Logs for lemonade@ietf.xmpp.org, 2005-03-10

[07:57:03] --- amelnikov has left
[08:56:49] --- Glenn has joined
[12:56:03] --- Glenn has left: Replaced by new connection
[12:56:04] --- Glenn has joined
[13:13:35] --- amelnikov has joined
[13:32:18] --- dcrocker has joined
[14:49:46] --- dcrocker has left: Disconnected
[15:18:02] --- Glenn has left: Disconnected
[15:23:00] --- dcrocker has joined
[15:58:15] --- ohm has joined
[16:00:53] --- ohm has left: Replaced by new connection
[16:00:54] --- ohm has joined
[16:20:49] --- GregWhite has joined
[16:26:03] --- ohm has left: Replaced by new connection
[16:26:04] --- ohm has joined
[16:35:17] --- Glenn has joined
[16:35:29] <Glenn> Welcome!
[16:35:29] --- klensin-ietf has left: Lost connection
[16:35:29] --- hildjj has left: Lost connection
[16:35:47] <Glenn> LEMONADE session # 2 will start in a few minutes
[16:35:55] --- dcrocker has left: Replaced by new connection
[16:35:56] --- dcrocker has joined
[16:37:33] <Glenn> Can MP3 radio folks hear us??
[16:37:42] <GregWhite> What?
[16:38:06] <GregWhite> I can hear you
[16:38:32] --- robsiemb has joined
[16:38:34] <GregWhite> not funny
[16:38:51] <GregWhite> did you see my email and talk to glenn?
[16:38:56] * robsiemb has set the topic to: lemonade working group (Live from Minneapolis)
[16:39:02] --- dbrashear has joined
[16:39:12] --- randy has joined
[16:39:18] <Glenn> Slides for today are here:
[16:39:20] <Glenn> http://flyingfox.snowshore.com/i-d/lemonade/slides62/index.html
[16:39:46] <GregWhite> ok
[16:41:14] <robsiemb> Agenda
[16:41:22] --- shmaes has joined
[16:41:37] <robsiemb> Next Steps: strategy for the profile, media conversions, "phase 2", and deployment challenges
[16:41:51] <robsiemb> Finished Work summary (slide 5)
[16:42:15] <robsiemb> Future delivery, S2S notification requirement, MMS mapping
[16:42:25] <robsiemb> Looking for a volunteer for nits review
[16:43:03] <robsiemb> (discussion of what is entailed in a nits review)
[16:43:43] <robsiemb> Philip agrees to do the nits review.
[16:44:28] --- tonyhansen has joined
[16:44:36] <robsiemb> due by 3/21
[16:44:59] <robsiemb> 3/25 for WG writeup
[16:45:08] <robsiemb> Slide 6
[16:45:21] <robsiemb> Current status of the pull trio.
[16:45:29] --- resnick has joined
[16:45:49] --- ohm has left: Replaced by new connection
[16:45:49] --- ohm has joined
[16:46:46] <robsiemb> Pete: I posted a paragraph about the reviesed text for using the URL in catenate to the list, please post opinions
[16:47:02] <robsiemb> It will get a new WGLC, starting 3/21
[16:47:09] <robsiemb> (or earlier if it gets out sooner)
[16:47:22] <robsiemb> Next Steps in the mobile enviornment
[16:47:43] <dbrashear> corby will do reconnect
[16:47:58] <dbrashear> will be done by 3/18
[16:48:16] <robsiemb> lemonade profile
[16:48:19] <robsiemb> update draft to current understandings
[16:48:30] --- Barry Leiba has joined
[16:48:46] <robsiemb> stephane: I want to be sure that what has been fixed at this stage is that these requirements are normative on the server and guidence for the clients.
[16:50:11] <robsiemb> chair: 2 ways of doing the profile (which needs to cover everything): all at once (too long) or several versions, which makes it harder to market.
[16:50:55] <robsiemb> chairs: but the profile will talk about the stuff we have now, (forward without download, quick reconnect, future delivery), so we can do that without "TBD" sections.
[16:51:50] <robsiemb> I missed the P2 summary, but P3 would cover itermediaries
[16:52:28] <robsiemb> pete: these aren't really versions, they're more like chapters
[16:52:48] <robsiemb> pete: stay away from version talk entirely.
[16:53:22] <resnick> Greg breathes.
[16:53:35] <robsiemb> e2e security
[16:53:35] --- sunnny27 has joined
[16:53:41] <robsiemb> Forming a design team with lemonade, security experts, etc
[16:53:41] --- cyrus_daboo has joined
[16:53:47] <robsiemb> Security Volunteer ius Shawn Turner (sp?)
[16:53:58] <robsiemb> EKR and Sam volunteered to review specific drafts.
[16:54:15] <robsiemb> Need a lemonade person who knows IMAP well.
[16:54:41] <amelnikov> Maybe I can help
[16:54:44] <robsiemb> summary of problem #1 "how do I get body parts that are inside signed/encrypted body parts"
[16:55:32] <robsiemb> Some hallway design work went into other two problems: the second issue is the use of a streaming server with a URLAUTH token (you need some feeling that the streaming server isn't a rogue)
[16:55:35] <resnick> I think Alexey is a good choice. He knows the IMAP and doesn't get nervous in the presence of security folks.
[16:55:46] <Glenn> Thanks Alexey!
[16:56:01] <robsiemb> (this is greg right?)
[16:56:20] <Glenn> Greg Vaudreuil is speaking
[16:56:30] <robsiemb> Greg: we can borrow from the model we use with the "role" in the urlauth for the submission server
[16:56:32] <resnick> (I'm on the hook either way, but I don't think you should count me as a volunteer since I'll be wearing my IAB hat.)
[16:56:39] <robsiemb> Third issue: content-based adaptation requests.
[16:57:39] <robsiemb> ned: (summary of issue) media type to media type conversion is not good enough, you need detail about the content (resolution, sampling frequency, color depth, etc)
[16:58:08] <robsiemb> ned: We do have the media features facility in the IETF already. We may not have the tags in the audio space, but I suspect we do in the image space.
[16:58:26] <robsiemb> ned: we may not need feature algebra
[16:58:36] <robsiemb> greg: do we need it for the capabilities negotiation?
[16:59:07] <robsiemb> ned: I'm worried about capabilities for this in general -- if the server doesn't support it, what does the client do?
[16:59:31] <robsiemb> ned: we may be able to ignore the capabilities problem since the clients are SO limited that a "go fish" game with them may not be that awful
[16:59:46] <robsiemb> barry: there is another issue where we want to be sure the urlauth can get to the streaming server without being snooped.
[16:59:58] <robsiemb> barry: there is a similar problem with the data returning from the streaming server.
[17:00:14] <robsiemb> barry: we need security considerations to point out the later (its out of scope for us)
[17:00:40] <robsiemb> ned: we want to note that some streaming protocols (e.g. SDP) have content negotiation in them already (but apparently SDP is broken)
[17:01:51] <robsiemb> eric: for what we want to do SDP should be fine
[17:04:01] --- sunnny27 has left
[17:04:13] <robsiemb> ??: The matrix is not n x n, it is really n to lowest common denominator
[17:04:26] <Glenn> That was Corby Wilson
[17:04:31] --- sunny27 has joined
[17:05:01] <cyrus_daboo> who was that speaking about mobile device capabilities?
[17:05:12] <robsiemb> greg: In lemonade, we wanted to empower the client to make the decision. In the real world case "go fish" is probably good enough.
[17:05:16] <robsiemb> greg v is up now, corby was before him
[17:05:24] <cyrus_daboo> thanks...
[17:05:55] --- ohm has left: Replaced by new connection
[17:05:55] --- ohm has joined
[17:06:32] <robsiemb> stephane: are there other things we're going to do that are likely to need security review? Does this design team need to address those?
[17:07:09] <robsiemb> Glenn: the issues this should be addressing are what Sam brought up in his initial review, there will probably be new issues we need to look at, but its not immediately clear we'll need this team. We're just going to concentrate on this for now.
[17:07:55] <robsiemb> stephane: I mostly wanted to be sure that we don't give the impression that this is the only e2e issue we have.
[17:08:06] <robsiemb> greg: can we name this "access to signed & encrypted content" ?
[17:08:18] <robsiemb> Slide 9 has now had substantial updates (team members, title)
[17:09:02] <robsiemb> sudden there is lots of interest in helping here.
[17:09:07] <cyrus_daboo> I'm sure Steve Hole would be really interested in the signed/encrypted stuff, but someone would have to find him.
[17:09:33] <cyrus_daboo> I have implemented SMIME & PGP in a client so understand the issues wrt IMAP body fetching, handling certs etc but I'm not sure I can commit to any serious time on this right now....
[17:09:35] <robsiemb> greg v: There is another issue which is how do I sign content when I do, for instance, a CATENATE.
[17:10:50] <robsiemb> pete: we have a security extension to catenate that does a "media conversion" in this way.
[17:11:25] <dbrashear> rob: are we worried about signing the data that the user hasn't looked at and is stuffing into the message ?
[17:11:26] <cyrus_daboo> Just like forward without download, we want sign/encrypt without download
[17:11:46] <dbrashear> chair: we implicitly trust the server
[17:12:13] <dbrashear> pete: if you're getting content off the server anyway, the server signs it because you can't tell what the server is going to put in the message
[17:12:22] <robsiemb> I think they meant that by doing this, we have said that we trust the server.
[17:12:45] <robsiemb> following steps:
[17:12:51] <robsiemb> - blob media conversion (need document editor)
[17:13:10] <robsiemb> slide 10 btw
[17:13:27] <robsiemb> streaming media conversion - have approach, need new editor likely.
[17:13:34] <robsiemb> - update profile to wrap it all up.
[17:14:31] <robsiemb> (oh, in the discussion above, greg indicated that he intended the use case to be the user's key signs both "new text" and the blob already on the server).
[17:14:48] <robsiemb> slide 11
[17:14:51] <robsiemb> Goals phase 2
[17:15:11] <robsiemb> "The hard Parts" - intermediaries, bad it practices, the unknowns, update profile and wrap it up
[17:15:17] <robsiemb> er, bad IT practices
[17:16:10] <robsiemb> philip: reliable smtp delivery.
[17:17:09] <robsiemb> stephane: at the interim meeting we listed a large list of topics that needed to be addressed (filtering, views, compression/optimization of exchange, c2s notifications out of the imap band, etc)
[17:17:37] <cyrus_daboo> s2c not c2s
[17:18:30] <robsiemb> er, right
[17:19:25] <robsiemb> Glenn: how many are familar with what we discussed at the interim?
[17:20:10] <robsiemb> Glenn: I'd like a P2 goals document based off of the slides from the interim (on the lemonade site, but I missed grabbing the URL)
[17:21:57] <robsiemb> stephane: to summarize, the chair is asking that we produce the goals document? This isn't the first time I've asked for this, and it keeps getting pushed back. So we're really doing this now?
[17:22:26] <robsiemb> glenn (as chair): I'm asking for a document that is not yet a WG document. If the items are in the charter, we adopt it. If not, we use it as a basis for recharter.
[17:23:09] <robsiemb> Glenn: if we get agreement on the topics, we can progress them as individual contributions reviewed within the WG until we recharter, but I'd rather recharter at that point.
[17:23:31] <robsiemb> stephane: so if you just invite individual contributions, you'll get them (I'm volunteering!)
[17:23:52] <robsiemb> Dates: do we have buy-in for dates? if too busy, we need to know, if dates missed, we will replace you.
[17:24:28] <robsiemb> eric: we have to look at the threat of really wierd stuff like mail over SyncML
[17:25:10] <robsiemb> eric: if there are 5million not SMTP/IMAP clients out there, we become basicly irrelevant
[17:25:17] <robsiemb> slide 13 (summary of charter dates)
[17:26:30] <robsiemb> eric: at this point does anyone care about s2s notifications?
[17:26:32] <robsiemb> 3 hands go up
[17:26:42] <robsiemb> eric: ned was dancing up and down.
[17:27:02] <robsiemb> lisa: I could be roped into that as well.
[17:27:25] <robsiemb> stephane: we also discussed the possility that s2s and s2c could be merged into the same document in phase 2.
[17:27:32] <robsiemb> stephane: it could be a good idea.
[17:27:42] <robsiemb> chairs: consumers, when do you need it:
[17:27:45] <robsiemb> consumers: 9 months ago
[17:28:41] <robsiemb> slide 14: THANKS
[17:28:48] <robsiemb> greg: quick question
[17:29:24] <robsiemb> greg: we wanted to include language suggestion that servers must support TLS with compression. Phase 2, we wanted to contemplate object based stuff, but I wanted to be sure that I didn't have false memory.
[17:30:01] <robsiemb> eric: well, actually we're not too hot on TLS/null cipher to do compression, until we found out that many of the large objects are already compressed (data from Qualcomm).
[17:30:20] <robsiemb> e.g. 100MB jpeg, 500b of headres
[17:30:29] <robsiemb> er, 500B
[17:30:33] <randy> (we were hot on it until we realized the large objects are already compressed)
[17:30:51] <robsiemb> so, if you were to do compression it would need to be per body part, so we punted
[17:31:34] <robsiemb> randy: and further... when you ran everything over string compression (like TLS) you recover the 1/3 extra you had to pay to do the transfer encoding really. The profile should include BINARY.
[17:31:58] <robsiemb> The TLS usage could still be used to authenticate the server.
[17:32:18] <robsiemb> eric: punt does not mean "not address"
[17:32:27] <robsiemb> stephane: do we want a recommendation at this stage atleast?
[17:32:49] <robsiemb> chairs: We want a must for BINARY transfer encoding for both SMTP and IMAP.
[17:32:59] <robsiemb> chairs: send text to stephane to help with this.
[17:33:46] <robsiemb> stephane: thats fine, as long as we haven't completely punted compression
[17:33:48] <robsiemb> we're DONE
[17:34:09] * robsiemb has set the topic to: lemonade working group (Off Air)
[17:34:18] <robsiemb> next meeting is in paris (Aug).
[17:34:40] --- Barry Leiba has left
[17:35:16] <robsiemb> really done now.
[17:35:16] --- pguenther has left
[17:35:17] --- robsiemb has left: Disconnected
[17:35:22] --- resnick has left
[17:35:33] <GregWhite> I need to add a couple more issues from the Future Delivery WGLC in Dec, and we are going to need another WGLC, i think
[17:35:51] --- cyrus_daboo has left
[17:36:06] <Glenn> Are they significant isues or 'editorial'...
[17:36:20] <GregWhite> well, they were the ones i stated in the email --
[17:36:28] --- sunny27 has left: Disconnected
[17:36:44] <GregWhite> a security issue involving a DoS with minimum future delivery time
[17:36:57] --- dcrocker has left: Disconnected
[17:36:58] <GregWhite> and specifying error case replies...
[17:37:08] --- dbrashear has left: Disconnected
[17:37:35] <Glenn> Right.
[17:37:49] <Glenn> Just include, update draft and we'll do a IETF last call.
[17:38:19] <GregWhite> does this need to happen before nits review?
[17:39:07] <Glenn> BTW, Chris just sent more FD comments
[17:39:19] <GregWhite> to the list?
[17:39:24] <Glenn> Yes.
[17:39:33] <Glenn> PLease review and update the draft.
[17:39:36] <GregWhite> ok, i'll check 'em out...
[17:39:51] --- randy has left: Disconnected
[17:40:04] <Glenn> Then we'll see if another WG last call is required, or if we will just proceed to IETF last call.
[17:40:26] <GregWhite> i have changed a lot of stuff...check out the diff of the draft on the tools page...
[17:41:15] <Glenn> Philip Guenther will do your nits review
[17:41:44] <GregWhite> when do i need to have the updates in, and does this take priority over my other nits reviewing?
[17:42:10] <GregWhite> by the way, i'm still listening, so you can talk if you want...
[17:43:20] <GregWhite> yeah
[17:43:31] --- shmaes has left
[17:43:34] <GregWhite> not yet
[17:44:13] <GregWhite> good thing i'm unemployed...
[17:44:31] <GregWhite> now the audio is gone...
[17:44:50] <GregWhite> got it, fd first, nits after that...
[17:44:51] <GregWhite> later
[17:44:55] <Glenn> The audio connection is now shhut down
[17:45:02] <Glenn> BYe.
[17:45:04] --- GregWhite has left
[17:48:51] --- ohm has left
[17:53:02] --- tonyhansen has left: Disconnected
[17:59:48] --- ohm has joined
[17:59:59] --- ohm has left
[18:06:11] --- Glenn has left: Disconnected
[18:41:52] --- dcrocker has joined
[18:52:03] --- dcrocker has left
[19:31:45] --- randy has joined
[19:33:05] --- randy has left
[20:40:17] --- dbrashear has joined
[20:40:20] --- dbrashear has left