Minutes for APPSAWG at IETF-92
minutes-92-appsawg-2

Minutes from the APPSAWG/APPAREA joint meeting
March 23, 2015 — Dallas, TX

Meeting convened at 9:00am.

APPSAWG
~~~~~~~

Alexey (co-chair) gave an update on current document status and progress
since IETF 91.

Sean Leonard gave an update on the progress of the text/markdown documents.
As per list feedback, it’s been simplified drastically since its earlier
versions.  Sean feels it’s pretty much done, no outstanding issues.

There were no other active documents that needed in-person meeting time.

APPAREA
~~~~~~~

We had summaries of each APP area working group, new working groups that will
meet for the first time here, and BoFs scheduled for this meeting, as
follows:

PRECIS: Almost done and most documents through WGLC.  This week’s meeting is
expected to be short.

HTTPBIS: Finished HTTP 2, now in RFC Editor queue.  Other documents winding
up quickly.  Will soon be considering next steps, if any.

CALEXT: One document in RFC Editor queue.  Other two documents have been
adopted, expecting revisions this week.

WEBSEC: Key pinning is past AUTH48.  One dependency also in AUTH48.

JSON: We’re done!

TZDIST: Two drafts in progress, one is through WGLC, the other is an
extension and should be done soon.

ARCMEDIA: creating a new top-level media type. Received two reviews
privately.

SCIM: Pretty much done.

UTA: Finishing up first set of documents: attacks document out, BCP draft in
queue.  Now focusing on email.  Need people to help inform that discussion.
What, if anything, should we do about opportunistic security?  Asking for
participation.

EPPEXT: Meeting on Friday. Published one RFC which describes registry. Four
documents on extensions that should be ready for WG last call after this
meeting. Discussion about rechartering group to process candidates for
standards track extensions.

WEIRDS: Done; one IANA action remaining.  May be completed, and all documents
published, this week, so the WG can shut down.

DMARC: ISE (base) document has published.  Document about interoperability
issues is in progress.

PAWS: Was stuck in a MISSREF, waiting on a document from on PRECIS.  Now
unstuck.

HYBI: Final document still churning, ready to come to AD Review soon
(hopefully).

URNBIS: A lot of remote participation on this one this time.  Issue is
closing out main document.

New WGs:

PALS: Routing area, merger of two previous WGs.

TOKBIND: A lot of protocols use what amount to bearer tokens. Anyone who
gets a token by snooping data stream can reuse it elsewhere. This is coming
up with a shared secret with client that is bound to TLS session. This WG’s
work will add shared secrets to bearer tokens, e.g., cookies, to make them
harder to steal. Should be very interesting to apps.

BIER: Trying to make the multicast situation a bit better.

(no others were represented)

BoFs this week:

DOTS: DDoS Open Threat Signaling, a standard method using existing protocols
to exchange information about DDoS.

LUCID: Some issues being discovered about how normalization is used in
Unicode. Impact on IDNA and PRECIS. Purpose is to agree on scope of problem.
Expect to have Unicode people attending remotely. May involve revising both
IDNA and PRECIS.

SUPA: Something for APPS to think about. Idea is to have SDN controller that
application can control.  The intent is somewhere above the SDN controller.

ACME: Certificate enrollment for websites.  There have been other such
protocols before, we want to make sure this one works.

SPUD: Session Protocol for User Datagrams with a lot of application
interaction.

IESG Restructuring:

Applause for Pete Resnick, outgoing APP Area Director.  Further discussion
led by Barry:

We will be merging the APP and RAI areas.  In 2006, we split off RAI from
APP and TSV; we’re now undoing that and putting them back together.  We’ll
probably pick up some WGs from TSV, some stuff will kick over to SEC or to
OPS.  That’s the main visible change.  Proposed name for the merged is ART:
Applications and Real Time.  We may also have some WGs in ART that have
supervising ADs in other areas.

RTG is now the largest area in terms of WG workload, so we asked the NomCom
to seat a third AD.

Dave Crocker: About having a supervising AD from a different area: What does
it mean to be in an area when your AD is from outside?

Barry: Has to do with distributing workload and resolution of scheduling
issues.

Pete Resnick: We’ve seen in the past where an AD had a “Technical Advisor”
from another area.  This has sometimes ended up with an AD that really does
most of the work, but can’t actually push any of the buttons.  We want to
enable that.

Dave: It’s interesting to see the IESG move toward matrix management.

Pete: It does make people cringe, but it seems to work.

Cullen Jennings: It seems to make sense, but it causes a lot of confusion
for people from outside.  We may as well make lots of changes at once, so we
should fix TSV at the same time we’re making all of these other changes.

Pete: TSV is pretty much next on the list; there’s active work trying to get
that sorted out.

Barry: Also, Alissa Cooper is out on leave until June, so none of
this is actually going to happen until she’s back.  We will finalize all
these plans at the IAB-IESG retreat in May.  We may have the TSV sorted out
by then too.

Larry (via jabber): What happens to AppsDir?

Barry: We plan to figure out at the retreat how to specify the required
expertise at the retreat.

Discussion of APPSAWG’s future:

Barry: APPSAWG would better serve us by forking off small, tightly-focused
working groups rather than doing work itself.  APPSAWG will continue doing
truly simple documents.

Dave Crocker: The original reason for APPSAWG is because spinning up a WG is
expensive.  Isn’t that still a problem?

Barry: We have gotten better at this.  Rather than spending months to a year
beginning to do work, we can do it in a few weeks now.  IMAPMOVE was a prime
example.

Eliot Lear: I chair two of the short-lived WGs.  They haven’t been as
short-lived as we’d like.  However, TZDIST is never actually going to meet.

Dave: Pete is half of the team that’s gotten good at this, but he’s leaving.
Also, this new talent isn’t documented anywhere.  Without it, we’ll tend
back toward bureaucracy rather than efficiency.

Barry: Right now it’s only documented in the IESG Wiki.  We can make it into
a BCP the way the DISPATCH BCP was.  We could also have WG charters simply
refer to the DISPATCH BCP.

Cullen: We need more execution rather than more documentation.

Presentation: IAB SEMI Workshop update (see slides)

SPUD put policy information into a UDP-based protocol with
standard libraries.  Insecure prototype in draft-hildebrand-spud
prototype; take a look but don't implement it.  Also drafts on use cases
and relation to DTLS.  HOPS, measuring middlebox impairment, sharing data. 
Bar-BoF was well attended.  Related to IAB Stack Evolution program and TAPS WG.

Presentation: CBOR/CDDL update (see slides)

Prototype description language for CBOR and maybe JSON.

Joe Hildebrand: Will JSON WG review this?

Barry: JSON WG will close, but the mailing list will continue.

Carsten: I think we need a different list for CBOR.

(unknown): CBOR work seems to be spread across several WGs.  Should we make
a single WG and merge it all?

Barry: I can make a non-WG mailing list for this.  I’ll go do that now.

Presentation: Protecting the Message Header using OpenPGP (see slides)

Sign or encrypt headers like From:, Subject:, etc.  Make header and body
into two sections, wrap and sign or encrypt.

Presentation: Privacy-Oriented Email (see slides)

Multilayer blinding of mail messages to limit information leakage.
Details at http://darkmail.info/

Presentation: Outbound Port 25 blocking for dynamic IP Addresses (see slides)

Formalize port 25 blocking advice, use 587 for submission, refer to
various RFCs.

Any Other Business/Open Mic:

Discussion of DANE and other WGs that touch APP topics; how can we get
our expertise into them before the last minute?

Eliot Lear, chair of new AppsDir: Please agree to be APP reviewer!

With no other business before the chairs, the meeting was adjourned at 11:20am.