Cindy Morgan reminded the IAB that the hotel deadline for the IAB/IESG meeting with the IEEE 802 Executive Committee is 15 September 2014. She also reminded the IAB that Marcia Beaulieu sent the IAB an email about hotel reservations for IETF 91.
An item on the I* CEO meeting was added to the agenda.
The minutes of the 13 August 2014 business meeting were approved. The minutes of the 27 August 2014 business meeting remain under review.
Dave Cridland joined the IAB to discuss the XMPP community’s efforts to move to all-TLS. The slides he presented are available here:
http://cridland.im/xmpp-sec/#/
Dave Cridland reported that the XMPP community began trying to improve XMPP security as early as 2006, as they first noticed the changing attitude towards unauthenticated TLS. With the Snowden revelations in 2013, there has been a stronger push for mandatory encryption.
Dave Cridland noted that mandatory TLS has thus far been unsuccessful, and so many sites still have to support cleartext. DNSSEC deployment has been hindered by a lack of support. The XMPP community has started additional security efforts using “DANE Light” (DNSSEC on SRV for secure delegation), full DANE, and POSH.
Brian Trammell asked if the XMPP community had any advice for others who are trying to improve security on a protocol. Dave Cridland replied that the biggest problems have come from mass hosting, because with TLS you need credentials that cover the XMPP domains for all of the domains being served. The biggest advantage has been the level of involvement from the XMPP community in trying to solve the problem.
Russ Housley asked what the XMPP community’s next steps will be. Dave Cridland replied that the work with DNSSEC, DANE, and POSH is still ongoing. The biggest challenge as been with mass hosting providers, who are not always forthcoming about the problems they encounter.
Ted Hardie asked what the impact on the XMPP community would be if something like Gmail dropped TLS support. Dave Cridland replied that it is difficult to know; when Google started offering XMPP, many users who were running their own servers switched over to Google for the convenience factor. Ted observed that having a large provider serving a large portion of the users seems detrimental to community development, and asked how the community can get that leverage back. Dave replied that there is not an easy way to solve that problem; service providers want to increase their market share, but the amount of market share needed to have a detrimental effect on the network is surprisingly small.
Eliot Lear asked whether giving up on the transport layer and working on the client layer with things like OTR (Off the Record Messaging) would be a better approach. Dave Cridland replied that end-to-end encryption is a difficult problem to solve. He noted that XMPP messages have multiple XML elements, and decisions must be made about which parts to encrypt; for example, addressing information cannot be hidden. End-to-end security would only be useful for part of the overall problem. Eliot Lear suggested that Dave may be interested in some of the discussions about security taking place on the IETF endymail mailing list (https://www.ietf.org/mailman/listinfo/endymail).
The IAB thanked Dave Cridland for his presentation.
The IAB discussed the IAB Considerations for draft-ietf-dnsop-as112-dname. The IAB discussed whether it was appropriate at this point for the IAB to come back with technical comments, since the document has already been through IETF Last Call. Ted Hardie noted that the issues he noted do not appear to have been discussed during IETF Last Call, and asked that they be raised with the IESG before the IAB makes a decision whether to approve the changes to delegation with .arpa.
Ted Hardie will write up his concerns via email, and Mary Barnes will report back to the IESG on this topic during their next teleconference.
The IAB approved the Call for Papers for the IAB Workshop on Stack Evolution in a Middlebox Internet (SEMI). Cindy Morgan and Brian Trammell will coordinate to post the details in the workshops section of the IAB website. One the workshop page is live, Russ Housley will send the Call for Papers out to the community.
Russ Housley reported that the IGF has been circulating a letter asking the United Nations to renew the mandate of the IGF. Russ asked if the IAB would join this effort as an organizational signer. After a brief discussion, the IAB agreed to coordinate with ISOC on this topic.
Russ Housley reported that the IANA transition and ICANN accountability have both been topics of discussion at IGF.
Russ Housley reported that the I* CEOs met during IGF. The agenda included a status update on the IANA transition preparations for the upcoming ITU Plenipotentiary session.
The I* meeting also included a discussion of the NETmundial Initiative (http://www.weforum.org/issues/global-internet-governance).
There was no other business and the meeting was adjourned.