[{"author": "Lorenzo Miniero", "text": "

Hey Olle!

", "time": "2022-11-09T09:31:05Z"}, {"author": "Richard Barnes", "text": "

i hope everyone remembered to watch La Boh\u00e8me in preparation

", "time": "2022-11-09T09:32:18Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes I saw it at Covent Garden on Saturday.

", "time": "2022-11-09T09:34:06Z"}, {"author": "Phillip Hallam-Baker", "text": "

What do you call a La Boheme/La Triviata double bill?
\nConspicuous consumption!

", "time": "2022-11-09T09:34:46Z"}, {"author": "Richard Barnes", "text": "

Excellent, PHB, good work!

", "time": "2022-11-09T09:35:24Z"}, {"author": "Richard Barnes", "text": "

I have read the problem statement draft

", "time": "2022-11-09T09:36:01Z"}, {"author": "Phillip Hallam-Baker", "text": "

Why the heck do people think digital signatures have anything to do with user authentication? They are used to build PKIs but they have absolutely no place in a user auth protocol unless non repudiation is an explicit goal.

", "time": "2022-11-09T09:38:59Z"}, {"author": "Ted Hardie", "text": "

The \"Adium way\", as those of us with memories of libpurple would say.

", "time": "2022-11-09T09:39:51Z"}, {"author": "Richard Barnes", "text": "

@PHB: You can't authenticate users to users with bearer tokens. You need signatures to \"sender constrain\" the credentials users present, so that they can't be replayed

", "time": "2022-11-09T09:39:55Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes Nope

", "time": "2022-11-09T09:40:13Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes Alice makes ElGamal encryption challenge to Bob, Bob makes challenge to Alice, session key is from a KDF over both results.

", "time": "2022-11-09T09:42:52Z"}, {"author": "Richard Barnes", "text": "

@PHB Asymmetric keys in any case. Also that doesn't really work in a non-interactive setting, like messaging. Also, we usually say \"HPKE\" for encryption to a public key these days ;)

", "time": "2022-11-09T09:44:54Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes Asymmetric keys certainly. But NOT signature keys. We should not provide non repudiable proof that Alice was in the conversation because that is itself a serious breach. \"We kill people based on metadata\"

", "time": "2022-11-09T09:46:13Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes You have just resolved an issue for me: How is Instant Messaging different from chat. Thanks

", "time": "2022-11-09T09:47:45Z"}, {"author": "Jonathan Lennox", "text": "

It's only a Bakeoff while we're here in the UK, otherwise it's a Baking Show.

", "time": "2022-11-09T09:51:35Z"}, {"author": "Stephen Farrell", "text": "

I didn't get what\"defined elsewhere\" meant on the prev slide

", "time": "2022-11-09T09:52:07Z"}, {"author": "Olle Johansson", "text": "

In other wg

", "time": "2022-11-09T09:52:40Z"}, {"author": "Phillip Hallam-Baker", "text": "

This conversation appears to be driven by the concerns of the incumbent messaging providers looking to achieve minimal compliance with regulation so of course, they have a gateway model.
\nThat is what we did in the early email world, gateways everywhere. That is why Sendmail is so complex.
\nBut once users of system A can talk to system B, there is no value in the proprietary protocol and it is simplest for everyone to move to a single standard.

", "time": "2022-11-09T09:52:56Z"}, {"author": "Nick Doty", "text": "

connection requests that are accepted by a user prior to communicating is one step towards addressing abuse

", "time": "2022-11-09T09:53:10Z"}, {"author": "Alissa Cooper", "text": "

The identity building blocks used will not be defined in this WG.

", "time": "2022-11-09T09:53:16Z"}, {"author": "Nick Doty", "text": "

-1 to any interpretation that we'll handle spam and abuse later

", "time": "2022-11-09T09:54:21Z"}, {"author": "Stephen Farrell", "text": "

I guess I'm not sure how a building block might look

", "time": "2022-11-09T09:54:44Z"}, {"author": "Nick Doty", "text": "

that was a helpful overview, thanks

", "time": "2022-11-09T09:54:52Z"}, {"author": "Olle Johansson", "text": "

Is the target open federation a la xmpp or is it by regulated rulesets

", "time": "2022-11-09T09:54:55Z"}, {"author": "Markus Stenberg", "text": "

I don't understand where the assumption that this will go anywhere comes from. e.g. XMPP was good enough (and for that matter secure IRC variants too), but commercial realities lead to worse solutions and while charter had some arguments about european(?) push for federation, I don't still see concrete reason for optimism.

", "time": "2022-11-09T09:57:07Z"}, {"author": "Olle Johansson", "text": "

Pressure from the EU is one of the reasons, as covered in the introduction

", "time": "2022-11-09T09:58:20Z"}, {"author": "Olle Johansson", "text": "

Users should control their own metadata

", "time": "2022-11-09T10:01:17Z"}, {"author": "Vittorio Bertola", "text": "

It is not \"push\" or \"pressure\", interoperable messaging is legally mandatory to implement in Europe under a timeframe of 1 to 4 years, for anyone being defined as a gatekeeper (e.g. Meta, Apple and Google). Then, of course, these companies may choose not to use any IETF standard but do their own thing, or just resist the law.

", "time": "2022-11-09T10:02:07Z"}, {"author": "Daniel Petrie", "text": "

White list or black list services

", "time": "2022-11-09T10:02:09Z"}, {"author": "Stephen Farrell", "text": "

I think I heard rohan and matthew saying quite different things just there about who controlled that policy

", "time": "2022-11-09T10:02:27Z"}, {"author": "Fannys Bampaloukas", "text": "

yeah it seems like its not clear how users would control the metadata yet in the wg

", "time": "2022-11-09T10:03:10Z"}, {"author": "Pete Resnick", "text": "

When we get to the charter, make sure that it's clear enough the wg will need to address that.

", "time": "2022-11-09T10:03:48Z"}, {"author": "Pete Resnick", "text": "

@ekr: Is that something that needs to be baked into the charter, or something that should be addressed by the wg once chartered?

", "time": "2022-11-09T10:05:53Z"}, {"author": "Jonathan Lennox", "text": "

E-mail interoperates, but you need to know that my e-mail address is at gmail.

", "time": "2022-11-09T10:06:24Z"}, {"author": "Nick Doty", "text": "

we might start talking about what server rather than which silo'd service, but yes, you'd still need a way to know where to find them and send messages to them

", "time": "2022-11-09T10:07:35Z"}, {"author": "Markus Stenberg", "text": "

Global directory sounds unrealistic and undesirable due to abuse.

", "time": "2022-11-09T10:07:37Z"}, {"author": "Eric Rescorla", "text": "

@Jonathan Lennox correct, btut you don't need a table for \"this is how you talk to gmail\" that gets updated if Facebook introduces Facebook mail

", "time": "2022-11-09T10:08:05Z"}, {"author": "Olle Johansson", "text": "

We've discussed global directories since the dawn of the net

", "time": "2022-11-09T10:08:48Z"}, {"author": "Eric Rescorla", "text": "

Well, we in fact have a global directory, which maps domain names onto other things

", "time": "2022-11-09T10:10:29Z"}, {"author": "Ted Hardie", "text": "

I think there is an incentive question here. If Rafael@Signal wants to talk to Uriel@mastodon, but neither has a link to the other, there must be a server-based interchange between the two. The DMA covers the incentives for the gatekeepers, but do we expect that you'd be able to pass from one service to another via a 3rd? Or are we expecting voluntary gateway operation in each of these cases?

", "time": "2022-11-09T10:10:47Z"}, {"author": "Eric Rescorla", "text": "

We do not have a global directory for users, but it's not like inconceivable

", "time": "2022-11-09T10:10:47Z"}, {"author": "Brendan Moran", "text": "

I may have missed something in the presentation. Is there a fundamental assumption that the message encapsulation is interoperable?

", "time": "2022-11-09T10:10:58Z"}, {"author": "Eric Rescorla", "text": "

@Brendan Moran yes

", "time": "2022-11-09T10:11:06Z"}, {"author": "Eric Rescorla", "text": "

Otherwise E2E doesn't work, which I imagine is where you are going

", "time": "2022-11-09T10:11:20Z"}, {"author": "Nick Doty", "text": "

migration and forwarding of messages both seem important for functional interoperability

", "time": "2022-11-09T10:11:55Z"}, {"author": "Brendan Moran", "text": "

@Eric Rescorla Correct. I don't believe that the \"gatekeeper\" services are using the same encapsulation today. Why would they switch?

", "time": "2022-11-09T10:12:03Z"}, {"author": "Richard Barnes", "text": "

Agree that portability doesn't seem like primary scope, but might benefit as a side effect of more interop

", "time": "2022-11-09T10:12:04Z"}, {"author": "Olle Johansson", "text": "

\"Oh, my elephant chat service introduced 3d messaging in 4th dimensions space. You need to join here because I can only message you using an old keyboard\"

", "time": "2022-11-09T10:12:16Z"}, {"author": "Ted Hardie", "text": "

Email has no presence, right?

", "time": "2022-11-09T10:12:53Z"}, {"author": "Olle Johansson", "text": "

Precense is more and more fading out in the background

", "time": "2022-11-09T10:12:58Z"}, {"author": "Eric Rescorla", "text": "

iMessage doesn't do presence

", "time": "2022-11-09T10:13:09Z"}, {"author": "Eric Rescorla", "text": "

Wire doesn't

", "time": "2022-11-09T10:13:11Z"}, {"author": "Richard Barnes", "text": "

i don't think WhatsApp does (?)

", "time": "2022-11-09T10:13:30Z"}, {"author": "Eric Rescorla", "text": "

@Brendan Moran I think the assumption is that it will be the easiest way to address the requirements of the DMA

", "time": "2022-11-09T10:13:57Z"}, {"author": "Olle Johansson", "text": "

Not another SIMPLE, I personally consider precedes out of scope

", "time": "2022-11-09T10:14:10Z"}, {"author": "Graham Klyne", "text": "

@Eric Rescorla my iMessager has features that show counterparty activity, which seems like presence to me?

", "time": "2022-11-09T10:14:21Z"}, {"author": "Richard Barnes", "text": "

@Graham do you mean things like read receipts? that's different

", "time": "2022-11-09T10:14:47Z"}, {"author": "Markus Stenberg", "text": "

read notifications / typing notifications are bit different.

", "time": "2022-11-09T10:14:53Z"}, {"author": "Eric Rescorla", "text": "

@Graham Klyne both read receipts and typing are different

", "time": "2022-11-09T10:14:56Z"}, {"author": "Olle Johansson", "text": "

A PTR DNS record for the fingerprint of PHB's key that points to his preferred service? ENUM?

", "time": "2022-11-09T10:15:10Z"}, {"author": "A.J. Beal", "text": "

I think presence really only makes sense in organizational chats where calander management is also a part of the application - Teams, Slack, etc.. different from basic IM

", "time": "2022-11-09T10:15:17Z"}, {"author": "Graham Klyne", "text": "

@Eric Rescorla No, I mean things like showing the other user is typing a response

", "time": "2022-11-09T10:15:26Z"}, {"author": "Brendan Moran", "text": "

@Eric Rescorla Thanks for the clarification.

", "time": "2022-11-09T10:15:28Z"}, {"author": "Nick Doty", "text": "

I think we need presence of the kind \"I no longer use this service\"

", "time": "2022-11-09T10:15:28Z"}, {"author": "Richard Barnes", "text": "

@Nick isn't that just like \"404\"?

", "time": "2022-11-09T10:15:49Z"}, {"author": "Markus Stenberg", "text": "

+1 for mandatory autoreply feature ('please use wignal to contact me')

", "time": "2022-11-09T10:16:03Z"}, {"author": "Olle Johansson", "text": "

Maybe a redirect, 302 => Find me at this account in another service

", "time": "2022-11-09T10:16:13Z"}, {"author": "Nick Doty", "text": "

@rlb, yeah, it could be very easy (maybe 410 rather than 404)

", "time": "2022-11-09T10:16:18Z"}, {"author": "Olle Johansson", "text": "

603 don't ever contact me again.

", "time": "2022-11-09T10:16:48Z"}, {"author": "Fannys Bampaloukas", "text": "

yeah migration, like direction and stuff should be part of portability imo

", "time": "2022-11-09T10:16:52Z"}, {"author": "Fannys Bampaloukas", "text": "

redirection*

", "time": "2022-11-09T10:17:06Z"}, {"author": "Andrew Sullivan", "text": "

really wishing for a global 603 response code these days.

", "time": "2022-11-09T10:17:39Z"}, {"author": "Pete Resnick", "text": "

I like marshmallows.

", "time": "2022-11-09T10:17:47Z"}, {"author": "Olle Johansson", "text": "

Any special requirements for chatbot services?

", "time": "2022-11-09T10:18:00Z"}, {"author": "Brendan Moran", "text": "

Delicious identity

", "time": "2022-11-09T10:18:02Z"}, {"author": "Harald Alvestrand", "text": "

either we need to have universal lookup (provider independent ID -> provider + provider-dependent ID) or we need to have the ability to leave breadcrumbs behind (proivder dependent ID -> provider dependent ID). Like you do in the postal system.

", "time": "2022-11-09T10:18:05Z"}, {"author": "Eric Rescorla", "text": "

Fluffy is unfortunately not end-to-end

", "time": "2022-11-09T10:18:10Z"}, {"author": "Richard Barnes", "text": "

Fluffy is merely an end

", "time": "2022-11-09T10:19:13Z"}, {"author": "Britta Hale", "text": "

Fluffy is many ends....

", "time": "2022-11-09T10:19:44Z"}, {"author": "Britta Hale", "text": "

with static

", "time": "2022-11-09T10:20:20Z"}, {"author": "Eric Rescorla", "text": "

This seems like a fundamental debate between Rohan and Fluffy

", "time": "2022-11-09T10:20:41Z"}, {"author": "Murray Kucherawy", "text": "

Jon pacing in the background as Fluffy is talking on camera just looks ominous.

", "time": "2022-11-09T10:20:43Z"}, {"author": "Nick Doty", "text": "

I think phone numbers are a special historical case where the service/scope is implicit (\"I'm 867-5309\" is \"I'm 867-5309 @ POTS\")

", "time": "2022-11-09T10:21:55Z"}, {"author": "Vittorio Bertola", "text": "

Well, you could also be <phone_number>@Whatsapp, or @Telegram

", "time": "2022-11-09T10:22:38Z"}, {"author": "Vittorio Bertola", "text": "

the namespace is clear, but not the service

", "time": "2022-11-09T10:22:53Z"}, {"author": "Richard Barnes", "text": "

@Nick unfortunately POTS ceased to be a unitary service a while ago

", "time": "2022-11-09T10:23:34Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Nick Doty Problem with phone numbers is that despite the fact that using them is stupid on a stick, they are used in Signal and many other messaging systems as the user identifier (which is one reason I don't plan to use Signal once there is an alternative).

", "time": "2022-11-09T10:23:45Z"}, {"author": "Brendan Moran", "text": "

I'm concerned about inter-service identity. There may be services that are less effective at identity management, which leads to spamming/impersonation problems across services. The interop from a \"good\" service to a \"bad\" service, allows attacks on the \"bad\" service to affect users of the \"good\" service.

", "time": "2022-11-09T10:23:59Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Richard Barnes not so unfortunate...

", "time": "2022-11-09T10:24:02Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Brendan Moran People think I am protecting my code but... that concern is exactly the reason I took the approach I have. We really can't depend on services to manage identity.

", "time": "2022-11-09T10:25:31Z"}, {"author": "Nick Doty", "text": "

https://github.com/coopdanger/ietf-wg-mimi/blob/main/charter.md

", "time": "2022-11-09T10:26:52Z"}, {"author": "Harald Alvestrand", "text": "

if you think phone numbers are simple, consider +886.

", "time": "2022-11-09T10:27:44Z"}, {"author": "Olle Johansson", "text": "

Read-only \"channels\" - message streams - are not included. I personally have no problem with that, but it seems popular in some systems.

", "time": "2022-11-09T10:27:45Z"}, {"author": "Phillip Hallam-Baker", "text": "

'identity' is a terrible term because nouns the verb. What we really mean is user identification. My twitter handle is not my identity. Nor is my public key. They are means of identifying me.

", "time": "2022-11-09T10:28:59Z"}, {"author": "Phillip Hallam-Baker", "text": "

The charter could have a word reduction, \"with related working groups as needed\" -> \"with related working groups\"

", "time": "2022-11-09T10:30:19Z"}, {"author": "Richard Barnes", "text": "

@PHB the way we are using \"identity\" here is simply \"authenticating that the cryptographic key legitimately represents a non-cryptographic identifier\"

", "time": "2022-11-09T10:30:27Z"}, {"author": "Markus Stenberg", "text": "

The assumption that there is also any way to look me up based on some key on different services is amusing; e.g. my discord identity does not have my real name, my twitter handle is something weird, and only Signal has my phone number (that I know of).

", "time": "2022-11-09T10:30:32Z"}, {"author": "Olle Johansson", "text": "

This group should not discuss replacing SDP.

", "time": "2022-11-09T10:30:35Z"}, {"author": "Markus Stenberg", "text": "

While I can provide those links (if I feel like it), any assumption that 'the cloud' knows it is more alarming than reassuring.

", "time": "2022-11-09T10:31:24Z"}, {"author": "Brendan Moran", "text": "

How will the WG handle government requirements for inspection of message content?

", "time": "2022-11-09T10:32:05Z"}, {"author": "Fannys Bampaloukas", "text": "

yeah. also it seems to be missing the consent factor from the use that is being communicated

", "time": "2022-11-09T10:32:11Z"}, {"author": "Murray Kucherawy", "text": "

Is that a current requirement?

", "time": "2022-11-09T10:32:32Z"}, {"author": "Richard Barnes", "text": "

@Markus i think the assumption is the other way around, that if an identifier is used across services (e.g., a phone number), then you can discover which services it exists on

", "time": "2022-11-09T10:32:44Z"}, {"author": "Brendan Moran", "text": "

Brendan Moran said:

\n
\n

How will the WG handle government requirements for inspection of message content?

\n
\n

Not a current requirement but it's been tried several times. There have been several notable attempts at client-side inspection. I don't know what will happen going forward; but there's an obvious question of whether it will come up again going forward.

", "time": "2022-11-09T10:34:43Z"}, {"author": "Richard Barnes", "text": "

@Brendan that seems like a question for implementors, not the WG

", "time": "2022-11-09T10:35:53Z"}, {"author": "Brendan Moran", "text": "

@Richard Barnes If it's client-side, sure.

", "time": "2022-11-09T10:38:09Z"}, {"author": "Olle Johansson", "text": "

We may be naive to think that there will be one global federation where one can join without having to sign contracts with the big players.

", "time": "2022-11-09T10:38:52Z"}, {"author": "Olle Johansson", "text": "

I want to believe though

", "time": "2022-11-09T10:39:11Z"}, {"author": "Britta Hale", "text": "

\"may investigate and develop\" indicates that this is not a hard requirement for the WG

", "time": "2022-11-09T10:41:38Z"}, {"author": "Brendan Moran", "text": "

IMHO, discovering identifier-service pairs by identifier is a recipe for impersonation

", "time": "2022-11-09T10:43:13Z"}, {"author": "Olle Johansson", "text": "

If SMS is one of the systems in scope, we have a lot of issues to solve. Number portability, routing in both directions and possibly more

", "time": "2022-11-09T10:43:31Z"}, {"author": "Jim Fenton", "text": "

Are we discussing the charter in general now, or just pull requests?

", "time": "2022-11-09T10:44:23Z"}, {"author": "Andrew Sullivan", "text": "

I think the idea was to deal with the PRs first, and still in that.

", "time": "2022-11-09T10:44:40Z"}, {"author": "Murray Kucherawy", "text": "

Seems a mix of both really.

", "time": "2022-11-09T10:44:46Z"}, {"author": "Richard Barnes", "text": "

@Brendan i think the model here is like DNS+PKI -- discover the connection point, then confirm that the connected entity is the identified entity

", "time": "2022-11-09T10:44:49Z"}, {"author": "Olle Johansson", "text": "

\"My twitter handle is not my identity\" - PHB \"It's mine\" - EKR

", "time": "2022-11-09T10:45:04Z"}, {"author": "Andrew Sullivan", "text": "

@Richard Barnes increasingly terrified that we are creating a new business case for the .name people

", "time": "2022-11-09T10:45:29Z"}, {"author": "Richard Barnes", "text": "

@Andrew you mean the .eth people?

", "time": "2022-11-09T10:46:02Z"}, {"author": "Brendan Moran", "text": "

@Richard Barnes I'd rather have dns-sec.

", "time": "2022-11-09T10:46:04Z"}, {"author": "Andrew Sullivan", "text": "

@Richard Barnes The Bad Idea Fairy never sleeps.

", "time": "2022-11-09T10:46:39Z"}, {"author": "Richard Barnes", "text": "

it's early enough in this time zone that trolling is basically the only contribution i can muster

", "time": "2022-11-09T10:47:04Z"}, {"author": "Murray Kucherawy", "text": "

Keeps us on track.

", "time": "2022-11-09T10:47:23Z"}, {"author": "Nick Doty", "text": "

+1, I'm not sure \"express\" is a useful addition in this case to \"user preferences\"

", "time": "2022-11-09T10:47:41Z"}, {"author": "Richard Barnes", "text": "

+1 Nick

", "time": "2022-11-09T10:47:54Z"}, {"author": "Vittorio Bertola", "text": "

@Olle Johansson no, SMS is not in scope (at least in regulatory terms) because in Europe it is not considered a number-independent interpersonal communication service (which is how IM is called)

", "time": "2022-11-09T10:48:05Z"}, {"author": "Brendan Moran", "text": "

@Richard Barnes The problem I see is that PKI doesn't help. You don't know the public key of $person, nor which CA signed their key. You know an identifier for $person. You reach out to the oracle and it gives you three choices, on three services. You naively assume that they're the same person on three services. They are not.

", "time": "2022-11-09T10:48:16Z"}, {"author": "Richard Barnes", "text": "

@Brendan you reach out to the DNS oracle, you get 3 IP addresses. You don't know that any of them are legit until you make the TLS connection and get a cert.

", "time": "2022-11-09T10:49:36Z"}, {"author": "Richard Barnes", "text": "

(arguably even with DNSSEC)

", "time": "2022-11-09T10:49:42Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Brendan Moran be specific, are you saying someone types in 'Brendan Moran' and gets back three hits, \"@brendan\", or '617 666 1234'

", "time": "2022-11-09T10:49:46Z"}, {"author": "Eric Rescorla", "text": "

https://github.com/coopdanger/ietf-wg-mimi/pull/10

", "time": "2022-11-09T10:50:28Z"}, {"author": "Nick Doty", "text": "

chairs, are we discussing the existing PRs, or the charter in general? or can we get our topic on the q now by opening more PRs in real-time?

", "time": "2022-11-09T10:52:31Z"}, {"author": "Harald Alvestrand", "text": "

One (MLS) identifier to rule them all, one identifier to bind them.....

", "time": "2022-11-09T10:52:38Z"}, {"author": "Richard Barnes", "text": "

EKR PR LGTM

", "time": "2022-11-09T10:52:43Z"}, {"author": "Brendan Moran", "text": "

@Phillip Hallam-Baker these are each interesting options, with interesting problems, but just look at 1). Try googling my name. The results are entertaining. Searching for me via this oracle would be almost certain to yield the wrong result.

", "time": "2022-11-09T10:52:45Z"}, {"author": "Phillip Hallam-Baker", "text": "

On discovery: I don't think this is a problem that the EU is demanding we solve. What they are demanding we solve is a mechanism that allows Alice who already knows Bob to interact.

", "time": "2022-11-09T10:53:33Z"}, {"author": "Brendan Moran", "text": "

Fully agree @Phillip Hallam-Baker yes please.

", "time": "2022-11-09T10:54:05Z"}, {"author": "Richard Barnes", "text": "

Reminder that DMA is not the only motivation for this work.

", "time": "2022-11-09T10:54:27Z"}, {"author": "Richard Barnes", "text": "

Actually solving problems for users is also important :)

", "time": "2022-11-09T10:54:38Z"}, {"author": "Nick Doty", "text": "

+100 rlb

", "time": "2022-11-09T10:54:38Z"}, {"author": "Markus Stenberg", "text": "

I have wondered about this from the time I saw the BOF on agenda, but is this even going to happen in DMA timeframe?

", "time": "2022-11-09T10:55:10Z"}, {"author": "Stephen Farrell", "text": "

if the word \"identity\" in the charter text is meant to only mean cryptographic materials then that wasn't clear to me as a reader, just saying so somewhere should fix

", "time": "2022-11-09T10:55:39Z"}, {"author": "Andrew Sullivan", "text": "

I would like to observe that reducing a hard problem to \"just use URIs\" doesn't seem to be a huge improvement.

", "time": "2022-11-09T10:56:09Z"}, {"author": "Eric Rescorla", "text": "

I think we should use the word \"identifier\"

", "time": "2022-11-09T10:56:18Z"}, {"author": "Richard Barnes", "text": "

@sftcd - cryptographic identifiers are not sufficient, we need the ability to authenticate non-cryptographic identifiers

", "time": "2022-11-09T10:56:30Z"}, {"author": "Eric Rescorla", "text": "

And then the job of the authentication system is to bind the non-cryptographic identifier (NCIs!) to keying material

", "time": "2022-11-09T10:56:47Z"}, {"author": "Stephen Farrell", "text": "

@rlb: sure, I was only commenting on teriminology

", "time": "2022-11-09T10:57:01Z"}, {"author": "Stephen Farrell", "text": "

fwiw, I agree with ekr on \"identifier\"

", "time": "2022-11-09T10:57:35Z"}, {"author": "Ted Hardie", "text": "

https://github.com/coopdanger/ietf-wg-mimi/pull/12 is a first attempt at resolving the issue I raised, but I may want to re-write later when I'm not split attention.

", "time": "2022-11-09T10:57:58Z"}, {"author": "Graham Klyne", "text": "

I was thinking the charter as drafted (before ekr PR) did not include \"discovery\". But I'm also hearing there may be different kinds of \"discovery\" - maybe need to be clear(er) what is meant?

", "time": "2022-11-09T10:58:21Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Andrew Sullivan This is a charter discsussion though. What I said was really 'that is the hard problem we call URIs'.

", "time": "2022-11-09T10:59:47Z"}, {"author": "Andrew Sullivan", "text": "

@Phillip Hallam-Baker Ah, I get it. Never mind.

", "time": "2022-11-09T11:01:30Z"}, {"author": "Richard Barnes", "text": "

STAY AT THE MIC

", "time": "2022-11-09T11:02:23Z"}, {"author": "Eric Rescorla", "text": "

If people prefer to remove \"Express and implied\" I can obviously create a PR

", "time": "2022-11-09T11:02:29Z"}, {"author": "Harald Alvestrand", "text": "

wrt application vs service - Rohan and I had a small discussion after my comment - it's clear that we have different images on how messaging services are going to work when one user has multiple clients.

", "time": "2022-11-09T11:02:29Z"}, {"author": "Phillip Hallam-Baker", "text": "

Thing about this WG is that we are discussing all the hard problems and 90% of the material we need is not hard at all. I really do not care what the format for a short rich text message is, just as long as it is reasonably functional (bold, emojis) and not using a new or insane syntax (i.e. pick markdown or XML, don't do a new thing). And that is doing a vast amount of the heavy lifting required.

", "time": "2022-11-09T11:03:00Z"}, {"author": "Eric Rescorla", "text": "

I tend to agree with Harald that \"service\" is the right term, though it seems like the kids today think of \"apps\" which have service components

", "time": "2022-11-09T11:03:01Z"}, {"author": "Richard Barnes", "text": "

+1 ekr

", "time": "2022-11-09T11:04:52Z"}, {"author": "Nick Doty", "text": "

per another conversation on the list, maybe we should refer to \"privacy\" rather than listing every particular dimension of preferences about data processing

", "time": "2022-11-09T11:04:53Z"}, {"author": "Brendan Moran", "text": "

@Nick Doty Sounds good to me.

", "time": "2022-11-09T11:05:11Z"}, {"author": "Vittorio Bertola", "text": "

@Nick Doty yes, \"privacy preferences\" would also work

", "time": "2022-11-09T11:05:20Z"}, {"author": "Harald Alvestrand", "text": "

about 15 years ago, most of the IM landscape switched from \"you're currently running a chat between A on THIS device and B on THAT device\" to \"you're currently running a chat between A and B, A has it showing on THIS device and THOSE devices, B has it showing on THAT device and THESE devices\", and the existence of the devices (which may be different apps) were never communicated between A and B.

", "time": "2022-11-09T11:05:20Z"}, {"author": "Ted Hardie", "text": "

If \"go there\" also means via a gateway service which might be resident on something like an anycast server, expecting the user to have preferences about this is odd.

", "time": "2022-11-09T11:05:21Z"}, {"author": "Richard Barnes", "text": "

i think it's important to call out at least the discovery / reachability aspects here.

", "time": "2022-11-09T11:05:23Z"}, {"author": "Graham Klyne", "text": "

\"User preferences (however determined)\"? (avoids \"express\" vs \"implied\", but also avoids tacit preferences?)

", "time": "2022-11-09T11:05:37Z"}, {"author": "Eric Rescorla", "text": "

I could live with @Nick Doty's proposal

", "time": "2022-11-09T11:05:39Z"}, {"author": "Richard Barnes", "text": "

other aspects of privacy can be handled elsewhere

", "time": "2022-11-09T11:05:40Z"}, {"author": "Andrew Sullivan", "text": "

It is possibly worth considering that the charter has a semi-political consequence and appears to be making commitments that others in or even outside the IETF will think the WG is committing to solving. I think what Jon Peterson has been trying to get at in his mic comments is on the right track about this.

", "time": "2022-11-09T11:05:42Z"}, {"author": "Nick Doty", "text": "

maybe we can get to the spam conversation if we ever stop talking about the current PRs

", "time": "2022-11-09T11:06:17Z"}, {"author": "Phillip Hallam-Baker", "text": "

This is the wrong name. Introduction should be Authorization. This part of the system is actually access control

", "time": "2022-11-09T11:07:56Z"}, {"author": "Andrew Sullivan", "text": "

I think the idea that people have a clear idea of what their implicit or even tacit assumptions are is dangerous, and I don't think the charter had better have language in it that promises to solve such preference-sharing

", "time": "2022-11-09T11:09:03Z"}, {"author": "Harald Alvestrand", "text": "

@Graham Klyne user preferences usually come in 3 groups:

\n", "time": "2022-11-09T11:09:13Z"}, {"author": "Graham Klyne", "text": "

@Phillip Hallam-Baker Hmmm.. I'm hearing something like introduction = service discovery + authorization ?

", "time": "2022-11-09T11:09:33Z"}, {"author": "Nick Doty", "text": "

can we move on to discuss other parts of the charter?

", "time": "2022-11-09T11:10:16Z"}, {"author": "Richard Barnes", "text": "

+1 Nick

", "time": "2022-11-09T11:10:23Z"}, {"author": "A.J. Beal", "text": "

I'd say users inherit a set of default \"user preferences\" from their platform. If they tune them themselves (which they should, and the option needs to be available) then it is a matter of them explicitly expressing them but in either case it's \"user preference\"

", "time": "2022-11-09T11:10:43Z"}, {"author": "Mallory Knodel", "text": "

@A.J. Beal it is more than that. Jon is saying you inherit default user preference settings but you also inherit what the platform does that it doesn\u2019t ask your opinion about.

", "time": "2022-11-09T11:12:18Z"}, {"author": "Mallory Knodel", "text": "

It would be a positive outcome if MIMI could shift those practices such that implicit platform behaviours are now visible to users as preferences.

", "time": "2022-11-09T11:13:17Z"}, {"author": "Vittorio Bertola", "text": "

@Phillip Hallam-Baker I think both problems exist - the introduction problem is how do I go from a URI that I get out of band to a window in my client that allows me to send a message to the person at that URI. The authorization/access control problem is how does the user at that URI tell all services and clients whether and how he accepts me sending messages to them. It is conflated because that problem needs to be addressed at the time of first contact between the two users.

", "time": "2022-11-09T11:14:00Z"}, {"author": "Phillip Hallam-Baker", "text": "

Is there some way to stop the stupid jabber window disappearing.

", "time": "2022-11-09T11:14:04Z"}, {"author": "Andrew Sullivan", "text": "

But if mimi can't shift those practices, it might still provide some interoperability that sorts the necessary issues in a minimally acceptable way.

", "time": "2022-11-09T11:15:02Z"}, {"author": "A.J. Beal", "text": "

@Mallory Knodel Agreed, and hopefully in a more meaningful way than tucked in a \"terms of service\"

", "time": "2022-11-09T11:15:11Z"}, {"author": "Andrew Sullivan", "text": "

And it's not reasonable to predetermine those outcomes in the charter, I think, because it makes promises the WG may not be able to deliver.

", "time": "2022-11-09T11:15:42Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Vittorio Bertola the 'introduction problem' clearly has multiple levels.

", "time": "2022-11-09T11:15:43Z"}, {"author": "Nick Doty", "text": "

can we move on to discuss other parts of the charter?

", "time": "2022-11-09T11:16:13Z"}, {"author": "Andrew Sullivan", "text": "

I liked the earlier proposals to push those questions to requirements discussions rather than charter language

", "time": "2022-11-09T11:16:37Z"}, {"author": "Mallory Knodel", "text": "

@Andrew Sullivan exactly. I\u2019m sure many people are looking forward to ending their relationship with various IM services that have proved themselves to not be acting in users\u2019 best interests. Enough leave, practices change for the better.

", "time": "2022-11-09T11:16:48Z"}, {"author": "Phillip Hallam-Baker", "text": "

@Andrew Sullivan yes, I think we can delete most of the charter.
\nI don't think there is much disagreement about what we are trying to achieve. What I am hearing is discussion of the language we use to describe the problem.

", "time": "2022-11-09T11:18:15Z"}, {"author": "Jim Fenton", "text": "

Unfortunately, we had a very narrow discussion of the charter in all that talk.

", "time": "2022-11-09T11:18:22Z"}, {"author": "Nick Doty", "text": "

+1, excluding spam and abuse, or unclear language that might exclude those capabilities, might undermine the work

", "time": "2022-11-09T11:19:31Z"}, {"author": "Richard Barnes", "text": "

I'm sensitive to spam / abuse concerns, but not sure what concretely we would ask the WG to deliver along those lines

", "time": "2022-11-09T11:20:42Z"}, {"author": "Travis Ralston", "text": "

I believe the intent would be that abuse/spam is kept in consideration, but specific mitigations would not be discussed at this phase.

", "time": "2022-11-09T11:21:08Z"}, {"author": "Nick Doty", "text": "

@rlb, I'm not exactly sure either, but I'd prefer not to prohibit the WG from delivering something

", "time": "2022-11-09T11:21:15Z"}, {"author": "Richard Barnes", "text": "

@Nick fair

", "time": "2022-11-09T11:21:24Z"}, {"author": "Nick Doty", "text": "

+1 Vittorio, it's a clear way for gatekeepers to undermine interoperability is to say \"well, there's nothing we can do, there's too much spam\"

", "time": "2022-11-09T11:21:59Z"}, {"author": "Ted Hardie", "text": "

+1 ekr; as rlb put it earlier--there are user driven reasons to do this outside the DMA.

", "time": "2022-11-09T11:22:30Z"}, {"author": "Andrew Sullivan", "text": "

At least in the current version (though not sure about the open PRs), the only actual limit I saw was, \"Development of anti-spam or anti-abuse algorithms.\" That's not the same thing as \"taking it into consideration\".

", "time": "2022-11-09T11:22:51Z"}, {"author": "Richard Barnes", "text": "

+1 to ekr re: leaving room for anti-abuse

", "time": "2022-11-09T11:23:20Z"}, {"author": "Nick Doty", "text": "

maybe hooks for reporting abusive messages, and including characteristics necessary for spam handling

", "time": "2022-11-09T11:23:29Z"}, {"author": "Mark Nottingham", "text": "

+1 to problem statement

", "time": "2022-11-09T11:23:55Z"}, {"author": "Nick Doty", "text": "

@Andrew see

\n
\n

A recharter would be required should the working group decide to work on:
\n Metadata processing to manage spam and abuse

\n
", "time": "2022-11-09T11:24:30Z"}, {"author": "Graham Klyne", "text": "

I forget... is it usual for IETF WG charters to mention liaisons (e.g. like W3C WG charters)? If so, would liaison with DMA legal expertise be appropriate for the development of requirements in the WG?

", "time": "2022-11-09T11:24:38Z"}, {"author": "Pete Resnick", "text": "

@Graham, yes, we've referred to such things before.

", "time": "2022-11-09T11:25:15Z"}, {"author": "Nick Doty", "text": "

agree, spam will be considered, so let's not explicitly say we exclude them and just know that we're going to ignore that sentence

", "time": "2022-11-09T11:25:55Z"}, {"author": "Andrew Sullivan", "text": "

@Nick Doty That's still much more limited than \"don't think about that\". I think the point at the mic just now is in line with what I think

", "time": "2022-11-09T11:25:59Z"}, {"author": "Andrew Sullivan", "text": "

It doesn't say \"we're going to ignore spam and abuse\". It says as I understand it that the specifics of those things are not WG deliverables.

", "time": "2022-11-09T11:26:30Z"}, {"author": "Hans-J\u00f6rg Happel", "text": "

I find it strange to keep the DMA motivation from being mentioned in the charter, as it may unneccesarily obscure one of the major drivers for the WG from people that have not been part of the WG initiation / won't dig as deep as for the BoF proposal...

", "time": "2022-11-09T11:26:42Z"}, {"author": "Mark Nottingham", "text": "

@pete with specific governments? I'd be very careful setting a precedent here...

", "time": "2022-11-09T11:26:47Z"}, {"author": "Richard Barnes", "text": "

IETF is the right venue

", "time": "2022-11-09T11:27:07Z"}, {"author": "Stephen Farrell", "text": "

odd to ask the BoF questions in the negative

", "time": "2022-11-09T11:27:11Z"}, {"author": "Eric Rescorla", "text": "

As I said, we're not a contract design agency for the EU

", "time": "2022-11-09T11:27:11Z"}, {"author": "Nick Doty", "text": "

@Andrew Sullivan agreed, it won't stop the discussion, but it's just an unhelpful and confusing scoping statement

", "time": "2022-11-09T11:27:26Z"}, {"author": "Benson Muite", "text": "

Support this initiative

", "time": "2022-11-09T11:28:16Z"}, {"author": "Nick Doty", "text": "

+1 to forming a Working Group on this work, including the potential for hooks on spam and abuse

", "time": "2022-11-09T11:28:22Z"}, {"author": "Mirja K\u00fchlewind", "text": "

real hum :-)

", "time": "2022-11-09T11:28:43Z"}, {"author": "Andrew Sullivan", "text": "

Well, I think that is a misreading of the text. More important, I don't know how to rewrite that without it opening a different scope problem.

", "time": "2022-11-09T11:28:46Z"}, {"author": "tim costello", "text": "

+1

", "time": "2022-11-09T11:28:54Z"}, {"author": "Richard Barnes", "text": "

Hmmmmmmmmm

", "time": "2022-11-09T11:28:55Z"}, {"author": "Jonas Sch\u00e4fer", "text": "

+1

", "time": "2022-11-09T11:28:55Z"}, {"author": "Markus Stenberg", "text": "

+1 for forming WG (with some charter rewording)

", "time": "2022-11-09T11:28:56Z"}, {"author": "Benson Muite", "text": "

+1

", "time": "2022-11-09T11:29:00Z"}, {"author": "Sofia Celi", "text": "

+1

", "time": "2022-11-09T11:29:01Z"}, {"author": "Richard Barnes", "text": "

+1 to forming WG

", "time": "2022-11-09T11:29:02Z"}, {"author": "Nick Doty", "text": "

+1 to support the work

", "time": "2022-11-09T11:29:03Z"}, {"author": "Brendan Moran", "text": "

+1

", "time": "2022-11-09T11:29:07Z"}, {"author": "Daniel Petrie", "text": "

+1

", "time": "2022-11-09T11:29:12Z"}, {"author": "Richard Barnes", "text": "

:man-raising-hand:

", "time": "2022-11-09T11:29:34Z"}, {"author": "Eric Rescorla", "text": "

review, author, chair hell no

", "time": "2022-11-09T11:29:48Z"}, {"author": "Richard Barnes", "text": "

review + editor

", "time": "2022-11-09T11:29:50Z"}, {"author": "tim costello", "text": "

review

", "time": "2022-11-09T11:29:54Z"}, {"author": "Rohan Mahy", "text": "

author/editor

", "time": "2022-11-09T11:29:56Z"}, {"author": "Rohan Mahy", "text": "

review

", "time": "2022-11-09T11:30:00Z"}, {"author": "Simon Romano", "text": "

review + author

", "time": "2022-11-09T11:30:04Z"}, {"author": "Benson Muite", "text": "

review + author

", "time": "2022-11-09T11:30:06Z"}, {"author": "A.J. Beal", "text": "

Review, edit

", "time": "2022-11-09T11:30:10Z"}, {"author": "Nick Doty", "text": "

willing to review and edit

", "time": "2022-11-09T11:30:12Z"}, {"author": "Antoine Fressancourt", "text": "

Review

", "time": "2022-11-09T11:30:27Z"}, {"author": "Sofia Celi", "text": "

:man-raising-hand: reviewer / editor

", "time": "2022-11-09T11:30:33Z"}, {"author": "Mirja K\u00fchlewind", "text": "

can you state a rough number for the remote people?

", "time": "2022-11-09T11:30:38Z"}, {"author": "Alissa Cooper", "text": "

Maybe 20 authors in the room

", "time": "2022-11-09T11:31:00Z"}, {"author": "Chris Lemmons", "text": "

One or two dozen, it looked like.

", "time": "2022-11-09T11:31:03Z"}, {"author": "Stephen Farrell", "text": "

I'm not sure this is a wg that'd suit a first-time chair

", "time": "2022-11-09T11:31:26Z"}, {"author": "Mallory Knodel", "text": "

A handful of tentative hands for chairing

", "time": "2022-11-09T11:31:45Z"}, {"author": "Simon Romano", "text": "

+1

", "time": "2022-11-09T11:32:20Z"}, {"author": "Benson Muite", "text": "

+1 smaller chat services

", "time": "2022-11-09T11:32:37Z"}, {"author": "Chris Lemmons", "text": "

I think I counted 12 hands for implementation.

", "time": "2022-11-09T11:32:41Z"}, {"author": "Francesca Palombini", "text": "

thank you!

", "time": "2022-11-09T11:32:59Z"}, {"author": "Nick Doty", "text": "

thanks all

", "time": "2022-11-09T11:33:13Z"}]