16:48:26 RRSAgent has joined #tagmem 16:48:26 logging to http://www.w3.org/2008/04/10-tagmem-irc 16:48:35 Zakim has joined #tagmem 16:48:44 zakim, this will be tag 16:48:44 ok, Stuart; I see TAG_Weekly()1:00PM scheduled to start in 12 minutes 16:49:00 Meeting: TAG Weekly 16:49:08 Scribe: David Orchard 16:49:15 Chair: Stuart Williams 16:49:37 Agenda: http://www.w3.org/2001/tag/2008/04/10-agenda 16:55:57 noah has joined #tagmem 16:57:46 TAG_Weekly()1:00PM has now started 16:57:54 +??P7 16:57:57 zakim, ?? is me 16:57:57 +Stuart; got it 16:59:18 +Noah_Mendelsohn 17:00:05 zakim, who is here? 17:00:05 On the phone I see Stuart, Noah_Mendelsohn 17:00:06 On IRC I see noah, Zakim, RRSAgent, Stuart, DanC, Norm, ht, trackbot-ng 17:00:45 +DanC 17:01:10 +Norm 17:01:14 Ashok has joined #tagmem 17:02:31 +Ashok_Malhotra 17:02:33 when we get to tagSoup, help me remeber to bring up http://lists.w3.org/Archives/Public/public-html/2008Apr/0205.html Supporting MathML and SVG in text/html, and related topics " we actively want to make sure that 17:02:33 people can't willy nilly extend the language without coordination with 17:02:33 anyone interested in the development of the language" 17:02:47 + +1.617.538.aaaa 17:03:02 zakim, please call ht-781 17:03:02 ok, ht; the call is being made 17:03:04 +Ht 17:03:06 Zakim, aaaa is Jonathan 17:03:06 +Jonathan; got it 17:04:37 agenda + Convene 17:04:46 agenda + Issue XMLVersioning-41 (ISSUE-41) 17:04:53 agenda + Issue passwordsInTheClear-52 (ISSUE-52) 17:04:59 agenda + Issue tagSoupIntegration-54 (ISSUE-54) 17:05:05 agenda + Issue UrnsAndRegistries-50 (ISSUE-50) 17:05:26 scribenick: DanC 17:05:31 Zakim, take up item 1 17:05:31 agendum 1. "Convene" taken up [from DanC] 17:05:42 zakim, who is here? 17:05:42 On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht 17:05:45 On IRC I see Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng 17:05:46 Norm has joined #tagmem 17:06:07 -> http://www.w3.org/2001/tag/2008/04/03-minutes minutes 3 Apr 17:06:17 SKW: propose to approve 17:06:25 HT: minutes 3 Apr should show my regrets 17:07:01 RESOLVED: to approve, noting HT's regrets are recorded elsewhere 17:07:14 +Dave_Orchard 17:07:26 PROPOSED: to meet again 17 Apr, DanC to scribe, regrets Noah 17:07:51 regrets 24 apr from SKW, TBL, ... 17:08:04 SKW: propose to cancel 24 Apr tag meeting and meet again... 17:08:07 And me! 17:08:27 ... 1 May 17:08:34 NM: I offer to scribe 1 May 17:09:24 Zakim, next item 17:09:24 agendum 2. "Issue XMLVersioning-41 (ISSUE-41)" taken up [from DanC] 17:09:42 dorchard has joined #tagmem 17:10:08 action-16? 17:10:08 ACTION-16 -- David Orchard to incorporate the NVDL text into the findings. -- due 2008-05-15 -- OPEN 17:10:08 http://www.w3.org/2001/tag/group/track/actions/16 17:10:15 continues 17:10:28 action-38? 17:10:28 ACTION-38 -- Norman Walsh to review the XML part again -- due 2008-02-14 -- PENDINGREVIEW 17:10:28 http://www.w3.org/2001/tag/group/track/actions/38 17:10:44 zakim, mute me 17:10:44 Ht should now be muted 17:10:52 NDW: material there is outside my expertise 17:10:53 http://lists.w3.org/Archives/Public/www-tag/2008Feb/0080 17:10:58 close action-38 17:10:59 ACTION-38 review the XML part again closed 17:11:16 action-107? 17:11:16 ACTION-107 -- Dan Connolly to review compatibility-strategies section 3 (soon) and 5 for May/Bristol -- due 2008-05-15 -- OPEN 17:11:16 http://www.w3.org/2001/tag/group/track/actions/107 17:12:17 current draft is 28 March 17:12:21 action 107 continues 17:12:42 action-108? 17:12:42 ACTION-108 -- Ashok Malhotra to review compatibility-strategies section 2, 4 a week after DO signals review -- due 2008-04-04 -- OPEN 17:12:42 http://www.w3.org/2001/tag/group/track/actions/108 17:12:54 AM: yes, started, still expect to do it 17:13:05 Regrets+ Raman 17:13:27 SKW: Raman's review is at risk 17:13:33 scribe: dorchard 17:13:38 scribenick: dorchard 17:15:29 DO: the 28 Mar draft incorporates comments to that point; since then, Marc D. has sent a bunch of detailed comments 17:15:37 Norm has joined #tagmem 17:16:34 close action-111 17:16:34 ACTION-111 Revise version of compatibility strategies document by next telecon (13 march) closed 17:16:41 action-112? 17:16:41 ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-04-04 -- OPEN 17:16:41 http://www.w3.org/2001/tag/group/track/actions/112 17:19:15 action-112? 17:19:15 ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-05-15 -- OPEN 17:19:15 http://www.w3.org/2001/tag/group/track/actions/112 17:19:21 Noah signs up for later date.. 17:20:06 raman/danc brought up css versioning 17:20:40 -> http://lists.w3.org/Archives/Public/www-tag/2008Apr/0035.html CSS versioning: exemplary? exceptional? 17:22:35 discussion about what was the interesting issue.. 17:22:51 -> http://lists.w3.org/Archives/Public/public-xhtml2/2008Mar/0008.html [css3-namespace] Last call comments from XHTML2 WG 17:23:06 noah: features are being introduced where the difference is greater than it was.. 17:23:25 (quite a long thread in http://lists.w3.org/Archives/Public/public-xhtml2/2008Mar/thread.html ) 17:23:57 I also said that CSS was highlighted as an example of a language in which 1) there is no explicit version marker and 2) there is a default interpretation in earlier versions of features that become explicit later (I think that's right) 17:24:27 yes, noah, I think David Baron makes that point pretty well 17:25:01 q? 17:25:04 Then, as you said Dave: until now, as new features introduced have in some sense represented "modest" changes, whereas now a version is contemplated in which some of the new features will be in some sense "more incompatible" than would have been common before. 17:25:14 zakim, who's here? 17:25:14 On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht (muted), Dave_Orchard 17:25:17 On IRC I see Norm, dorchard, Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng 17:25:33 trackbot-ng, status 17:26:15 action: David to ask raman what he thinks should be done wrt css versioning 17:26:15 Created ACTION-133 - Ask raman what he thinks should be done wrt css versioning [on David Orchard - due 2008-04-17]. 17:26:17 ( 17:26:17 From: Dominique Hazael-Massieux 17:26:17 To: w3c-tools 17:26:17 Subject: Tracker nicks can now be edited on the Web 17:26:17 Date: Tue, 18 Mar 2008 16:41:47 +0100 (10:41 CDT) 17:26:25 http://www.w3.org/2005/MWI/BPWG/Group/track/users 17:26:25 ) 17:27:12 topic: passwords in the clear 52 17:27:20 +TimBL 17:27:55 Dave posted summary of responses. 17:28:45 q? 17:29:04 q+ to talk about some security sometimes being better than none 17:32:21 discussion about how digest is actually done including nonces... 17:32:45 ack noah 17:32:45 noah, you wanted to talk about some security sometimes being better than none 17:33:57 noah: what about the security where it's just a server under a desk.. 17:34:31 danc: their point is that is training people to do the wrong thing.. 17:34:41 noah: so I need to buy a cert? 17:34:52 danc: no, self-signed certs don't cost 17:34:54 OK 17:35:44 -Jonathan 17:37:00 q+ to note wikipedia on digest as a representation of popular understanding http://en.wikipedia.org/wiki/Digest_access_authentication 17:37:33 action: david to ask security context about the exact breakage of digest 17:37:33 Created ACTION-134 - Ask security context about the exact breakage of digest [on David Orchard - due 2008-04-17]. 17:39:11 Hal Lockhart -- BEA Security expert 17:39:26 should I say MUST not or SHOULD not send passwords in the clear? 17:40:33 I think the differenence between MUST NOT and SHOULD NOT isn't that significant; I think SHOULD NOT is ok, but let's not celebrate the exceptions 17:40:53 timbl_ has joined #tagmem 17:41:24 must works for me, in the sense of "must for you to comply with this" 17:41:42 If you don't want to conform then on your head be it 17:41:42 http://lists.w3.org/Archives/Public/public-usable-authentication/2008Feb/0002.html 17:42:14 zakim, unmute me 17:42:14 Ht should no longer be muted 17:42:22 q+ to say we could try again 17:42:37 The counter arguement such as it is comes/came from John Cowan in a thread based at: http://lists.w3.org/Archives/Public/www-tag/2006Nov/0085 17:43:06 Always use SSL or some equivalent security - there is no provision 17:43:06 in web browsers that allows passwords to be exchanged securely 17:43:06 without SSL. Not even hashing. 17:43:42 true, "never acceptable" is pretty much synonymous with MUST NOT; then the question is: is this guy the only relevant constituency? 17:45:23 I guess MUST is simpler; I'd only go with SHOULD NOT if we didn't celebrate the exceptions at all. 17:45:48 noah: you could do SHOULD NOT then say note: the exceptional cases are truly exceptional.. 17:46:42 q+ 17:46:46 "2119" doesn't occur in http://www.w3.org/2001/tag/doc/passwordsInTheClear-52 17:46:52 ack danc 17:46:52 DanC, you wanted to note wikipedia on digest as a representation of popular understanding http://en.wikipedia.org/wiki/Digest_access_authentication 17:46:54 noah: you could say "we use rfc 2119 terminology, when we say must that means how to establish security on the web". 17:48:07 ack ht 17:48:07 ht, you wanted to say we could try again 17:48:26 ack ashok 17:49:01 ht, ashok like must not 17:49:18 stuart calls the question. 17:50:10 (tone? why ask about the tone? I think the proposal is clearer in terms of words) 17:50:14 stuart: do people approve a change in the tone of the finding to be a must not exchange passwords in the clear as well as saying it's a MUST to be secure.. 17:50:24 Proposed: The document should say that passwords in the clear MUST not be used. 17:50:53 +1 17:50:59 +1 17:51:06 +1 17:51:10 +1 17:51:15 Zakim, tally votes 17:51:15 I don't understand 'tally votes', timbl_ 17:51:15 +1 17:51:22 you will, zakim, you will 17:51:40 +1 17:51:49 +1 17:52:04 +1 17:52:21 Please capitalize NOT 17:52:32 action: david to make the change to passwords MUST NOT be sent in the clear 17:52:32 Created ACTION-135 - Make the change to passwords MUST NOT be sent in the clear [on David Orchard - due 2008-04-17]. 17:56:20 "Digest authentication is widely acknowledged to be the best available Internet standard for this purpose. " -- http://www.eweek.com/c/a/Past-Reviews/IE-Apache-Clash-on-Web-Standard/ 17:56:34 (I'd like to understand the problems with digest better, but I'm not sure the community should wait for me to get clued in, so perhaps silence about digest is best.) 17:56:44 That purpose being? 17:57:45 q? 17:58:16 (PHB at least has come around from the "it has to be perfectly secure before we deploy anything" POV.) 17:58:26 I just got dropped -- the traditional you lose after one hour bug 17:58:32 zakim, disconnect me 17:58:32 Ht is being disconnected 17:58:33 -Ht 17:58:46 zakim, please call ht-781 17:58:46 ok, ht; the call is being made 17:58:48 +Ht 17:59:40 http://lists.w3.org/Archives/Public/public-usable-authentication/2008Feb/0004.html 18:00:19 Finally, I think you should also warn about incorrect use of SSL/TLS, 18:00:19 specifically the incorrect method, still applied (at least by default) 18:00:19 in several major sites, of sending unprotected login forms, and 18:00:19 invoking SSL/TLS only upon submission, to encrypt the password - 18:00:52 (the drupal community seems to see digest support as a goal http://drupal.org/node/160202 . they seem to be weighing dev costs without any reference to security deficiencies.) 18:01:13 consensus to do the warning SSL/TLS.. 18:02:08 "or developers who want to build truly interoperable secure Web applications, the only available option is to encrypt all data between a Web client and server using SSL (Secure Sockets Layer) and to fall back to basic authentication. This is a secure option, but digest authentication is a valuable middle ground between almost no security (what unencrypted basic authentication provides) and complete SSL encryption, with its considerable CPU overhead, more complex 18:03:14 Zakim, next item 18:03:14 agendum 3. "Issue passwordsInTheClear-52 (ISSUE-52)" taken up [from DanC] 18:03:19 Zakim, close item 3 18:03:19 agendum 3, Issue passwordsInTheClear-52 (ISSUE-52), closed 18:03:20 I see 2 items remaining on the agenda; the next one is 18:03:21 Zakim, next item 18:03:21 4. Issue tagSoupIntegration-54 (ISSUE-54) [from DanC] 18:03:22 ibid. 18:03:23 agendum 4. "Issue tagSoupIntegration-54 (ISSUE-54)" taken up [from DanC] 18:03:25 action-7? 18:03:25 ACTION-7 -- Dan Connolly to work with Olivier and Tim to draft a position regarding extensibility of HTML and the role of the validator for consideration by the TAG -- due 2008-03-14 -- OPEN 18:03:25 http://www.w3.org/2001/tag/group/track/actions/7 18:04:16 http://www.w3.org/2001/tag/2008/04/10-agenda 18:04:37 http://lists.w3.org/Archives/Member/tag/2008Apr/0013 18:05:44 discussion about Noah's action 131 18:06:29 ("Stuart's P1 proposal" is frustratingly obscure; we're talking about AIRA/HTML integration comments) 18:07:18 "TAG acceptance of a compromise on this occasion should not be regarded as establishing a precident. Several factors contribute to it being workable: that the WGs involved happen to be active at the same time; that the WG with responsibility for the host language is not having to consider a lot of extension request at the same time; that the ARIA extensions are entirely attribute based - more general element based extensions with more complex content models present 18:07:45 -Noah_Mendelsohn 18:08:22 +1 18:08:27 stuart: would the tag find it useful to add the paragraph just posted to Noah's email? 18:09:10 s/precident/precedent/ 18:09:39 I don't agree with "we also suggest 18:09:39 that the right medium term answer is for uniform treatment of names and 18:09:39 values with colons to be specified for HTML." 18:10:32 -- http://lists.w3.org/Archives/Member/tag/2008Apr/0013 18:11:59 So Dan... your suggesting removal of that sentence? 18:12:12 'we also suggest that the right medium term answer is for uniform treatment of names and 18:12:13 values with colons to be specified for HTML" I agree has been asserted to be incompatibale with old browsers 18:12:14 http://lists.w3.org/Archives/Public/public-cdf/2008Apr/0000.html 18:12:33 which is werird when colon was supposed to be a name char 18:12:52 I might rather just abstain, Stuart. the reason I don't agree is that I think it's a premature conclusion, without looking at enough of the options and state-of-the-art 18:13:00 q+ to say that we should point out the damage that here is evident from eht lack of namespaces in HTML 18:13:10 Tim Berners-Lee said: The idea of using SVG without XML is horrifying." 18:13:21 q+ timbl to suggest teh TAG seriously take on looking at simplifying namepsces 18:13:30 from http://annevankesteren.nl/2008/04/html5-foreign 18:13:52 q? 18:13:57 HST notes that NM has left the call. . . 18:14:08 HST has to leave in the next minute or two 18:15:06 I agree -- +1 to HT and DaveO 18:15:56 q+ 18:16:13 ack Danc 18:16:19 henry: I've never liked the aria proposal.. 18:17:00 danc: I've been told this a deliverable that has nothing to do with HTML.. 18:17:03 I agree with Henry 18:17:34 where's the request from PF that has such urgency? I'm confused by recent communications from the PF chair, Al Gilman 18:17:36 timbl: this could be a deliverable for xhtml, but then say "this can be used with languages like html" 18:18:13 http://lists.w3.org/Archives/Public/www-tag/2008Apr/0006.html 18:19:00 stuart: they may be encouraging people to use the no namespace approach 18:19:00 "First: we need to be clearer about what the deal is as regards the time sequence of the following two milestones: ... " writes Al G. in http://lists.w3.org/Archives/Public/public-html/2008Apr/0192.html 18:20:04 ... where no namespace approach equals aria- 18:20:22 henry: needs to go, prefer to wait 1 week noting noah's absence as well. 18:20:22 -Ht 18:20:45 I acknowledge that next week is a hard deadline for getting feedback decided on 18:25:38 trackbot-ng, status 18:25:39 trackbot-ng, status 18:25:56 action: Dan to liaise with michael cooper on their expectations of the TAG 18:25:56 Created ACTION-136 - Liaise with michael cooper on their expectations of the TAG [on Dan Connolly - due 2008-04-17]. 18:29:08 Norm has joined #tagmem 18:29:59 meeting adjourned 18:30:07 zakim, please generate minutes 18:30:07 I don't understand 'please generate minutes', dorchard 18:30:25 rrsagent, make logs public 18:30:32 rrsagent, generate minutes 18:30:32 I have made the request to generate http://www.w3.org/2008/04/10-tagmem-minutes.html dorchard 18:30:40 Not I, alas 18:30:48 Not I, alas 18:30:50 -Ashok_Malhotra 18:32:50 RRSAgent, bye 18:32:50 I see 4 open action items saved in http://www.w3.org/2008/04/10-tagmem-actions.rdf : 18:32:50 ACTION: David to ask raman what he thinks should be done wrt css versioning [1] 18:32:50 recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-26-15 18:32:50 ACTION: david to ask security context about the exact breakage of digest [2] 18:32:50 recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-37-33 18:32:50 ACTION: david to make the change to passwords MUST NOT be sent in the clear [3] 18:32:50 recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-52-32 18:32:50 ACTION: Dan to liaise with michael cooper on their expectations of the TAG [4] 18:32:50 recorded in http://www.w3.org/2008/04/10-tagmem-irc#T18-25-56