IRC log of tagmem on 2008-04-10

Timestamps are in UTC.

16:48:26 [RRSAgent]
RRSAgent has joined #tagmem
16:48:26 [RRSAgent]
logging to
16:48:35 [Zakim]
Zakim has joined #tagmem
16:48:44 [Stuart]
zakim, this will be tag
16:48:44 [Zakim]
ok, Stuart; I see TAG_Weekly()1:00PM scheduled to start in 12 minutes
16:49:00 [Stuart]
Meeting: TAG Weekly
16:49:08 [Stuart]
Scribe: David Orchard
16:49:15 [Stuart]
Chair: Stuart Williams
16:49:37 [Stuart]
16:55:57 [noah]
noah has joined #tagmem
16:57:46 [Zakim]
TAG_Weekly()1:00PM has now started
16:57:54 [Zakim]
16:57:57 [Stuart]
zakim, ?? is me
16:57:57 [Zakim]
+Stuart; got it
16:59:18 [Zakim]
17:00:05 [noah]
zakim, who is here?
17:00:05 [Zakim]
On the phone I see Stuart, Noah_Mendelsohn
17:00:06 [Zakim]
On IRC I see noah, Zakim, RRSAgent, Stuart, DanC, Norm, ht, trackbot-ng
17:00:45 [Zakim]
17:01:10 [Zakim]
17:01:14 [Ashok]
Ashok has joined #tagmem
17:02:31 [Zakim]
17:02:33 [DanC]
when we get to tagSoup, help me remeber to bring up Supporting MathML and SVG in text/html, and related topics " we actively want to make sure that
17:02:33 [DanC]
people can't willy nilly extend the language without coordination with
17:02:33 [DanC]
anyone interested in the development of the language"
17:02:47 [Zakim]
+ +1.617.538.aaaa
17:03:02 [ht]
zakim, please call ht-781
17:03:02 [Zakim]
ok, ht; the call is being made
17:03:04 [Zakim]
17:03:06 [DanC]
Zakim, aaaa is Jonathan
17:03:06 [Zakim]
+Jonathan; got it
17:04:37 [DanC]
agenda + Convene
17:04:46 [DanC]
agenda + Issue XMLVersioning-41 (ISSUE-41)
17:04:53 [DanC]
agenda + Issue passwordsInTheClear-52 (ISSUE-52)
17:04:59 [DanC]
agenda + Issue tagSoupIntegration-54 (ISSUE-54)
17:05:05 [DanC]
agenda + Issue UrnsAndRegistries-50 (ISSUE-50)
17:05:26 [DanC]
scribenick: DanC
17:05:31 [DanC]
Zakim, take up item 1
17:05:31 [Zakim]
agendum 1. "Convene" taken up [from DanC]
17:05:42 [Stuart]
zakim, who is here?
17:05:42 [Zakim]
On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht
17:05:45 [Zakim]
On IRC I see Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng
17:05:46 [Norm]
Norm has joined #tagmem
17:06:07 [DanC]
-> minutes 3 Apr
17:06:17 [DanC]
SKW: propose to approve
17:06:25 [DanC]
HT: minutes 3 Apr should show my regrets
17:07:01 [DanC]
RESOLVED: to approve, noting HT's regrets are recorded elsewhere
17:07:14 [Zakim]
17:07:26 [DanC]
PROPOSED: to meet again 17 Apr, DanC to scribe, regrets Noah
17:07:51 [DanC]
regrets 24 apr from SKW, TBL, ...
17:08:04 [DanC]
SKW: propose to cancel 24 Apr tag meeting and meet again...
17:08:07 [Ashok]
And me!
17:08:27 [DanC]
... 1 May
17:08:34 [DanC]
NM: I offer to scribe 1 May
17:09:24 [DanC]
Zakim, next item
17:09:24 [Zakim]
agendum 2. "Issue XMLVersioning-41 (ISSUE-41)" taken up [from DanC]
17:09:42 [dorchard]
dorchard has joined #tagmem
17:10:08 [DanC]
17:10:08 [trackbot-ng]
ACTION-16 -- David Orchard to incorporate the NVDL text into the findings. -- due 2008-05-15 -- OPEN
17:10:08 [trackbot-ng]
17:10:15 [DanC]
17:10:28 [DanC]
17:10:28 [trackbot-ng]
ACTION-38 -- Norman Walsh to review the XML part again -- due 2008-02-14 -- PENDINGREVIEW
17:10:28 [trackbot-ng]
17:10:44 [ht]
zakim, mute me
17:10:44 [Zakim]
Ht should now be muted
17:10:52 [DanC]
NDW: material there is outside my expertise
17:10:53 [Stuart]
17:10:58 [DanC]
close action-38
17:10:59 [trackbot-ng]
ACTION-38 review the XML part again closed
17:11:16 [DanC]
17:11:16 [trackbot-ng]
ACTION-107 -- Dan Connolly to review compatibility-strategies section 3 (soon) and 5 for May/Bristol -- due 2008-05-15 -- OPEN
17:11:16 [trackbot-ng]
17:12:17 [DanC]
current draft is 28 March
17:12:21 [DanC]
action 107 continues
17:12:42 [DanC]
17:12:42 [trackbot-ng]
ACTION-108 -- Ashok Malhotra to review compatibility-strategies section 2, 4 a week after DO signals review -- due 2008-04-04 -- OPEN
17:12:42 [trackbot-ng]
17:12:54 [DanC]
AM: yes, started, still expect to do it
17:13:05 [DanC]
Regrets+ Raman
17:13:27 [DanC]
SKW: Raman's review is at risk
17:13:33 [DanC]
scribe: dorchard
17:13:38 [dorchard]
scribenick: dorchard
17:15:29 [DanC]
DO: the 28 Mar draft incorporates comments to that point; since then, Marc D. has sent a bunch of detailed comments
17:15:37 [Norm]
Norm has joined #tagmem
17:16:34 [DanC]
close action-111
17:16:34 [trackbot-ng]
ACTION-111 Revise version of compatibility strategies document by next telecon (13 march) closed
17:16:41 [dorchard]
17:16:41 [trackbot-ng]
ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-04-04 -- OPEN
17:16:41 [trackbot-ng]
17:19:15 [DanC]
17:19:15 [trackbot-ng]
ACTION-112 -- Noah Mendelsohn to review compatibility strategies section 2 due 2008-04-04 -- due 2008-05-15 -- OPEN
17:19:15 [trackbot-ng]
17:19:21 [dorchard]
Noah signs up for later date..
17:20:06 [dorchard]
raman/danc brought up css versioning
17:20:40 [DanC]
-> CSS versioning: exemplary? exceptional?
17:22:35 [dorchard]
discussion about what was the interesting issue..
17:22:51 [DanC]
-> [css3-namespace] Last call comments from XHTML2 WG
17:23:06 [dorchard]
noah: features are being introduced where the difference is greater than it was..
17:23:25 [DanC]
(quite a long thread in )
17:23:57 [noah]
I also said that CSS was highlighted as an example of a language in which 1) there is no explicit version marker and 2) there is a default interpretation in earlier versions of features that become explicit later (I think that's right)
17:24:27 [DanC]
yes, noah, I think David Baron makes that point pretty well
17:25:01 [Stuart]
17:25:04 [noah]
Then, as you said Dave: until now, as new features introduced have in some sense represented "modest" changes, whereas now a version is contemplated in which some of the new features will be in some sense "more incompatible" than would have been common before.
17:25:14 [dorchard]
zakim, who's here?
17:25:14 [Zakim]
On the phone I see Stuart, Noah_Mendelsohn, DanC, Norm, Ashok_Malhotra, Jonathan, Ht (muted), Dave_Orchard
17:25:17 [Zakim]
On IRC I see Norm, dorchard, Ashok, noah, Zakim, RRSAgent, Stuart, DanC, ht, trackbot-ng
17:25:33 [Stuart]
trackbot-ng, status
17:26:15 [dorchard]
action: David to ask raman what he thinks should be done wrt css versioning
17:26:15 [trackbot-ng]
Created ACTION-133 - Ask raman what he thinks should be done wrt css versioning [on David Orchard - due 2008-04-17].
17:26:17 [DanC]
17:26:17 [DanC]
From: Dominique Hazael-Massieux <>
17:26:17 [DanC]
To: w3c-tools <>
17:26:17 [DanC]
Subject: Tracker nicks can now be edited on the Web
17:26:17 [DanC]
Date: Tue, 18 Mar 2008 16:41:47 +0100 (10:41 CDT)
17:26:25 [DanC]
17:26:25 [DanC]
17:27:12 [dorchard]
topic: passwords in the clear 52
17:27:20 [Zakim]
17:27:55 [dorchard]
Dave posted summary of responses.
17:28:45 [noah]
17:29:04 [noah]
q+ to talk about some security sometimes being better than none
17:32:21 [dorchard]
discussion about how digest is actually done including nonces...
17:32:45 [Stuart]
ack noah
17:32:45 [Zakim]
noah, you wanted to talk about some security sometimes being better than none
17:33:57 [dorchard]
noah: what about the security where it's just a server under a desk..
17:34:31 [dorchard]
danc: their point is that is training people to do the wrong thing..
17:34:41 [dorchard]
noah: so I need to buy a cert?
17:34:52 [dorchard]
danc: no, self-signed certs don't cost
17:34:54 [noah]
17:35:44 [Zakim]
17:37:00 [DanC]
q+ to note wikipedia on digest as a representation of popular understanding
17:37:33 [dorchard]
action: david to ask security context about the exact breakage of digest
17:37:33 [trackbot-ng]
Created ACTION-134 - Ask security context about the exact breakage of digest [on David Orchard - due 2008-04-17].
17:39:11 [Ashok]
Hal Lockhart -- BEA Security expert
17:39:26 [dorchard]
should I say MUST not or SHOULD not send passwords in the clear?
17:40:33 [DanC]
I think the differenence between MUST NOT and SHOULD NOT isn't that significant; I think SHOULD NOT is ok, but let's not celebrate the exceptions
17:40:53 [timbl_]
timbl_ has joined #tagmem
17:41:24 [timbl_]
must works for me, in the sense of "must for you to comply with this"
17:41:42 [timbl_]
If you don't want to conform then on your head be it
17:41:42 [dorchard]
17:42:14 [ht]
zakim, unmute me
17:42:14 [Zakim]
Ht should no longer be muted
17:42:22 [ht]
q+ to say we could try again
17:42:37 [Stuart]
The counter arguement such as it is comes/came from John Cowan in a thread based at:
17:43:06 [dorchard]
Always use SSL or some equivalent security - there is no provision
17:43:06 [dorchard]
in web browsers that allows passwords to be exchanged securely
17:43:06 [dorchard]
without SSL. Not even hashing.
17:43:42 [DanC]
true, "never acceptable" is pretty much synonymous with MUST NOT; then the question is: is this guy the only relevant constituency?
17:45:23 [DanC]
I guess MUST is simpler; I'd only go with SHOULD NOT if we didn't celebrate the exceptions at all.
17:45:48 [dorchard]
noah: you could do SHOULD NOT then say note: the exceptional cases are truly exceptional..
17:46:42 [Ashok]
17:46:46 [DanC]
"2119" doesn't occur in
17:46:52 [Stuart]
ack danc
17:46:52 [Zakim]
DanC, you wanted to note wikipedia on digest as a representation of popular understanding
17:46:54 [dorchard]
noah: you could say "we use rfc 2119 terminology, when we say must that means how to establish security on the web".
17:48:07 [Stuart]
ack ht
17:48:07 [Zakim]
ht, you wanted to say we could try again
17:48:26 [Stuart]
ack ashok
17:49:01 [dorchard]
ht, ashok like must not
17:49:18 [dorchard]
stuart calls the question.
17:50:10 [DanC]
(tone? why ask about the tone? I think the proposal is clearer in terms of words)
17:50:14 [dorchard]
stuart: do people approve a change in the tone of the finding to be a must not exchange passwords in the clear as well as saying it's a MUST to be secure..
17:50:24 [timbl_]
Proposed: The document should say that passwords in the clear MUST not be used.
17:50:53 [DanC]
17:50:59 [Stuart]
17:51:06 [timbl_]
17:51:10 [Norm]
17:51:15 [timbl_]
Zakim, tally votes
17:51:15 [Zakim]
I don't understand 'tally votes', timbl_
17:51:15 [dorchard]
17:51:22 [timbl_]
you will, zakim, you will
17:51:40 [Ashok]
17:51:49 [ht]
17:52:04 [noah]
17:52:21 [Ashok]
Please capitalize NOT
17:52:32 [dorchard]
action: david to make the change to passwords MUST NOT be sent in the clear
17:52:32 [trackbot-ng]
Created ACTION-135 - Make the change to passwords MUST NOT be sent in the clear [on David Orchard - due 2008-04-17].
17:56:20 [timbl_]
"Digest authentication is widely acknowledged to be the best available Internet standard for this purpose. " --
17:56:34 [DanC]
(I'd like to understand the problems with digest better, but I'm not sure the community should wait for me to get clued in, so perhaps silence about digest is best.)
17:56:44 [Stuart]
That purpose being?
17:57:45 [Stuart]
17:58:16 [DanC]
(PHB at least has come around from the "it has to be perfectly secure before we deploy anything" POV.)
17:58:26 [ht]
I just got dropped -- the traditional you lose after one hour bug
17:58:32 [ht]
zakim, disconnect me
17:58:32 [Zakim]
Ht is being disconnected
17:58:33 [Zakim]
17:58:46 [ht]
zakim, please call ht-781
17:58:46 [Zakim]
ok, ht; the call is being made
17:58:48 [Zakim]
17:59:40 [dorchard]
18:00:19 [dorchard]
Finally, I think you should also warn about incorrect use of SSL/TLS,
18:00:19 [dorchard]
specifically the incorrect method, still applied (at least by default)
18:00:19 [dorchard]
in several major sites, of sending unprotected login forms, and
18:00:19 [dorchard]
invoking SSL/TLS only upon submission, to encrypt the password -
18:00:52 [DanC]
(the drupal community seems to see digest support as a goal . they seem to be weighing dev costs without any reference to security deficiencies.)
18:01:13 [dorchard]
consensus to do the warning SSL/TLS..
18:02:08 [timbl_]
"or developers who want to build truly interoperable secure Web applications, the only available option is to encrypt all data between a Web client and server using SSL (Secure Sockets Layer) and to fall back to basic authentication. This is a secure option, but digest authentication is a valuable middle ground between almost no security (what unencrypted basic authentication provides) and complete SSL encryption, with its considerable CPU overhead, more complex
18:03:14 [DanC]
Zakim, next item
18:03:14 [Zakim]
agendum 3. "Issue passwordsInTheClear-52 (ISSUE-52)" taken up [from DanC]
18:03:19 [DanC]
Zakim, close item 3
18:03:19 [Zakim]
agendum 3, Issue passwordsInTheClear-52 (ISSUE-52), closed
18:03:20 [Zakim]
I see 2 items remaining on the agenda; the next one is
18:03:21 [DanC]
Zakim, next item
18:03:21 [Zakim]
4. Issue tagSoupIntegration-54 (ISSUE-54) [from DanC]
18:03:22 [timbl_]
18:03:23 [Zakim]
agendum 4. "Issue tagSoupIntegration-54 (ISSUE-54)" taken up [from DanC]
18:03:25 [DanC]
18:03:25 [trackbot-ng]
ACTION-7 -- Dan Connolly to work with Olivier and Tim to draft a position regarding extensibility of HTML and the role of the validator for consideration by the TAG -- due 2008-03-14 -- OPEN
18:03:25 [trackbot-ng]
18:04:16 [Stuart]
18:04:37 [Stuart]
18:05:44 [dorchard]
discussion about Noah's action 131
18:06:29 [DanC]
("Stuart's P1 proposal" is frustratingly obscure; we're talking about AIRA/HTML integration comments)
18:07:18 [Stuart]
"TAG acceptance of a compromise on this occasion should not be regarded as establishing a precident. Several factors contribute to it being workable: that the WGs involved happen to be active at the same time; that the WG with responsibility for the host language is not having to consider a lot of extension request at the same time; that the ARIA extensions are entirely attribute based - more general element based extensions with more complex content models present
18:07:45 [Zakim]
18:08:22 [timbl_]
18:08:27 [dorchard]
stuart: would the tag find it useful to add the paragraph just posted to Noah's email?
18:09:10 [Ashok]
18:09:39 [DanC]
I don't agree with "we also suggest
18:09:39 [DanC]
that the right medium term answer is for uniform treatment of names and
18:09:39 [DanC]
values with colons to be specified for HTML."
18:10:32 [DanC]
18:11:59 [Stuart]
So Dan... your suggesting removal of that sentence?
18:12:12 [timbl_]
'we also suggest that the right medium term answer is for uniform treatment of names and
18:12:13 [timbl_]
values with colons to be specified for HTML" I agree has been asserted to be incompatibale with old browsers
18:12:14 [ht]
18:12:33 [timbl_]
which is werird when colon was supposed to be a name char
18:12:52 [DanC]
I might rather just abstain, Stuart. the reason I don't agree is that I think it's a premature conclusion, without looking at enough of the options and state-of-the-art
18:13:00 [timbl_]
q+ to say that we should point out the damage that here is evident from eht lack of namespaces in HTML
18:13:10 [dorchard]
Tim Berners-Lee said: The idea of using SVG without XML is horrifying."
18:13:21 [timbl_]
q+ timbl to suggest teh TAG seriously take on looking at simplifying namepsces
18:13:30 [dorchard]
18:13:52 [Stuart]
18:13:57 [ht]
HST notes that NM has left the call. . .
18:14:08 [ht]
HST has to leave in the next minute or two
18:15:06 [Ashok]
I agree -- +1 to HT and DaveO
18:15:56 [DanC]
18:16:13 [Stuart]
ack Danc
18:16:19 [dorchard]
henry: I've never liked the aria proposal..
18:17:00 [dorchard]
danc: I've been told this a deliverable that has nothing to do with HTML..
18:17:03 [Norm]
I agree with Henry
18:17:34 [DanC]
where's the request from PF that has such urgency? I'm confused by recent communications from the PF chair, Al Gilman
18:17:36 [dorchard]
timbl: this could be a deliverable for xhtml, but then say "this can be used with languages like html"
18:18:13 [Stuart]
18:19:00 [dorchard]
stuart: they may be encouraging people to use the no namespace approach
18:19:00 [DanC]
"First: we need to be clearer about what the deal is as regards the time sequence of the following two milestones: ... " writes Al G. in
18:20:04 [dorchard]
... where no namespace approach equals aria-
18:20:22 [dorchard]
henry: needs to go, prefer to wait 1 week noting noah's absence as well.
18:20:22 [Zakim]
18:20:45 [ht]
I acknowledge that next week is a hard deadline for getting feedback decided on
18:25:38 [Stuart]
trackbot-ng, status
18:25:39 [DanC]
trackbot-ng, status
18:25:56 [dorchard]
action: Dan to liaise with michael cooper on their expectations of the TAG
18:25:56 [trackbot-ng]
Created ACTION-136 - Liaise with michael cooper on their expectations of the TAG [on Dan Connolly - due 2008-04-17].
18:29:08 [Norm]
Norm has joined #tagmem
18:29:59 [dorchard]
meeting adjourned
18:30:07 [dorchard]
zakim, please generate minutes
18:30:07 [Zakim]
I don't understand 'please generate minutes', dorchard
18:30:25 [dorchard]
rrsagent, make logs public
18:30:32 [dorchard]
rrsagent, generate minutes
18:30:32 [RRSAgent]
I have made the request to generate dorchard
18:30:40 [Norm]
Not I, alas
18:30:48 [dorchard]
Not I, alas
18:30:50 [Zakim]
18:32:50 [timbl_]
RRSAgent, bye
18:32:50 [RRSAgent]
I see 4 open action items saved in :
18:32:50 [RRSAgent]
ACTION: David to ask raman what he thinks should be done wrt css versioning [1]
18:32:50 [RRSAgent]
recorded in
18:32:50 [RRSAgent]
ACTION: david to ask security context about the exact breakage of digest [2]
18:32:50 [RRSAgent]
recorded in
18:32:50 [RRSAgent]
ACTION: david to make the change to passwords MUST NOT be sent in the clear [3]
18:32:50 [RRSAgent]
recorded in
18:32:50 [RRSAgent]
ACTION: Dan to liaise with michael cooper on their expectations of the TAG [4]
18:32:50 [RRSAgent]
recorded in