IRC log of tagmem on 2008-04-10

Timestamps are in UTC.

16:48:26 [RRSAgent]: RRSAgent has joined #tagmem
16:48:26 [RRSAgent]: logging to http://www.w3.org/2008/04/10-tagmem-irc
16:48:35 [Zakim]: Zakim has joined #tagmem
16:48:44 [Stuart]: zakim, this will be tag
16:48:44 [Zakim]: ok, Stuart; I see TAG_Weekly()1:00PM scheduled to start in 12 minutes
16:49:00 [Stuart]: Meeting: TAG Weekly
16:49:08 [Stuart]: Scribe: David Orchard
16:49:15 [Stuart]: Chair: Stuart Williams
16:49:37 [Stuart]: Agenda: http://www.w3.org/2001/tag/2008/04/10-agenda
16:55:57 [noah]: noah has joined #tagmem
16:57:46 [Zakim]: TAG_Weekly()1:00PM has now started
16:57:54 [Zakim]: +??P7
16:57:57 [Stuart]: zakim, ?? is me
16:57:57 [Zakim]: +Stuart; got it
16:59:18 [Zakim]: +Noah_Mendelsohn
17:00:05 [noah]: zakim, who is here?
17:00:05 [Zakim]: On the phone I see Stuart, Noah_Mendelsohn
17:00:06 [Zakim]: On IRC I see noah, Zakim, RRSAgent, Stuart, DanC, Norm, ht, trackbot-ng
17:00:45 [Zakim]: +DanC
17:01:10 [Zakim]: +Norm
17:01:14 [Ashok]: Ashok has joined #tagmem
17:02:31 [Zakim]: +Ashok_Malhotra
17:02:33 [DanC]: when we get to tagSoup, help me remeber to bring up http://lists.w3.org/Archives/Public/public-html/2008Apr/0205.html Supporting MathML and SVG in text/html, and related topics " we actively want to make sure that
17:02:33 [DanC]: people can't willy nilly extend the language without coordination with
17:02:33 [DanC]: anyone interested in the development of the language"
17:02:47 [Zakim]: + +1.617.538.aaaa
17:03:02 [ht]: zakim, please call ht-781
17:03:02 [Zakim]: ok, ht; the call is being made
17:03:04 [Zakim]: +Ht
17:03:06 [DanC]: Zakim, aaaa is Jonathan
17:03:06 [Zakim]: +Jonathan; got it
17:04:37 [DanC]: agenda + Convene
17:04:46 [DanC]: agenda + Issue XMLVersioning-41 (ISSUE-41)
17:04:53 [DanC]: agenda + Issue passwordsInTheClear-52 (ISSUE-52)
17:04:59 [DanC]: agenda + Issue tagSoupIntegration-54 (ISSUE-54)
17:05:05 [DanC]: agenda + Issue UrnsAndRegistries-50 (ISSUE-50)
17:05:26 [DanC]: scribenick: DanC
17:05:31 [DanC]: Zakim, take up item 1
17:05:31 [Zakim]: agendum 1. "Convene" taken up [from DanC]
17:05:42 [Stuart]: zakim, who is here?
17:05:42 [Zakim]: On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht
17:05:45 [Zakim]: On IRC I see Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng
17:05:46 [Norm]: Norm has joined #tagmem
17:06:07 [DanC]: -> http://www.w3.org/2001/tag/2008/04/03-minutes minutes 3 Apr
17:06:17 [DanC]: SKW: propose to approve
17:06:25 [DanC]: HT: minutes 3 Apr should show my regrets
17:07:01 [DanC]: RESOLVED: to approve, noting HT's regrets are recorded elsewhere
17:07:14 [Zakim]: +Dave_Orchard
17:07:26 [DanC]: PROPOSED: to meet again 17 Apr, DanC to scribe, regrets Noah
17:07:51 [DanC]: regrets 24 apr from SKW, TBL, ...
17:08:04 [DanC]: SKW: propose to cancel 24 Apr tag meeting and meet again...
17:08:07 [Ashok]: And me!
17:08:27 [DanC]: ... 1 May
17:08:34 [DanC]: NM: I offer to scribe 1 May
17:09:24 [DanC]: Zakim, next item
17:09:24 [Zakim]: agendum 2. "Issue XMLVersioning-41 (ISSUE-41)" taken up [from DanC]
17:09:42 [dorchard]: dorchard has joined #tagmem
17:10:08 [DanC]: action-16?
17:10:08 [trackbot-ng]: ACTION-16 -- David Orchard to incorporate the NVDL text into the findings. -- due 2008-05-15 -- OPEN
17:10:08 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/16
17:10:15 [DanC]: continues
17:10:28 [DanC]: action-38?
17:10:28 [trackbot-ng]: ACTION-38 -- Norman Walsh to review the XML part again -- due 2008-02-14 -- PENDINGREVIEW
17:10:28 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/38
17:10:44 [ht]: zakim, mute me
17:10:44 [Zakim]: Ht should now be muted
17:10:52 [DanC]: NDW: material there is outside my expertise
17:10:53 [Stuart]: http://lists.w3.org/Archives/Public/www-tag/2008Feb/0080
17:10:58 [DanC]: close action-38
17:10:59 [trackbot-ng]: ACTION-38 review the XML part again closed
17:11:16 [DanC]: action-107?
17:11:16 [trackbot-ng]: ACTION-107 -- Dan Connolly to review compatibility-strategies section 3 (soon) and 5 for May/Bristol -- due 2008-05-15 -- OPEN
17:11:16 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/107
17:12:17 [DanC]: current draft is 28 March
17:12:21 [DanC]: action 107 continues
17:12:42 [DanC]: action-108?
17:12:42 [trackbot-ng]: ACTION-108 -- Ashok Malhotra to review compatibility-strategies section 2, 4 a week after DO signals review -- due 2008-04-04 -- OPEN
17:12:42 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/108
17:12:54 [DanC]: AM: yes, started, still expect to do it
17:13:05 [DanC]: Regrets+ Raman
17:13:27 [DanC]: SKW: Raman's review is at risk
17:13:33 [DanC]: scribe: dorchard
17:13:38 [dorchard]: scribenick: dorchard
17:15:29 [DanC]: DO: the 28 Mar draft incorporates comments to that point; since then, Marc D. has sent a bunch of detailed comments
17:15:37 [Norm]: Norm has joined #tagmem
17:16:34 [DanC]: close action-111
17:16:34 [trackbot-ng]: ACTION-111 Revise version of compatibility strategies document by next telecon (13 march) closed
17:16:41 [dorchard]: action-112?
17:16:41 [trackbot-ng]: ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-04-04 -- OPEN
17:16:41 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/112
17:19:15 [DanC]: action-112?
17:19:15 [trackbot-ng]: ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-05-15 -- OPEN
17:19:15 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/112
17:19:21 [dorchard]: Noah signs up for later date..
17:20:06 [dorchard]: raman/danc brought up css versioning
17:20:40 [DanC]: -> http://lists.w3.org/Archives/Public/www-tag/2008Apr/0035.html CSS versioning: exemplary? exceptional?
17:22:35 [dorchard]: discussion about what was the interesting issue..
17:22:51 [DanC]: -> http://lists.w3.org/Archives/Public/public-xhtml2/2008Mar/0008.html [css3-namespace] Last call comments from XHTML2 WG
17:23:06 [dorchard]: noah: features are being introduced where the difference is greater than it was..
17:23:25 [DanC]: (quite a long thread in http://lists.w3.org/Archives/Public/public-xhtml2/2008Mar/thread.html )
17:23:57 [noah]: I also said that CSS was highlighted as an example of a language in which 1) there is no explicit version marker and 2) there is a default interpretation in earlier versions of features that become explicit later (I think that's right)
17:24:27 [DanC]: yes, noah, I think David Baron makes that point pretty well
17:25:01 [Stuart]: q?
17:25:04 [noah]: Then, as you said Dave: until now, as new features introduced have in some sense represented "modest" changes, whereas now a version is contemplated in which some of the new features will be in some sense "more incompatible" than would have been common before.
17:25:14 [dorchard]: zakim, who's here?
17:25:14 [Zakim]: On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht (muted), Dave_Orchard
17:25:17 [Zakim]: On IRC I see Norm, dorchard, Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng
17:25:33 [Stuart]: trackbot-ng, status
17:26:15 [dorchard]: action: David to ask raman what he thinks should be done wrt css versioning
17:26:15 [trackbot-ng]: Created ACTION-133 - Ask raman what he thinks should be done wrt css versioning [on David Orchard - due 2008-04-17].
17:26:17 [DanC]: (
17:26:17 [DanC]: From: Dominique Hazael-Massieux <dom@w3.org>
17:26:17 [DanC]: To: w3c-tools <w3c-tools@w3.org>
17:26:17 [DanC]: Subject: Tracker nicks can now be edited on the Web
17:26:17 [DanC]: Date: Tue, 18 Mar 2008 16:41:47 +0100 (10:41 CDT)
17:26:25 [DanC]: http://www.w3.org/2005/MWI/BPWG/Group/track/users
17:26:25 [DanC]: )
17:27:12 [dorchard]: topic: passwords in the clear 52
17:27:20 [Zakim]: +TimBL
17:27:55 [dorchard]: Dave posted summary of responses.
17:28:45 [noah]: q?
17:29:04 [noah]: q+ to talk about some security sometimes being better than none
17:32:21 [dorchard]: discussion about how digest is actually done including nonces...
17:32:45 [Stuart]: ack noah
17:32:45 [Zakim]: noah, you wanted to talk about some security sometimes being better than none
17:33:57 [dorchard]: noah: what about the security where it's just a server under a desk..
17:34:31 [dorchard]: danc: their point is that is training people to do the wrong thing..
17:34:41 [dorchard]: noah: so I need to buy a cert?
17:34:52 [dorchard]: danc: no, self-signed certs don't cost
17:34:54 [noah]: OK
17:35:44 [Zakim]: -Jonathan
17:37:00 [DanC]: q+ to note wikipedia on digest as a representation of popular understanding http://en.wikipedia.org/wiki/Digest_access_authentication
17:37:33 [dorchard]: action: david to ask security context about the exact breakage of digest
17:37:33 [trackbot-ng]: Created ACTION-134 - Ask security context about the exact breakage of digest [on David Orchard - due 2008-04-17].
17:39:11 [Ashok]: Hal Lockhart -- BEA Security expert
17:39:26 [dorchard]: should I say MUST not or SHOULD not send passwords in the clear?
17:40:33 [DanC]: I think the differenence between MUST NOT and SHOULD NOT isn't that significant; I think SHOULD NOT is ok, but let's not celebrate the exceptions
17:40:53 [timbl_]: timbl_ has joined #tagmem
17:41:24 [timbl_]: must works for me, in the sense of "must for you to comply with this"
17:41:42 [timbl_]: If you don't want to conform then on your head be it
17:41:42 [dorchard]: http://lists.w3.org/Archives/Public/public-usable-authentication/2008Feb/0002.html
17:42:14 [ht]: zakim, unmute me
17:42:14 [Zakim]: Ht should no longer be muted
17:42:22 [ht]: q+ to say we could try again
17:42:37 [Stuart]: The counter arguement such as it is comes/came from John Cowan in a thread based at: http://lists.w3.org/Archives/Public/www-tag/2006Nov/0085
17:43:06 [dorchard]: Always use SSL or some equivalent security - there is no provision
17:43:06 [dorchard]: in web browsers that allows passwords to be exchanged securely
17:43:06 [dorchard]: without SSL. Not even hashing.
17:43:42 [DanC]: true, "never acceptable" is pretty much synonymous with MUST NOT; then the question is: is this guy the only relevant constituency?
17:45:23 [DanC]: I guess MUST is simpler; I'd only go with SHOULD NOT if we didn't celebrate the exceptions at all.
17:45:48 [dorchard]: noah: you could do SHOULD NOT then say note: the exceptional cases are truly exceptional..
17:46:42 [Ashok]: q+
17:46:46 [DanC]: "2119" doesn't occur in http://www.w3.org/2001/tag/doc/passwordsInTheClear-52
17:46:52 [Stuart]: ack danc
17:46:52 [Zakim]: DanC, you wanted to note wikipedia on digest as a representation of popular understanding http://en.wikipedia.org/wiki/Digest_access_authentication
17:46:54 [dorchard]: noah: you could say "we use rfc 2119 terminology, when we say must that means how to establish security on the web".
17:48:07 [Stuart]: ack ht
17:48:07 [Zakim]: ht, you wanted to say we could try again
17:48:26 [Stuart]: ack ashok
17:49:01 [dorchard]: ht, ashok like must not
17:49:18 [dorchard]: stuart calls the question.
17:50:10 [DanC]: (tone? why ask about the tone? I think the proposal is clearer in terms of words)
17:50:14 [dorchard]: stuart: do people approve a change in the tone of the finding to be a must not exchange passwords in the clear as well as saying it's a MUST to be secure..
17:50:24 [timbl_]: Proposed: The document should say that passwords in the clear MUST not be used.
17:50:53 [DanC]: +1
17:50:59 [Stuart]: +1
17:51:06 [timbl_]: +1
17:51:10 [Norm]: +1
17:51:15 [timbl_]: Zakim, tally votes
17:51:15 [Zakim]: I don't understand 'tally votes', timbl_
17:51:15 [dorchard]: +1
17:51:22 [timbl_]: you will, zakim, you will
17:51:40 [Ashok]: +1
17:51:49 [ht]: +1
17:52:04 [noah]: +1
17:52:21 [Ashok]: Please capitalize NOT
17:52:32 [dorchard]: action: david to make the change to passwords MUST NOT be sent in the clear
17:52:32 [trackbot-ng]: Created ACTION-135 - Make the change to passwords MUST NOT be sent in the clear [on David Orchard - due 2008-04-17].
17:56:20 [timbl_]: "Digest authentication is widely acknowledged to be the best available Internet standard for this purpose. " -- http://www.eweek.com/c/a/Past-Reviews/IE-Apache-Clash-on-Web-Standard/
17:56:34 [DanC]: (I'd like to understand the problems with digest better, but I'm not sure the community should wait for me to get clued in, so perhaps silence about digest is best.)
17:56:44 [Stuart]: That purpose being?
17:57:45 [Stuart]: q?
17:58:16 [DanC]: (PHB at least has come around from the "it has to be perfectly secure before we deploy anything" POV.)
17:58:26 [ht]: I just got dropped -- the traditional you lose after one hour bug
17:58:32 [ht]: zakim, disconnect me
17:58:32 [Zakim]: Ht is being disconnected
17:58:33 [Zakim]: -Ht
17:58:46 [ht]: zakim, please call ht-781
17:58:46 [Zakim]: ok, ht; the call is being made
17:58:48 [Zakim]: +Ht
17:59:40 [dorchard]: http://lists.w3.org/Archives/Public/public-usable-authentication/2008Feb/0004.html
18:00:19 [dorchard]: Finally, I think you should also warn about incorrect use of SSL/TLS,
18:00:19 [dorchard]: specifically the incorrect method, still applied (at least by default)
18:00:19 [dorchard]: in several major sites, of sending unprotected login forms, and
18:00:19 [dorchard]: invoking SSL/TLS only upon submission, to encrypt the password -
18:00:52 [DanC]: (the drupal community seems to see digest support as a goal http://drupal.org/node/160202 . they seem to be weighing dev costs without any reference to security deficiencies.)
18:01:13 [dorchard]: consensus to do the warning SSL/TLS..
18:02:08 [timbl_]: "or developers who want to build truly interoperable secure Web applications, the only available option is to encrypt all data between a Web client and server using SSL (Secure Sockets Layer) and to fall back to basic authentication. This is a secure option, but digest authentication is a valuable middle ground between almost no security (what unencrypted basic authentication provides) and complete SSL encryption, with its considerable CPU overhead, more complex
18:03:14 [DanC]: Zakim, next item
18:03:14 [Zakim]: agendum 3. "Issue passwordsInTheClear-52 (ISSUE-52)" taken up [from DanC]
18:03:19 [DanC]: Zakim, close item 3
18:03:19 [Zakim]: agendum 3, Issue passwordsInTheClear-52 (ISSUE-52), closed
18:03:20 [Zakim]: I see 2 items remaining on the agenda; the next one is
18:03:21 [DanC]: Zakim, next item
18:03:21 [Zakim]: 4. Issue tagSoupIntegration-54 (ISSUE-54) [from DanC]
18:03:22 [timbl_]: ibid.
18:03:23 [Zakim]: agendum 4. "Issue tagSoupIntegration-54 (ISSUE-54)" taken up [from DanC]
18:03:25 [DanC]: action-7?
18:03:25 [trackbot-ng]: ACTION-7 -- Dan Connolly to work with Olivier and Tim to draft a position regarding extensibility of HTML and the role of the validator for consideration by the TAG -- due 2008-03-14 -- OPEN
18:03:25 [trackbot-ng]: http://www.w3.org/2001/tag/group/track/actions/7
18:04:16 [Stuart]: http://www.w3.org/2001/tag/2008/04/10-agenda
18:04:37 [Stuart]: http://lists.w3.org/Archives/Member/tag/2008Apr/0013
18:05:44 [dorchard]: discussion about Noah's action 131
18:06:29 [DanC]: ("Stuart's P1 proposal" is frustratingly obscure; we're talking about AIRA/HTML integration comments)
18:07:18 [Stuart]: "TAG acceptance of a compromise on this occasion should not be regarded as establishing a precident. Several factors contribute to it being workable: that the WGs involved happen to be active at the same time; that the WG with responsibility for the host language is not having to consider a lot of extension request at the same time; that the ARIA extensions are entirely attribute based - more general element based extensions with more complex content models present
18:07:45 [Zakim]: -Noah_Mendelsohn
18:08:22 [timbl_]: +1
18:08:27 [dorchard]: stuart: would the tag find it useful to add the paragraph just posted to Noah's email?
18:09:10 [Ashok]: s/precident/precedent/
18:09:39 [DanC]: I don't agree with "we also suggest
18:09:39 [DanC]: that the right medium term answer is for uniform treatment of names and
18:09:39 [DanC]: values with colons to be specified for HTML."
18:10:32 [DanC]: -- http://lists.w3.org/Archives/Member/tag/2008Apr/0013
18:11:59 [Stuart]: So Dan... your suggesting removal of that sentence?
18:12:12 [timbl_]: 'we also suggest that the right medium term answer is for uniform treatment of names and
18:12:13 [timbl_]: values with colons to be specified for HTML" I agree has been asserted to be incompatibale with old browsers
18:12:14 [ht]: http://lists.w3.org/Archives/Public/public-cdf/2008Apr/0000.html
18:12:33 [timbl_]: which is werird when colon was supposed to be a name char
18:12:52 [DanC]: I might rather just abstain, Stuart. the reason I don't agree is that I think it's a premature conclusion, without looking at enough of the options and state-of-the-art
18:13:00 [timbl_]: q+ to say that we should point out the damage that here is evident from eht lack of namespaces in HTML
18:13:10 [dorchard]: Tim Berners-Lee said: The idea of using SVG without XML is horrifying."
18:13:21 [timbl_]: q+ timbl to suggest teh TAG seriously take on looking at simplifying namepsces
18:13:30 [dorchard]: from http://annevankesteren.nl/2008/04/html5-foreign
18:13:52 [Stuart]: q?
18:13:57 [ht]: HST notes that NM has left the call. . .
18:14:08 [ht]: HST has to leave in the next minute or two
18:15:06 [Ashok]: I agree -- +1 to HT and DaveO
18:15:56 [DanC]: q+
18:16:13 [Stuart]: ack Danc
18:16:19 [dorchard]: henry: I've never liked the aria proposal..
18:17:00 [dorchard]: danc: I've been told this a deliverable that has nothing to do with HTML..
18:17:03 [Norm]: I agree with Henry
18:17:34 [DanC]: where's the request from PF that has such urgency? I'm confused by recent communications from the PF chair, Al Gilman
18:17:36 [dorchard]: timbl: this could be a deliverable for xhtml, but then say "this can be used with languages like html"
18:18:13 [Stuart]: http://lists.w3.org/Archives/Public/www-tag/2008Apr/0006.html
18:19:00 [dorchard]: stuart: they may be encouraging people to use the no namespace approach
18:19:00 [DanC]: "First: we need to be clearer about what the deal is as regards the time sequence of the following two milestones: ... " writes Al G. in http://lists.w3.org/Archives/Public/public-html/2008Apr/0192.html
18:20:04 [dorchard]: ... where no namespace approach equals aria-
18:20:22 [dorchard]: henry: needs to go, prefer to wait 1 week noting noah's absence as well.
18:20:22 [Zakim]: -Ht
18:20:45 [ht]: I acknowledge that next week is a hard deadline for getting feedback decided on
18:25:38 [Stuart]: trackbot-ng, status
18:25:39 [DanC]: trackbot-ng, status
18:25:56 [dorchard]: action: Dan to liaise with michael cooper on their expectations of the TAG
18:25:56 [trackbot-ng]: Created ACTION-136 - Liaise with michael cooper on their expectations of the TAG [on Dan Connolly - due 2008-04-17].
18:29:08 [Norm]: Norm has joined #tagmem
18:29:59 [dorchard]: meeting adjourned
18:30:07 [dorchard]: zakim, please generate minutes
18:30:07 [Zakim]: I don't understand 'please generate minutes', dorchard
18:30:25 [dorchard]: rrsagent, make logs public
18:30:32 [dorchard]: rrsagent, generate minutes
18:30:32 [RRSAgent]: I have made the request to generate http://www.w3.org/2008/04/10-tagmem-minutes.html dorchard
18:30:40 [Norm]: Not I, alas
18:30:48 [dorchard]: Not I, alas
18:30:50 [Zakim]: -Ashok_Malhotra
18:32:50 [timbl_]: RRSAgent, bye
18:32:50 [RRSAgent]: I see 4 open action items saved in http://www.w3.org/2008/04/10-tagmem-actions.rdf :
18:32:50 [RRSAgent]: ACTION: David to ask raman what he thinks should be done wrt css versioning [1]
18:32:50 [RRSAgent]: recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-26-15
18:32:50 [RRSAgent]: ACTION: david to ask security context about the exact breakage of digest [2]
18:32:50 [RRSAgent]: recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-37-33
18:32:50 [RRSAgent]: ACTION: david to make the change to passwords MUST NOT be sent in the clear [3]
18:32:50 [RRSAgent]: recorded in http://www.w3.org/2008/04/10-tagmem-irc#T17-52-32
18:32:50 [RRSAgent]: ACTION: Dan to liaise with michael cooper on their expectations of the TAG [4]
18:32:50 [RRSAgent]: recorded in http://www.w3.org/2008/04/10-tagmem-irc#T18-25-56