] <Aaron Zauner> mea culpa
[20:03:09] <brong> we're on "as seen in the wild" now, picture of the world map with regious and TLS stripping
[20:03:14] <brong> regions
[20:03:40] <Aaron Zauner>
[20:03:47] <brong> thanks
[20:03:55] <brong> so this is slide 4
[20:04:03] <brong> now on slide 5
[20:04:35] <Nicolas Lidzborski> Link to ACM IMC 2015 paper:
[20:05:11] Ken Murchison_1974 joins the room
[20:05:32] Ken Murchison leaves the room
[20:05:58] <Aaron Zauner> 2015 paper surveying TLS support internet-wide for various mail related protocols:
[20:06:00] <Aaron Zauner> also:
[20:06:00] <brong> now at slide 7
[20:06:54] <brong> slide 8
[20:08:15] <brong> slide 9
[20:11:26] <brong> we're taking questions now
[20:12:33] <Aaron Zauner> I'm still uncomfortable to purely rely on shipping trust related info with HTTPS
[20:12:37] <dkg> that was Alex Mayrhofer on the mic
[20:12:47] <Mark Risher> yes we hear you
[20:12:53] <dkg> Aaron Zauner: do you want me to say that at the mic?
[20:13:08] <dkg> please prefix mic: to things you want said in the room
[20:13:14] <Daniel Margolis> JSON isn't sexy: Protobufs are sexy.
[20:13:14] <Aaron Zauner> @dkg: I think the authors know about my concerns
[20:13:32] Aaron Zauner is pro in-band, but there're trade offs etc
[20:13:38] <dkg> Aaron Zauner: right, saying it in the room is probably more to raise awareness of the issue for others in the room
[20:13:58] <Daniel Margolis> Worth raising it, Aaron.
[20:13:59] <Aaron Zauner> @dkg: if you want you can relay my message with some context
[20:14:06] <Daniel Margolis> I'm open to it.
[20:14:09] <Ned Freed> Our fast JSON parser is ~550 lines of C. Already part of our MTA. FWIW.
[20:14:25] <Aaron Zauner> @dan: sorry I've been out of IETF work for ~8-9 months and didn't make it to IETF in berlin
[20:14:33] <Daniel Margolis> No worries. :)
[20:14:42] <Aaron Zauner> (long story,..)
[20:15:00] <brong> I much prefer JSON too, I've seen too many encoding issues parsing key=value.  It's great right up until you need to encode another = or , or something
[20:15:37] <brong> dkg: that's you standing in the queue now?
[20:15:51] Nicolas Lidzborski leaves the room
[20:15:59] Nicolas Lidzborski joins the room
[20:16:04] Satoru Kanno joins the room
[20:16:06] <Viktor Dukhovni> mic:I agree that DMARC is very different.
[20:16:14] <Ned Freed> I don't really have a preference. I just don't think JSON is a significant code burden.
[20:16:37] <Mark Risher> mic: we didn't see an amplification aspect to the TLSRPT messages
[20:16:42] <Aaron Zauner> what are realistic alternatives to using JSON?
[20:16:50] <Ned Freed> name=value
[20:17:06] <dkg> yep
[20:17:07] <Viktor Dukhovni> JSON is a new dependency and MTAs are part of the "base" software footprint of multiple O/Ses.
[20:17:07] Satoru Kanno leaves the room
[20:17:23] <dkg> yep
[20:17:24] <dkg> sigh... lag...
[20:17:24] <dkg> rfc 822 headers ;)
[20:17:24] <Daniel Margolis> Yeah, my main concern is Viktor's.
[20:17:25] <Nicolas Lidzborski> Re: key=value, which character encoding?
[20:17:50] <Aaron Zauner> I'm with viktor there, too
[20:17:52] <brong> what escaping strategy
[20:18:05] <Ned Freed> To the extent it matters, the charset for values should be utf-8.
[20:18:31] <brong> custom parser becomes part of the base footprint too
[20:18:45] Satoru Kanno joins the room
[20:18:52] <Viktor Dukhovni> There are no potential UTF-8 elements to be encoded here.
[20:18:57] <Aaron Zauner> then again; we're already dragging all of webpki and HTTPS into the whole thing for STS to work as specified currently, so may be JSON parsing support somewhere in the used stacks
[20:19:00] <Viktor Dukhovni> SMTP domains are A-labels.
[20:19:33] <Nicolas Lidzborski> Mandate content-type with specific encoding? Seems a lot of custom logic rather than reuse JSON.
[20:19:45] <Ned Freed> Agreed, HTTPS is a far more significant issue. Which is why I don't intend to put any of this into the SMTP client process.
[20:20:27] Aaron Zauner raises hand
[20:20:28] <Ned Freed> (raises hand)
[20:20:35] <Nicolas Lidzborski> (raising hand)
[20:20:41] <Viktor Dukhovni> Raising.
[20:20:46] <Janet Jones> JSON
[20:20:49] <Viktor Dukhovni> K/V for me
[20:20:51] <Aaron Zauner> key/value
[20:20:56] <Nicolas Lidzborski> JSON
[20:20:57] <Mark Risher> (raising hand for JSON)
[20:21:09] <Ned Freed> No preference
[20:21:13] <Simon Pietro Romano> JSON for me
[20:21:17] <Binu Ram> JSON
[20:21:37] Ryoh Akiyoshi leaves the room
[20:21:38] <Mark Risher> mic:several more votes for JSON
[20:21:47] <Aaron Zauner> mic: yes JSON parsing is also a potential security concern
[20:21:50] <Janet Jones> JSON
[20:21:51] <Ned Freed> (raises hand)
[20:21:56] <Simon Pietro Romano> Just JSON
[20:21:58] <Aditya M> JSON
[20:22:04] <Viktor Dukhovni> Would really like to avoid JSON.
[20:22:50] <Aaron Zauner> as long as we don't go for CBOR :P
[20:22:56] <Daniel Margolis> What, no XML?
[20:23:06] <Viktor Dukhovni> Correct.
[20:23:43] <dkg> ASN.1
[20:23:50] Roger Murray leaves the room
[20:23:53] Stephanie Huguenin joins the room
[20:24:09] <Aaron Zauner> haha
[20:24:17] <Mark Risher> should we move the conversation to the issue on host vs. CN/SAN? This issue isn't the major issue
[20:24:17] <Ned Freed> Our XML parser is >3X as long as our JSON parser, and doesn't implement anything close to full XML.
[20:24:27] <Daniel Margolis> I forgot the sarcasm tags, Ned. ;)
[20:24:43] <Aaron Zauner> we're not going to end up with "one parser" exactly because of the reason he mentioned: MTAs already have parsers for K/V
[20:24:46] <Viktor Dukhovni> Queue up
[20:24:50] <Ned Freed> Oh well....
[20:25:17] Roger Murray joins the room
[20:25:32] Dan York leaves the room
[20:25:39] <brong> we're back on slide 9 - host v identity
[20:26:11] <brong> Alexey at the mic
[20:26:20] <Aaron Zauner> @dkg: do you think the issue with having to support HTTPS for your MTA/MX came across in the room?
[20:26:21] <Ned Freed> I think I prefer option 2
[20:26:41] <dkg> Aaron Zauner: i'm not sure :/
[20:26:50] <Aaron Zauner> yea I don't think so
[20:26:57] <Aaron Zauner> people following the list will know about this
[20:27:03] Jaromir Talir joins the room
[20:27:06] <Aaron Zauner> not sure about in-room
[20:27:24] Aaron Zauner raises hand for CN/SAN
[20:27:29] <Viktor Dukhovni> SANs thanks.
[20:27:31] <Ned Freed> (raises hand for option 2)
[20:27:36] <Mark Risher> (hand for CN/SAN)
[20:27:45] <Janet Jones> SANs
[20:28:22] Clyde Wildes leaves the room
[20:29:08] <Aaron Zauner> slides:
[20:29:12] Jaromir Talir leaves the room
[20:30:02] Aditya M leaves the room
[20:30:37] Mark Risher leaves the room
[20:36:29] Simon Romano joins the room
[20:40:28] <Daniel Margolis> To that point, though, I would imagine the vast majority of MUAs are either webmail clients or a handful of clients like Outlook, Thunderbird, Apple Mail...
[20:40:53] <Daniel Margolis> And users are effectively hardcoding their own MUA settings (and not using SRV or similar, AFAIK).
[20:41:12] <Aaron Zauner> @dan: do you guys have statistics on webmail vs MUA usage for gmail?
[20:41:17] <Daniel Margolis> Which makes me wonder slightly about the value of generalizing what is probably in most cases a fairly narrow thing.
[20:41:33] <Daniel Margolis> Aaron: Yes, of course. ;)
[20:41:43] <Aaron Zauner> @dan: sure, but public ones?
[20:41:48] <Daniel Margolis> That I don't know.
[20:42:00] <John Levine> I think it depends on environments, gmail hosts companies that use all MUAs
[20:42:02] <Aaron Zauner> would be interesting in general for IETF and research
[20:42:04] <John Levine> and some that are all webmal
[20:42:07] <Daniel Margolis> Agreed.
[20:42:22] <Aaron Zauner> @dan: maybe a good idea to publish them (stripped of PII obviously)
[20:42:45] <Daniel Margolis> Agreed. I would imagine we could publish like top n, but I want to ask our lawyer first. ;)
[20:43:06] <Daniel Margolis> But without looking at stats, I feel comfortable speculating that the top MUAs are some ordering of Webmail, Outlook, iOS Mail, Android Mail, OSX Mail, Thunderbird.
[20:43:07] <Aaron Zauner> cool. thanks!
[20:43:27] <Aaron Zauner> especially with Mac users I see a lot using
[20:43:29] <Daniel Margolis> If that's not 95% of all users I'd be shocked.
[20:43:59] <Aaron Zauner> overall Linux users aren't that many, so we can neglect that I thin
[20:44:09] <Daniel Margolis> Right.
[20:45:09] <Aaron Zauner> so we planned with ralph holz on doing MUA studies, but never had time to do it, for you guys it seems very easy (a BigQuery over logs? ;))
[20:45:22] <Daniel Margolis> Exactly. Would take me a few minutes.
[20:45:26] <Daniel Margolis> Asking the lawyer would take a lot longer ;)
[20:45:39] <Daniel Margolis> So to editorialize slightly here, it seems like DEEP proposes a protocol fix to a UX/UI issue, no?
[20:45:52] Jacob Hoffman-Andrews joins the room
[20:45:54] <Aaron Zauner> yes and a bit more
[20:46:08] <Aaron Zauner> haven't looked at a recent diff of the spec though, TBH
[20:46:35] <Daniel Margolis> Yeah, I'm a few versions back.
[20:54:51] Simon Pietro Romano leaves the room
[20:55:15] Simon Pietro Romano joins the room
[20:56:38] Andrew Fregly leaves the room
[20:56:54] <Aaron Zauner> slides:
[20:58:13] Jacob Hoffman-Andrews leaves the room
[20:59:18] Nicolas Lidzborski leaves the room
[21:00:40] <Aaron Zauner> server availability may be sensitive :P
[21:02:13] Binu Ram leaves the room
[21:03:33] <Ned Freed> That doesn't work for the "don't require TLS case"
[21:04:05] <Aaron Zauner> advertising before STARTTLS gives the opportunity to strip the feature
[21:04:14] <Aaron Zauner> this seems to be a bad idea
[21:04:51] Stephanie Huguenin leaves the room
[21:05:43] <Aaron Zauner> @dkg: may this make sense to be relayed to the room?
[21:07:34] <Aaron Zauner> +1 on what viktor said
[21:09:44] <Aaron Zauner> @viktor: there's still a SMTP list, not an active WG as far as I understand
[21:10:55] <dkg> Aaron Zauner: i can relay, sure
[21:11:01] <Aaron Zauner> @dkg: thanks
[21:13:44] <Aaron Zauner> hm. unsure again if people got what I meant with that statement
[21:15:33] <Aaron Zauner> UTA isn't *that* busy
[21:15:46] <Aaron Zauner> I see no problem adopting this I-D as a WG item
[21:16:25] Aaron Zauner raises hand
[21:16:30] <Viktor Dukhovni> I would, if not over-engineered
[21:16:37] <Ned Freed> (raise hand)
[21:16:39] <Aaron Zauner> yes, a simple version
[21:17:23] Aaron Zauner is for adoption
[21:17:23] <Viktor Dukhovni> Sure for adoption
[21:17:39] brong leaves the room
[21:18:07] Lorenzo Miniero leaves the room
[21:18:16] Simon Pietro Romano leaves the room
[21:18:32] Y G leaves the room
[21:18:32] Ned Freed leaves the room
[21:18:32] Ken Murchison_1974 leaves the room
[21:18:32] Aaron Zauner leaves the room
[21:18:32] Okke Timm leaves the room
[21:18:32] Satoru Kanno leaves the room
[21:18:32] Janet Jones leaves the room
[21:18:32] David I leaves the room
[21:18:32] Roland Shoemaker leaves the room
[21:18:32] Daniel Margolis leaves the room
[21:18:32] Viktor Dukhovni leaves the room
[21:18:47] Roger Murray leaves the room
[21:19:17] fenton leaves the room
[21:20:16] rsalz leaves the room
[21:21:19] Meetecho leaves the room
[21:23:16] sftcd leaves the room
[21:23:20] John Levine leaves the room
[21:30:25] sftcd joins the room
[21:31:41] sftcd joins the room
[21:31:49] sftcd leaves the room
[21:33:00] sftcd leaves the room
[21:34:32] Dan York joins the room
[21:40:10] Dan York leaves the room
[21:46:05] dkg leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!