06:11:24 RRSAgent has joined #httpslocal 06:11:24 logging to https://www.w3.org/2019/09/19-httpslocal-irc 06:12:56 chair: YoshiroYoneya 06:13:28 agenda: https://github.com/httpslocal/group/wiki/Meeting2019Sep19TPAC 06:15:18 soju has joined #httpslocal 06:16:52 present+ Yoshiro_Yoneya 06:18:22 ajitomi has joined #httpslocal 06:18:31 urata has joined #httpslocal 06:18:35 scribe: urata 06:19:12 Meeting: httpslocal 06:19:19 Chair: YoshiroYoneya 06:19:30 Agenda: https://github.com/httpslocal/group/wiki/Meeting2019Sep19TPAC 06:19:35 Scribe: urata 06:25:44 inamori_ has joined #httpslocal 06:26:21 CG report 1: use cases and requirements: https://httpslocal.github.io/usecases/ 06:26:41 MasayaIkeo has joined #httpslocal 06:27:14 mori has joined #httpslocal 06:28:51 CG report 2: approaches for achieving HTTPS in Local Network: https://httpslocal.github.io/proposals/ 06:31:03 igarashi has joined #httpslocal 06:31:21 present+ Tatsuya_Igararashi 06:31:22 Mizushima has joined #httpslocal 06:31:24 yoneya: opening talk 06:31:32 minami has joined #httpslocal 06:31:43 ryo-k_ has joined #httpslocal 06:31:47 yoneya: made some progress from last year's meeting 06:31:51 sudeep has joined #httpslocal 06:32:05 ricea has joined #httpslocal 06:32:36 yoneya: 1st part : CG report update 06:32:53 kajiwara: update on CG report 06:33:08 horiuchi_ has joined #httpslocal 06:33:14 kaji: CG report is finally ready 06:33:38 kaji: last year talked about requirements 06:33:55 kaji: publishing 2 reports 06:34:22 https://github.com/httpslocal/group/blob/master/20190919_F2F_TPAC2019/httpslocal-cg-report-progress.pdf 06:34:53 kaji: added non-cross-origin cases 06:35:39 JoeAndrieu has joined #httpslocal 06:36:05 present+ Joe_Andrieu 06:36:19 kaji: clarified HTTPS term in document 06:36:57 kaji: refined requirement 06:37:51 kaji: reorganaized use cases 06:38:32 kaji: existing solutions: Mozilla's Thins Gateway 06:39:28 kaji: new approaches: 06:40:03 kaji: name constraints 06:40:35 kaji: another candidate: private domain names: 06:40:49 kaji: PAKE-based, ACE/OAuth based 06:41:04 skk_ has joined #httpslocal 06:41:38 kaji: browser vendor feedback is welcomed 06:41:44 q? 06:41:59 kaji: releasing CG report 06:42:34 present+ 06:42:34 kaji: duscussion items 06:43:08 kaji: comments on feasibility, relistic or not, welcomed 06:43:16 carlosil has joined #httpslocal 06:43:33 ack JoeAndrieu 06:44:16 joe_andrew: use case without internet access in scope? 06:44:37 ajitomi: covered in usecase 6 06:45:32 ja: usecase is making camera accessible 06:45:44 xxx: how to manage trust store? 06:46:12 s/xxx/Okubo/ 06:46:19 Zakim has joined #httpslocal 06:46:41 kaji: users should not to add certificate manually 06:46:54 q? 06:47:26 ajitomi: raw public key is one method 06:47:34 xxx: how about trust anker? 06:48:13 xxx: how would I know which cert to trust? 06:48:46 aji: use rpk based on use consent 06:49:06 xxx: certificate itself is trustworthy or not is the point 06:49:23 q+ 06:49:42 aji: device vendor checks attestation key 06:50:59 xxx: vendor may not be able to do that 06:51:41 q? 06:51:44 ack JoeAndrieu 06:51:49 xxx: specific reserved domain may be usable 06:52:03 inamori_ has joined #httpslocal 06:52:29 yyy: consider hardware key pairgin? 06:52:33 q? 06:52:37 aji: approach 4 is FIDO based 06:53:21 yone: next agenda: new work 06:54:02 ito: for local devices ca can't issue cert 06:54:25 ito: because not able to validate domain. local device is not reachable from ca. 06:54:32 s/xxx/okubo/ 06:54:43 new approach based on technically constrainted certificate: https://httpslocal.github.io/proposals/#web-pki-approaches 06:54:58 ito: exceptional way may be usable 06:55:10 ito: technical constraints cert 06:55:30 minami_ has joined #httpslocal 06:55:57 ito: with tenical constraints and issue cert 06:57:06 ito: able to issue e.g. Device1.camera.example.com with local ip address 06:57:53 ito: ca is able to issue this kind of cert 06:58:04 ito: example usecase: 06:58:44 ito: ca can issue less than 2 year cert 06:58:51 s/yyy/benfrancis/ 06:59:16 ito: itf flat something may work 07:00:37 ito: need some method to put cert in device, there should be many ways, e.g. QR code 07:01:11 q+ 07:01:29 ito: public DNS server redirect the DNS requeuset to dynamic DNS 07:01:58 ack igarashi 07:02:14 ito: ito: techincal constraints certificate works like this 07:02:25 igarashi: how QR code is initiated? 07:03:20 igarashi: when use need to read QR code? 07:03:21 naomi has joined #httpslocal 07:03:55 ito: should be first time using the device and also, the timing of cert update. 07:04:15 s/use/a user/ 07:04:57 okubo: ACME could be used and it may be natural way 07:05:13 mizushima: how about domain validation? 07:07:00 ito: server cert influence many uses, client cert influence to single user 07:07:32 igarashi: this group focus on client/server model, isn't it? 07:08:10 q? 07:09:31 ito: mechanism to install end use cert to device 07:09:40 ito: attestation mechanism 07:10:04 q+ 07:10:30 ito: need revocation mechanism for devices for unauth cert 07:11:59 q- 07:12:06 ito: case of local network is offline, good for security 07:12:29 ito: this case is publick ca for local network 07:14:04 zzz: comment: local network may include LTE. such carrier network may be one use case 07:14:28 s/zzz/sudeep/ 07:14:38 yone: next agenda: discussion 07:15:21 last page of https://github.com/httpslocal/group/blob/master/20190919_F2F_TPAC2019/httpslocal-cg-report-progress.pdf 07:15:26 discussion items: 07:15:59 DID WG, WoT WG will be useful to follow. 07:16:00 Please consider joining or at least following the work at the Decentralized Identifier Working Group (DIDWG) https://www.w3.org/2019/did-wg/ This group is developing cryptographic identifiers with decentralized roots of trust (typically using blockchain technology, but there are other approaches). We were just chartered and have an early draft at https://w3c.github.io/did-spec/ There is work being done towards making these usable for TLS conn[CUT] 07:16:21 some support and interest from browser companies--but it is early yet. The Web of Things Working Group is also considering how to use DIDs for local device communications. https://www.w3.org/WoT/WG/ They may have approaches that can support the work going on here. 07:16:33 Web Network CG is also thinking about edge network. 07:16:41 sundeep: offload from edge would be applicable use case 07:17:21 kaji: this cg will talk with wot wg tomorrow 07:18:39 q? 07:19:14 JoeAndrieu: https with private domains.. would be viable. below the https layaer but browser may be able to. 07:20:03 horiuchi_: realisticity depend on whether create client 07:21:35 uuu: depend on origins but skeptical. not subset of origins but think about new origin 07:21:51 igarashi: how to guarantee uniqueness of origin? 07:22:12 igarashi: uniquness means not overlapping of origins 07:22:56 ajitomi: think to need to add force origin such as random numbe or something which can be fingerprint 07:23:23 carlosil has joined #httpslocal 07:23:36 ajitomi: ito-san's case is globally unique name 07:24:18 ajitomi: many printer.local may exists all over the world but browser have to distiguish each 07:25:10 benfrancis: don't overloaded as concept of origin. locally distiguishable 07:25:12 Don't overload the concept of "ORIGIN". 07:25:46 Mizushima has joined #httpslocal 07:26:15 JoeAndrieu: ssh in local network works as tofu 07:26:30 tofu = Trust on First Use 07:27:09 YoshiroYoneya: group direction: WG, IG or work with DID, Web and Network IG 07:27:50 JoeAndrieu: writing use case in DID and like to use some of these usecases in DID 07:28:56 ryo-k_: suggestion about direction 07:29:22 YoshiroYoneya: any other comments, suggestions 07:30:15 JoeAndrieu: usecase writing is important. like to cowork as DID if needed 07:30:48 ajitomi: from toshiba. wrap up 07:31:15 ajitomi: release CG report at Dec2019 but many issues are remaining 07:31:44 ajitomi: suggestion from Marin from Mozilla for merging 07:32:04 ajitomi: device discovery made as optional 07:32:54 ajitomi: group is discussing on github and feel free to join 07:33:03 q? 07:34:02 YoshiroYoneya: then group work to publish CG report at end of this year 07:34:53 YoshiroYoneya: ending remark 07:36:32 horiuchi has joined #httpslocal 07:40:21 rrsagent, generate minutes 07:40:21 I have made the request to generate https://www.w3.org/2019/09/19-httpslocal-minutes.html YoshiroYoneya 07:41:27 carlosil has left #httpslocal 07:45:44 rrsagent, make logs public 07:45:44 naomi has joined #httpslocal 07:46:21 horiuchi has joined #httpslocal 07:58:29 naomi has joined #httpslocal 07:59:49 skk has joined #httpslocal 08:23:55 YoshiroYoneya has joined #httpslocal 08:30:49 MasayaIkeo has joined #httpslocal 08:32:45 horiuchi has joined #httpslocal 08:34:37 horiuchi has joined #httpslocal 08:37:36 horiuchi_ has joined #httpslocal 08:41:17 horiuchi has joined #httpslocal 08:51:06 naomi has joined #httpslocal 08:52:45 naomi has joined #httpslocal 08:58:39 horiuchi has joined #httpslocal 09:02:04 horiuchi has joined #httpslocal 09:02:31 horiuchi has joined #httpslocal 09:18:21 naomi has joined #httpslocal 09:23:19 horiuchi has joined #httpslocal 09:31:47 plinss_ has joined #httpslocal 09:33:39 Zakim has left #httpslocal 10:00:26 inamori_ has joined #httpslocal