Minutes of the 2012-08-29 IAB Teleconference (Tech Chat & Business Meeting)
1. Roll-call, minutes
- Bernard Aboba (IAB Chair)
- Jari Arkko
- Mary Barnes (IAB Executive Director)
- Marc Blanchet
- Ross Callon
- Alissa Cooper
- Spencer Dawkins
- Lars Eggert (IRTF Chair)
- Mat Ford (ISOC Liaison)
- Russ Housley (IETF Chair)
- Joel Halpern
- David Kessens
- Cindy Morgan (IAB Executive Assistant)
- Jon Peterson
- Robert Sparks (IESG Liaison)
- Dave Thaler
- Hannes Tschofenig
- Danny McPherson
- Stephen Farrell
- Sean Turner
1.2. Meeting Minutes
The minutes of the 2 August 2012 and 15 August 2012 business meetings were approved by the board and will be posted to the IAB website. The minutes of the 25 July 2012 meeting with the IEEE 802 leadership were approved by the board; once the IEEE 802 confirms their approval, the minutes will be posted to the IAB website.
The minutes of the IETF 84 Technical Plenary and the 22 August 2012 business meeting remain under review.
2. Tech Chat: Passwords and Authentication
Sean Turner and Stephen Farrell led the IAB in a discussion of some of the issues surrounding the use of passwords as an authentication method, and some of the alternatives. The following slides were presented:
–Begin Slide Deck #1: Sean Turner & Stephen Farrell–
Slide 1: - Passwords are the dominant end-user authentication method. - Somewhat frustrating that http-auth schemes aren't being specified for http/2.0. Slide 2: - Passwords suck. - Seems like every other week some huge password database has been breached. - People use crappy passwords. - People use the same passwords for multiple site/services. - People are only as safe as the weakest protections implemented by the weakest service. Slide 3: - Passwords will probably never completely go away. - We'll probably end up with more than one http-auth solution. - We'd like to reduce the rate of growth of password database entries. Slide 4: - http/2.0 provides a window of opportunity - we should go for it. - http-auth is very uncommon (compared to form-based auth) but it's a good place to start in the IETF because its our protocol and if we do it well the forms-folks will copy the pattern.
–End Slide Deck #1: Sean Turner & Stephen Farrell–
Sean reported that the Security Area Directors are trying to organize a BOF at IETF 85 to discuss forming a Working Group to write Experimental RFCs about some of the opportunities provided in HTTP 2.0.
–Begin Slide Deck #2: Hannes Tschofenig–
–End Slide Deck #2: Hannes Tschofenig–
3. Affirmation of the Modern Global Standards Paradigm
Bernard reported that the Open Stand website [http://open-stand.org/] has gone live and that the announcement and supporting badge have been posted on the IAB website.
The current proposed plan is to also publish the affirmation as an RFC on the IAB stream. Russ has drafted an internet-draft with the text; Bernard will forward this to the IAB and start a vote to adopt the draft on the IAB stream.
4. Congestion Control Workshop Followup
Spencer reported that he has completed a draft of the minutes from the Congestion Control Workshop and sent them to the workshop mailing list for review.
5. IEEE Update
Spencer reported that he has started working with Dan Romascanu and Pat Thaler on a revision of RFC 4441, and that a conference call has been scheduled for 5 September 2012 to continue the work.
6. IAB Review of “Principles for Unicode Code Point Inclusion in Labels in the DNS”
The IAB Review of draft-iab-dns-zone-codepoint-pples ended on 29 August 2012 with no additional comments received. Bernard will issue an IETF Call for Comments ending on 30 September 2012.
7. IANA Strategy for the I* Meeting
Jari reported that the IANA Evolution Program has been working on developing a strategy regarding the evolution of the IANA protocol parameters function for discussion at the I* Meeting next week. The goal at the I* meeting is to confirm that all parties are in agreement on the basic goals, and then begin developing the path forward.