Totally informal minutes of the apps area overview meeting

Rohit Khare (rohit@uci.edu)
Mon, 07 Dec 1998 15:07:15 -0400


43rd IETF in Orlando.

Apps Area Open Meeting
-----------------------

"Still need to kill more groups"

IMPP is listed as a "PWG" - proposed WG rather than another BOF.

New mailing lists for people who volunteered to review documents; they want
to manage the volunteers on it. Web@apps.ietf.org, Messaging@, and
Directory@.

This is in addition to discuss@apps.ietf.org in general.

I asked for guidance on XML on the standards-track. When is it good? Would
like the community to separate technical from hype. Many apps need
"canonical" or "distinguished" form for, say, signatures, and they're
rushing ahead. Q: Co-existence with MIME? @@So what's the action item? Will
there be a new draft on the topic? I may volunteer.

One request for TLS-Apps to have a BOF without being a meeting of its own.

EDI-INT is just waiting for S/MIME to complete; list has no traffic now.

paulh: S/MIME (patent and PKI holdups, Tuesday/Wed) and OpenPGP (RFC state;
Monday afternoon) are two competing ways to secure application objects. Note
that trade-wg is encapsulating signed XML.

dee: X-Hash, GlobeSet, IBM Haifa have ways to extract the semantically
relevant

RK: I wanted to know how we're going to proceed with this issue: a
sense-of-the-iesg memo or what?

Ned: want to keep XML variants in-sync, prevent divergenece until
abandonment. XML for new work is fine.

Dee: Signed data markup language, FinServML are existing variations; can't
be a good thing that these aren't XML yet. Future: OBI (Open Buying)

Duerst: Harald had done so much to insist on i18n. He called the problem
"casing". Unicode open issues: (de)compose sequences; greediness to add yet
more to it. Who should lead w3c/unicode/ietf "so Ietf won't be too pissed
off"

?blue shirt?: for the most part, IETF doesn't want its mitts in this
problem. We'll use Unicode, just stop moving the code points :-). The key is
in OS services and text-string-compares in things like directories. So
perhaps we need a new 'thou-shalt' doc on string compares that everyone has
to cite.

Keith: the impression I get is that Uniconsortium isn't doing enough.

Patrik: Unicode is still pre-ISO standard. Things that are expected to
appear like "plain-14" can't be cited.

Eric Brunner? XPG author: Collation is hard; X/Open has no meaningful
existence. Locales (namespaces for such) are hard and have not been
resolved. Reg-exes over UTF-8.

Keith: these issues are all going to hit DASL in the face.

Larry: old assumptions are invallidated. we had to systematically review
y2k, ipv6, security considerations. Keith: y2k group suffered for lack of
people-power.

Paul: this is less work than y2k. Uniconsortium has 'I-Ds' on collation :
can we reference them? Similarly: Unicode adds glyphs and semantics to 10646
- are those OK? Should we choose citation based on price of standards? Can
we cite UC tech reports. Perhaps we need a short RFC on "how to cite these
org's docs"

Klensin: stability is an important word; free is better; broad public
comment is good; maturity indicators are good. Separate wishes, vendor
goads, acceptable, hopes, etc. So ISO can be better than consortia.

Paul will set up a list to organize a review with ned and martin &c.

Re: Scaling issues. Splitting the area; add hierarchy; stratification
(sectoral separation). Adding a new AD is adding an IESG veto :-)

More and more horizontal issues are arising: passing posts for special
topics

Keith: want to move away from ADs setting architectural direction
unilaterally and at the last minute.

Henrik: it's not a hierarchy problem. All these WGs are a web of peers.
Idea: make it mandatory to produce requirements as a first step; also solict
*other* WG's requirements on you. The first is happening; the second step is
a solid review process.

Bill Flanagan: 111 wgs meeting here this week!

Keith: perhaps we should have once-a-month WG status summary advertisement
to increase peripheral vision. (in truth, even the minutes are hard)

Ted Hardie: please avoid reorgs. (he had 22 in his last job :-)

Moskowitz: smaller charters, make it easier to make a committment

Henrik: reducing number of groups doesn't simplify the real world; adding
sync-point meetings is overhead, rather, waiting for a group to be ready for
review on its own.

Josh: call a bof on the topic of app area organization.

SIP. ADs just finished a detailed review. It's OK for multipoint call setup.
It's NOT a lookup protocol. It has high potential for misuse...

ITU is floating using SIP as simpler than H.323. ITU Fax WG ruled it out of
scope, though.

HTTP. Let's move forward on draft-iesg and, separately, draft-frystyk. iesg
will be last-called soon.

Larry: there are a lot of topic that memo only glances on, like Postal. What
about SWAP or calendaring or ...

@@Action item: I need to do a detailed review of moore's using-http

Josh: let's not be negative :-) Why write drafts saying don't abuse and
instead write how-to-reuse drafts.

Keith: of those examples, though, XML is the only one being used for what
it's designed for! HTTP, SIP and so on lead to questionable reuse. Further,
if everyone DID extend it, the core becomes fragile.

Moskowitz: Klensin was just lecturing me on this in 1993 in Columbus re:
tn3270e :-) We should add applicability statements to charters for future
work.

Patrik: but we still don't have AS for past work. I say no reflexively to
force people to justify, rather than hype, precedent.

John: Let me repeat my comment on enforcement mechanism: leaving it to the
WG itself can let it linger indefintely. He observed that WGs that he
created should have been executed a long time ago...

Ned: digest auth is being genericized to be used for long-term,
mandatory-to-implement lightwieght, MD5-based authentication. This will
finally raise the bar above plaintext passwords.

Steve ?? presented Newman's Start-TLS commands/ interface to SASL/
likelihood of applicability over *non* TLS transports.

Lisa Lippert: especially hairy access control when two or more protocols are
used to access the same data @@which is why it's a fair research question to
put in trust engines :-)

Saw a new IETF parliamentary technique: the hmmm test to search for
objections amongst a small set...