# vCon BOF - IETF 116 {#vcon-bof---ietf-116} Wednesday, 29 March, Rooms G412-G413 Chairs: [Spencer Dawkins](mailto:spencerdawkins.ietf@gmail.com) and [Brian Rosen](mailto:br@brianrosen.net) Notes: Stuart Card Area: ART Responsible AD: [Murray Kucherawy](mailto:superuser@gmail.com) BOF proponents: [Dan Petrie](mailto:dpetrie@sipez.com) and [Thomas Howe](mailto:ghostofbasho@gmail.com) [Meeting coordinates][1] * * * ## Administrivia - Chairs, 10 minutes {#administrivia---chairs-10-minutes} ### Greetings and welcome from the chairs {#greetings-and-welcome-from-the-chairs} * The ritual capture of Notetakers: Stu Card foolishly volunteered (Stu's words), for which **Spencer is extremely grateful (Spencer's words)!** * The gentler recruiting of someone to watch Meetecho/Zulip chat for questions: ### Agenda Bash {#agenda-bash} * Any changes to the posted agenda, before we get started? ## Overview - Chairs, 10 minutes {#overview---chairs-10-minutes} * Spencer D. displayed the Note Well etc. & welcomed all. He briefly summarized the background of vCon inc. implementations, drafts, IETF BoF status, and most importantly the justification offered. He explained the working group forming BoF process. ## Use Cases driving the BOF request and charter - Thomas McCarthy-Howe, 20 minutes {#use-cases-driving-the-bof-request-and-charter---thomas-mccarthy-howe-20-minutes} * Thomas McC-H began by showing the tension between using AI/ML etc. and protecting privacy, esp. across security boundaries. He suggested that digital formats, esp. if standardized, could facilitate the use of software tools for (hopefully objective) assessment of the nature and extent, in conversations, of content elements that might require protection (or deletion, whatever). He asserted that integrating the different elements (of different data types) comprising conversations facilitates both privacy protection and data analysis. He mentioned the usefulness for staff (e.g. customer service) training. He briefly alluded to the major constituents of a vCon representation. He mentioned proposed charter) that benefit from cross-device and cross-application capture and forwarding. * In chat, Hans-Jorg H. wondered what the current gap in state of the art. how are things done right now and what does this imply for this work * In chat, Pete R. expressed concern that cross-device, cross-app, etc. sharing not expose everything to intermediaries. ## Proposed charter walkthrough - Dan Petrie, 20 minutes {#proposed-charter-walkthrough---dan-petrie-20-minutes} * Dan P. introduced the concept of "conversational data" and reiterated that it involves not only the actual data of multiple types but also meta-data for multiple purposes. He stated the proposed charter goals of a vCon WG. He invited good concise summaries of other use cases that might or might not be inserted into the charter. He expounded on some but not all of the questions a WG might address, especially media types & corresponding container types. * Mallory K. asked why transport & storage are excluded from proposed scope as it appears that some of the proposed principal objectives cannot be addressed w/o getting into those aspects (esp. end-to-end encryption thereof). She suggested that "data minimization" should be made explicit. * Spencer D. requested that Mallory follow up with her specific concerns. * Thomas explained that vCon was focused more on knowing what you have captured so you can figure out what you must protect, not on how you might then protect it. * Jonathan R. (5-9) suggested that single vendor cases don't need IETF standardization but multi vendor cases (primarily involving data exchange) might justify it, esp. to supporting logging and audit. He distinguished between recording who transferred what to whom and protecting (typically encrypting) the data in motion. He inquired about a use case involving transfer of conversational data between an organization that captured it and another organization that analyzes it for training or workflow management purposes; * Thomas & Dan said yes, at least the first is in scope. * Spencer & Jonathan appeared to converge on the need for use cases in the charter that are more specific to enable clearer demarcation of the scope edges. * Cullen J. spoke to (cryptographically protected) differentiated access and how to express both requirements for it. * Spencer thanked everyone who had asked questions, made comments or suggested use cases and entreated everyone to follow up with written specific inputs. ## Open Discussion - Chairs, 20 minutes {#open-discussion---chairs-20-minutes} * Sebastian B. (NYU Law) asked about "conversations" as such (typically involving social aspects) and mere collections of communications? He distinguished between "privacy" and "data protection" and highlighted the aspect of consent. He raised the issue of provenance, not only of complete recordings but also of excerpts. * Joris B. pointed us to JS-Contact (?). * Hans-Jorg H. asked how is this done now (w/o vCon)? * Chris W. suggested call center operators may want a narrower scope of identity vs broader privacy. * Jaime J. inquired if it is in scope to specify API components (rt, media\_type, tokens...) if any? * Jonathan R. said the state of practice is \[s\]ftp transfer of WAV files w/names based on timestamps, and too often, "\[s\]ftp" is "ftp". ## [RFC 5434][2]-Style Questions - Chairs with AD support, 20 minutes {#rfc-5434-style-questions---chairs-with-ad-support-20-minutes} * Poll: is the problem headed toward being well defined, and well understood? 30Y+8N=38 * Jari A. suggested that some of the No votes are likely due to some of the discussed use cases not yet being reflected in the charter. * Hans-Jorg H. suggested that clarity could be improved by documenting the current state of practice and the gaps therein that vCon proposes to address. * Poll: does the problem need solving? 35Y+0N=35 * Poll: is the IETF the right place to solve it? 24Y+6N=30 * Bron G. expressed concern that few of the intended users seem to be here in the room. * Hans-Jorg H. as this seems to have some domain-specific aspects, and even if there are some people in the room familar with that domain, would more people from the domain need to be involved / e.g. are there any relevant liaison organizations in this space? * Mallory K. inquired as to the presentation of this work in other SDOs? Also any portion of this being addressed elsewhere in IETF? * Thomas replied that he has heard informally from other organizations that they are interested but he is not currently formally proposing it to any other SDOs. * Poll: is the proposed charter (as amended) headed in the right direction? 16Y+6N=22 * Poll: are the proposed deliverables (as amended) close enough to be useful? 15Y+6N=21 * Stu Card belatedly expressed support for this work for a use case of air traffic controllers, pilots onboard crewed aircraft, remote pilots of uncrewed aircrart, etc., esp. for incidents necessitating subsequent inquests. * Poll: please indicate if you are willing to review vCon documents? 9Y+11N=20 * Poll: please indicate if you are willing to contribute to vCon documents? 9Y * If you are willing to help lead the vCon WG please email vcon-chairs@ietf.org ## Next Steps - AD, 10 minutes {#next-steps---ad-10-minutes} * AD Murray K. said it looked like there is sufficient support * * * ## Meeting Coordinates: {#meeting-coordinates} Onsite Meetecho tool (Blue sheet registration, Queuing for question and answer session, polling) is [here][3]. Full Meetecho tool is [here][4]. * *If you're using the full Meetecho tool in the meeting room in Yokohama, **please turn off your audio inputs and outputs**!* Session materials are [here][5]. Hedgedoc notepad for this session is [here][6]. Zulip chat for this session is [here][7] (and also in Meetecho) See in datatracker schedule [here][8]. [1]: https://notes.ietf.org/#Meeting-Coordinates [2]: https://www.rfc-editor.org/rfc/rfc5434#section-4 [3]: https://meetings.conf.meetecho.com/onsite116/?group=vcon&short=&item=1 [4]: https://meetings.conf.meetecho.com/ietf116/?group=vcon&short=&item=1 [5]: https://datatracker.ietf.org/meeting/116/session/vcon [6]: https://notes.ietf.org/notes-ietf-116-vcon [7]: https://zulip.ietf.org/#narrow/stream/vcon [8]: https://datatracker.ietf.org/meeting/116/agenda#row-116-2023-03-29-wed-0030-art-vcon