[10:42:29] martin.thomson joins the room [10:46:58] martin.thomson leaves the room [10:52:26] yoav.nir joins the room [10:56:08] stpeter joins the room [10:56:56] Olafur joins the room [10:57:12] yoav.nir: please raise your hand in the room so Tobias can identify you [11:00:09] I'm her [11:00:14] I'm here [11:01:51] hardie@jabber.psg.com joins the room [11:02:16] martin.thomson joins the room [11:02:17] (people settling down, Tobias about to begin) [11:02:20] barryleiba joins the room [11:02:23] Bjoern joins the room [11:03:40] Satoru Kanno joins the room [11:03:56] lef_jp joins the room [11:05:11] swb joins the room [11:05:16] Note Well slide [11:05:24] Agenda slide [11:05:52] =Jeff joins the room [11:06:21] tony.l.hansen joins the room [11:06:33] pawal joins the room [11:06:46] Tony Hansen will capture action items [11:06:51] tlyu joins the room [11:06:55] sftcd joins the room [11:07:01] Julian joins the room [11:07:04] bkihara.l joins the room [11:07:07] Adam is not in the room. [11:07:20] coopdanger joins the room [11:07:42] Asking the room if this is stable - close to last call [11:08:13] Kepeng Li joins the room [11:08:14] Karen O'Donoghue joins the room [11:08:22] Melinda joins the room [11:08:59] This is a wg item [11:09:12] Tobias finds there has been no progress. The authors think it's stable [11:09:24] Should we ask if it's ready for last call? [11:09:30] swb leaves the room: Disconnected. [11:09:39] swb joins the room [11:09:57] <=Jeff> masinter newly tracking this WG -- have a related I-D that's on that thar slide [11:10:14] t.k joins the room [11:10:19] Tobias asks that comments be made on the list [11:10:43] martin.thomson leaves the room [11:10:48] Comments: The document should either make an exact algorithm or not at all [11:11:21] Larry says that the goal should be to minimize sniffing, not preserve it [11:11:25] sniffing can lead to privilege escalation [11:12:09] the document is https://datatracker.ietf.org/doc/draft-masinter-mime-web-info/ [11:12:20] The MIME registry should be extended to include the missing parts [11:13:06] Tobias: Adam is not here, so let's take it to the mailing list [11:13:12] the other comment was to not have a table of magic numbers, but instead point to the registry [11:13:19] lellel joins the room [11:13:42] 2nd draft - principals of origin [11:13:58] Note: Larry Masinter will post his comments on mime-smith to the mailing list for review [11:14:00] How many want to post comments? 7-8 people [11:14:41] any objections to merging the origin drafts (principals and websec-origin)? [11:14:50] (no objections) [11:15:07] Note: please post comments to the list about merging two origin docs [11:15:12] Now going to the draft-ietf-websec-origin slides [11:15:14] ray joins the room [11:15:20] Bjoern leaves the room [11:15:46] Adam (in the slides) proposes to merge the drafts [11:17:10] On to Jeff Hodges with a presso about draft-hodges-websec-framework-reqs-00 [11:17:39] So, a question on the comparison for globally unique identifiers. When it says "they were created at different times", this seems to imply a standard way of determining the creation time. This seems a bit problematic for some URI scheme types. Has this been discussed? If so, anyone have a quick pointer to the discussion? [11:18:36] slide 2: Status [11:19:09] (if any1 wants me to channel their comments, please preface with "mic:") [11:19:54] Tobias: How many people have read the requirements document? [11:19:58] (very few hands) [11:20:41] swb leaves the room: Replaced by new connection. [11:20:43] swb joins the room [11:20:46] draft is new (from this month), rough. Attempts to broad-brush sketch overall problem space [11:20:56] Please read and provide comment [11:21:25] Tobias: how many will read in the next three months and post comments? (quite a few) [11:21:35] resnick joins the room [11:21:54] On to to HSTS slides [11:21:57] Slide 2 [11:22:20] -01 submitted on 14-Mar [11:22:22] Slide 2 [11:22:25] Slide 3 [11:22:46] Changes from -00: changed "server" to "host" [11:23:26] In HTTP you have servers. Do you need an origin server? [11:23:48] c/need/mean/ [11:24:03] (servers in HTTP not necessarily being the end points, thus the distinction) [11:24:11] Jeff: we're using "hosts" because we're talking about all ports on a host, rather than a single port (which would be called a server) [11:25:18] Barry Leiba: host is something with an IP address; server is a piece of software. Jeff: yes, in my previous world a "server" was a box. [11:25:52] "URI Loading" replaced with "URI loading and Port Mapping" [11:26:03] Slide 4 [11:27:00] Loading port 80 was not OK in -00 [11:27:02] slide 5 [11:27:36] in -01 convert :80 to :443 and leave the other ports alone [11:29:00] Paul Hoffman: I thought we didn't want to map arbitrary ports. only 80-->443 [11:29:17] Jeff: I thought we did, but will ask again on the list [11:29:39] Note: take the second mapping *http ... :8080" => "https ...:8080" back to the list [11:30:16] EKR: keeping the original non-80 port makes no sense, because there's no TLS server there [11:30:44] slide 6 [11:31:08] should we reference httpsbis? [11:31:14] HTTPbis chair: yes [11:31:37] httpbis will go to LC before end-of-year [11:31:39] it hsts says you must have secure connections to the host, isn't that sufficient info to imply that there *will* be TLS on 8080 and the "http://" was really incorrect? [11:33:28] slide 7 [11:34:07] Open Issue: LockCA notion: cert and/or CA pinning [11:34:14] slide 8: LockCA [11:34:27] slide 8: LockCert [11:34:49] martin.thomson joins the room [11:34:50] The idea is to tell who is the CA (or what is the cert) [11:35:00] slide 10 [11:35:29] EV only: you only go to this site if it presents an EV cert [11:35:58] EKR: it's a good idea, but what if you lose your private key or your CA gets owned? [11:36:09] sftcd leaves the room [11:36:09] sftcd joins the room [11:36:22] EKR: with locked cert - you're screwed for a while [11:36:39] EKR: with locked CA, you're also screwed, but not quite as bad [11:36:55] Satoru Kanno leaves the room [11:36:55] Olafur leaves the room [11:36:55] (it's at EKR speed, so I'm heavily paraphrasing) [11:36:55] coopdanger leaves the room [11:36:55] lellel leaves the room [11:36:55] sftcd leaves the room [11:36:59] sftcd joins the room [11:37:44] Jeff: that's why EVOnly makes more sense. EKR: adopt only EVOnly [11:38:05] PHB: don't lock CA. Better to go to DNS [11:38:21] Karen O'Donoghue leaves the room [11:38:46] Satoru Kanno joins the room [11:39:03] PHB: don't want EV guidelines in IANA. Don't want to end up with two OIDs [11:39:40] Stephen Farrel: the goal is for the client to understand this. Where do I find the CAB forum OIDs? [11:40:01] Jeff: they're going to publish soon (you can find them in Wikipedia) [11:40:04] ogud joins the room [11:40:25] PHB: with the CAB Forum OIDs you can specify a specific version of the CPS [11:41:00] PH: cert-lock and ca-lock need more thought. EVonly is OK, but we need a stable pointer for implementers [11:41:59] PH: EVonly - if an EV issuer becomes malicious, they should become non-EV. How does this happen? If it does, you're screwed, and it has nothing to do with your operational capabilities. [11:42:06] PH: need some caveats [11:43:39] Jeff: That is why EV certs are more expensive. We hope the CAB forum has their act together [11:44:02] PH: are you comfortable with the fact that if any EV CA goes bad you're screwed? Jeff: yes [11:45:02] PH: you need to spell this out in the spec. If your EV cert becomes non-EV, you're down for days, because getting a new EV cert takes time [11:45:28] PH: also needs to be ready for the next-generation EV (should something beyond EV comes along) [11:45:35] Linyi Tian joins the room [11:46:19] slide 11 [11:46:54] Suggestion to decouple two HSTS policy obligations: establish only with TLS; terminate if there is a validation problem [11:47:15] (if you want me to channel your remark, preface with "mic:") [11:47:20] slide 12 [11:47:51] need to be more explicit in regards to the notion of "cert verification" and errors/warnings [11:48:16] It states that if there's any issues with verification - hard fail. [11:48:48] What if we're doing PGP certs? there's no chains and no trust anchor store. [11:49:14] re slide 11: Jeff says they're declining to change this [11:49:17] g.e.montenegro joins the room [11:49:29] slide 13 [11:49:46] Todo: issues on the tracker, ref httpbis, hash out issues on the list [11:51:14] PH: you're trying too hard to be generic. It sounds like you're talking about HTTPS, but then you're talking about a generic secure channel. IPsec doesn't need anything like this (as an example of something else that is a secure channel) [11:51:20] Jeff: good feedback [11:51:34] hardie@jabber.psg.com leaves the room [11:52:23] Mark Nottingham: read the draft. It requires you to put a response header on every response. This is something you'd rather not do. [11:52:37] Karen O'Donoghue joins the room [11:52:45] MN: can make the header name smaller, and do we need it on every response. [11:53:08] Jeff: we want this to make sure. [11:53:24] PH: should be on the list because I heard it go both ways [11:53:46] Notes: Jeff Hodges to put issues into the tracker, revise the hsts spec, and discuss the issues on the list [11:54:24] Jeff: should we invent more verbose headers, or should we have a single defined extensible "security" header? Is it workable? [11:54:35] Julian leaves the room: Computer went to sleep [11:54:42] Bjoern joins the room [11:54:50] JH: Call it "SEC"? [11:55:16] Randall Gellens joins the room [11:55:43] Build on the success of P3P? It is painful to have many individual header, but history suggests you should avoid lumping a lot of stuff tomorrow [11:55:53] MN: should there be header at all? [11:56:18] Jeff: that's intermediate until we can get the policy someplace else. [11:58:09] Thomas Roessler joins the room [11:58:21] PH: what about caching. MN: do you cache the header? that's unworkable. There are other ways of doing this. [11:58:57] PH: does gathering work operationally? You're saving header bits [11:59:34] MN: I think it comes down to granularity - then it's workable [12:00:39] PSA: There are other solutions based on DNS. At some point there will be interaction with these things. [12:01:40] PH: I didn't bring this up because the use-case for has-tls is different. Jeff will be done sooner, and HSTS should not be delayed for has-tls [12:02:30] Karen O'Donoghue leaves the room [12:02:32] PHB: I'm interested in the DNS side. Jeff will be finished so much sooner, because DNSSEC is not yet widely deployed. [12:03:07] EKR: let's do the HTTP part first. [12:03:45] On to the next presentation "do not track" (Alissa) [12:03:53] how many people have read the do not track draft? seems it was about 30 (maybe more) [12:04:10] There are 3 authors. I'm not one of them, but they're not here [12:04:22] slide 2 [12:04:47] average web site has content from 7 different domains [12:05:16] (slide shows images of dogs from other domains than the big page, also ads) [12:05:33] slide 3 [12:06:28] Tracking: it's possible to track a user agent while getting page after page. [12:06:31] slide 4 [12:06:58] DNT = 1 means the user does not want to be tracked [12:07:22] slide 5 [12:07:49] Barry Leiba: should be yes or no, or track, no-track rather than 1 or zero. [12:07:57] MN: disagree [12:08:03] resnick leaves the room [12:08:17] Jim Galvin joins the room [12:08:35] yoav: why would anyone opt in? [12:08:57] weiber joins the room [12:09:14] resnick joins the room [12:09:34] Dave Crocker: should not be a double negative [12:10:16] Borrowing Ted's phrase, why not call it "Ravish: yes" or "Ravish: no" [12:10:25] What does "track" mean? [12:10:46] A few requirements for the user agent: [12:10:54] MAY include NET in any HTTP request [12:11:02] SHOULD have a user interface [12:11:07] i have the same question with yoav.nir [12:11:34] MAY default to no-preference or do-not-track [12:11:49] (the answer to my question was "don't know the use-case") [12:12:30] Third Party: a 3rd party is a functional entity with which the user does not expect to share data [12:12:47] (ad networks, analytics...) [12:13:07] note to Yngve about the possible need for a public suffix I-D :) [12:13:21] milan.sova joins the room [12:13:28] public suffix plus one domain name (PS+1) or PS+! authoritative name servers, or PS+1 of CNAME records [12:13:50] For example, ietf.org is a PS+1. [12:14:04] lel joins the room [12:14:33] Bjoern leaves the room [12:14:34] BL: mail.example.com , www.example.com are all the same PS+1, so it's OK to track between them [12:15:09] YP: I have a draft about this. [12:15:12] Yngve mentions https://datatracker.ietf.org/doc/draft-pettersen-subtld-structure/ at the mic [12:15:34] Alissa: yes, this is just to approximate the 3rd-party concept [12:15:40] Karen O'Donoghue joins the room [12:16:13] YP: if the browser sends according to navigation context, has to take it from somewhere. Alissa: we send in every request [12:16:22] Randall Gellens leaves the room [12:16:47] Peter Koch: the DNS community thinks (RFC 5507) that public suffix is a broken concept. [12:16:53] http://tools.ietf.org/html/rfc5507 [12:17:07] Alissa: that's a useful feedback. it's not normative [12:17:49] "Tracking" slide [12:18:01] Bjoern joins the room [12:18:06] Collection, retention, use of data related to the request and response [12:18:17] (broad based definition) [12:18:26] "Exceptions" slide [12:18:45] explicit user consent [12:18:56] 3rd party on behalf of 1st party [12:19:25] data unlinkage to a user or UA (aggregate data) [12:19:51] Bjoern leaves the room [12:19:53] resnick leaves the room [12:20:24] Single site logs: 2 weeks, for ad fraud: 1 month, for security or financial fraud: 6 months [12:21:07] JH: need to define 3rd party and tracking [12:21:28] Bill Smith: should be "any data" rather than "all data" [12:23:14] "Server requirements" slide [12:23:18] Randall Gellens joins the room [12:23:37] resnick joins the room [12:23:43] swb leaves the room: Disconnected. [12:23:53] swb joins the room [12:24:16] Server SHOULD echo request header if it is in compliance. [12:24:39] Time for questions [12:24:43] a lot on the mic [12:24:51] Karen O'Donoghue leaves the room [12:25:36] Stephen Farrel: How can we check the MUST NOT? Alissa: we hope to have public pressure and from privacy authority [12:26:32] Why would anyone send the server response [12:27:49] Dave Crocker: in favor of the goals, but need requirements to be very clear. [12:28:36] PSA: we didn't frame this presentation right. It's more an FYI. It's going to a W3C workshop at the end of April. This is not going to be a WG item any time soon. [12:29:09] DC: so what's the scope of discussion? [12:29:15] mans.jonasson joins the room [12:29:26] t.k leaves the room [12:29:32] Karen O'Donoghue joins the room [12:29:56] DC: when we do engineering in this topic, I hope it needs to become a work item. Social issues are going to bias against making this useful. [12:30:43] DC: we need rock-formal requirements, and we're far away from that. We need that to be able to engineer. The terms that are not well-defined need to be well defined based on how they're used. [12:30:51] Is the audio feed dead? I can't seem to get a working connection at http://ietf80streaming.dnsalias.net/ietf/ietf804.m3u [12:31:53] Melinda leaves the room [12:32:06] Mark: When the response depends on a request header you may have trouble with intermediary cache. [12:32:47] I don't like the "user agreed to be tracked" exception. [12:33:16] It gives a false sense of privacy. There's no hope for a technical solution like this. [12:33:32] Bjoern joins the room [12:35:14] Olaf: who in the picture cannot say it's the first party? That's part of the "3rd party" definition problem [12:35:45] : this forces the server to check the referrer header to check if it's a 1st party or 4rd [12:35:53] s/4rd/3rd/ [12:37:05] : the server has a new requirement to check this. You'll get less caching of results, which increases load on the server and on the proxy, especially if they currently don't track [12:38:04] PHB: knowing whether or not the server tracks is something I want to know beforehand, not after I've sent the request. [12:39:37] Thomas Roessler leaves the room [12:40:06] hannes: this is important to discuss, because regulators are interested in this. Might be included in national law. The technical aspects are important, but also to understand the requirements of regulators [12:41:06] swb leaves the room [12:41:08] Roy Fielding: should default to on. Hate the response header. My fear is that the focus on storing is flawed. The key is sharing the information far more than storing [12:41:44] Thomas: W3C workshop in late April. Some of you will be there. [12:42:04] Julian joins the room [12:42:30] Alissa: please read the draft. Also read draft-cooper-web... something like that. Please read that for the concepts [12:42:36] Thomas Roessler joins the room [12:43:43] notes: alyssa: do not track no action items ? [12:43:44] Next presentation: Frame Options. Tobias is doing it [12:43:52] mans.jonasson leaves the room [12:44:49] slide 2 [12:45:12] hardie joins the room [12:45:24] current some browsers support X-frame-options [12:45:35] options are deny or sameorigin [12:46:02] this content cannot be displayed in a frame (or iframe) or only if it's from the same origin [12:46:17] "origin" is not the same as in Adam's draft [12:46:26] slide 3 [12:46:53] example attacks with click-through [12:46:59] slide 5 [12:47:22] deny/sameorigin/allow-from: [12:47:31] Julian leaves the room: Computer went to sleep [12:47:51] slide 6 [12:48:39] Karen O'Donoghue leaves the room [12:49:28] slide 7 [12:50:26] martin.thomson leaves the room [12:50:37] martin.thomson joins the room [12:50:47] Jeff H volunteered to edit should this become a WG draft. Several volunteered to review [12:50:55] Back to the Agenda slides [12:51:04] slide 7: milestones [12:51:10] notes: frame-options, Tobias Gondrom asked for volunteers to review, and someone to take authorship, don't know who volunteered [12:51:32] martin.thomson leaves the room [12:51:54] The volunteer was JeffH [12:52:38] notes: CSP header looking for volunteer editors JeffH and Mark [12:52:55] lel leaves the room [12:53:17] (?) [12:53:41] Looking for volunteers to co-chair [12:54:06] Thomas Roessler leaves the room [12:54:11] notes: volunteers for co-chair? see PSA [12:54:17] sftcd leaves the room [12:54:37] bkihara.l leaves the room [12:54:39] Kepeng Li leaves the room [12:54:53] ogud leaves the room [12:55:03] =Jeff leaves the room [12:55:35] bkihara.l joins the room [12:55:39] Linyi Tian leaves the room [12:55:46] yoav.nir leaves the room [12:55:47] barryleiba leaves the room [12:56:18] pawal leaves the room [12:56:36] resnick leaves the room [12:56:40] bkihara.l leaves the room [12:57:12] g.e.montenegro leaves the room [12:58:31] tlyu leaves the room [12:58:53] Randall Gellens leaves the room [12:59:00] Satoru Kanno leaves the room [12:59:27] lef_jp leaves the room [13:00:53] ray leaves the room [13:00:53] milan.sova leaves the room [13:01:13] hardie leaves the room [13:06:23] Jim Galvin leaves the room [13:07:47] hardie joins the room [13:08:01] martin.thomson joins the room [13:08:05] hardie leaves the room [13:08:43] Karen O'Donoghue joins the room [13:09:26] Thomas Roessler joins the room [13:09:38] martin.thomson leaves the room [13:09:50] pawal joins the room [13:09:58] pawal leaves the room [13:12:55] martin.thomson joins the room [13:13:09] lef.jpn joins the room [13:13:34] bkihara.l joins the room [13:14:09] =Jeff joins the room [13:15:44] lef.jpn leaves the room [13:16:31] =Jeff leaves the room [13:17:04] Bjoern leaves the room [13:18:47] martin.thomson leaves the room [13:19:32] stpeter leaves the room [13:24:52] tony.l.hansen leaves the room [13:26:22] ogud joins the room [13:28:05] ogud leaves the room [13:28:20] tony.l.hansen joins the room [13:29:11] bkihara.l leaves the room [13:30:27] weiber leaves the room: offline [13:32:16] tony.l.hansen leaves the room [13:33:05] tony.l.hansen joins the room [13:34:36] tony.l.hansen leaves the room [13:35:16] Julian joins the room [13:35:32] tony.l.hansen joins the room [13:37:28] Randall Gellens joins the room [13:38:41] Julian leaves the room [13:39:48] bkihara.l joins the room [13:42:02] g.e.montenegro joins the room [13:42:51] g.e.montenegro leaves the room [13:43:34] tony.l.hansen leaves the room [13:47:04] Thomas Roessler leaves the room: Replaced by new connection [13:47:04] Thomas Roessler joins the room [13:47:37] Karen O'Donoghue leaves the room [13:47:54] Jim Galvin joins the room [13:49:14] Jim Galvin leaves the room [13:54:47] bkihara.l leaves the room [13:54:50] Thomas Roessler leaves the room [14:05:01] Karen O'Donoghue joins the room [14:26:46] Karen O'Donoghue leaves the room [14:34:54] Karen O'Donoghue joins the room [15:05:15] Randall Gellens leaves the room