Minutes for Applications Area Working Group and Applications Area General Session IETF 81, 25 July 2011 9:00, convene 1. Agenda Bashing, and WG Status - 5 min Chairs review Note Well and plan for the session, and give brief review of two documents in the RFC Editor queue. 2. The 'about' URI scheme (Lachlan Hunt) - 10 min http://tools.ietf.org/html/draft-holsten-about-uri-scheme Lachlan summarizes the document via Skype. Discussion: John Klensin: either one page "this URI type is now reserved, if you are one of these --> use it", or have a proper registry of all allowed about URI components. This is neither at the moment. -- No objection from the floor to handling this document in the appsawg. 3. A JSON Media Type for Describing the Structure and Meaning of JSON Documents (Kris Zyp) - 10 min http://tools.ietf.org/html/draft-zyp-json-schema Kris summarizes the document via Skype, covers some details and use cases. -- Some explicit support is voiced for having this in APPSAWG (Joe Hildebrand, Richard Barnes), as there is other work that would need to reference JSON schema. No objection from the floor. 4. Best Current Practices for Handling of Malformed Messages (Murray Kucherawy) - 15 min http://tools.ietf.org/html/draft-kucherawy-mta-malformed Murray summarizes the document and goals, along with prior issues and discussion. Discussion: Randy Gellens: MSAs should be more strict about what they are allowed to generate. (Multiple nods from people.) Pete Resnick: Murray's document is kind of advice to MDAs? Keith Moore: document the process (and the need) for the proposed wiki? Keith Moore: RFCs have a cost; they also live forever. Something more lightweight for capturing a moving target? Dave Crocker: RFC about known security issues with known malformations? (Some support for the idea in the room.) Paul Hoffman: don't use RFC 2119 language at all! (Keith: +1) -- No objection from the floor to handling this document in the appsawg. Noted that the result might or might not end up looking like this document. Barry will post an explanation to the mailing list of the wiki proposal. 5. Updating multipart/report (Murray Kucherawy) - 10 min http://tools.ietf.org/id/draft-kucherawy-rfc3462bis Murray reviews the background for this proposal. Discussion: Keith Moore: Update to allow of forwarding of multiple reports - no objection! Paul Hoffman: don't do this as an Erratum, as nobody will find it, do this as a proper RFC. -- The recommendation is to take this to YAM WG first, and come back to AppsAWG if they don't want it. [Note: YAM has since decided to close down, so the document is coming here.] 6. Update to MIME regarding Charset Parameter Handling in Textual Media Types (Alexey) - 10 min http://tools.ietf.org/html/draft-melnikov-mime-default-charset Alexey reviews the issues and the proposal. Discussion: Keith Moore: Deeper problem: some senders don't know what the charset for their content is. If they don't know, they shouldn't try to label it. Ted Hardie: The document needs to talk about content negotiation (e.g. multipart/alternative), as use of different charset values originally intended to help with content negotiation. -- No objection from the floor to handling this document in the appsawg. 7. Top Level Domain Name Specification (Lars-Johan Liman, Joe Abley) - 10 min http://tools.ietf.org/html/draft-liman-tld-names Lars-Johan reviews the background and the document's proposal. He gives some details, and notes that this was discussed in DNSOPS. This is being shepherded by Jari Arkko as an individual submission; it will not be processed in appsawg. 8. Use of the "X-" Prefix in Application Protocols (Peter St. Andre) - 10 min http://tools.ietf.org/html/draft-saintandre-xdash Peter reviews the background and recommendations of the document. Discussion: Tony Hansen: We should start registering X- values in registries. Paul Hoffman: Need to adopt this in the WG ASAP, and chairs need to start calling consensus, or we are wasting time. Dave Crocker: Don't ever allow X-. This will avoid the need to change the current procedure which says we can't register them. Mark Nottingham: Existence of X- prevents standardization/registration of of header fields. Also, some HTTP servers are now doing special handling of X- header fields (in a bad way). Keith Moore: X- should never be used in shipping products. Advice will differ on a protocol by protocol basis? -- No objection from the floor to handling this document in the appsawg. 9. Media Type Specifications and Registration Procedures (John Klensin) - 10 min http://tools.ietf.org/html/draft-freed-media-type-regs Discussion: Thomas Roessler: please give W3C people time before mid-September to review the draft. -- No objection from the floor to handling this document in the appsawg. -- Transition to Applications Area Open Meeting -- 10. BoF previews: (5 min each) - 10 min -- REPUTE: Reputation Services (Barry Leiba) Mailing list: https://www.ietf.org/mailman/listinfo/domainrep Drafts: draft-kucherawy-reputation-* Proposed Charter: http://www.blackops.org/~msk/domainrep/repute-charter.txt Main goal of the work: provide an extensible means for communicating some sort of "reputation value" of an identifier (targeted to a domain name), along with a confidence factor. -- WOES: Web Object Encryption and Signing (Sec Area; Paul Hoffman and Richard Barnes) Mailing list: https://www.ietf.org/mailman/listinfo/woes Proposed Charter: http://www.ietf.org/mail-archive/web/woes/current/msg00077.html Main goal of the work: provide a means for securing (signing/encrypting) JSON objects. 11. Web-related news from W3C (Thomas Roessler, W3C Liaison to the IETF) - 15 min Summary of W3C status of "do not track", WebAppSec, and HTML5 work. 12. WEIRDS work -- next-generation WHOIS technology (Andrew Sullivan) - 10 min Mailing list: https://www.ietf.org/mailman/listinfo/weirds Brief summary of proposed work: RESTful Whois data service. Side meeting Wednesday evening. Pete Resnick: Concerned about who will implement this. Leslie Daigle: Supportive of the work, but there are lots of complexities. Be careful. Ted Hardie: Look at RFC 3707 (CRISP requirements), and pay particular attention to referrals. 13. Overview of VDI (Virtual Desktop Infrastructure) work (Liang Liang) - 15 min Drafts: http://tools.ietf.org/html/draft-wang-appsawg-vdi-problem-statement http://tools.ietf.org/html/draft-ma-appsawg-vdi-survey Review of problem statement for VDI. Proponents hope to prepare a BoF request for IETF 82. Discussion: Orit Levin: Interesting proposal. Microsoft is one of the solution providers for VDI, and is mentioned in the drafts. Microsoft has a protocol, and it is in the public domain. It's not a bad idea to standardize this kind of protocol. Having a common protocol will help the industry. The Microsoft protocol is implemented for other platforms as well as windows. Randy Gellens: Do you have any input from the entities you show on the browser "hourglass" slide? Liang: We got a response to the draft from the spice community. We also have contact from VDI vendors such as Microsoft, and we intend to get more feedback from them. Randy: It would make the BOF more successful if there were some indication of which companies would be deploying the results, and which companies that have deployments of VDI now would be cooperating with the work. 14. Open mic, as time permits - 10 min Nathaniel Borenstein: Notes a new effort for a History of Email Museum. Interested people should contact . Keith Moore: How do we get more application clue in IETF? V6OPS, for example, is getting input from operators but not from applications people. General problem that's concerned me for some time. Joe Hildebrand: Maybe have a cross-layer bar BoF ? Pete Resnick: We have an Apps review team. I want to push that review back earlier in the process. I also intend to recruit people to actively participate in WGs in other areas. Dave Crocker: We need to define what Apps is. I suggest that anything that touches a human is an app. When a WG is chartered, we should know whether anything will touch a human, and that's the time to trigger this. Keith Moore: Apps is broader than that. Consider Internet of Things, which goes beyond touching humans. Our Apps people are already over-extended. I'm looking for how we get more/other apps people into the IETF. Joel Jaeggli: I'm an ops person. We have to support apps that our companies develop, and we are deeply concerned about the effects our work has on the apps layer. We bring that into our work in the IETF. 11:30, adjourn