We still need a minute-taker for this meeting. Don't forget remote participants are eligible to serve as a notetaker! If you are able, please let us know.
", "time": "2022-07-28T20:00:16Z"}, {"author": "Randy Bush", "text": "inaudible
", "time": "2022-07-28T20:03:03Z"}, {"author": "Randy Bush", "text": "audible
", "time": "2022-07-28T20:03:26Z"}, {"author": "Nick Doty", "text": "thank you for translating the marketing language into the spec language :)
", "time": "2022-07-28T20:05:24Z"}, {"author": "Randy Bush", "text": "isn't IANA asking into which IANA register the paramaters go?
", "time": "2022-07-28T20:16:53Z"}, {"author": "Randy Bush", "text": "floor mic weak
", "time": "2022-07-28T20:18:34Z"}, {"author": "Rob Austein", "text": "floor mike inaudible
", "time": "2022-07-28T20:18:52Z"}, {"author": "Sofia Celi", "text": "hard to hear
", "time": "2022-07-28T20:18:57Z"}, {"author": "Alessandro Amirante", "text": "is the floor mike only that is inaudible? I'm reporting to the AV folks
", "time": "2022-07-28T20:22:30Z"}, {"author": "Steven Valdez", "text": "Do we need/want an extra status code somewhere for issuers/attesters to say that there's a system issue, and the client should stop using this Issuer/Attester combination for now?
", "time": "2022-07-28T20:22:37Z"}, {"author": "Jonathan Hoyland", "text": "At first glance proof of attestation failure seems the most attractive option?
", "time": "2022-07-28T20:22:43Z"}, {"author": "Sofia Celi", "text": "@Alessandro Amirante it was the floor mic
", "time": "2022-07-28T20:23:32Z"}, {"author": "Nick Doty", "text": "will multiple origin names lead to some privacy threats where an attacker can learn which other websites a user has visited?
", "time": "2022-07-28T20:25:18Z"}, {"author": "Martin Thomson", "text": "the dependency on CFRG drafts could be something that reviewers can raise during WGLC
", "time": "2022-07-28T20:25:59Z"}, {"author": "Steven Valdez", "text": "Multiple origin names would be specified by the origin, so isn't necessarily an indicator of the ones a client/user has visited.
", "time": "2022-07-28T20:26:28Z"}, {"author": "Christopher Wood", "text": "+1 to what Tommy says. CFRG shouldn't block things. We're basically ready for RGLC on those documents anyway.
", "time": "2022-07-28T20:26:47Z"}, {"author": "Nick Doty", "text": "@steven sure, I mean a more limited attack about colluding origins
", "time": "2022-07-28T20:27:02Z"}, {"author": "Randy Bush", "text": "@alessandro: yes, the mic from which the in-house audience speaks
", "time": "2022-07-28T20:27:10Z"}, {"author": "Randy Bush", "text": "@alessandro: i could hear rifaat. may be speaker distance from mic
", "time": "2022-07-28T20:28:35Z"}, {"author": "Sofia Celi", "text": "that will be ideal to have the VOPRF at last call at least
", "time": "2022-07-28T20:29:35Z"}, {"author": "Sofia Celi", "text": "the document is kinda ready
", "time": "2022-07-28T20:29:42Z"}, {"author": "Steven Valdez", "text": "@Nick Doty That's potentially mitigated by clients maintaining partitioning of origins to match their privacy/storage story. So if a.com tries asking for an a.com,b.com token. The client wouldn't let that context use a b.com token? Multiple origins are more relevant for multiple origins under the same site (subdomains/etc) for clients that have that sort of partitioning?
", "time": "2022-07-28T20:31:23Z"}, {"author": "Phillip Hallam-Baker", "text": "https://patents.google.com/patent/US7676546B2/en
\nMight affect the rate limiting piece. (I do not own this)
@steven I was considering if a.com asked for an a.com token and an a.com,b.com,c.com,d.com token and the latter token wasn't available, then a.com learns that the user has been to some number of those other sites
", "time": "2022-07-28T20:38:40Z"}, {"author": "Steven Valdez", "text": "A reasonable client could (and probably should) just always reject challenges that include origins that aren't in the partition for the current connection?
\n\"Clients MAY have further restrictions and requirements around validating when a challenge is considered acceptable or valid.\"
", "time": "2022-07-28T20:43:00Z"}, {"author": "Nick Doty", "text": "@steven maybe I simply don't understand the intended use case for multiple origin names. I'll read the document more closely and follow-up on list/github
", "time": "2022-07-28T20:46:23Z"}, {"author": "Sofia Celi", "text": "+1 to Nick
", "time": "2022-07-28T20:50:14Z"}, {"author": "Nick Doty", "text": "I think we have some homework to go to w3c antifraud cg to get more detail on how additionally helpful a rate-limit yes/no threshold will be to anti-fraud use cases
", "time": "2022-07-28T20:56:08Z"}, {"author": "Jonathan Hoyland", "text": "So you're suggesting the server _does_ post its key on Twitter?
", "time": "2022-07-28T20:57:02Z"}, {"author": "Matthew Finkel", "text": "Depends on which key you mean :)
", "time": "2022-07-28T20:57:57Z"}, {"author": "Jonathan Hoyland", "text": "Maybe a clients should use a Gossip protocol
", "time": "2022-07-28T20:59:32Z"}, {"author": "Jonathan Hoyland", "text": "all*
", "time": "2022-07-28T20:59:39Z"}, {"author": "Jonathan Hoyland", "text": "With a proof that they agree on the state of a distributed hash table of all the servers keys.
", "time": "2022-07-28T21:00:17Z"}, {"author": "Steven Valdez", "text": "Just stick it in CT and use its gossip protocol... :P
", "time": "2022-07-28T21:00:45Z"}, {"author": "Sofia Celi", "text": "put all in CT, why not
", "time": "2022-07-28T21:02:00Z"}, {"author": "Benjamin Kaduk", "text": "\n\nCT and use its gossip protocol
\n
The one that got abandoned and the WG closed?
", "time": "2022-07-28T21:02:38Z"}, {"author": "Christopher Wood", "text": "Gossip is not a real thing.
", "time": "2022-07-28T21:02:45Z"}, {"author": "Christopher Wood", "text": "(ducks)
", "time": "2022-07-28T21:02:52Z"}, {"author": "Benjamin Kaduk", "text": "I hear Chris Wood has amaaaaaazing thoughts on gossip.
", "time": "2022-07-28T21:03:12Z"}, {"author": "Christopher Wood", "text": "Hah!
", "time": "2022-07-28T21:03:18Z"}]