Minutes from the APPSAWG/APPAREA joint meeting March 23, 2015 — Dallas, TX Meeting convened at 9:00am. APPSAWG ~~~~~~~ Alexey (co-chair) gave an update on current document status and progress since IETF 91. Sean Leonard gave an update on the progress of the text/markdown documents. As per list feedback, it’s been simplified drastically since its earlier versions. Sean feels it’s pretty much done, no outstanding issues. There were no other active documents that needed in-person meeting time. APPAREA ~~~~~~~ We had summaries of each APP area working group, new working groups that will meet for the first time here, and BoFs scheduled for this meeting, as follows: PRECIS: Almost done and most documents through WGLC. This week’s meeting is expected to be short. HTTPBIS: Finished HTTP 2, now in RFC Editor queue. Other documents winding up quickly. Will soon be considering next steps, if any. CALEXT: One document in RFC Editor queue. Other two documents have been adopted, expecting revisions this week. WEBSEC: Key pinning is past AUTH48. One dependency also in AUTH48. JSON: We’re done! TZDIST: Two drafts in progress, one is through WGLC, the other is an extension and should be done soon. ARCMEDIA: creating a new top-level media type. Received two reviews privately. SCIM: Pretty much done. UTA: Finishing up first set of documents: attacks document out, BCP draft in queue. Now focusing on email. Need people to help inform that discussion. What, if anything, should we do about opportunistic security? Asking for participation. EPPEXT: Meeting on Friday. Published one RFC which describes registry. Four documents on extensions that should be ready for WG last call after this meeting. Discussion about rechartering group to process candidates for standards track extensions. WEIRDS: Done; one IANA action remaining. May be completed, and all documents published, this week, so the WG can shut down. DMARC: ISE (base) document has published.  Document about interoperability issues is in progress. PAWS: Was stuck in a MISSREF, waiting on a document from on PRECIS. Now unstuck. HYBI: Final document still churning, ready to come to AD Review soon (hopefully). URNBIS: A lot of remote participation on this one this time. Issue is closing out main document. New WGs: PALS: Routing area, merger of two previous WGs. TOKBIND: A lot of protocols use what amount to bearer tokens. Anyone who gets a token by snooping data stream can reuse it elsewhere. This is coming up with a shared secret with client that is bound to TLS session. This WG’s work will add shared secrets to bearer tokens, e.g., cookies, to make them harder to steal. Should be very interesting to apps. BIER: Trying to make the multicast situation a bit better. (no others were represented) BoFs this week: DOTS: DDoS Open Threat Signaling, a standard method using existing protocols to exchange information about DDoS. LUCID: Some issues being discovered about how normalization is used in Unicode. Impact on IDNA and PRECIS. Purpose is to agree on scope of problem. Expect to have Unicode people attending remotely. May involve revising both IDNA and PRECIS. SUPA: Something for APPS to think about. Idea is to have SDN controller that application can control. The intent is somewhere above the SDN controller. ACME: Certificate enrollment for websites. There have been other such protocols before, we want to make sure this one works. SPUD: Session Protocol for User Datagrams with a lot of application interaction. IESG Restructuring: Applause for Pete Resnick, outgoing APP Area Director. Further discussion led by Barry: We will be merging the APP and RAI areas. In 2006, we split off RAI from APP and TSV; we’re now undoing that and putting them back together. We’ll probably pick up some WGs from TSV, some stuff will kick over to SEC or to OPS. That’s the main visible change. Proposed name for the merged is ART: Applications and Real Time. We may also have some WGs in ART that have supervising ADs in other areas. RTG is now the largest area in terms of WG workload, so we asked the NomCom to seat a third AD. Dave Crocker: About having a supervising AD from a different area: What does it mean to be in an area when your AD is from outside? Barry: Has to do with distributing workload and resolution of scheduling issues. Pete Resnick: We’ve seen in the past where an AD had a “Technical Advisor” from another area. This has sometimes ended up with an AD that really does most of the work, but can’t actually push any of the buttons. We want to enable that. Dave: It’s interesting to see the IESG move toward matrix management. Pete: It does make people cringe, but it seems to work. Cullen Jennings: It seems to make sense, but it causes a lot of confusion for people from outside. We may as well make lots of changes at once, so we should fix TSV at the same time we’re making all of these other changes. Pete: TSV is pretty much next on the list; there’s active work trying to get that sorted out. Barry: Also, Alissa Cooper is out on leave until June, so none of this is actually going to happen until she’s back. We will finalize all these plans at the IAB-IESG retreat in May. We may have the TSV sorted out by then too. Larry (via jabber): What happens to AppsDir? Barry: We plan to figure out at the retreat how to specify the required expertise at the retreat. Discussion of APPSAWG’s future: Barry: APPSAWG would better serve us by forking off small, tightly-focused working groups rather than doing work itself. APPSAWG will continue doing truly simple documents. Dave Crocker: The original reason for APPSAWG is because spinning up a WG is expensive. Isn’t that still a problem? Barry: We have gotten better at this. Rather than spending months to a year beginning to do work, we can do it in a few weeks now. IMAPMOVE was a prime example. Eliot Lear: I chair two of the short-lived WGs. They haven’t been as short-lived as we’d like. However, TZDIST is never actually going to meet. Dave: Pete is half of the team that’s gotten good at this, but he’s leaving. Also, this new talent isn’t documented anywhere. Without it, we’ll tend back toward bureaucracy rather than efficiency. Barry: Right now it’s only documented in the IESG Wiki. We can make it into a BCP the way the DISPATCH BCP was. We could also have WG charters simply refer to the DISPATCH BCP. Cullen: We need more execution rather than more documentation. Presentation: IAB SEMI Workshop update (see slides) SPUD put policy information into a UDP-based protocol with standard libraries. Insecure prototype in draft-hildebrand-spud prototype; take a look but don't implement it. Also drafts on use cases and relation to DTLS. HOPS, measuring middlebox impairment, sharing data. Bar-BoF was well attended. Related to IAB Stack Evolution program and TAPS WG. Presentation: CBOR/CDDL update (see slides) Prototype description language for CBOR and maybe JSON. Joe Hildebrand: Will JSON WG review this? Barry: JSON WG will close, but the mailing list will continue. Carsten: I think we need a different list for CBOR. (unknown): CBOR work seems to be spread across several WGs. Should we make a single WG and merge it all? Barry: I can make a non-WG mailing list for this. I’ll go do that now. Presentation: Protecting the Message Header using OpenPGP (see slides) Sign or encrypt headers like From:, Subject:, etc. Make header and body into two sections, wrap and sign or encrypt. Presentation: Privacy-Oriented Email (see slides) Multilayer blinding of mail messages to limit information leakage. Details at http://darkmail.info/ Presentation: Outbound Port 25 blocking for dynamic IP Addresses (see slides) Formalize port 25 blocking advice, use 587 for submission, refer to various RFCs. Any Other Business/Open Mic: Discussion of DANE and other WGs that touch APP topics; how can we get our expertise into them before the last minute? Eliot Lear, chair of new AppsDir: Please agree to be APP reviewer! With no other business before the chairs, the meeting was adjourned at 11:20am.