- Wednesday, March 25, 2020

[17:32:59] sfuerst joins the room
[18:21:02] jmagallanes leaves the room
[18:48:16] Pete Resnick joins the room
[18:53:33] jmagallanes joins the room
[18:54:45] jmfmckay@sure.im joins the room
[18:55:01] jmfmckay@sure.im leaves the room
[19:26:50] sfuerst leaves the room: Connection failed: connection closed
[19:26:54] sfuerst joins the room
[19:41:30] lellel joins the room
[19:41:42] Jeffrey Yasskin joins the room
[19:42:31] lellel leaves the room
[19:44:07] Ted.h joins the room
[19:49:12] Cindy Morgan joins the room
[19:50:29] msk joins the room
[19:51:58] teirdes joins the room
[19:52:15] Barry Leiba joins the room
[19:52:26] tale joins the room
[19:54:44] pwu joins the room
[19:54:48] lpardue joins the room
[19:54:56] francesca joins the room
[19:54:57] chi.jiun.su joins the room
[19:55:06] Dave Cramer joins the room
[19:55:14] Atarashi Yoshifumi joins the room
[19:55:34] Magnus Westerlund joins the room
[19:55:39] Vittorio Bertola joins the room
[19:55:44] xp29srs joins the room
[19:56:07] <Ted.h> Jabber folks: if you need something relayed and are having mic issues, please put it here in Jabber with "MIC" in front, and I'll relay it.
[19:56:08] tfpauly joins the room
[19:56:11] lellel joins the room
[19:56:21] Alissa Cooper joins the room
[19:56:52] <lpardue> can someone port the etherpad/bluesheet links please?
[19:56:57] Greg Wood joins the room
[19:57:08] <lpardue> post*
[19:57:15] <lellel> Yes please
[19:57:28] <Ted.h> https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[19:57:32] Nick Sullivan joins the room
[19:57:58] m&m joins the room
[19:58:19] <lpardue> thanks Ted!
[19:58:29] wseltzer joins the room
[19:58:40] Martin Thomson joins the room
[19:58:44] Alexey Melnikov joins the room
[19:59:10] adam joins the room
[19:59:29] <Ted.h> We could hear you, Warren.
[19:59:42] spencerdawkins joins the room
[19:59:46] Warren Kumari joins the room
[20:00:13] wseltzer leaves the room: Stream reset by peer
[20:00:41] Samuel Weiler joins the room
[20:00:45] <pwu> is it silent, or is it just me?
[20:00:52] <Ted.h> Silent.
[20:01:04] <pwu> working
[20:01:09] <msk> Expect a couple of minutes delay.
[20:01:21] Jonathan Lennox joins the room
[20:01:36] <tfpauly> It’s you =)
[20:01:45] <lpardue> they disappeared for me too
[20:01:54] york@jabber.isoc.org joins the room
[20:01:55] afrind joins the room
[20:01:57] Mirja joins the room
[20:02:07] jimsch1 joins the room
[20:02:10] wseltzer joins the room
[20:02:34] joehall joins the room
[20:02:36] martin.duke joins the room
[20:02:37] <wseltzer> is anyone else finding webex connects only about half the time?
[20:02:52] <Ted.h> They are under very heavy load.
[20:03:06] <Ted.h> Especially for auth servers at the top of the hour.
[20:03:07] <lellel> I haven’t had an issue -
[20:03:23] Kathleen joins the room
[20:03:42] metricamerica joins the room
[20:04:05] <Cindy Morgan> @wseltzer, if you're having audio issues, we have some info and workarounds here: https://mailarchive.ietf.org/arch/msg/ietf-announce/VzZaKrNA5rsjRGGQfQxKgBx4f0g/
[20:04:27] alxdavids joins the room
[20:05:01] watson17 joins the room
[20:05:07] <wseltzer> thanks @Cindy
[20:05:08] joshco joins the room
[20:05:19] mnot joins the room
[20:05:42] <mnot> Did Sean just say 'heck'? Tsk, tsk.
[20:05:47] James Gruessing joins the room
[20:06:11] <msk> LANGUAGE
[20:06:22] <Martin Thomson> So the layout of the browser interface is different than in past days.  Odd.
[20:06:27] <Ted.h> @MSK Shades of Steve Rodgers
[20:06:31] <adam> Warren Kumari: https://assets.amuniversal.com/723cee809fb4012f2fe600163e41dd5b
[20:06:33] <Warren Kumari> <shamebox>
[20:06:42] <msk> @Ted.h: I got that reference.
[20:06:43] Ben Schwartz joins the room
[20:06:51] James Gruessing leaves the room
[20:06:56] <Jeffrey Yasskin> And I think it's not focusing the person who's talking.
[20:07:01] James Gruessing joins the room
[20:07:22] <mnot> I believe it's pronounced "murican"
[20:07:44] camplina joins the room
[20:08:02] ekr@jabber.org joins the room
[20:08:17] <ekr@jabber.org> Sean said "what the f"
[20:08:23] camplina leaves the room
[20:08:26] <Warren Kumari> For some reason typing ' y'all ' always provides me with giggles...
[20:09:00] Andrew Campling joins the room
[20:09:02] Wes Hardaker joins the room
[20:09:06] <pwu> https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:09:08] <tale > https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:09:09] <york@jabber.isoc.org> https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:09:10] <joehall> ty
[20:09:12] <joehall> lol
[20:09:17] <Ted.h> Note well as spoken word poem?
[20:09:23] Rich Salz joins the room
[20:09:26] <Jonathan Lennox> They even all picked the same URL, amazing
[20:09:26] <joehall> do eit!
[20:09:26] <york@jabber.isoc.org> Interpretive dance
[20:09:30] <msk> Shakespearean English, plz.
[20:09:32] <Pete Resnick> Do a three-way handshake: SYN by calling the person's name, the person at the mic SYN-ACKs, and the chair ACKs. Repeat SYN twice and move on.
[20:09:46] <Jonathan Lennox> An thou hast the property intellectual…
[20:09:55] <wseltzer> webex in webex, nice
[20:09:59] <msk> Nice
[20:10:02] <msk> Dost thou ...
[20:10:09] <Ted.h> We did it in Hawaiian once, at an RTCWEB meeting.
[20:10:20] Kazunori Fujiwara joins the room
[20:10:21] <Wes Hardaker> @pete: but can you translate that to QUIC too please?
[20:10:22] <msk> snazzy
[20:10:26] <Rich Salz> Do it as a rap.
[20:10:28] <Ted.h> (Hawaiian pidgin, mind, not the actual polynesian language)
[20:10:35] <tale > 0 rtt, just start talking
[20:10:37] <Warren Kumari> Yo Dawg, I heard you like Webex, so I put some webex in your webex… ?
[20:10:48] <lpardue> +q or q+, that is the question
[20:10:51] york@jabber.isoc.org leaves the room
[20:10:53] <msk> The Note Well via memes
[20:11:03] dkg joins the room
[20:11:05] <Pete Resnick> @wes: No….no I can't.
[20:11:07] Dan York joins the room
[20:11:10] <msk> Oh man.
[20:11:11] <Jeffrey Yasskin> There was much rejoicing!
[20:11:14] <Rich Salz> Yo everything you say is on the record / These are the rules, don't be messin
[20:11:58] <Warren Kumari> Perhaps someone should have packaged the slides?! (see what I did there? see?!)
[20:11:58] <Samuel Weiler> I can't see the slides (rtc version)
[20:12:08] <Samuel Weiler> grrrr
[20:12:16] Mike Bishop joins the room
[20:12:18] hta joins the room
[20:12:19] <Jonathan Lennox> I think the Note Well would be mostly the Drake Hotline Bling meme
[20:12:25] <dkg> i can haz link to etherpad pls
[20:12:39] <hta> https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:12:43] wseltzer has set the subject to: WPACK https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:12:44] <dkg> hta: thx
[20:12:49] <Warren Kumari> https://etherpad.ietf.org:9009/p/notes-ietf-107-wpack?useMonospaceFont=true
[20:13:00] <pwu> I can try to take minutes
[20:13:04] <lpardue> never gonna: use my video, unmute my mic, skip the queue, or minute for you
[20:13:12] <pwu> (Peter Wu)
[20:13:27] <Dan York> @pwu - I can try to help
[20:13:29] ssahib joins the room
[20:14:18] rwilton joins the room
[20:15:16] dschinazi joins the room
[20:15:22] <Jonathan Lennox> I'm hearing this audio very choppy - are others?
[20:15:33] <Andrew Campling> Okay for me
[20:15:36] <dschinazi> Audio sounds pretty good to me
[20:15:45] <tale > audio is clear here
[20:15:45] <msk> occasionally choppy here too
[20:15:47] <Magnus Westerlund> I have occassional chops
[20:15:47] StephenBotzko joins the room
[20:15:47] <Jonathan Lennox> Probably my end then
[20:16:04] <hta> Clear in Norway
[20:16:20] armfazh joins the room
[20:16:22] <adam> Good audio here -- Texas, AT&T.
[20:17:02] <Martin Thomson> Jeffrey is loud and clear in the antipodes.
[20:17:23] <wseltzer> and in the pods
[20:17:44] <Dave Cramer> and the highlands
[20:17:51] <msk> xkcd bonus points
[20:18:04] <Martin Thomson> no points for knowing that one, sorry
[20:18:13] <Martin Thomson> though some cred for knowing the number without looking it up
[20:18:24] <tale > xkcd 927 is zero bonus points at this point, too easy
[20:18:28] <msk> so the slide should just say "xkcd 927"
[20:18:30] <lpardue> are XKCD numbers higher than RFC?
[20:18:41] <ekr@jabber.org> Is the claim that these are actually properties, or that they are desirable properties
[20:18:45] <dkg> no way, we've got decades on randall
[20:18:51] <mnot> is it an archival series?
[20:18:54] <Jonathan Lennox> Don't be mean, I think xkcd 1053 applies to xkcd 927.
[20:19:07] <Ted.h> @ekr  "Things we're trying to do""
[20:19:13] <msk> I suspect he's describing what his draft is proposing
[20:19:40] <Pete Resnick> I believe I heard someone (JL?) refer to "an XKCD 927" as a noun smoothly in the middle of a sentence yesterday.
[20:22:39] <ekr@jabber.org> How does random access intersect with integrity
[20:23:24] <ekr@jabber.org> like, you can't use a resource until you have checked the integrity
[20:23:33] <Martin Thomson> Jeffrey and I have been discussing that.  You can build a hash tree to support some of that.
[20:23:42] <ekr@jabber.org> OK, so this doesn't have that?
[20:23:46] <Martin Thomson> Or just a hash table.
[20:24:10] <Martin Thomson> I think that Jeffrey has something like that in the format, but I don't know exactly how it fits from memory.
[20:24:13] <Jonathan Lennox> I think calling it a "hash table" may be a poor choice of terminology. :-)
[20:24:23] <Martin Thomson> Yes, hash table is not ideal.
[20:25:21] <ekr@jabber.org> Just looking at this again, I'm not seeing much sign that it has random access with integirty
[20:25:45] <Martin Thomson> Yeah, that might be something that is missing in the specs.
[20:26:57] Rohit Abhishek joins the room
[20:28:10] <watson17> what do we mean by integrity? whole thing, or should i be able to easily look inside the pieces?
[20:28:10] <jimsch1> MT: Is this a real tree or just chained?
[20:28:28] <Martin Thomson> the current thing is chained, so you have to process the entire prefix
[20:28:43] <Martin Thomson> but now I'm not sure whether Jeffrey has per-resource integrity, or integrity across the entire bundle
[20:28:53] <ekr@jabber.org> OIC!
[20:28:55] <ekr@jabber.org> Thaat made sense
[20:29:23] <James Gruessing> Martin: I think the aim is both?
[20:29:23] <Ben Schwartz> Is this a merkel tree or a linked hash list?
[20:29:25] <ekr@jabber.org> It was kinda unclear
[20:29:42] <jimsch1> Yould code presumably have a prefix tree with hash information about individual items
[20:29:43] <Martin Thomson> it's an asymmetric merkle tree currently, but that probably isn't ideal
[20:29:45] <dkg> i think you have both
[20:30:01] msk joins the room
[20:30:11] <Pete Resnick> content negotiation (http) == multipart/alternative (email) ??
[20:30:29] <mnot> Sean, there seems to be a lot of noise on your mic
[20:30:29] msk leaves the room
[20:30:33] <Jeffrey Yasskin> Pete: I think that's right.
[20:30:35] <Jonathan Lennox> For very loose definitions of "==", yes
[20:30:36] <Ted.h> Way back in the conneg days we built a bunch of mechanics around multiple representations at a single URL and then discovered people just didn't do it.  Do they do it now, using accept headers?
[20:31:13] <mnot> It is getting more use, yes — especially with Client Hints
[20:31:14] <tale > lol as if multipart/alternative wasn't a giant bowl of poo in email
[20:31:21] <tale > soooooo many senders do it wrong
[20:31:32] <mnot> This Isn't Email
[20:31:42] <tale > praise be
[20:32:17] <msk> @Pete Resnick: That's exactly where my head was at.
[20:32:28] <spencerdawkins> I'm starting a BOF request for GBOP. I don't care what it does, as long as it uses that name ...
[20:32:32] dragana joins the room
[20:32:52] <pwu> Can someone help checking whether I paraphrased the q&a correctly in the Etherpad?
[20:32:53] lellel leaves the room
[20:33:01] <mnot> And Push worked out so well...
[20:33:01] <adam> I would expect that we wouldn't literally re-use MIME multipart. It would been oddly incongruous to have a well-indexed package format that then forces you into byte scanning for the last step.
[20:33:12] <lpardue> I'm co-ed on the HTTP Digest update doc that is trying to clarify that integrity digests vary by content-encoding of the representation
[20:33:27] <msk> adam: Same, but it's the right analogy, I think, for luddites like myself. :)
[20:34:06] <ekr@jabber.org> I don't want to get back in the queue, but I think that if you want it to be in the cache, then clearly everything in the bundle needs a URL
[20:34:29] <dkg> multipart/alternative doesn't just have syntactic and handling issues -- it has a lot of vagueness in the underlying semantics that make it difficult for senders to know how to generate correctly (esp when mixing with other multipart parts)
[20:34:40] <dkg> </offtopic>
[20:34:59] <Martin Thomson> I think that conneg here might be a feature we can afford to lose.  Just putting that out there.
[20:35:15] <msk> …or add later?
[20:35:32] <Martin Thomson> Deferring is the coward's way out, but sure.
[20:35:35] <spencerdawkins> I think I'm +1 ekr on URLs
[20:35:47] <Ted.h> @ekr Agree that this is much easier if they each have a URL.  You could make them relative URLs, but I don't personally see much of a win doing that.
[20:36:03] <watson17> Do we need to capture the HTTP exchange, or can we have a tarball/zip and address within it?
[20:36:08] <dkg> compression?  not a big win for sure.
[20:36:11] <Jonathan Lennox> Deferring it sounds very fraught to me - it's totally not clear to me what the backward compatibility story is for extensions here.
[20:36:15] <msk> Just don't want to preclude it if we change our minds later.
[20:36:20] <ekr@jabber.org> I feel like the easiest way to handle the authority issues, at least when things are fetched over HTTPS, is that if you fetch a bundle from https://example.com/foo/bar that everything in the bundle has url https://example.com/foo/bar/<something>
[20:36:25] <mnot> WRT conneg - does "lose" it mean "lose the ability to have multiple representations for a URL" or "lose the ability to assure that the one representation matches a request"
[20:36:41] <Martin Thomson> Whether things have an identity that is derived from the https:// namespace or not is different than having an identity
[20:37:10] <Martin Thomson> mnot: lose the ability to have multiple representations for a single resource
[20:37:17] <Ted.h> @ekr  What does that mean in a peer-to-peer exchange?
[20:37:18] <mnot> I'm ok with that
[20:37:38] <spencerdawkins> I was thinking that you could fill a cache for a bunch of URLs with one GET, and then use the cache for all the stuff in the bundle. Is that wrong?
[20:37:44] <ekr@jabber.org> Ted.h: well, the whole P2P exchange is pretty contested
[20:37:48] <Jonathan Lennox> You can still have multiple resources and have javascript (or whatever) choose which one to load, I presume.
[20:37:53] <ekr@jabber.org> As I think MT's presentation suggests
[20:38:10] <ekr@jabber.org> but it would be <whatever the origin of the bundle is>/<stuff>
[20:38:13] <wseltzer> continuity is at odds with archival, it seems
[20:38:29] <dkg> spencerdawkins: seems like you'd have to set some parameters about what the request headers were too, though
[20:38:37] <mnot> I do wonder how well this is going to work with multiple implementations; if one request doesn't match, that's a hole
[20:38:39] <Martin Thomson> wseltzer: it would seem so, yes
[20:38:43] <Ted.h> @ekr  Well, as one of the advocates for it, it's probably unsurprising that eliminating it is not my preference.
[20:39:08] <adam> Martin: Are you sure about that? For some content, it's not that important. But I've seen arguments that new video and image formats can be safely rolled out on the web specifically because conneg allows for it.
[20:39:12] <spencerdawkins> @dkg - thanks for the clue
[20:39:16] hardaker joins the room
[20:39:18] <ekr@jabber.org> @ted.h: I don't propose to relitigate our disagreement on this topic over jabber, but I don't think that it's really that relevant to this URL question
[20:39:39] <dkg> if i request my GET for https://example.com/foo/bar with some parameters, then when i reference https://example.com/foo/bar/whereever those params ought to at least be related (if not identical)
[20:39:44] <Ted.h> @ekr It' relevant for the authority question, given the exchanges Martin and I had on the list.
[20:40:00] <ekr@jabber.org> Ted.h: well, maybe
[20:40:12] <Martin Thomson> I apologize for not having followed up while I was sleeping, Ted.h :)
[20:40:23] kaduk@jabber.org/barnowl joins the room
[20:40:23] <adam> Slacker
[20:40:39] <Andrew Campling> Sleep is for wimps
[20:40:39] <Ted.h> I would tell you you were in my dreams, but I
[20:40:49] <Ted.h> m afraid it would make things weird between us.
[20:40:58] <hta> Isn't the revoked content issue kind of similar to the problem of staleness in CDNs?
[20:41:14] <ekr@jabber.org> similar but much much worse
[20:41:28] <dkg> yeah, except that the origin has a contractual relationship with their CDN
[20:41:39] <Pete Resnick> Why a standardized particular number of days instead of an embedded TTL?
[20:42:01] <dkg> maybe they're being footgun-averse
[20:42:11] <Ted.h> @Pete people make very odd TTL choices at times.  Like ïnfinite"or "0""
[20:42:30] <Pete Resnick> Yeah, I suppose.
[20:43:08] <Pete Resnick> But 7 days seems likely to be the wrong number more often than not.
[20:43:16] nemo joins the room
[20:44:45] <kaduk@jabber.org/barnowl> I joined late, but did anyone note that talking about "bundle
protocol" is a namespace collision with the DTN bundle protocol?
[20:44:49] brong joins the room
[20:45:00] <Dan York> @kaduk - No, no one mentioned that.
[20:45:01] <joehall> ïnfinite would definitely be odd
[20:45:01] <ekr@jabber.org> Perhaps the IESG should have fixed that on chartering :)
[20:45:17] <adam> Well, "WPACK" is kind of a collision with "WEBPACK" so it's on brand.
[20:45:30] Glen (AMS IT) joins the room
[20:45:38] <spencerdawkins> I am hearing "web bundling" and "bundling" used interchangeably in these presentations
[20:46:18] <kaduk@jabber.org/barnowl> Interestingly, hearing MT talk about "the web" causes me to realize
that I was totally not thinking of WPACK as limited to "the web" when
we were looking at charters, and was imagining non-browser use cases.
[20:46:18] tale leaves the room
[20:46:42] Glen (AMS IT) leaves the room
[20:46:43] <Mirja> @ben I think you are one of the few people who have read the bundle protocol spec recently
[20:46:44] <adam> kaduk@jabber.org/barnowl: Like kind of a "zip but better"?
[20:47:03] <Magnus Westerlund> The charter is a description of scope, not what they should name things ;-).
[20:47:03] <kaduk@jabber.org/barnowl> @Mirja ouch
[20:47:10] <Jeffrey Yasskin> spencerdawkins / kaduk: I've been assuming the web in a lot of the design, but I think a format like this is likely to be useful elsewhere too.
[20:47:12] <kaduk@jabber.org/barnowl> @adam exactly
[20:47:46] lellel joins the room
[20:47:52] <dkg> the web context makes the whole thing much much harder
[20:48:10] <dkg> without the web context it really is just adam's "zip++" construction
[20:48:21] <ekr@jabber.org> It seems like most of these things are inherent in any distributable bundle doodad
[20:48:23] <adam> kaduk@jabber.org/barnowl: Ah. There are some web-specific requrements to be met here that are going to push this to be much more than simply a general purpose archive.
[20:48:47] tim costello joins the room
[20:49:14] <kaduk@jabber.org/barnowl> I mean, people (ab?)use the web pki for all sorts of non-browser
stuff, and it's not clear how much of that falls within or without the
boundary of "the web"
[20:49:21] <Dan York> @dkg - I agree… but the web context is one of the primary use cases
[20:49:27] <Jeffrey Yasskin> kaduk: The DTN spec is on my list to read and hasn't yet managed to bubble to the top. I'd love to re-use bits if they're useful in this context.
[20:49:35] <dkg> "web pki" started as a generic pki
[20:49:40] <dkg> this is going the other way around
[20:50:26] <kaduk@jabber.org/barnowl> Jeffrey: DTN has a ~pluggable security layer, but the existing one is
pretty legacy and not something I would promote for this usage.
[20:50:28] StephenBotzko leaves the room
[20:50:29] StephenBotzko joins the room
[20:50:43] <kaduk@jabber.org/barnowl> DTN bundle protocol itself is elegant in some ways
[20:50:57] tale joins the room
[20:51:04] <dkg> Dan York: i'm not saying we should throw out the web context.  i'm saying the web context is the reason we're doing this work.
[20:51:09] <Jeffrey Yasskin> kaduk: And the whole idea of "pluggable" security seems to be an anti-pattern these days. But if we can re-use protocol bits, great.
[20:51:15] <spencerdawkins> @kaduk - I was thinking about using this in DTN, not the other way around.
[20:51:18] <Jeffrey Yasskin> dkg++
[20:51:18] <Jonathan Lennox> Web Packaging is indeed delay-tolerant networking if you look at it right…
[20:51:41] <msk> "ni"
[20:51:47] Wes Hardaker leaves the room: Disconnected: closed
[20:51:57] <kaduk@jabber.org/barnowl> Sir msk: *recoils in fear*
[20:51:59] <Dan York> @dkg - Ahh, understood.
[20:52:35] <dkg> what does he mean by "a challenge" ?
[20:53:00] <Magnus Westerlund> @Lennox, Yes, but DTN is more an IP layer for delay tolerant networking, while this is an application protocol.
[20:53:10] <Pete Resnick> @dkg: Does he mean "nonce"?
[20:53:56] <kaduk@jabber.org/barnowl> I see a challenge is being a nonce along with the question "do you
accept this?"
[20:54:23] <Jeffrey Yasskin> dkg: In the draft, the challenge is hash(hash(content)), and the reply is hash(content), to prove the server isn't just blindly accepting all content.
[20:57:09] <Ted.h> If you had this + signed exchanges, this turns into a fancy etag, for determining your content is stale.  For an unsigned bundles, it is a way of promoting it into a "signed state".  I think, in other words, this is pretty useful, but it doesn't replace the signature capability, which is still needed to allow the merge use cases via peer-to-peer transfer.
[20:58:53] <lellel> So merge vs revision/ version control - yes?
[20:59:43] <Dan York> The challenge mechanism - section 5 / 5.1 - https://tools.ietf.org/html/draft-thomson-wpack-content-origin-00#section-5
[21:00:08] Olaf Kolkman joins the room
[21:02:01] <Dave Cramer> My dream is to replace PDF with bundles for many use cases
[21:02:33] <dkg> instead of saying "can you hear me?", say "hi this is $myname".
[21:02:49] <kaduk@jabber.org/barnowl> dkg: you read my mind
[21:02:58] <dkg> then whoever is saying "yes, we can hear you" can say "hi, $yourname"
[21:03:05] <tale > dkg has acquired scary new psionic powers
[21:03:13] <Warren Kumari> … and then everyone says "Hello, $yourname" ?
[21:03:17] <kaduk@jabber.org/barnowl> A voice-authenticated three-way handshake, as it were
[21:03:24] <dkg> Warren Kumari: exactly 😛
[21:03:26] <tale > "I've been sober for three hours."
[21:03:29] <msk> I got a recruiter email addressed to "Dear $firstname,".
[21:03:33] <msk> I felt special.
[21:03:35] <adam> My name is SYN/ACK
[21:03:36] <Pete Resnick> I'm glad mnot is doing this. I was too chicken to ask in fear I would lose the thread.
[21:03:37] <Ted.h> @tale sorry to hear it.
[21:04:06] <msk> "fear".  that's all.
[21:04:48] <Pete Resnick> Ben says, "ACK? We don't need no stinkin' ACK! This is our ACK!"
[21:05:07] <ekr@jabber.org> It seems like MT's version has clearer caching properties
[21:05:23] <ekr@jabber.org> @adam: I thought your name was "Adam; DROP TABLES"
[21:06:37] <hta> what's part of the state in a "state transfer"?
[21:06:55] <tale > recognition by other member states
[21:06:56] <kaduk@jabber.org/barnowl> You can accumulate local state by interacting with the bundle's
content
[21:07:48] <hta> I'm a javascript API designer (this week). I've got lots of state inside the browser. Does it move over?
[21:07:58] <ekr@jabber.org> that's the idea here
[21:08:07] <hta> Peerconnections move?
[21:08:11] <kaduk@jabber.org/barnowl> "hence the claims about it being nontrivial"
[21:08:11] <hta> without closing?
[21:08:48] carrickdb@jabber.hot-chilli.net joins the room
[21:09:17] <Mike Bishop> I think the idea is that there isn't really a "move" such as the recognition that the package origin and the web origin are equivalent.  You continue running the bundle content unless you actively refresh to the new content.
[21:09:50] <kaduk@jabber.org/barnowl> Sure, but you've got bookkeeping to do, and the risk of deconfliction,
etc.
[21:10:14] <Mike Bishop> No doubt.  Devil's in the details.
[21:10:22] Olaf Kolkman leaves the room
[21:10:36] martin.duke leaves the room
[21:10:39] Olaf Kolkman joins the room
[21:10:39] martin.duke joins the room
[21:11:04] <Jeffrey Yasskin> I think there are lots of options for the developer experience with a content-origin + adoption. We'll have to pick the right set of tradeoffs.
[21:11:19] <ekr@jabber.org> I don't see why MT's design doesn't address the continuity of state issue. And I really don't see why mine doesn't.
[21:11:50] <Jeffrey Yasskin> ekr@jabber.org: I think (and will say in the next presentation) that adding signatures into MT's design is a very plausible way to handle updates.
[21:12:07] <ekr@jabber.org> Yeah, I think MT's thing clearly doesn't handle updates
[21:12:20] <ekr@jabber.org> As far as I can tell, it's not possible to handle updates offline w/o some kind of signature
[21:13:08] <mnot> It's not just "the internet is withdrawn", it's "I need to get content through someone else."
[21:14:17] <Ted.h> Apologies for taking so long.
[21:14:20] <Dan York> Or … "the Internet is only occasionally available"… as in caching with satellite downloads
[21:14:30] <adam> Wasn't really that long
[21:14:37] <Martin Thomson> That was a crucial point to discuss Ted.h, so it was time well spent.
[21:14:40] <Jeffrey Yasskin> I've been warned about solving too many use cases with one WG. ;-)
[21:15:30] <Ted.h> @Jeffrey hoist by my own petard....
[21:15:59] <Martin Thomson> ++Jeffrey
[21:16:21] <lpardue> draw your own venn diagram
[21:16:24] <Andrew Campling> "Getting content through someone else" could be abused, especially if it morphed into anonymous content distribution
[21:16:56] <Martin Thomson> Andrew Campling: I believe that this is an explicit goal in some cases.
[21:17:29] <Andrew Campling> Yes - it needs very careful thought
[21:17:32] <adam> "Anti-censorship" was, IIRC, on the use cases slide when we discussed this in person
[21:18:53] <Andrew Campling> Stating the obvious perhaps but this would be badly abused
[21:18:54] <Martin Thomson> For the record, I think that we should mint a new URI scheme for this that is NOT ni
[21:19:20] <kaduk@jabber.org/barnowl> Of cousre
[21:19:26] <kaduk@jabber.org/barnowl> *course
[21:19:42] <Jonathan Lennox> icky-icky-icky-icky-kapang-zoop-boing:
[21:20:18] <lpardue> bun://
[21:22:55] Larry joins the room
[21:23:20] <Larry> showing URLs is broken for International Domain Names and spoofing
[21:24:01] <Jeffrey Yasskin> dkg attempts his own protocol … and doesn't receive the ACK.
[21:24:08] <adam> Larry: Yeah, a lot of what is meant when talking about "URL bar" really focuses on displaying the origin nowadays.
[21:24:52] <ekr@jabber.org> I propose that in the pre-transfer case, we just show  ¯\_(ツ)_/¯
[21:25:16] <Martin Thomson> That was my initial thought
[21:25:16] <msk> ekr++
[21:25:52] <Ted.h> Why not just show "offline" in that case?
[21:26:00] <Larry> need better security indicators
[21:26:03] <Jeffrey Yasskin> estark's research: https://www.usenix.org/conference/enigma2019/presentation/stark
[21:26:15] <adam> Ted.h: That's kind of orthogonal to what this is meant to represent, though
[21:26:19] <lellel> K-12 students are still taught to look at them...
[21:26:20] <Ted.h> @Jeffrey thanks
[21:26:26] <Jeffrey Yasskin> "The URLephant in the Room"
[21:26:33] <Mike Bishop> I'd probably lean toward showing "Origin as of (datetime)"
[21:26:36] <carrickdb@jabber.hot-chilli.net> lellel: ! I didn't know they were ever taught that
[21:26:43] <Jeffrey Yasskin> Mike Bishop: That is very plausible.
[21:26:45] <Larry> i think signed PDFs are an interesting model to follow: you get a bundle of resources from someone publishing that
[21:26:50] <kaduk@jabber.org/barnowl> Rather apropos:
https://krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/
[21:26:58] <watson17> but PDFs have nothing to do with anything outside of them
[21:27:06] <Ben Schwartz> I would have it say "(Offline)", after a few seconds of animated blankness for a grace period during the lookup
[21:27:09] <ekr@jabber.org> BTW, I do think there is *yet another* design that you could use, in which the content origin contains a hash of a signature key that you then use to sign the next version
[21:27:11] <Jeffrey Yasskin> Mike Bishop: I think that proposal came up for pure signed exchanges too.
[21:27:13] <lellel> Part of media lit
[21:27:14] <msk> what carrickdb said
[21:27:21] <ekr@jabber.org> But I think that's just another way of spelling the named by signing key verison
[21:27:23] <James Gruessing> Mike: Assuming the client’s clock isn’t skewed, which is too common
[21:27:43] <Larry> what about using strong ETAGs for bundled components
[21:27:43] <hta> I use the URL bar to copy/paste when I need to tell someone else about what I'm viewing
[21:28:07] <ekr@jabber.org> @hta: well, that is going to be a dumpster fire no matter what
[21:28:17] <watson17> clock skew roughtime can deal with
[21:28:30] <dkg> Mike Bishop: ++
[21:29:00] <lellel> From:example.com@2:30on3/2420
[21:29:00] <ekr@jabber.org> OK, I have a really bad idea for MT's thing. Let people assert origins and show the origin as "http://<claimed-origin>/" (NOT https). What could go wrong!
[21:29:05] <kaduk@jabber.org/barnowl> clock skew reminds me that NTS is in the RFC Editor queue, which is
really exciting
[21:29:18] <Martin Thomson> ekr@jabber.org: I did consider that  :)
[21:29:27] <Jonathan Lennox> Make it htt://, take yet another letter off the end
[21:29:30] <watson17> @ekr: it's a really common workflow. this is not a butterfly situation (xkcd.com/1172/)
[21:29:32] <Martin Thomson> it's not entirely a bad idea
[21:29:32] <kaduk@jabber.org/barnowl> ekr: why http:// and not some other random scheme?
[21:29:33] <ekr@jabber.org> @mt: I am so proud
[21:29:34] <adam> Define a new "maybe" URL scheme
[21:29:46] <adam> maybe://cnn.com/...
[21:29:47] <ekr@jabber.org> @watson17: oh, I agree, i just mean it's going to be a dumpster fire
[21:29:48] <dkg> Jonathan Lennox: i think it's htp:// (because we're not doing the "transfer")
[21:30:15] <ekr@jabber.org> @kaduk: because if users see "wtf://<example.com>" they will be confused :)
[21:30:27] msk leaves the room
[21:30:29] Dan York leaves the room
[21:30:30] martin.duke leaves the room
[21:30:30] Dave Cramer leaves the room
[21:30:34] francesca leaves the room
[21:30:38] Mike Bishop leaves the room
[21:30:39] <kaduk@jabber.org/barnowl> But are they wrong to be confused? ;)
[21:30:39] <ekr@jabber.org> worth noting that Chrome doesn't show the scheme now
[21:30:42] <ekr@jabber.org> unless you click on it
[21:30:43] Mirja leaves the room
[21:30:48] <kaduk@jabber.org/barnowl> We're all confused here, still, no?
[21:30:48] ekr@jabber.org leaves the room
[21:30:50] joehall leaves the room
[21:30:56] Andrew Campling leaves the room
[21:30:59] Vittorio Bertola leaves the room
[21:31:05] Jonathan Lennox leaves the room
[21:31:06] sfuerst leaves the room
[21:31:10] <dkg> firefox doesn't show the scheme either ☹
[21:31:15] carrickdb@jabber.hot-chilli.net leaves the room
[21:31:21] Magnus Westerlund leaves the room
[21:31:37] Barry Leiba leaves the room
[21:31:38] lellel leaves the room
[21:31:38] <dkg> i was unhappy about the way the scheme is routinely ignored, until i realized we could use that as an excuse to claim that scheme-less URLs are https, not http
[21:31:50] <adam> dkg: Which one?
[21:31:54] ekr@jabber.org joins the room
[21:32:04] <wseltzer> in chrome you can install the "malicious URL reporter" and never report, to show the scheme by default again
[21:32:07] <ekr@jabber.org> Firefox Descktop shows the scheme
[21:32:16] Atarashi Yoshifumi leaves the room
[21:32:24] xp29srs leaves the room
[21:32:28] <dkg> i'm just saying, ads in newspapers and on buses say "visit banana.com"
[21:32:30] metricamerica leaves the room
[21:32:31] <dkg> which used to annoy me
[21:32:34] <ekr@jabber.org> @dkg: are you using the version of Firefox that google puts out?
[21:32:35] Warren Kumari leaves the room
[21:32:38] <dkg> because it didn't say "https://banana.com"
[21:32:51] Pete Resnick leaves the room
[21:32:54] <adam> And gopher://banana.com usually didn't work.
[21:32:57] <dkg> and browsers default to "http://banana.com" instead
[21:33:02] Olaf Kolkman leaves the room
[21:33:09] <Martin Thomson> We've been talking about defaulting to https://
[21:33:10] <Larry> with idn you need a lot of complex logic to avoid showing confusables
[21:33:14] <Martin Thomson> For ages
[21:33:14] <dkg> Martin Thomson: that's what i'm saying
[21:33:19] spencerdawkins leaves the room
[21:33:21] <dkg> i've been pushing that on bugzilla a bit too
[21:33:30] <Martin Thomson> But that has a decent chance of happening now.  We just need someone to push it.
[21:33:39] <dkg> ekr@jabber.org: i try to not use anything that ships directly from google
[21:33:40] <lpardue> banana.com is a cool website btw
[21:33:46] <James Gruessing> Which someone is needed to push it, Martin?
[21:33:55] <Larry> i think it's an issue on whatwg/url i'll look it up
[21:33:55] joshco leaves the room
[21:34:00] <Martin Thomson> lpardue: SSL_ERROR_BAD_CERT_DOMAIN
[21:34:19] <dkg> lpardue: wtf is going on there
[21:34:29] <lpardue> I dunno but it looks cool
[21:34:34] <Martin Thomson> James Gruessing: probably someone here at Mozilla, sadly
[21:34:55] <Martin Thomson> But I guess you could write the patches.  it's the fallback from https:// to http:// that will be tricky to do
[21:35:14] alxdavids leaves the room
[21:35:20] rwilton leaves the room
[21:35:26] <lpardue> they are building an army of robot polar bear spying equipment?
[21:35:42] <dkg> https://bugzilla.mozilla.org/show_bug.cgi?id=487943
[21:36:12] <James Gruessing> And the doing the necessary politics to convince the other browser vendors? I’m not attune to how those complicated relationships work...
[21:36:33] <dkg> hm, no, that's not it
[21:36:50] <dschinazi> The other browser vendors aren't that far away...
[21:37:22] jimsch1 leaves the room
[21:37:43] Alissa Cooper leaves the room
[21:37:57] <dkg> https://bugzilla.mozilla.org/show_bug.cgi?id=1158191
[21:38:07] <dkg> James Gruessing: ↑
[21:38:38] <Larry> https://github.com/whatwg/url/pull/434#discussion_r268485401
[21:38:48] hardaker leaves the room
[21:39:24] Kazunori Fujiwara leaves the room
[21:39:44] pwu leaves the room
[21:39:45] <Larry> This commit expands the URL rendering section to contain some of the
non-Chrome-specific guidelines from Chromium's URL display guidelines
(https://chromium.googlesource.com/chromium/src/+/master/docs/security/url_display_guidelines/url_display_guidelines.md).
The guidance is geared towards URLs that are rendered primarily in a
context in which a user is making a security decision.

The advice is separated into 3 sections: simplifying URLs to prevent
spoofing and confusion, eliding in space-constrained displays, and
i18n/bidi/special characters.
[21:39:59] <Martin Thomson> That was me: it's crows
[21:40:06] tfpauly leaves the room
[21:40:11] <Jeffrey Yasskin> I've been poking estark's team to default to https too.  They're certainly not opposed.
[21:41:44] Rich Salz leaves the room
[21:42:29] mnot leaves the room
[21:43:23] teirdes leaves the room
[21:43:26] <adam> Jeffrey Yasskin: I mean, we've all been tacking in this direction for a while; cf. https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
[21:44:51] <James Gruessing> Perhaps if there’s something specific I can do to help push this default along, besides +1ing on tickets/issues?
[21:49:25] tim costello leaves the room
[21:49:30] tim costello joins the room
[21:59:52] tim costello leaves the room
[22:00:59] jmagallanes leaves the room
[22:07:50] tim costello joins the room
[22:07:53] m&m leaves the room: Disconnected: Replaced by new connection
[22:07:54] m&m joins the room
[22:11:56] tim costello leaves the room
[22:11:59] Cindy Morgan leaves the room
[22:11:59] tim costello joins the room
[22:12:11] tim costello leaves the room
[22:12:15] tim costello joins the room
[22:12:26] tim costello leaves the room
[22:12:29] tim costello joins the room
[22:17:32] watson17 leaves the room
[22:17:33] armfazh leaves the room: Connection failed: connection closed
[22:17:33] armfazh joins the room
[22:20:23] Nick Sullivan leaves the room
[22:37:45] tim costello leaves the room
[22:37:55] tim costello joins the room
[22:37:58] tim costello leaves the room
[22:44:49] Jeffrey Yasskin leaves the room
[22:45:31] m&m leaves the room
[22:48:44] Ted.h leaves the room
[22:48:49] tim costello joins the room
[22:49:03] tim costello leaves the room
[22:49:11] tim costello joins the room
[22:51:02] hta leaves the room
[22:54:51] Greg Wood leaves the room
[22:54:56] armfazh leaves the room
[22:55:55] Rohit Abhishek leaves the room
[22:56:03] dschinazi leaves the room
[23:00:57] dragana leaves the room: Disconnected: closed
[23:01:48] tim costello leaves the room
[23:06:04] adam leaves the room
[23:17:02] tim costello joins the room
[23:19:10] Ted.h joins the room
[23:20:14] <Ted.h> Adding for the logs:  upthread I made a joke about sobriety that was inappropriate.  I apologize for the thoughtlessness.
[23:27:18] tim costello leaves the room
[23:27:26] tim costello joins the room
[23:30:21] jmagallanes joins the room
[23:30:50] jmagallanes leaves the room
[23:32:54] Martin Thomson leaves the room
[23:33:08] tim costello leaves the room
[23:33:17] tim costello joins the room
[23:41:34] ekr@jabber.org leaves the room
[23:41:55] tim costello leaves the room
[23:42:36] dkg leaves the room
[23:48:17] tim costello joins the room
[23:49:14] tim costello leaves the room
[23:49:18] tim costello joins the room
[23:54:23] nemo joins the room
[23:55:03] nemo leaves the room