See also: IRC log
<tlr> Scribe: stephenF
<tlr> http://www.w3.org/2007/01/02-wsc-minutes
tlr: minutes approval - approved
<tlr> RESOLVED: approved
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0074.html
tlr: go through action items
tlr: bunch of them closed if nothing said...
tlr: hal wanted 53,56 & 62 to be closed
<tlr> Hal asked by ail to close ACTION-56, that was done last time
tlr: 56 was done
<tlr> ACTION-53, ACTION-62 closed
<tlr> ACTION-65 closed
<Tyler> Are we speaking in hexadecimal this morning?
tlr: reminder about 0xf2f
<tlr> http://www.w3.org/2006/WSC/wiki/MeetingTaxisAndDinners
tlr:reminder that usable security workshop CFP position papers are due by jan 12
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0022
<tlr> http://www.w3.org/2006/WSC/wiki/NoteUseCases
<tlr> http://www.w3.org/2006/WSC/wiki/PadlockIconMisuse
tlr: summarises problem (see the wiki)
<tlr> http://www.w3.org/2006/WSC/wiki/NoteIndex
tlr: proposes moving to elsewhere in Note since
its less a use-case than something else
... maybe move to "problems with current stuff" section
<tlr> silence; agreement
Tyler: should I re-draft this as a use-case?
tlr: suggests leaving in descriptive mode
<tlr> http://www.w3.org/2006/WSC/wiki/SharedUserSystem
tlr: similar to last one
... once again, move to "stuff we deal with" section
... suggests tlr
... asks hal to suggest where to put this
hal: now thinking this is a bit far-out, happy
to rework
... if that's what's wanted
<Tyler> +1 on calling shared computers out of scope
tlr: maybe morph to use-case & say that its
out of scope or
... else extend out-of-scope section
<scribe> ACTION: hal to rework shared system use-case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action01]
<trackbot> Created ACTION-66 - Rework shared system use-case [on Hal Lockhart - due 2007-01-16].
Tyler: describes naming problem (e.g.
re-directing etc)
... can guess, but nice if could standardise this go get
... rid of heursitc
<tlr> http://www.w3.org/2006/WSC/wiki/MultipleCertificateIdentity
stephenF: bit worried about that
Tyler: explains...talking about matching on DNs
as not good enough
... take root etc. into account and maybe that works
hal: practical difficulties big, CAs do
different things
... might only get 30% solution, not 80%
Tyler: got 80% already!
PHB: worried also, not sure about ...
... naming vs. merges/splits etc.
... payflow? used to be vrsn now ebay
Tyler: not that level, has bank a/c with name1
for login server
... then 50 servers for transactions each with own DNS name
... but otherwise DNs are the same
... his widget spots that
PHB: not sure thats useful, his bank has no web
server
... all outsurced (hopefully not to vrsn:-)
... distinction between trustworthy or not
... prefres EVS certs as a basis for ok'ing linkage
... between differnt PKI based credentials
tlr: hearing debate, so in-scope, but maybe
we'll hit a wall
... later
Tyler: maybe I can demo
<tlr> ACTION: tyler to refine MultipleCertificateIdentity use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action02]
<trackbot> Created ACTION-67 - Refine MultipleCertificateIdentity use case [on Tyler Close - due 2007-01-16].
tlr: probably re-visit @ f2f
tlr: recent note
<tlr> http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0077.html
<Tyler> Stephen uses a self-signed cert for a small web site with about 10 users
<Tyler> Stephen would like some way of accurately presenting the security of this scenario
Tyler: also had device use-case (furnance)
... furnace/DSL modem etc small device with https:// on the appliance
... is a good thing, but self-signed for cost and...
... not knowing name in advance
tlr: says in-scope so to be looked at later
<tlr> ACTION: tyler to formalize furnace self-signed use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action03]
<trackbot> Created ACTION-68 - Formalize furnace self-signed use case [on Tyler Close - due 2007-01-16].
tlr: suggests keeping these use-cases separate
Stuart: asking whether users will verify
self-signed or whether
... users don't care about identity
tlr: says most interest is that its the same as
last time and
... so different from last time
stuart: says this is like ssh leap of faith
stephenF: yes it is
PHB: case to be made for encrypting by
default
... doesn't want to require authentication before
... allowing crypto
... prefers using crappy certs rather than nothing
tlr: is that a new use-case?
PHB: no new use case for now
tlr: another fresh use-case
http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0076.html
tlr: describes use-case
... suggests privileges/sandbox aspects out of scope.
... but where browser suggests to user an action that
...might violate TCB then that may be in-scope
hal: thorny issue maybe, recent debates
about
... plug-ins continue even after we agree what they
... do
... so what is malware?
tlr: agree there's philosophy here
<tlr> ... trying to frame malware as "it might subvert computing base" ...
tlr: want to keep good/bad out of discussion
... user has to allow/disallow actions that change TCB
... browser knows that its changing TCB
... should that action/question from browser be in-scope
... or not
Tyler: are we talking about standardising some
GUI so that
... browser will present something to user in this case?
tlr: trying to cover what interactions we deal with later, this is one
Rob: important scenario for users
... aveage users strugggle about what to allow/not
... important for us to tackle
hal: can anyone make that distinction?
... even up to code inspection
Rob: in black-box, maybe there's an engine browser can load (e.g. anti-virus)
hal: anti-phising toolbar and spyware
externally visible
... behaviour indistinguishable
tlr: what kind of informaiton is out there and
how can it be
... presented usably
... hal's question is a level too deep
hal: willing to go along to see what happens
stephenF: +1 to hal's ok
<tlr> PROPOSED: keep this use case in, as an interaction that we'll deal with
Tyler: easy to notice that an mp3 doesn't
affect tcb, whereas
... another one does
tlr: that's what I was thinking about
... proposes keeing in scope
<beltzner> I'm willing to discuss it more, but this sounds like it overlaps if what you're saying is: "help users understand where software is coming from?" but that seems to get into software signing
silence; agreement or snoozing
<tlr> silence
<beltzner> can we add "make hotel internet not suck" to our InScope list?
http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0067.html
but defer to later
http://www.w3.org/2006/WSC/wiki/NoteUseCases
tlr: this is on mez, suggest deferring
http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jan/0078
PHB: difference between following link and
typing URL
... if less-secure crypto in use then don't fool user
... into thinking it secure
... unless user has typed in e.g. https:// (maybe)
tlr: asks is this a use case?
silence aka ok-for-now
<scribe> ACTION: Hallam-Baker to draft differential use cases for security expectation vs. none [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action06]
<trackbot> Created ACTION-69 - Draft differential use cases for security expectation vs. none [on Phillip Hallam-Baker - due 2007-01-16].
http://www.w3.org/2006/WSC/wiki/NoteUrlTypo
tlr: other use-cases need discuission (some
anyway)
... any missing use-cases?
tlr: what interactions are we missing?
silence; uncertainty
<beltzner> do we think IM lure is sufficiently different from email lure?
<beltzner> (I don't think it is, but in the interest of being complete ...)
<beltzner> +1 to merging them as per stuart's suggestion
Stuart: merge into out-of-band lure?
tlr: will you make this more generic?
Stuart: sure
<tlr> ACTION: Stuart to propose generalization of email lure [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action07]
<trackbot> Created ACTION-70 - Propose generalization of email lure [on Stuart Schechter - due 2007-01-16].
tlr: I have a list...
... MITM (or something like it) detected
... or, what to do if cert looks odd
...another: TLS server proposes a new CA
... client accepts cert, wants more info about that
... user wants to check were a link leads, via status bar
... but what happens involves scripting
<scribe> ACTION: Farrell propose history related use-case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action09]
<trackbot> Created ACTION-71 - Propose history related use-case [on Stephen Farrell - due 2007-01-16].
Rob: scriptable areas in browser chrome can be used to deceive
<tlr> ACTION: roessler to track RobFranco proposing use cases to deal with scriptable areas [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action10]
<trackbot> Created ACTION-72 - Track RobFranco proposing use cases to deal with scriptable areas [on Thomas Roessler - due 2007-01-16].
users, tlr will propose action
tlr: wrap-up, mez back next week, more use-case discussion then
<Tyler> A reminder to everyone to get their text in by the 11th!
tlr: hal the next scribe stuckee
hal: I love doing that
<tlr> next meeting: 16 January, Hal to scribe, MEZ to chair
tlr: text for 11th Jan for 1st draft of note, do things today
bye
<tlr> ACTION: roessler to draft MITM use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action11]
<trackbot> Created ACTION-73 - Draft MITM use case [on Thomas Roessler - due 2007-01-16].
<tlr> ACTION: roessler to draft CA acceptance use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action12]
<trackbot> Created ACTION-74 - Draft CA acceptance use case [on Thomas Roessler - due 2007-01-16].
<tlr> ACTION: roessler to draft revisit security decisions use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action13]
<trackbot> Created ACTION-75 - Draft revisit security decisions use case [on Thomas Roessler - due 2007-01-16].
<tlr> ACTION: roessler to draft follow-a-link / status bar use case [recorded in http://www.w3.org/2007/01/09-wsc-minutes.html#action14]
<trackbot> Created ACTION-76 - Draft follow-a-link / status bar use case [on Thomas Roessler - due 2007-01-16].