TedH convened the meeting and thanked DanC for serving as scribe.
We reviewed actions from the 14 Oct minutes
ACTION hardie: to confirm location of published IESG procedures for registration of mime types from standards organizations. CONTINUES
Ted: there has been some sticking
due to issues with AVT. W3C side procedures as written up by MJD
are still okay.
... Freed, Klensin have split the MIME part
4 replacement doc, and that has slowed progress.
ACTION MJDuerst: Get Massimo to contact Ted Hardie about P3P header registry. CONTINUES.
Ted: pls have Massimo cc Scott H., as I'll be out, and there's some transition
MJDuerst: roger
MJDuerst: thanks for reviewing
the press release, Ted.
... and thanks for expediting the spec in the RFC editor
queue
<hardie> thanks should go to the IESG for that; I only forwarded Roy's request
MJDuerst: I think Roy Fielding was asking for the RFC to come out in time to be cited from the W3C webarch spec, which didn't happen, but that's fine; there are plenty of other specs that can cite the new URI and IRI RFCs
MJDuerst: while I'm happy that the
spec went out quickly, some of the RFC editor's changes went
beyond format/editorial
... we were able to get it
straigtened out but I wonder if it's typical for the RFC editor to
take that much license in editing in the late stages
Leslie: we're collecting issues
with the RFC publication process
... we've put some attention on the RFC editor budget, for
example
TedH: the editor is trying to
edit for consistency among the RFC series, which is a tough
judgement call
... training new staff is tricky.
TimBL: it seemed to me that having more than one person editing was a cause of problems; At W3C, the webmaster just gives instructions to the document editors, who makes the change. I suggest something like that
Leslie: yes, it's tricky
DanC: Henry Thomson (HT) was curious about work on RFC3023-bis work by Chris L and Murata Makoto
MJDuerst: I think HT can just ask Chris
TedH: we have an XML directorate xml-dir@ietf.org . If they should know about this, feel free to contact them.
<MJDuerst> I suspect the draft has fallen off the 6-months, checking some more
Ted: Cyrus Daboo and RL 'Bob' Morgan have requested a BOF on calsify for the March IETF.
DanC: calconnect consortium includes Mozilla, OSAF, .edus, oracle; they met in Seattle. I wasn't available to attend, but I asked a colleague, Matt May, to go. Their literature says "we don't do standards" but they have a task force on defining periodic meeting. Looks like it will feed into an IETF WG; just wanted to confirm.
TedH: The work in CALSCH dwindles because of a change in approach; the original approach focused on smart servers and thin clients, but the market went towards using vanilla data stores of calendar objects and putting the logic in the clients. For the new work, the IESG is looking to ensure that there is enough energy to complete in a reasonable time.
TimBL: it looked to me like calconnect was convened to do interop testing. The "yellow flag" issue is that the test suite becomes the standard, in practice.
DanC: no urgent needs just now; I may come to MN IETF; the executive director of calconnect, Dave Thewlis, is visiting W3C/MIT 22 Feb 2005
MJDuerst: so... where are we?
TedH: 3066bis control IANA
registry for langauge tags. Last call comments were
sufficiently critical that to just keep using the IETF main
list wasn't likely to succeed...
... so we're inclined to charter a short-term WG with 2
deliverables: (a) IANA instructions, ...
... (b) a matching algorithm spec.
... the matching algorithms have been the subject of quite a
bit of discussion
... there's a space of matching algorithms; the goal is not to
choose one but to describe several
... for reference by other specs
... IANA instructions targetted for, say, May; matching
algorithm expected to take a bit longer
... meanwhile there's a backlog of pending registrations
... which we'll probably process concurrent with this new
work
<MJDuerst> MJD: HTTP, CSS and XSLT at least have leading-subtags matching (language range)
MJD: do you expect a BOF in MN? chair candidates?
Ted: no plans for a BOF in MN; plan to charter the WG without a BOF, with a first review by the IESG on 17 Feb. ... we have one chair candidate, Randy Presuhn who has experience in network management and spec editing; we're interested in a co-chair.
Martin: on lang tags, new list for technical work? or same list?
TedH: new list for technical work. hosted by secretariat
MJD: W3C I18N Core WG, iri mailing list are looking at IRI testing...
MJD: at the prompting of the W3C TAG, the IRI Candidate Rec has an exit criterion regarding IRI testing
MJD: I'm not concerned with the level of implementation experience, but the goal is to collect test materials
TedH: I see file: URI stuff...
there's a file: URI scheme draft in my queue. I suggest you
contact Paul H. to discuss
... there are sufficient problems with file: that replacing it
with something else is under consideration
<scribe> ACTION: MJD to contact Paul H re file: URI scheme draft and IRIs
MJD: I'll do that, but the test
you see, Ted, isn't really about file: URIs as about [something
with apache file serving]
... there are also some issues/problems with mailto: and IRIs
[?]
TedH: I expect some schemes to be designed for use as IRIs to start; I think it would be useful to replace file: with something like that, though it would be challenging
TimBL: I thought the architecture was that IRIs are convertable to URIs... so file2: identifiers will map to URIs per the IRI spec as a matter of course, right?
several: yes.
MJD: imap: is an example of something designed for use with IRIs from the beginning.
MJD: I'm taking on a tenured
faculty position at Aoyama Gakuin University, so my time in W3C
comes to an end in March.
... we haven't figured out who replaces me in the IETF/W3C
liaison capacity
TedH: congrats.
DanC: Spam came up in two ways at the recent W3C membership meeting: In the "act locally" sense, W3C runs hundreds of mailing lists, and the spam problem means we have about 1 full person dedicated to
dealing with spam (improving system,...); in the "think globally" sense, our T&S domain, in particular Danny
Weitzner (domain lead) is thinking about relationship between
technology and society, related to crime issues,...
... in a follow-up teleconference our system administrators and
those from several large member organizations talked about our own
expeirences, and then we discussed W3C's role in this area. I told
them what I know about IETF work (MARID); Danny and others
described the antiPhishing WG, ...
The plan to see what happens with experiental RFCs after closing
the MARID WG is not filling our members with confidence. Several
of our members are willing to get on planes etc. to help. I wonder
if there are any new plans or anything W3C could do to help.
TedH: MARID drafts on IETF telechat agenda last time/next time, we still plan to publish as Experimental... work on MASS (Unifying Yahoo domain keys with IIM Identified Internet Mail) moving on ... ... Also, we met with US. federal regulators, to provide input.
TedH: I'm afraid people are
expecting technical solutions to problems -- problems like
organized crime -- that can only be solved by social
mechanisms.
... there are standards
to authenticate e-mail ...
... these aren't used,
people are looking for quick fixes instead ...
... This is an indication that
level of pain for using those tools too high ...
... lots of issues
looked at are short-term, attack spamming
avenue of the day; experience teaches
that spamming community faster to react than standards
community ...
... Are user and ops
communities willing to take up significant amount of work?
...
... Is the W3C user community
feeling that W3C should do something because IETF doesn't?
DanC: That's the risk, yes.
TimBL: I just talked to DJW; he gave me a message from our membership to pass on:
This is urgent and economic problem for really large
companies. There is a huge amount of
effort that could be spent if it was directed. If you take a large
company, they know the resources they waste. If there was a
clear direction on what to do, they may quite well do that.
... doing Public Key
Crypto isn't just about PGP or S/MIME ...
...
hardie: ... but you have to put up an entire PKI.
hardie: There is a fundamental
architecture issue
... e-mail is
any-to-any mesh ...
... attempts to stop
spam attack work against
this architecture, while the spammers are working with the architecture, exploiting it ...
... Is any-to-any mesh
for e-mail dead? ... Are we moving to a system
that requires you get a token before you can talk to someone?
...
... If we go there, we
lose tremendously important part of net's early architecture
...
TimBL: A lot of systems use
whitelists and blacklists of various sorts; addressing forgery would be major step
...
... yes, the rule that anyone
can send e-mail to anyone for free is gone ...
... if people want to
keep that design goal, we have a problem
Leslie: You're overlooking a vast array
of e-mail installations that are out there ...
... there's another approach, "do
something new" ... IM is there --
several standards ...
... and Maybe you haven't seen all that goes on in
IETF.
<hardie> The reputation server issue, for example, makes it very difficult for 3rd world countries to participate
Timbl: Yes, of course there is a lot
of IETF work that I am not aware of; I am just passing on pain our
members are feeling.
... people are
desperate, willing to change things ...
hardie: Desperate
enough to dump insecure systems?
... zombie networks
... insecure OSs,
insecure boxen cause large amounts of computing power being
available to criminals ...
ISPs
firewalling zombies, but not attacking root of problem.
TimBL: Perhaps... the energy is
coming from large corporate users.
... if we could enable end users to
solve problem without ISP ...
DanC: I gather, via PHB, that the banking industry has invested billions in online banking; they can see the day when consumers don't trust it.
Leslie: That's phishing, not spam. Phishing not uniquely tied to spam.
<leslie> pharming is the new term for faking out domains for the same purposes as phishing
hardie: Lots of social engineering about who someone is associated to.
leslie: They are desperate enough. Challenge is to come up with a fix, not 15000 fixes, not the wrong fix.
hardie: We have been clear in MARID,
MASS that we're not trying to solve
whole spam problem ...
... these are tools to stop
particular kind of impersonation ...
... spammer can
register mumblefred.net and send mail from there at their
heart's content ...
... but can't pretend
to be ebay ...
... we can solve these things,
acknowledge that we don't solve spam, but keep e-mail as
any-to-any mesh ...
... but if we give up
on any-to-any-mesh, then what's the new messaging system that's
the equivalent to first-class mail?
martin: of course MARID isn't the whole solution, but it's an important building block, and taking it off the standards track might discourage other work.
DanC: Two years ago, when I started looking at SPF, I dismissed anything that used crypto as "too hard". But domainkeys and iim, which use crypto, are maturing; perhaps crypto-based solutions aren't as hard to deploy as I thought, in comparison.
hardie: cryptographic
things aren't quite as hard as they might otherwise be.
... still, pressure on
DNS to become more secure service ...
... but trust issues around the root zone are tricky
danc: Is spam likely to come up at IETF plenary sessions?
hardie: yes
July 31-Aug 5, 2005 upcoming IETF meetings
<DanC> I'm busy 8-10 Jun 2005 for a TAG meeting...
<DanC> 5-7 June 2005, Mandelieu, France is the W3C AC meeting
RESOLUTION: to meet next 16 Jun 2005 at 5:30pm Boston time, DanC to chair, i.e. confirm at T-7days
all bid fare well to Martin.
ADJOURN.