Internet Engineering Task Force 113, 21 Mar 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF113-DISPATCH-20220321-0900

Description

DISPATCH meeting session at IETF113
2022/03/21 0900

https://datatracker.ietf.org/meeting/113/proceedings/

A

All right team: it is 9 00 at 10 a.m. Sorry in in vienna,.

B

A

9 a.m. In the uk, where I've just come from so um yeah welcome to itf113.

A

This is our first ever hybrid meeting, so both uh hello to the people who are joining us virtually and hi to folks in the room. We've got a bit of setup to do this morning, being everyone's first session, we're just going to spend a bit longer on the logistics that you can expect to see in other sessions across the week and then we're going to get dispatching so um hi, I'm kirsty payne. For those who don't know me, I'm one of the co-chairs of dispatch. I've been kindly joined by brand.

C

A

C

A

um Because patrick other co-chair is unable to join uh virtually or in person, so it's great to have us all here for dispatch, we're just going to go through some of the uh stuff to kick us off.

A

So this is the notewell. This is something you all agreed to when you registered to join itf113 and just a reminder, especially because it's our first in-person meeting in a while that by participating in the itf you've, agreed to follow all these processes and policies.

A

So this covers things like patent patent applications, but also just to make everyone aware that everything's being recorded in the room and online as well and all of this good stuff, all of those bcps that we suggest you read if you haven't already and then I always like to put in a note really well, um because this is the important things. I think that we should just really be aware of to build a good itf culture, as we all return so meetings and virtual meetings and mailing lists are intended for professional collaboration and networking.

A

But if you have any concerns about any behaviour, talk to the ombuds team they're there to allow you to confidentiality at confidentially, raised concerns about harassment or any other conduct. You see in the itf. It's really important, especially as we're coming back to create an environment where many people with different backgrounds are treated with dignity and respect.

A

Anyone who participates in the itf is expected to behave according to professional standards and have appropriate workplace behavior and again, if you think that that's falling short talk to the ombuds team so specifically do not engage in harassment while you're in virtual meetings in person, meetings, social events or on mailing lists. It is not acceptable and if you believe, you've been harassed them or you see someone else being harassed. Then please raise your concerns and confidence to ombuds team.

A

Okay, so itf 113 meeting tips. This session is being recorded for people in the room. Please sign into the session using the meet echo lite client. If you use the full version client, then your video will probably appear on this screen, which will be delightful for everyone in the room, but maybe a bit embarrassing for you, so do use the lights, client and, very importantly, cue management. So if you get up and stand up at the mic, but you have not clicked this button in meet echo to say you will be joining the queue.

A

We won't be calling your name out, so you will just be standing at the mic for quite a while wondering what's going on so make sure you join the queue on the meet echo client and then stand up to go to the queue now for those joining virtually we're going to be calling the queue in the order it appears on meet echo. So there is no preference for virtual or in-person participants. It's just the order in which you click to join the queue for remote participants. Hi. Welcome it's great to have you here as well.

A

Just make sure that your video and your audio are off unless you are chairing or presenting a session, and if you can, we strongly recommend that you use a headset.

A

Here are some resources you can find the agenda and all the meeting materials there and specifically for dispatch. We need note takers, so it's been a while, since we got to actually look at people in the room and stare as people avoid our gaze to pick a note-taker but head on over to notes.itf.org and help us take accurate and good notes for the session. You know they're useful. You know you love them, so please contribute and we've got jabba and zulip as well in the room.

A

um If you want to join the chat, it's great to have jabba going on, but please do bring any important points to the queue so that we actually hear them on the recording afterwards.

C

I just wanted to add one thing to that, which is that the qr code in the media echo light is not just so. You can ask questions. It's also the blue sheets. So instead of passing around a piece of paper covered in in people's slimy handwriting, take a photo of that qr code or navigate to the agenda and click on it. There either way once you open that medeco light client log in with your data tracker, login, that's what's going to get you listed as being present in the room. So please do that. Thanks.

A

Okay- and that is it I think, we're going to kick off so we're going to take a look at our agenda for today.

A

um I hope we spent a good amount of time going through the status and our agenda bash, um and then we've got these presentations coming up in dispatch, and then we also so uh yeah just you can see I'm not going to read the slide to you and then we also have a meeting a presentation in the art area portion of the meeting as well.

A

So this is your time to bash the agenda. If you think anything is missing or anything should be added, we do have some time for aob at the end.

A

I don't see anyone jumping up so then I guess we will just get started with our first presentation. So it's jean-philippe.

A

To present so I can see that you're joining virtually and just gonna. You know we get some privilege grace right because we're the first meeting of the week. So if the technology we have a few delays, you have to be kind to us.

A

Just as you're joining, we need you to share your slides, so you can do this um just at the top and next.

D

A

There's a button to share preloaded slides.

E

It says no slides available.

E

C

Yeah I say that too.

A

Maybe shall I just share them for you.

C

Have you got them here because it says no slides available to me when I go into the materials as.

F

A

A

Okay, I have the slides, so I can just drive for you. I think they are imported.

E

A

Perhaps they're not showing.

E

E

Yeah thanks kirsty. um This is my first time at the ietf, so I'm pleased to be here. So what is the campaign feedback loop address? Header about um the header allows an email sender to signal the mailbox provider that they are happy to process complaints from their users.

E

Could you move on with this slide.

E

um There is, there is the feedback loop mechanism for a long time which allows mailbox providers to follow forward complaints from their users. Back to the sender, however, the current implementation must be set up manually by the sender, with each provider that provides a feedback loop in addition to setting up a feedback loop for the first time. There is also the revalidation of an already existing and setup loop.

E

If you want to change, for example, the complaint email address, you need to go through all providers and change the address which is time consuming as well. Nowadays, where dkm gains more and more importance in reputation building, it also gets more relevant for feedback loops um feedback group provider, move from ip based ones to dicken-based ones or a mixed version of it, which makes it harder to, for example, main maintain it for customers when it comes to to sending platforms or esp's.

E

Additionally, such a manual process is not very suitable for smaller mailbox providers, who would be happy to provide such a feedback loop um as they need to develop and maintain a setup platform for senders to maintain their feedback loops next slide.

E

So my experimental proposal is to have two new headers: um why to new? Why new? Why two headers um one for the actual feedback loop address um and one for an id um under some circumstances?

E

um The message id of the sender can't be used, for example, because the message id is generated somewhere else else, where the feedback complaints are processed.

E

Both header needs to be covered by a stickem signature which matches the domain in the header itself and the from header. This would be the supports case. um There are two more cases described in the draft itself.

E

um Nevertheless, this header requires some kind of reputation: data on site, the main pro on the side of the mailbox provider on to assess the trustworthiness of the sender itself, but in most cases the mailbox provider do already have some kind of reputation, data to, for example, rate limiting or something like that.

E

um With with this reputation data, it should be possible to avoid that complaint reports are sent to spammers, to approve proof that there is an actual mailbox. As such, a complaint report is based on a manual action by the mailbox owner.

E

Could you move on please thanks. So this is the actual header itself um you see. There is the header cf address, which contains the um address where the complaint reports should be sent and two deakin signatures, one for the actual from header and one for the domain of the cfpl address.

E

This is the complexer one. It requires a double signature, which is a common practice when it comes to sending platforms who are sending mails for their customers um yeah. Could you move on thanks? uh So how should this draft be dispatched? um I think ad sponsoring would be the best way. Currently, there is no obvious working group for el, for it, the email core working group is currently rejecting work, as they are updating the course backs.

E

In my opinion, it's not worth its own working group as it is experimental proposal, so the best way would be ad sponsoring or when there is no contents or interest within the ietf. I back with the ise.

E

Next slide, please yeah thanks for your time and uh for your feedback.

A

Okay, super so we'd like to invite people to come to the mic and express their opinion on ditch dispatch question here are the options, as the author sees them. Of course, you may see others so just remember to click the join q button and then come to the mic in the room or we'll call the virtual queue, as it appears so. uh John levine first.

G

Is it, can you hear me, this is the first.

H

Time tried.

B

G

Okay, thank you. um I think this is a reasonable proposal. I mean I, I run an informal um site called abuse net, which is essentially a database of contact addresses, and this would move the contact addresses into the message. I'm not particularly worried about that. Some of the some of the notices might go to spammers. I mean either they'll ignore them or they'll. Take you or they'll, stop sending you mail, neither of which makes your situation worse, and um I and I I know the authors and I think, there's there's some.

G

There is some interest for to be a useful experiment. You actually need to have some people who are interested in performing the experiment and I believe it's. I believe that some people, some of these people may exist and I'm looking forward to see what braun has to say about it. So I think it it's it's worth it. This is. It seems this is the edwards harmless. I think it's worth advancing.

A

Okay, thank you, john, and so your view on the dispatch question.

G

Not worth a working group so either so a d sponsored makes sense.

A

Thank you, okay, uh braun. Next, in the queue.

C

I'm right here I was going to comment that there seems to be quite a lot of email work coming at the moment, so it may be that it's worth having a working group for handling collected, email work rather than having each thing be, ad sponsored or independent submissions.

C

Regarding this spec itself, there is currently an issue with dkim replay attacks and I'm not sure how this would solve that that you have an email which is perfectly legitimate to the one destination it gets to. But if someone then replays that to a million people by basically sfvc, seeing just having receipt to an address that was not involved with the original email, you'll wind up getting a lot of feedback from that which will cause domain reputation. Problems for the sender, so we're going to have to solve that problem too.

C

Probably before we make it even easier for feedback loops to to damage the center's reputation or people won't add this.

A

Thank you, and so your view on the dispatch question.

C

I think we should look at possibly opening a working group for handling all the email stuff. If not that then area director sponsored makes sense.

A

Thank you and handily. You can see our area director in the virtual queue murray.

I

It was very weak yesterday.

C

You're very quiet, yeah, okay,.

I

um I will just type it into the chat, then I have to figure out the audio on my end, so I'll go to the chat in a second.

A

Oh, um I think the room can hear you, but maybe we can't because the speakers are facing the room, so no well we'll I'll. Just read it out from the chat. If you pop it in there or you can say it now, all.

I

Right, that's, that's! Fine! Oh no, it just says success. We can hear you now. Is that better?

I

A

um We don't have anyone else in the queue in the room or virtually just pause. I think the sense of the room is that this is worthwhile work that can go forward modular. The problems that bronn um just mentioned, that we need to address, but just have a kind of reading of the room which is nice to be able to do in person actually for a change can see how many of you are smiling and nodding behind your masks. um So I think that we've heard a lot.

A

This should either be ad sponsored or a new working group created we'll just kind of pause and wait for murray to share his thoughts in the chat being the ad that would sponsor likely, and then I can see in jabba, um colin jennings, is just sharing giving the security feedback just raised. I don't think ad sponsor is a good path. Cullen. Do you want to come to the mic and just sort of elaborate on that slightly.

B

If you're able to.

J

I'll try and see yes, uh my audio working.

F

J

Okay, so look I'm not. I don't fully, I'm not an expert in space. I don't know whether the security issue raised was totally you know bona fide, but it sounded like a real issue and if so, I think that that pushes you towards this is a little bit more complicated and having a working group environment to deal it in would probably be better than um than just ad sponsored would be, would be my leaning, but that's that's said from a point of not deep knowledge on this space.

A

Thank you, so um I think that that sounds like quite a lot of consensus around creating a new working group that would cover this and perhaps some of the other email pieces that are coming to ietf in in drips and drabs.

A

We'll just wait for murray to share his thoughts in chat and then we'll loop back at the end of the session to confirm that dispatch outcome. But for now thank you, john philippe, for your presentation. It's really great to have you here presenting virtually um thank you very much for bringing your work to itf.

A

Thanks so we'll now move on to the next item on the agenda, which is nikkita.

A

Okay, thank you. So we just re-adjust the agenda and move on to the next person, which is uh joe salway hi, presenting in place of steer and farrell on a well-known url for publishing ekconfig lists.

A

I can share the slides for you if you would like, should I share this note. I.

K

Think so sure, because I don't know if I can do that from here or not.

L

K

Okay, all right, thank you, I'm actually presenting uh for stephen farrell who uh cannot make it because he's currently chairing openpgp, um so you'll have to put up with me droning on instead of stephen speaking eloquently on this topic.

C

You can look at the slides.

K

Thank you, okay, and uh so next slide please.

K

um So this draft is about uh encrypted client, hello, which is a tls feature that allows you to encrypt the client hello, to a a server, a cover server, which is fronting for servers in the back end, in order to protect the identity of the server that a client is trying to connect to. So it's a privacy feature to basically hide the sni. The server name, indication.

K

And so in steven's setup of ech he has a number of front-end servers that have their public keys that are rotated regularly, so these keys are used by the client to encrypt the traffic. To these cover servers, the client learns about these keys from dns, but in order to get those keys in dns, you need some mechanism, and currently this setup doesn't use dynamic, dns or some other api.

K

So he has a an orchestrator or a zone factory that basically queries each of his front-end servers to learn their public key and then goes and does the proper configuration in in dns um and so in. One could configure the url here, uh but instead it seems it would be better to use a dot well known url.

K

So that's kind of the summary we'll go into a little bit more detail next slide. So here's a sample, json data structure that would be a provision for a particular server.

K

It basically contains information that would go into the into the dns and including this config list, which contains the public key and some names uh associated with the with the back end services that this server would front for.

K

Next slide, please um so, uh for one of the possible use cases here is is with a cdn um so, for example, um in different scenarios, this the cdn might not.

K

uh The client may not use this cdn as their dns operator, and so in order to update these uh config lists, they would need a a different mechanism, um and- and this is a a possible use case for that, um so basically the uh dns operator could pull these urls to learn the public keys of these servers next slide and here's kind of a picture here we have the client, the client learning uh the ech information from dns and using that to connect securely to the front end server, which then forwards.

K

uh The clear text- client, hello to the backend server, and we have this zone factory orchestrator that learns about these public keys and publishes them to the dns.

K

Next slide, okay, so some of the questions here is is you know, is this? Is this a more general problem.

K

And is is a more generic approach of something we should be looking at in general. It seems like this mechanism specific to ech is is a good approach. Instead of trying to solve you know kind of a general service discovery problem.

K

I think I would agree with steven here that probably a more specific solution is is better here, but I don't really know either next slide.

K

um So just like ech. This is a work in progress. um This might not be the optimal way to do things, but uh if it's not a bad idea, then you know this is a proposal that could be modified to be better.

K

If people see other ways of doing things.

K

But uh you know so there's some relatively straightforward things. We would need to do in terms of publishing um the draft and looking into some other options such as alpn, I'm not sure exactly which what that's referring to, but.

K

The json you know details could be modified if necessary, so basically steven's willing to turn control over to whatever mechanism they want to move forward.

K

But really this is a fairly simple mechanism and shouldn't require a lot of work, because it's just basically uh communicating data structures that have already been mostly defined within the ech draft.

K

Next slide just to say.

A

Just to say, we've had someone join the queue. um So, let's see, if you have a oh okay.

H

A

Shall I say this for you thanks thanks for presenting in steven's place, um and so I guess yeah we'll take cues here- are the dispatch questions.

M

Okay, so alexi this looks reasonable. Obviously it's a you know: big cross between art and security.

M

I'm just thinking that, maybe you should bring it to http api working group just to they can either try to adopt it or sanity. Check that what you're well stephen and you're doing is correct.

M

Even if they don't take it but say yeah, it seems reasonable. That might be. A mark. Mark has a probably a better opinion about this. So.

A

Okay, uh ted hardy you're next in the queue.

N

uh Ted hardy speaking, uh so I think the dispatch questions for this are kind of very different, depending on whether you generalize it or not, and I I think I'm pretty persuaded that a general mechanism here would be a useful thing and that that would probably need a short-lived working group because there's some coordination between how you think about the configuration aspects from the dns side of this and how you can think about them from the htp side and the two different caching semantics always want a little bit more thinking than you're gonna do in in one short thing.

N

If, if we decide not to generalize it, then um I I think the dispatch would probably be uh independent submission to an area director but reviewed by http. um For the for the reasons I think alexi was alluding to first uh and so to me.

N

The question is, which should this be- and I think the point you're making about this being sort of experimental and us not being sure yet exactly what's going to happen in the space points to the idea that you might actually want to generalize this so as it evolves, you can keep using it without re-revving the point solution multiple times and then creating croft out of the point solutions you're not going to use, but it is more work.

N

Obviously, so I would suggest that if, if others don't agree that they'd be willing to review the documents and help with the work, then the point solution is probably reasonable enough for right now,.

N

A

Thank you, martin thompson, you're. Next.

O

Yeah so ted uh touched on a couple of things I agree with I'm not sure yet as to whether the generalization is necessary here. What I do think, however, is that the um solution, whatever it is, will require a little bit more operator input than than just stephen's little experiment, and so I think ultimately, this is the sort of thing that needs to go through a working group either way, I don't know whether that's http or tls, probably http.

O

If you go for the specific solution, uh I don't have an opinion on the generic thing and I'd like to hear from people who are looking to operate service b records and other protocols before I have an answer to that question.

A

Okay, thank you. Martin um mark nottingham.

P

A

Yes, we can see on here, you might go for it.

P

Okay, okay, hello people in a room in vienna, um so I I got in queue to um respond to alexi about hp api that that's not what the hba api working group is for. I would not want to see it burdened with kind of reviewing things for for whether they're good apis or not. um I think that would be bad for what we're trying to do there. So please don't try to use it. That way.

P

um Regarding, I think, following on with what martin said my impression when I read this was you know, maybe um it seems like we need. You know, there's a lot going on in this general space, and I my impression is implementers- are pretty overloaded already trying to figure out how it all should work.

P

Hi, philip hello, dalek, um and uh um I, I think, probably I'd sit on it for a while and and have implementers think about it. Phillip, could you mute? Please, philip hello banker, hi, philip okay,.

A

um You want to mute yourself because it's just um detracting from what mark's saying.

A

Okay! Thank you. I'm.

P

Not sure, okay, um so yeah maybe sit on it for a while and whether http or tls. I think it's, I think in the discussions I had before it was, is basically wherever the implementers are. I don't think it matters terribly. I I assume you get across a review in either case. So one of those two.

A

Okay, thank you. Php.

Q

Hi, yes, um I've tried to do simla and one of the things I've noticed is uh well. I I I've having tried to do what steven's trying to do I've. I've got some problems with the way that he's trying to do it. I think that this might be a bit more complicated than uh is being made out.

Q

Basically, what you need to do is to have a credential for the host rather than the service running on the host, and so uh you might be able to do it in tls. uh It might be a different working group of its own it. It is quite a complicated piece of uh issue and I don't think that it fits into the way that we've been solving this doing tls and http in the past.

Q

I think that we've got to revise some of that. I think we've also got to step back and rethink some of the ways that we use dns and how srv records are used in dns, so it may be tls or it may be. A separate working group.

K

So uh philip, do you think that this is a more general problem.

Q

Or oh yes, yes, basically, what we have lacked in ietf for 20 years now is a generic way of service of secure service discovery in that, if you want to talk to internet protocol named fred, there should be a way of finding the hosts that you want to talk to. That is the ip addresses the protocols that you want to talk to the versions, the tls parameters, etc.

Q

We should have that stuart cheshire did some of that with his dns discovery piece, uh but that's not a um that's only one option. This is something that we should have done as an itf wide resource that everybody is encouraged to use um 20 years ago, and it should uh subsume well known and all that stuff as well, because if we were to produce ourselves a version of http over quick or something like it specifically for web services, that's not trying to also serve uh your web browser.

Q

We would probably break out instead of using dot well known. We would break that out into a separate service um layer where you would say I want to talk to this service at this dns address, rather than uh I talked to a reserved urls, because you know the your reserve urls are flaky, it was always a hack, so I I think that what we really need to do is to do that. General uh service discovery.

A

Okay, thank you very much. Php a few of you. um It's well noted we'll just see that we've got a few people in the queue so we'll race through those at this point and then yeah, um we'll just sort of close it and maybe invite francesca to come with a summary at the end as well from her point of view, um so rich saltz you're next, in the queue.

R

Hi, um so I I come representing a cdn um and I'm worried very much about trying to make a general purpose solution.

R

This fills an important point need for any customer who uses a cdn which is lots of sites on the net and any customer who uses multi multiple cdns, which is still lots of sites on the net.

R

We want to make it easy for them to configure. Steven's draft also has test figure test vectors. Let's not try to solve the problem. Let's put this point down and if it becomes generalizable. Let's do that after we've gotten the second data point. We need two points to draw a line segment. So I'd like to dispatch this perhaps to dns op, which is where server speed came in, um but this draft alone is meets a real pressing need in the industry. Thank you.

A

Thank you rich really appreciate that okay, eric you're next in the queue.

I

Hello, yes, I I have no strong opinions over whether or not this is the right solution to the problems or how much the problems really exist. But I think if this is the right solution, I think we need to generalize it at least to the level of svcb records, and that is because the svcb records the dns records are usually used to communicate at configs.

I

It's a very generalized record. It's blocking! Well, it's a kitchen sink key value pair. Essentially, so, if we're going to do a solution like this, it needs to be something that's at least general to that level, because there could be plenty of times in the future that something's added to those records that needs a similar mechanism to update to the zone file. So it's it's an extremely generalizable problem and it should be generalized and should be dispatched accordingly.

A

Thank you eric I'm hearing quite a lot that this is more general problem than just specific to tls, um we'll just invite sean turner who's next, in the queue.

S

Hi, um I just wanted to say from a tls working group perspective, one of the reasons why we weren't quite sure that this fit is because um not everything, that's related to tls needs to be done in the tls working group, and we really felt that at least as chairs that, while we're hugely supportive of eca esni um that maybe the right people weren't in the group and we've primarily tried to stay focused on the tls wire format and how those things uh how it gets exchanged between the two peers.

S

Now, we've not always done that, but um we want to make sure that the rest of the world learns to love security as well and how it helps us do the right thing. So, as opposed to trying to get everything done in the tls working group. That's fully related to the tls working group. We could you know we can set this free and get it to another set of experts who might help but get better deployed thanks.

A

Thank you, sean um and we'll just invite francesca as a.d to come in with final thoughts.

B

Hello, so um I haven't heard any clear consensus in the discussion, both in jabber and in the room. What I've heard is that this needs a working group. This is probably not going to go to ad sponsored, probably not a new working group, because there was yeah at least that's my impression um yeah. I think. Maybe we can continue this discussion in the mailing list. If there is no other um opinions and then yeah, we, we will take into account everything that was said anyway.

A

Thank you francesca yeah. I think that agrees with what we're hearing in the room definite interest in the work and that it should go forward, but just a bit of discussion on exactly how to do that and in which group um so we'll just say.

B

And and also sorry, also like not clear in which area either because yeah this is presented here. But it's also related to security and yeah.

C

So was that discussion on dispatch mailing list.

B

Yes, we can keep the discussion in dispatch. Thank you great. Thank you.

A

Thank you very much for presenting okay, so we'll just carry on um next on the agenda. We have updated use of the expires message head field, so I think it's john presenting.

G

um Do you want me to show the slides or would you or will you.

A

I don't I don't mind, what would you prefer.

G

uh If you could, that would that would be nice sure.

G

Okay next slide, please, um the expires header has been around for decades. It was def originally defined for uh message for message, gateways from x, 400 and for those of us still on usenet, it's fairly heavily used and used in usenet messages, which is how I bumped into it. Next, please.

G

um So our proposal is extremely simple: um is, is basically to re rehabilitate this header with the same syntax and the same meaning but to but to change the rule so, instead of just being for x, 400 gateways, of which there are not a whole lot these days, that it's allowed in any email message and I have some possible uses, but typically it's it's.

G

If a message has if, if the contents of a message is of has a time limit on it, this says what the time limit is, so that your mail, your mail software, could do something reasonable to get rid of it. But it's no longer interesting. uh Next, please.

G

So um yeah I've already gone back and forth with brian a little bit on this. um We have learned not to attempt to tell mail software how to how to speak to how to speak to users. So our proposal says nothing about what a user agent would do, but since everybody asks um it can do everything from what it does now just to ignore it um or to gray them out or automatically delete them or let the user, let the users delete them, um but again um in in use that this is pretty.

G

I mean the the semantics are a little different, but but it seems it doesn't seem hard to implement uh next, please so how to dispatch it, and uh I should have updated this a little bit. um The the the the the short version of this is whatever we do with the on philippe's um draft. um We should probably do. We should probably do the same thing with this draft. um It's a small change. um It's you know it's a it's another email header and that's it for my slides.

A

Okay, so we just invite comments at the queue and I can see alexia in the queue.

M

Hi john um yeah, I like it. uh Actually I represent uh a vendor who implemented this in x400, but I actually have it also used in internet mail in our webmail client. So um that sounds very sensible to do with. I was actually surprised that it was uh not defined one for internet mail other than for gateways, so make sense, um don't really have an opinion about where to do it.

M

I mean email call might potentially be a candidate if.

T

G

Email core has enough trouble doing what it's already charted to do. No.

M

G

M

um Yeah and uh creating its own email working group murray actually started a private discussion with some people about this, and it's.

M

Complicated think that's it.

A

Okay, thank you very much. um Next, in the queue we have sean turner.

S

Yeah hi, I was gonna say that there there isn't much. um You know dispute about this and usually I think the male community is pretty uh voiceful when something gets uh suggested. That's really crazy, and if this isn't, can we just ad sponsor it and get it done?

S

I mean john, you foresee any like you said it was a little change. Alexis said. Maybe it was a little complicated, but is it really and if it's not, can we just do it.

G

Yeah, I I don't expect this to be to be um contentious. I mean, as alexis said, people act like he said like he didn't know he he didn't realize that he wasn't supposed to use it anyway. So.

T

A

Okay, thank you. We'll carry on down the queue, um so next, michael.

T

Hello uh just a word of support for this, because uh I know of at least one very big implementation of something similar that doesn't follow any standards or it has, you know, uses some different headers. I think it would be great to have a standardized way of well of doing that, rather than vendors doing their own thing.

A

Okay, thank you for expressing support for the work um rohan.

L

Yeah, I think it's I think it's useful and I actually referenced. I referenced it in the work that I did, which is coming up next.

A

And do you have a view on the dispatch question rohan how it should go forward.

L

uh Not particularly.

A

Okay, so I've heard so far um we're definitely not email core, although on the on the slide, there's a suggestion of ad sponsorship just want to check. If there's any violent disagreement to ad sponsorship, does it require a bit more discussion than that or do you think that's an acceptable route? So if you have any objections to ad sponsorship, then please join the queue and express your view and express why and an alternative route. Please.

A

Okay, hearing nothing and after plentiful silence we'll take that dispatch outcome as a.d sponsorship. Thank you very much, john. For presenting great to see you.

A

Okay, so we'll carry on with our agenda and rohan, it's actually you next. um Would you like me to share the slides for you, or would you like to drive your own.

L

If you could drive, that would be great. Thank you.

A

Sure absolutely.

A

There you go, take it away.

L

All right, hi, good morning, uh all right, uh I'm rowan! May it's been a while since I've uh since I've been to an itf meeting next slide. Please.

L

So, for those who are not familiar with it, mls is the messaging layer security protocol, it's being worked on in the sec area in the mls working group. It's an efficient group, keying protocol, so as joiners and levers are processed in a group. When you encrypt a message for a group, it goes to the current members.

L

This work was strongly motivated by folks who are doing group chat, applications or instant messaging applications that want uh efficient group security uh using security, properly properties that are similar to the double ratchet protocol. That's used in signal telegram, whatsapp wire and I'm sure dozens of others.

L

So, while, though, while the working group, while the protocol itself is not at all restricted to uses for group, chat or instant messaging, it is uh a lot of the community which which formed in order to create to make to make that work. Happen came from that came from that space.

L

Interestingly, the folks that are participating in the mls working group. They are largely from the security side and there is not a lot of what I would call the traditional itf apps area or the apps part of art, folks that are involved.

L

um And important to note is that, as with uh as with most itef protocols, the idea is that you want an mls group to be able to contain participants from multiple domains. So this would we would call this.

L

We would use this in a federated environment, so we could have multiple domains simultaneously involved.

L

So mls is got uh currently multiple independent implementations and uh I think the it's no secret that we're preparing for a working group last call take a moment next slide. Please.

L

So because of the origin or the initial focus being largely on instant messaging and group chat, applications.

L

As soon as you have a federation, then then customers and vendors immediately start to think about. Well, how do we have interoperability of of these multiple vendors, multiple systems that are connected together and because the because mls is specifically about encrypting the application data?

L

We need a common format and a way to negotiate it, because we cannot just do a gateway that translates the content from one format to another.

L

So the good news is is that back in uh the early 2000s, uh we already discussed this problem at length and we came up with the common presence and instant messaging format cpim, and that's that partially addresses this problem.

L

At the time, the goal was to have just basic messages and basic presence.

L

Since then, the industry has moved on and what you could consider to be common features of an instant messaging service have uh expanded rapidly and are you know there are dozens of features which are implemented in uh in multiple products, uh but mostly the the assumptions about what it means to have end and security has changed. uh Mls looks very different than s mime or pgp.

L

So next slide, please.

L

So I wrote a couple drafts.

L

The first one was to allow mls groups and, and members of mls groups to negotiate the content uh using mime, of course, so uh right now, the base mls protocol does not contain any way to specify the format of its application data. I think this is a bit unusual for an itf protocol. I think most itf protocols they specify what the format of the next layer is, or they provide some other way of determining what the content of the next layer is.

L

Mls doesn't have that we also need a way for a client to specify what they support.

L

So in the draft here, I um there's an mls key package extension that allow that will allow clients to list mime types they support and then, finally, inside of a group, a group info extension that allows uh the administrator of group to say which mime types must be understood in order to participate in the group and other mime types could still be sent, but they would be, they would be ignored if they were received by a client that didn't support them.

L

So the first question here is: do we think this negotiation work is useful and if so, where should it live? Mls has been pretty laser focused on the mls protocol and the mls architecture and federation documents are next up in the docket and, as I said, they don't have a lot of traditional application.

L

L

Should I should I, should we stop and ask this question or christy, or should I I do my my last slide.

A

um Do the last.

U

A

Yeah, maybe just do the last one and then we'll move on to the question.

L

Next slide, please, okay and then um I wrote another another document to provide more of an example than anything else for a an example of a common uh protocol, how you could convey the semantics so plain text and rich text messages, replies reactions, mentions editing and deleting previously sent messages, expiring messages for our previous. Our previous presentation.

L

All of these features were fairly straightforward to um to provide a format that uses a bunch of existing specifications and semantics that we already have lying around in itf uh and just to note that the the goal here was not to define the way that everybody will go and do this, and this becomes a you know, a format that that everybody adds their features onto it's more of a goal: to have a common, uh a common format and allow vendors to negotiate different, fancier or more proprietary formats, possibly multiples of these in the same mls group, so again trying to gauge the level of interest and where we would go and solve this problem.

L

If we want to work on it,.

A

Okay, so perhaps now we'll take um views from the mic line. So yes, if you can say your name before you speak as well, that'd be great harold, yeah.

U

Hello, strong, I am a bit worried about whether we are attacking the red problem, of course, because having the ability to know what the format of the content you're sending is useful, but that doesn't mean that you understand the semantics of it.

U

The semantics are very often.

U

A bit complex to specify, and especially a bit complex to make interoperable I'm I've got scars from having dealt with messaging and conferencing systems in the past and they seem to have announced the tendency to devolve into little islands of their own.

U

They don't talk to each other very well, and semantics of gateways are even more horrible than semantics of gateways in email systems.

U

So I would say that this is useful, but perhaps not as useful as.

U

That defining the syntax of messages is probably useful, but not as useful as as it could be in that we have semantics of messages which goes to the semantics of the context that you're dealing with and that's a real pain to get stannis working. For.

U

So I'd like to hear your opinion, your thoughts about.

L

Yeah, I agree, semantics is always has to come first, and uh the important thing is that we, if we, if we define a common format, we're just saying these- these are the semantics uh for this particular syntax. um I don't think that we want to um that. We want to to, for example, the example of what you do with an expiring message in.

L

We don't want to say exactly how you would render this to the user, but we want to say what does it mean.

L

I'll pass to uh to richard.

A

Okay, richard.

V

Hi thanks am I audible here thanks so yeah rowan, thanks for putting this together.

V

I think this, I think you you've caught on to a good problem here, but I think this document set is probably a bit immature um like, I think, really what what you're proposing to tackle here is basically making another path at doing an ietf messaging protocol, which is kind of exactly as big of a problem as it sounds, but I think we've got the tools today to to have a chance of applause of that being a yes thing, where we have a plausible chance of success.

V

um So on the one hand, I think this is a bigger problem, uh a bigger challenge than then one might get the impression of looking at the documents, um but on the other hand, I think we've got a good chance of success. We have, as you say, mls here is a tool for intent, security and we've got some experience out in the industry, uh doing end-to-end security uh with uh in some real systems, um and I think, there's a variety of reasons out there in the world that people want to do interop.

V

So I think we've got those reasons. I think we have a fair chance of doing an interoperable end-to-end, secure messaging solution, um kind of along the lines of cpim or jabber the prior efforts, but now with kind of more modern stuff, uh more modern foundations, more modern features. So um all that said, I think we probably need to do a buff on this. um I think we probably need to do a little bit more community building and have some more uh you know more of those messaging operators in the room.

V

um Besides you and me, and I'm not seeing anyone else uh in the room, I think in the cube. um I think it's gonna be important to have you know, feedback on that process from um you know multiple of the uh potential participants in an interoperable ecosystem to make sure that we're we're hitting.

T

V

Right feature set we're getting the security right um so yeah. In summary, you know important problem, but let's do a baffledness. Instead of uh advancing these documents directly.

A

Okay, thank you richard. So we had a recommendation for a buff from you: okay, um philipp hall and baker. Oh rohan, sorry,.

L

Quick question, so um I because there are two documents here: one which is about negotiating uh content types and the other, which is a content type. um I think richard most seems like he was mostly speaking about the content type, but for anybody who's, uh who's speaking, please say which one you're speaking about or or both.

V

And just jumping back in here um on the I was primarily addressing the inmate content, um the the inner content type extension. um I could probably be comfortable dispatching mls, it's a really straightforward thing- um might benefit from some more app area attention, but um could go either.

A

V

A

Yeah, thank you for the clarification um php or next.

Q

Yeah um yeah, I I'm finding it interesting. uh My problem is similar to that of richards, but I'm coming it from it. From the other point of view, I mean like yeah, with the itf we're supposed to be doing stuff that interoperates for the end user.

Q

This has all messaging for some reason we seem to like walled gardens. I did not like the fact that we started up mls the way that we did with a permission given to walled gardens with this. Basically we're saying we're going to do an interoperable messaging system without doing an interoperable messaging system.

Q

So I I can't see how you could do an interrupt unless person using service a can actually interrupt with person using service b, and so this is kind of like incoherent to me. Either you decide to do an interoperable messaging system, in which case this stuff is relevant, or you continue to do proprietary systems that don't talk to each other, in which case this isn't something that we should spend time on.

Q

So I would support doing a buff on this, but I I don't see that we should have itf time being spent on anything that is not an interoperable system from the point of view of the actual users, not the companies, not the businesses, the users, unless alice, can talk to bob using a different vendor's service.

Q

It's not worth our time.

A

Okay, thank you, php um well noted, and so ahead support for the buff. Only if it's true interoperability we'll go through the cues, quite a few people, so we'll just kind of keep it brief. If we can martin thompson you're up next.

O

So um I think rowan. I think this is a problem that I would like to see us working on at some level. uh One thing that I sort of found missing in your presentation- and it's pretty hard to pick up from the drafts- is how you imagine the um the use of the keys that come out of mls, one of the things that we're discussing in s frame with the mls usage. There is use of an exporter.

O

I imagine that you're talking about the internal keys for mls being used, and I don't quite understand how you are managing diversity of ensuring that you have the sequence, numbers correct and all those sorts of other things, so um probably another recommendation off so that we can go through some of those uh how this, how this all sort of fits together, because uh with richard going so high level. I have no idea.

L

Yeah, um so there there is the there is the content of the uh application data which just gets encrypted and sent to every member of the group uh which you've got to do something with that, and so you don't require an exporter for that. um As soon as you start to do things with exporters, then I think it's even more important to have the exporter name be standardized and the semantics of that be standardized.

A

L

A

um So we'll just keep going down the queue before we do just note that there has been a lot of support for a boss in jabba lots of plus ones. So if anyone feels strongly there shouldn't be a buff, then please do bring that view to the mic over to francesca.

B

So relaying a comment from benjamin schwartz: why is this described as being like mime instead of alpn.

B

And maybe before you answer that also with adhd on so people are supporting both. Is that working group forming or would that be like non-working, reforming just to start a discussion? And we can take that also in jabber or on the mailing list.

L

Yeah in terms of mime versus lpn, I think it's, it really is.

L

I was envisioning multiple mime types, and you know if you want to support a different format or a different, uh a different, uh a format for video. Or what have you I mean it. I think the semantics of mime really do fit very well.

L

And uh robert, you haven't added yourself to the uh to the uh the queue.

A

Great yeah, colin off you go, you are muted, though we can't hear you.

W

A

Unmute yourself.

J

Okay, that was not pilot error. um So am I unmuted this time yeah we.

B

Can hear you okay,.

J

So, um look, I, I think, there's a really good problem. I I I'm interested in the high level problem here and I I want to speak in favor of this to it to a certain degree and try and think say what I think the problem is we need to solve and in terms of email uh it. Just as an analogy to think about this, I think we need to solve. You know the smtp problem, how these various im services move the data between each other, not how they actually get.

J

You know not the imap problem of how they get the data down to their actual clients and how their clients render it and there's been lots of companies that do this.

J

I mean all the major uh im systems- and you know my I'm sure, the bottom of all of our notebook computers right now like have like 20 different im systems that we all are forced to use and the its adding one more right, m.I.o and there's lots of services that gateway those together today, but none of them can work with end-to-end and there's a real need for end-to-end encryption, we're seeing a real grow in in the space uh in the I am in the messaging space of systems that will provide that today and a need for them and a desire for them.

J

So I think there's really. You know we. I think you can use mls to key things into end, but that means all of our current gateway technologies that have been used, which weren't, standardized or just implemented. um Don't work anymore. So I I really think that we do need to solve this problem of how we can get these messaging systems to send messages to each other and with end-to-end and as soon as we have that we have to agree on what's inside the end-to-end.

J

um So I'm a big favor of this uh very supportive of doing a buff on this, but I also think that we are moving way too slowly in this space and um that you know so.

J

I would definitely argue for you know, let's do um an interim virtual buff, uh preferably working group forming, preferably sometime soon, but we don't have to be gated by we're going to do a buff at the next meeting and then another working group forming off at the meeting after that, and maybe a year and a half from now we might start doing the work in a working group. That's just not a good timeline.

J

That's it thanks.

A

Thank you cullen and we'll just cut the queue after pete. You get the final word before we dispatch.

W

It's pete resnick, so I want to agree with cullen working group forming buff as soon as possible on this, and a working group forming buff can decide that particular pieces might go over to mls. Particular pieces might be in the new working group. That's fine! um The question of you know the semantics. I think it's perfectly reasonable to define some simple-based semantics and let the industry take it on its way.

W

um Speaking of the industry and this sort of goes to phil's point, I think, having players in the room that are actually working on the products is a fine start and we don't need the users to be the only gating thing, but the question I've really got is: uh who do we have? Who, in the industry, who's willing to actually say we want this? um I saw in the chat room.

W

Well, yes- and I I saw murray- indicate that maybe facebook was in on this, so um that that's a good sign, but uh I I would like to hear like more people get on board with that and by the way uh hi rowan, it's nice to see your smiling face for a change.

A

Thank you pete nice to see you too, um okay. So that's the end of the queue. I think we heard quite a lot of strong support and especially in jabba, for a working group forming both so we'll take that forward as the dispatch outcome. Thank you very much everyone for your views and thank you rohan for bringing the work great to see you virtually. So um we have nikita back who was earlier in the agenda and has now um come back to present on open ethics, transparency protocol so um hi great.

A

We can see you nikita and just take it away.

X

Hi everyone, I hope, I'm all the both right now um my name is and I'm a founder of open ethics initiative.

X

My background is in physics and neuroscience, but last 15 years I've been spending in software, design and development, and today I would like to talk with you about open ethics transparency protocol, which has a main idea of bringing the exchange of nutrition labels and nutrition tables to the software industry, something that has happened before in the food industry and construction industry could actually be brought to uh to software, and today I want to discuss and bring this to the discussion.

X

So kirsty could. Could you please switch to the next slide.

X

uh Abstract is here uh for your information, but but the idea is that we could approach uh disclosure which leads to uh nutrition labels through disclosure of the components and every component in the software it could be described using three main pillar is a decision space actually what it does uh the way it operates.

X

uh Is it based on heuristics or machine learning, based trained models and a software base, whether it's an open source or proprietary code? So let me, but let me explain and show where I leave next one.

X

We have seen this before in the food industry, where every product has obtained a label with expiry dates, with barcodes for scanning and tracking the supply chain, with the information about the manufacturing, with the information about the recycle recycling and with the caloric intake in nutritional information.

X

What's interesting, uh however, about the what would happen in the food industry is that this process didn't happen overnight.

X

It was brought to us during the last 30 years and it was first uh impris uh implemented uh or proposed in 1976, and only got mandatory in 1994, and after that, we we've seen the evolution of uh nutrition tables and nutritional labels, and next one.

X

So here you could see the links which you, which you could use to um get acquainted with, the with the protocol, the link to the draft, the link to the project page and the github, uh where the main work could be extended and where you could contribute, and there is also one implementation which was uh brought by open ethics label, which I can show later on. If we would have some a bit of time in this conversation, let's go for the next one.

X

So what is happening in uh today in the software industries, almost 80 percent of consumers, including industrial consumers. They don't know what is happening on the back end and only one third of companies say that they have instruments to bring either transparency information about how they treat the data, how they process the data. How would they transfer data to different components, and what we believe is that the regulation is not the only way we could.

X

uh We could improve software quality and therefore we could improve how how people are satisfied by by using software or hybrid software hardware products, but also we could do this through transparency, and if we do want to do this through transparency, we need to have a mechanism not only about the formats of how this data is exchanged, but also about the protocol of exchange.

X

uh So here uh here, I want to talk about the protocol of exchange and later on, touch touch and formats.

X

uh The inspiration for that was brought uh from creative commons and some one of you who have ever tried to attribute your work to creative commons. They have seen the a simple tool to generate the creative common license and then to plug and play this creative common license on your artwork.

X

We want to pursue the similar way of disclosure, but not for licensing, but for how the software is built and how it operates next. One please.

X

So what we've built is we've built a simple form, a very similar to the one that is on the creative commons website, uh that construct this sort of labels.

X

But one important addition to this is that, apart from the labels themselves, we also construct a machine readable file that could then be exchanged and the idea that this once generated this machine, readable file, could be placed either in the root of the website of the product website or on the well-known folder of the website, so that crawlers could go and screen this website.

X

And then, when the contracts are established between one software component and, let's say the client, they can suck this file process this file and then reuse this file to build a composite disclosure of the a bigger software on the on the higher level. Next one please.

X

So this is the way how the file could look like it's a simple json structure and we aim it to become an ethics password of the product and instead of saying that the product should be should be private or the product should be safe. We could introduce a very formal measure of how safe or how private it could be, which sort of information it should collect, which sort of which sort of validation should happen at when the product operates and specifically for ai and machine learning products.

X

This is important as we are operating not on rules but based on the trained data where it is very difficult to understand uh and to factorize the the the outputs made by made by the machine. So if we could uh take account of the training data sets and bring this trade bring this information as a passport as a data password, we could then have a more clear idea about how the software is built next, one please.

X

So what we propose here is that every every product, owner or software developer creates a disclosure through a simple process, either through a semi-automated process or through a fully automated process. Right now we have a semi-automated process only put implemented in place and what they do. They do the disclosure first and then in the process of doing the disclosure. The disclosure get gets that the cryptographic hash gets issued and then this hash could be compared to the content of the disclosure and generated in a very standardized way.

X

And then hash gets published uh like very similar uh to the pgp uh idea of publishing, hashes of email, uh pgp signatures. And then someone who gets acquainted with the software can then take the disclosure which is published and then generate the pgp. Compare it and uh and work it with it. And then we could raise level of trust to this disclosure gradually by working with a third party validation companies who could take parts of the disclosure check them and then verify them.

X

And then the final label is built on top of the machine readable file next one.

X

So where I think help is needed uh here are just seven elements of the which I listed and which are also published in the ie draft, which are how to better manage the components and identity of the components. How to manage the identity, validation providers, which will validate whether what is disclosed is true or not.

X

uh How to extend the disclosure formats to things which are not yet there and what are the best way to just to generate composite disclosure when we have a software that is composed from several components, we need help in disseminating this idea and to create a very simple use cases which would be easy to understand.

X

We have some work done on standardizing privacy disclosure to avoid lengthy privacy policies. That says that say how we collect the data, how we process the data very important right now in light of gdpr and ccpa, and all uh privacy regulation initiatives and, of course, enhancing the label accessibility, because, right now the label is only a visual label, but we also need to take into account how this label could be also viewed and processed by those people who have limited uh visual capacity.

X

That's it and- and the next slide is perhaps on where this could be done through itf here state. Could you please switch to a next slide.

X

um I am thinking that this work could be done through either ad sponsorship or probably through a new working group uh right now the work is published on github. So all the discussions are very welcome, as issues are commenced to existing issues and we also have a discord channel which are jet, which, which is general uh channel for discussion, but there is also one for uh for otp the protocol which which I could open. If you, if you beat me, thank you, and there is also the last slide with my email.

X

If anyone wants to get in touch and.

A

Great thank you very much for presenting your work nikita, especially um with your current circumstances, just um to say that in the jabber chat, I think there's a lot of discussion about what a big problem this is and a lot of interest as well. People saying it's interesting, um but probably too big a problem for ads sponsorship a bit too complex and so we're just kind of open up the floor. How could this proceed in ietf? Do you think it's an interesting problem worth working on and anything towards the dispatch question?

A

So we'll start with richard barnes.

V

Nice thanks thanks.

A

For the presentation here.

V

um Super simple question: um you're, probably aware the itf makes voluntary standards modulo, that's occasionally getting picked up by regulators, so one of the critical questions for new work is usually who is interested in taking this work up. um So, in addition to people you know defining this stuff, we need folks to actually deploy it and you know use it for uh you know for its intended purposes. So do you have some examples of who you know?

V

People have expressed interest in publishing these labels or consuming the data formats are actually kind of building an ecosystem. Here.

X

So we have started to work uh lately last year with startups and companies who were willing to generate those labels because they want to showcase their transparency. So mainly these are small companies right now, but as we planned this bottom-up, we want more smaller companies to start because surface level, transparency is now more sufficient, as industry is getting mature and big companies starting to use apis from other vendors and even if their processes are transparent. What is happening in a third-party api?

X

No one actually knows- and this is how this is, how we want to go, go upper.

X

So one part, another part of the answer is uh we've been presenting to the eu european tech chamber and european tech chamber is the uh also bottom up organization that works with industry companies that has showcased our ideas as the way to make ai regulation and gdpr regulation practical on not only from a legal standpoint standpoint, but also from a practical standpoint, because, as those disclosures are made or could be made by that by companies, we could get tons of open data and, on the on these open data, we can operate and we can build analytics that could be provided to a regulator and instead of punishing the regulator, could start having another instrument, not only fear as an instrument, but also an education as an instrument, because they can be very, very targeted to those companies who did disclosure who volunteered to do disclosure and say look you're operating in the healthcare industry and we're seeing that you are transferring the data overseas with the grace period, for example- and this is the this is the case today.

X

Already, regulators are working, but right now they don't have tools in their hand to be to work with many companies. So we want to bring this tool so that the regulators could finally meet industry, but not in not in the court, but in a different manner.

A

Great, thank you and so we'll just carry on down the queue. Whether we've just got five minutes left on the slot, so um pete resnick you're next.

W

Yep this is pete reznick, um so I think this is very interesting stuff and uh I I read through the draft there's a lot of pieces here and I think part of the problem is that some of them are potentially protocol or data format like technical work, that we can do engineering on, but a lot of them are regulators and how users are going to use this stuff and and a lot of moving pieces.

W

um So I don't, I think, if this work goes forward, it would have to go forward as a buff toward working, but I don't think you're at the point yet, where you've pulled apart enough of the pieces so that we can see as the ietf what we would need to work on. So I think there needs to be some sort of pre-work done to pull out pieces that are concrete and finite engineering problems. uh The draft is a little too unwieldy. I think, to handle right now.

A

Okay, thank you pete, so a suggestion to distill the ietf specific parts and return to that, maybe with a buff um nikita. If I can ask you just to mute yourself.

A

And next in the queue is patrick tarpy.

Y

Hello, patrick tarpy, ofcom. I think it's a very interesting idea. A couple of observations, though it's having a unified or baseline view of what ethics looks like across the globe is challenging, and what I mean by that is.

Y

The idea of pii is established and convened in the eu region for the general data protection regulations, but that doesn't necessarily follow suit once we leave the eu territory and the second and well second- and third observation is that if we provide end users with information and this information is attested or verified by a third party, what what's the process, if the? If the user says?

Y

Actually I don't agree with this information- I think there's a problem here and who would pay for the third party auditing, but in general I think it's a really interesting idea, and I I welcome it. I think anything that allows people to make informed decisions has got to be good. uh From from my point of view, I think it's a question of how can we get like a very base minimum that works kind of globally and is effective and then there's something that may be optional?

Y

For particular territories, that would seem to me to be a better fit, but there you go. Thank you.

A

Thank you, patrick.

X

I would like to I would like to answer uh your comments. I think you're nailing down a very important issue here and uh when you say about the unification of ethics, this is exactly what we are trying to avoid, and this is what is exactly what the regulation is trying to bring. The regulation is trying to say that certain products must operate in a certain way.

X

What we want to bring is, instead, the description of how products are operating so that the user, with the particular profile, can have ease in selecting those products that are closer or more definite to to who they are or or what they want. Those users, for example, who are ready to compromise their privacy for safety or the other way, uh would be still able to find the products that they're that they're aiming for now. The second question is the validation verification question.

X

um My belief is that third-party verification by auditors should be paid by companies which see uh which are seeking profit uh from selling their their software.

X

On the other hand, there is one project which is in the design phase, which we call the big red button, which is a feedback loop for the end user to have a social validation for those products which claim something, but don't fulfill what they're claiming.

X

uh I hope this this answers partially, your your your concern, but, but I I want to highlight here that we're trying to avoid universal ethics at all costs on. On the other hand, we want to make it open and personalized to everyone.

A

Thank you nikita. I think that's an important clarification um so just recognizing time if we can keep the next couple of comments. Quite quick uh ted hardy you're next in the queue.

N

uh That's hardly speaking, uh thank you very much for bringing the work. It's very interesting, and it's indeed very broad, and I think, from the dispatch point of view when I look at the work and and read through some of the aspects. In section four, for example, you touch on storage. You touch on visual representation. You touch on um what what the the different pieces would be validated for by different people it.

N

It really gives me an impression of something: that's an an entire ecosystem uh in in order for it to actually work and traditionally what those do are systems, engineering groups and systems. Engineering groups like 3gpp as an example, define a whole release for how the whole system is supposed to work together to deliver the service to the end user.

N

The itf interacts with system engineering groups by taking requirements from them and building the different protocol elements that relate to that system, engineering group and to other people who might build similar things, and I think there are a bunch of things that you're actually dealing with that. That might turn out eventually to be itf work. You know your json application format or something like that, but at the moment, you're really at the level of building out the systems. Engineering thing and so my honest response to you from a dispatch point of view.

N

Is you need to build a new group uh of people who are going to come together to define the overall system ranging through what the visual elements are going to look like what the validation is going to look like, ultimately, to you know what the societal pressure is going to look like when people falsify those and that group in turn can send.

N

You know the the lego piece protocol requirements to the ietf whenever it has them um and whenever they fall into our purview and not somebody else's. But I think if you brought it to the ietf, it would fail, because this is the kind of work that at the itf would get bogged down in a whole bunch of let's talk about the protocol and not talk about the system. So I think for this to succeed.

N

It really needs its own place and then that that to interact at the protocol level with with the itf when it needs to, but once again it's really interesting work. Thank you for bringing it.

A

Thank you, ted yeah. I think there's a lot of chat in jabber as well, but it's very interesting problem, and just where it may be itf is not the place. But thank you um so final person in the queue leave your handsome right.

Z

I'm just gonna quickly agree with ted and then also suggest that you go find. There is a if you, google, for consent receipts. You will find a group who have done very, very similar things and there's a guy called mark lazar. You definitely want to talk to, and I think you have a lot of in common with them and those are the kind of people who can help you build that system. In fact, they have a quite a lot of traction for their stuff in the canadian government.

A

Great, thank you very much, so um nikita we'll link up with you afterwards, but for me and everyone here. Thank you so much for presenting, especially after the morning you've had it's really great to see you here. So thank you.

Q

A

So we'll move on to the art part of the agenda. Now um sorry we're still just dealing with different parts of different slide decks. Here we go.

C

All right: well, we've got this little moment as we switch things over for those of you who walked in after the meeting started. There's a qr code up on the screen here or if you log into the little light meteco client, then that will have you listed in the blue sheets and it's also the place that you can go if you want to speak in the queue thanks.

A

Thank you, yeah and we'll just summarize the dispatch outcomes at the end of the art area meeting, as we always do so. um This is just a note, obviously dispatches the art in the art area and we combined with the art area meeting. So there are three buffs this week for you to be aware of tuesday, wednesday and thursday at 10 a.m. How useful is that to remember when your buffs are, there's computer aware networking media over quick and safnet?

A

So I'm not going to read that out um and then because it's been a while, since we've had people in person or a hybrid meeting, it's our first ever one just to note some of the new and nearly new art related working groups, there, a couple straight after this so sedate and wish we have mediaman on wednesday and skim and oh hey or oh hi. However, you say that yeah, depending on how you pronounce that. um So that's what we've got this week.

A

It's really good to be back in person, so do go along and see the people behind those groups and get involved in person or virtually if you're still virtual. So um we move on to the art area part of the meeting. Now we just have one presentation here on open event at open streaming event streaming open network. Oh my gosh, I don't even have jet lag as an excuse, um so we'll just hand over to emiliano to present. Would you like me to drive the slides.

H

All right, first of all, nice to meet you, it's a pleasure to be here and today I will be presenting this event streaming open network um internet draft next slide, please. So the main problem that this internet draft is addressing is the difficulty of connecting message flows over the internet.

H

So, uh with the rise of microservices architecture, there is a need of connecting message flows both inside organizations, as well as between organizations.

C

I think your microphone might be off if not low,.

H

C

There you go, you might need to make a little middle more closely.

H

Like this, can you hear me now all right if you.

A

H

A

H

Yeah, okay, perfect, so I was saying that, with the rise of microservices, there is a need of connecting message flows both inside the organizations, as well as between organizations and also end users, value to be immediately aware of new information as and also companies want to provide new functionalities of this type.

H

However, when we consider the connection of message flows across organizations, it is not easy and most of the time it is too costly and the one of the main reason maybe uh of this difficulty is because there is no way of referring to message flows in the same way that we can refer to, for instance, an email address. This means that there is no uri scheme for message flows and, on the other side, dns records.

H

um Maybe they are not enough, also, because you know the message flows and the message brokers do not necessarily comply with the yana port number registry. So the result of all this is that there are a lot of private solutions, private protocols and there you can see a few. Maybe flight radar is one of the most known in which there are people that you know have different uh devices on their home scanning the electromagnetic spectrum and publishing to uh to just one company all of this information, and that information keeps locked inside that company.

H

It's not possible. You know to share those flows of messages across different people next slide. Please.

H

All right, so, if we drill down a little bit on this uh on this issue on this problem, if we have two organizations that are using messages are using message flows um not only on a discrete form, you know, but on a streaming uh form uh whenever they want to connect these flows among themselves. There are issues. Basically, they need to agree on an interface.

H

They need to sit down and they need to establish a project that is going to have its analysis, design and development phase in which they will agree on how to connect these message flows.

H

So whenever they need to connect a new flow, they will have to repeat the same process, and basically this generates a really big heterogeneity. You know of of connections of message, flows really difficult to maintain next slide, please.

H

So if we had an open network, meaning that if we could name all of these message, flows with a uri in the in the way that you can see on this slide developers and people using this kind of messages would have a common framework to refer to these message flows. It would minimize the offline communication of developers so today, when we want to send an email to somebody, we just ask for the email address.

H

We are not asking if the email, if their email provider is using smtp with tls or not, we just know the email address and the rest of the protocol manages to find out, which is the best way to send the message so the same, we could do with messages with asynchronous messages streams, and we could use this same strategy for multiple integrations, keeping some homogeneity on on how we are connecting these messages.

H

Obviously, this would be based solely on dns, basically on dns, so it would be an open network in the sense that anybody that can buy a can register a domain and can get a an internet connection could participate in the network without any kind of discrimination. In the same way, we currently do that for the world wide web and email next slide, please.

H

So if we look at a high level how this network would look like, basically, we would have different network participants. That would be enabling different message flows and these message flows could be both private or public, so the messages could be composed in the sense that one network participant could use a source of message flow to enrich that information or to use it as an input for a given process and then publish that uh the result of that process for another network participant to to use it.

H

So this would generate a composition of the messages that would enable uh downstream uh productive activities and also give give place to a lot of experimentation.

H

Let's see an example next slide, so imagine we have an airport that has two terminals and this airport publishes on two different message: flows: the arrivals of flights, and this they will do it on a public manner right. Everybody would be able uh to consume the messages as soon as a plane. um uh How do you say arrives to the airport?

H

They would get a message saying: okay, this plane has just landed, and that would be public in the same way that we can go to our website and see which are the planes that have landed. But we are thinking about messages and programmatically connections, so there could be a logistics company that could use this information.

H

These messages to estimate the time of arrival of a given good for a store, and also a factory, for instance, and then- and this connection would be private- that I mean a confidentiality should be kept because this information- it's not something that we want anybody to consume only these destinators right so but then a factory there could consume this information to in turn, provide a car factory, for instance an estimated time of arrival of a given piece and in turn, that factory could use that information together with other messages to estimate a person when they are going to receive their new car, for instance, and that information wouldn't be static.

H

It would be you know, updating, uh according to the messages that are being received next slide, please. So, let's drill down a little on the architecture that each network participant should use. So here you can see a lot of boxes. Basically, we have uh the core components of the of the network, participant at the architecture, with this violet purple circle and there- and this is highly inspired on the email architecture. So we have a user agent in the same way that in email we have a mail user agent and we have an accessing agent.

H

That would be the server side uh between these two components. A protocol should be used that we have called the accessing protocol. Then the network participant could use whatever message broker that he wants. I mean they could use rabitmq mosquito for mqtt server or even apache kafka, apache pulsar, whatever they want.

H

uh As long as the accessing agent, the server side is compatible with that with that broker, um and then there will be a really high reliance on dns in order to be able to resolve these flow uris and whenever a new uh flow is created, the user agent would talk with the server side with the accessing agent. A new message flow would be created on the flow events broker and also published to dns by means of dynamic dns.

H

So this is one part of the story. This is only one network participant and if we look at the connection at an example of the connection between two network participants, imagine we want to subscribe as a user. I want to subscribe to our remote flow, so that would be a connection between two network participants. Can we go to the next slide?

H

Oh sorry, first the protocol, uh the protocol that the uh that the server implements we call it accessing protocol and it's really basic protocol here. You can see the finite state machine of this uh of this protocol. Basically, it supports authentication and also the execution of commands in the same way. Smtp does these commands would enable extensibility and um and the case that I was mentioning about subscribing to a remote flow. That would be one comment. It would be the subscribe comment all right. So, let's see the example next slide, please.

H

So here we have two network participants, the blue network participant and the orange network participant. Imagine I'm a user from the blue network participant and I want to subscribe to a remote flow to a remote message flow that would be flow a so from my user agent on the blue network participant, I would execute a subscribe to a flow uri.

H

The server side would recognize that uri as a remote flow, so it would resolve where the accessing agent of that flow is located and connect to the server once it connects and authenticates it will execute this command subscribe flow, a that would trigger the creation of a flow processor on the on the orange network, participant that basically would copy the uh the flow. um The flow message right. You can see there, it's qeqa it would generate a copy, and this is interesting because, as a network participant, I want to have control over my subscriptions.

H

If somebody is consuming messages from my uh from my site, I mean from from from one of my users, I want to eventually be able to revoke that subscription. So in that case, bringing down that flow processor that it's copying the messages would be enough to revoke the subscription when the subscription is established. The flow processor is created, a copy of the message flow is available. Then the blue network participant can use that information to set up a new flow processor and copy all those messages.

H

So now the user in the blue network participant would be able to consume locally uh these messages that are generated by a remote, a network participant next slide, please.

H

So the the example that I mentioned is the simplest one in which we have a flow processor that basically it's a bridge processor. It's basically transcribing messages from one message flow to another one and that's a command in the protocol that it subscribed, but there could be more advanced and complex situations in which, for instance, we want to collect uh messages from several flows.

H

So in that case we would execute the collect, command and specify the source uh message flows using the flow uri uh and a destination flow uh using again the flow uri. So basically this this would allow, for instance, in the example of the airport, to collect all the arrivals of flight and publish them to another message flow. We could have a distributor flow.

H

That would be basically the other way around get messages from one message: flow and publish them to several flows, and then we have maybe the most complex one that it's the sinal processor, that this processor would have a function of a given set of input, message flows and it would, according to the function, impact on one or more destination message flows.

H

So, basically, all of these uh flow processors would cover a broad range of use cases. By now we have an initial proof uh of concept that has implemented only the subscribe method and we are looking forward to uh continue working on the next uh uh on the next comments, all right, so um we are going next slide. Please we are going to have a side meeting about this topic on wednesday.

H

I think it's, this room actually at 4 p.m, uh so everyone everyone is welcome and according to I mean regarding dispatch, we are not sure actually how to proceed. We believe that, first of all, we need to continue discussing whether uh this is relevant uh to be discussed within the itf.

H

We do believe so and, uh and once we get, you know uh some kind of feedback and if there is interest and if people consider that this is the place, obviously we would like to to continue and uh and progress on on on a working group. Eventually, who knows that's all? Thank you very much for your time.

A

Thank you very much for presenting um really good to have the next steps if you're interested to go to the side meeting, it's not this room, but no just so.

D

Just so people go to the right place. You have interested.

A

Crowds in the right place um would anyone like to join the queue and give a kind of initial take or any questions we have the time. So don't be shy.

A

Just wait so people have chance to click, but seeing no one in the queue I can only assume you'll just get them all. On the side meeting.

D

Thank you very much for presenting.

A

A

Okay, so um that actually is the end of all the planned presentations and topics that we had for today. We just take some time to run through the dispatch outcomes from the session earlier and then we'll open up the floor for aob, so uh dispatch outcomes for the complaint feedback. Loop header.

A

um It was agreed that the work should go forward, possibly under a new working group for wider email maintenance if the community has interest so the creation and next steps there are to be led by murray r.a.d for ech config interested in the work to progress, but it's not clear which working group so whether dns op tls, http, http, biz, all suggested or even the area, whether it's art or sex.

A

So we're going to continue discussion on the dispatch mailing list to find an answer to that um updated use of the expires message- header field that was recommended for ad sponsorship, as someone noted in java, just because it's recommended doesn't mean that it will be taken on. But that does seem the the will of the community, and then emmy was suggested to be a working group forming both and finally, the open ethics problem nikita presented um has agreed.

A

It was really interesting, work and a very good problem, but a bit big for the ietf in its current form, and so um with next steps. There are to work out with the community or on the list to work out the itf specific parts of that ecosystem and bring that problem specifically back rather than the entire problem space.

A

So that's a quick run through of the dispatch outcomes we'll send them to the mailing list, but I'll just pause in case, there's anything that anyone um disagrees with murray's just popped in the chats a good ceremony. Thank you. That's always a good sign when the ad agrees.

A

Super and we'll just open up the floor, then for aob. If anyone has any other business they'd like to bring, we have 10 glorious minutes francesca.

B

Hi francesca, I just wanted to mention that the ecmascript media types updates document there was a dispatch document- has exited the working group and is with the rfc editor. So just like round of applause, and thank you, everybody for for working on it and making the draft good and um progressing it, and then, regarding the mayo maintenance working group. That was mentioned as as a possibility uh just wanted to say that we have uh mentioned it in with the isg.

B

So the ist is aware of the possibility um and that some of these email drafts might go there. But we will decide based on the discussion here on the list and we'll see how that progresses. So that's still an open option.

A

Thank you very much francesca any other aob before we close out the session.

C

I've got something, but I thought I'd wait for everyone else. First. um Hopefully I can slide share myself here.

C

Has it added or not? No, it hasn't. I refreshed I refreshed in the in the view, but maybe I can't refresh in this view.

A

Do you want to talk now, yeah.

C

Sure can you can you see it says my slides in there yeah awesome.

C

So this is, this is something I raised. Yep just go ahead to the next slide. um Three things that have come up um in the email space that I'm aware of one of which is dkim replay attacks are a big deal uh in email operations right now and the second one is: if we try and solve dick and rep play attacks, we'll probably break more of the indirect mail flows, which means we need to figure out what we're going to do with arc to fix that.

C

And the third thing is the large files by email problem which alexi and I are working on and will hopefully have something to present at next ietf, um but aren't really ready for yet we could go ahead to the next slide.

C

So the problem with dkim replay is basically that dkim specifies the headers inside the email, but it doesn't specify anything about the envelope. So you get one spam email successfully sent from a trusted provider and it's dkim signed by that provider, and then you can inject that into anybody's mailbox by just changing the envelope recipients and it gets delivered to them with a fully signed, dkim flow as if this was legitimately supposed to go to them.

C

That mail can come from anywhere in the world, because if you've got dmacc that says, trust, spf or dkim and the dkim looks correct it passes. This was a major topic at the morgue meeting a month ago. It's a significant operational challenge for email providers everywhere. So this is really something we do need to look at. If we could move on to the next slide, there one option is to add some kind of header that gets signed by dkim, which has to align with the envelope.

C

Obviously, this in the past, where you might send to multiple recipients with a single smtp session. You couldn't do that, but nobody does that. Anyway, these days you wind up resending the message to each recipient, possibly because you're changing the from address, possibly because your mail flow system just works more easily that way, but once you're doing that, you could then sign the message separately for each recipient and have to align it that completely gets rid of this problem.

C

It also completely breaks all indirect email flow because if you are forwarding through an intermediate system here, um sending to to an alias at your university or whatever then goes on to your real email address, the two address changes. So you have to rewrite the sender which gets us into arc, so the next slide here is yeah.

C

Does anyone have any other suggestions for how to how to deal with that? I haven't heard any that will work um but feel free to pop up. If you have some so yeah arc.

C

The problem with arc is you don't know whether the recipient understands arc, um if there's a dmacc policy which says that they won't accept changed mail and any sender that rewrites obviously can't come forward without rewriting the from address as well and then having to handle the backflow.

C

But if we had a header like this, then this goes from being just rewriting forwarders to every single folder.

C

So you have to then know: can you rewrite or not, and without a way of knowing if I supported the recipient, you have to rewrite everything. So the solution for this is to have some way of knowing whether the recipient will accept arc, and so this was something I raised when I first saw arc what five six years ago in prague, we still need to deal with this at some point, um so arc supporters here signal at the recipient. I think, is the correct way to deal with this.

C

This will again be something that an email working group would hopefully deal with or it could be dealt with in demark, but we have dmarc. We have email core. We have extra there's a lot of different working groups, doing email related stuff and similar stuff, which is is why I think that the a group that handles all of this might be the right place.

C

There's a couple more slides, um you could add it to the smtp capabilities, but if the mx says I accept arc to the hello, then that's very late to have to actually update the message. So I believe dns is probably the right place for this, um and the other question is: is whether dmacc policies need to be extended to say I don't accept being forwarded at all. Sorry, it has. You have to give me the exact destination address and that, I think, was everything there.

C

The final thing was the large file problem, um looking at what we can do to to deal with a way of signaling. This is an attachment. This isn't just a random link in some html content, so tell the recipient to you can look at the slides. I gave it last dispatch on this rather than repeating everything, but the important part here is lifetime management for the attached message. Right now I can look at an email from 10 years ago.

C

I can see the content- that's in it, but if a large file was attached by putting a link in that email, the likelihood that that large file is still at the same url that it was 10 years ago, very, very low, which means I need to manually manage the large attachments that have been sent and that's a pain um so having a way to to link them so that they have a lifetime is good.

A

Yep, so we have um barry lieber joining the queue.

AA

Hi, this is barry, lieber, uh formerly chaired the dkim working group. So I just two things about this.

AA

We spent a lot of time in the discussions on dkim both before it came to the ietf and then in the working group on how to deal with replay attacks. It is a hard problem. We couldn't come up with anything that was workable.

AA

Given the parameters we had so you're going to extend the parameters a bit which, if you want to do the the recipient, 2 or whatever, that has a number of problems, including dealing with with bcc issues and various privacy, exposures and tying it in the way spf is tied in so that indirect, as you said, indirect mail flows, don't work, there's a lot of issues with that.

AA

That's why we punted on it in the first place- and we said the best thing you can do- is reduce the window by expiring the um the signature more quickly, but that's the best. We could do so. Good luck coming up with something, but it is an important issue and uh we could not figure out a way to deal with it.

AA

The other thing that al that that's pushing a lot of these issues is the dmarc is basically the same thing as adsp with reporting and adsp was produced by the dmarc working group and then failed miserably for exactly the reason that dmarc is causing problems. That organizations were using it in ways it wasn't intended to be used. They were using it for messages that or for sub domains that were intended to be used post to mailing lists, and then it broke mailing list stuff.

AA

The way dmarc is um that's, also a very difficult problem to solve, because uh dmarc was not originally intended to be used for those kinds of domains and certain domains found that it solved a problem they had and used it so trying to go back, pedal and figure out how to make that work, as we've done with uh with arc is as an attempt and just some background and things to think about. As we try to move forward.

C

Thanks, barry yeah, I think the the bcc is probably the easiest one of these to solve, because this would be a header, that's added by the dkim signer as it signs it to each copy as it goes out. So it's not stored more than the receipt to in over the wire is stored.

AA

No, but the problem is that when, when the user then replies to or forwards that message, then you start exposing some of the headers that are in the message that were not there when for bcc, normally, both.

C

Systems add that essay, a header during delivery as well who who the recipient was.

A

Cool well um just actually that brings us up to time on the dispatch session. So before I let you go please to everyone in the room scan this qr code.

A

That is the way we do blue sheets now to record your presence in the session, you agreed to do that when you registered for the meeting, um thanks to everyone joining us, virtually and in person, thank you for bearing with us with the technical hiccups and thanks to all of our presenters, and thank you to the community for giving your dispatch input um until 114 and have a great itf week. Thank you. Everyone bye.

D

F

Right cool, thank you. You're excellent.

D

A

A

Thank you. Yes, thank you.

B

I think that was actually quite good, like quite a lot of, especially for the ech staff. I totally agreed.