IRC log of httpslocal on 2019-09-19
Timestamps are in UTC.
- 06:11:24 [RRSAgent]
- RRSAgent has joined #httpslocal
- 06:11:24 [RRSAgent]
- logging to https://www.w3.org/2019/09/19-httpslocal-irc
- 06:12:56 [YoshiroYoneya]
- chair: YoshiroYoneya
- 06:13:28 [YoshiroYoneya]
- agenda: https://github.com/httpslocal/group/wiki/Meeting2019Sep19TPAC
- 06:15:18 [soju]
- soju has joined #httpslocal
- 06:16:52 [YoshiroYoneya]
- present+ Yoshiro_Yoneya
- 06:18:22 [ajitomi]
- ajitomi has joined #httpslocal
- 06:18:31 [urata]
- urata has joined #httpslocal
- 06:18:35 [YoshiroYoneya]
- scribe: urata
- 06:19:12 [YoshiroYoneya]
- Meeting: httpslocal
- 06:19:19 [YoshiroYoneya]
- Chair: YoshiroYoneya
- 06:19:30 [YoshiroYoneya]
- Agenda: https://github.com/httpslocal/group/wiki/Meeting2019Sep19TPAC
- 06:19:35 [YoshiroYoneya]
- Scribe: urata
- 06:25:44 [inamori_]
- inamori_ has joined #httpslocal
- 06:26:21 [ajitomi]
- CG report 1: use cases and requirements: https://httpslocal.github.io/usecases/
- 06:26:41 [MasayaIkeo]
- MasayaIkeo has joined #httpslocal
- 06:27:14 [mori]
- mori has joined #httpslocal
- 06:28:51 [ajitomi]
- CG report 2: approaches for achieving HTTPS in Local Network: https://httpslocal.github.io/proposals/
- 06:31:03 [igarashi]
- igarashi has joined #httpslocal
- 06:31:21 [igarashi]
- present+ Tatsuya_Igararashi
- 06:31:22 [Mizushima]
- Mizushima has joined #httpslocal
- 06:31:24 [urata]
- yoneya: opening talk
- 06:31:32 [minami]
- minami has joined #httpslocal
- 06:31:43 [ryo-k_]
- ryo-k_ has joined #httpslocal
- 06:31:47 [urata]
- yoneya: made some progress from last year's meeting
- 06:31:51 [sudeep]
- sudeep has joined #httpslocal
- 06:32:05 [ricea]
- ricea has joined #httpslocal
- 06:32:36 [urata]
- yoneya: 1st part : CG report update
- 06:32:53 [urata]
- kajiwara: update on CG report
- 06:33:08 [horiuchi_]
- horiuchi_ has joined #httpslocal
- 06:33:14 [urata]
- kaji: CG report is finally ready
- 06:33:38 [urata]
- kaji: last year talked about requirements
- 06:33:55 [urata]
- kaji: publishing 2 reports
- 06:34:22 [urata]
- https://github.com/httpslocal/group/blob/master/20190919_F2F_TPAC2019/httpslocal-cg-report-progress.pdf
- 06:34:53 [urata]
- kaji: added non-cross-origin cases
- 06:35:39 [JoeAndrieu]
- JoeAndrieu has joined #httpslocal
- 06:36:05 [JoeAndrieu]
- present+ Joe_Andrieu
- 06:36:19 [urata]
- kaji: clarified HTTPS term in document
- 06:36:57 [urata]
- kaji: refined requirement
- 06:37:51 [urata]
- kaji: reorganaized use cases
- 06:38:32 [urata]
- kaji: existing solutions: Mozilla's Thins Gateway
- 06:39:28 [urata]
- kaji: new approaches:
- 06:40:03 [urata]
- kaji: name constraints
- 06:40:35 [urata]
- kaji: another candidate: private domain names:
- 06:40:49 [urata]
- kaji: PAKE-based, ACE/OAuth based
- 06:41:04 [skk_]
- skk_ has joined #httpslocal
- 06:41:38 [urata]
- kaji: browser vendor feedback is welcomed
- 06:41:44 [JoeAndrieu]
- q?
- 06:41:59 [urata]
- kaji: releasing CG report
- 06:42:34 [skk_]
- present+
- 06:42:34 [urata]
- kaji: duscussion items
- 06:43:08 [urata]
- kaji: comments on feasibility, relistic or not, welcomed
- 06:43:16 [carlosil]
- carlosil has joined #httpslocal
- 06:43:33 [YoshiroYoneya]
- ack JoeAndrieu
- 06:44:16 [urata]
- joe_andrew: use case without internet access in scope?
- 06:44:37 [urata]
- ajitomi: covered in usecase 6
- 06:45:32 [urata]
- ja: usecase is making camera accessible
- 06:45:44 [urata]
- xxx: how to manage trust store?
- 06:46:12 [YoshiroYoneya]
- s/xxx/Okubo/
- 06:46:19 [Zakim]
- Zakim has joined #httpslocal
- 06:46:41 [urata]
- kaji: users should not to add certificate manually
- 06:46:54 [YoshiroYoneya]
- q?
- 06:47:26 [urata]
- ajitomi: raw public key is one method
- 06:47:34 [urata]
- xxx: how about trust anker?
- 06:48:13 [urata]
- xxx: how would I know which cert to trust?
- 06:48:46 [urata]
- aji: use rpk based on use consent
- 06:49:06 [urata]
- xxx: certificate itself is trustworthy or not is the point
- 06:49:23 [JoeAndrieu]
- q+
- 06:49:42 [urata]
- aji: device vendor checks attestation key
- 06:50:59 [urata]
- xxx: vendor may not be able to do that
- 06:51:41 [skk_]
- q?
- 06:51:44 [YoshiroYoneya]
- ack JoeAndrieu
- 06:51:49 [urata]
- xxx: specific reserved domain may be usable
- 06:52:03 [inamori_]
- inamori_ has joined #httpslocal
- 06:52:29 [urata]
- yyy: consider hardware key pairgin?
- 06:52:33 [YoshiroYoneya]
- q?
- 06:52:37 [urata]
- aji: approach 4 is FIDO based
- 06:53:21 [urata]
- yone: next agenda: new work
- 06:54:02 [urata]
- ito: for local devices ca can't issue cert
- 06:54:25 [urata]
- ito: because not able to validate domain. local device is not reachable from ca.
- 06:54:32 [igarashi]
- s/xxx/okubo/
- 06:54:43 [ajitomi]
- new approach based on technically constrainted certificate: https://httpslocal.github.io/proposals/#web-pki-approaches
- 06:54:58 [urata]
- ito: exceptional way may be usable
- 06:55:10 [urata]
- ito: technical constraints cert
- 06:55:30 [minami_]
- minami_ has joined #httpslocal
- 06:55:57 [urata]
- ito: with tenical constraints and issue cert
- 06:57:06 [urata]
- ito: able to issue e.g. Device1.camera.example.com with local ip address
- 06:57:53 [urata]
- ito: ca is able to issue this kind of cert
- 06:58:04 [urata]
- ito: example usecase:
- 06:58:44 [urata]
- ito: ca can issue less than 2 year cert
- 06:58:51 [igarashi]
- s/yyy/benfrancis/
- 06:59:16 [urata]
- ito: itf flat something may work
- 07:00:37 [urata]
- ito: need some method to put cert in device, there should be many ways, e.g. QR code
- 07:01:11 [igarashi]
- q+
- 07:01:29 [urata]
- ito: public DNS server redirect the DNS requeuset to dynamic DNS
- 07:01:58 [YoshiroYoneya]
- ack igarashi
- 07:02:14 [urata]
- ito: ito: techincal constraints certificate works like this
- 07:02:25 [urata]
- igarashi: how QR code is initiated?
- 07:03:20 [urata]
- igarashi: when use need to read QR code?
- 07:03:21 [naomi]
- naomi has joined #httpslocal
- 07:03:55 [urata]
- ito: should be first time using the device and also, the timing of cert update.
- 07:04:15 [igarashi]
- s/use/a user/
- 07:04:57 [urata]
- okubo: ACME could be used and it may be natural way
- 07:05:13 [urata]
- mizushima: how about domain validation?
- 07:07:00 [urata]
- ito: server cert influence many uses, client cert influence to single user
- 07:07:32 [urata]
- igarashi: this group focus on client/server model, isn't it?
- 07:08:10 [YoshiroYoneya]
- q?
- 07:09:31 [urata]
- ito: mechanism to install end use cert to device
- 07:09:40 [urata]
- ito: attestation mechanism
- 07:10:04 [igarashi]
- q+
- 07:10:30 [urata]
- ito: need revocation mechanism for devices for unauth cert
- 07:11:59 [igarashi]
- q-
- 07:12:06 [urata]
- ito: case of local network is offline, good for security
- 07:12:29 [urata]
- ito: this case is publick ca for local network
- 07:14:04 [urata]
- zzz: comment: local network may include LTE. such carrier network may be one use case
- 07:14:28 [igarashi]
- s/zzz/sudeep/
- 07:14:38 [urata]
- yone: next agenda: discussion
- 07:15:21 [urata]
- last page of https://github.com/httpslocal/group/blob/master/20190919_F2F_TPAC2019/httpslocal-cg-report-progress.pdf
- 07:15:26 [urata]
- discussion items:
- 07:15:59 [YoshiroYoneya]
- DID WG, WoT WG will be useful to follow.
- 07:16:00 [JoeAndrieu]
- Please consider joining or at least following the work at the Decentralized Identifier Working Group (DIDWG) https://www.w3.org/2019/did-wg/ This group is developing cryptographic identifiers with decentralized roots of trust (typically using blockchain technology, but there are other approaches). We were just chartered and have an early draft at https://w3c.github.io/did-spec/ There is work being done towards making these usable for TLS conn[CUT]
- 07:16:21 [JoeAndrieu]
- some support and interest from browser companies--but it is early yet. The Web of Things Working Group is also considering how to use DIDs for local device communications. https://www.w3.org/WoT/WG/ They may have approaches that can support the work going on here.
- 07:16:33 [YoshiroYoneya]
- Web Network CG is also thinking about edge network.
- 07:16:41 [urata]
- sundeep: offload from edge would be applicable use case
- 07:17:21 [urata]
- kaji: this cg will talk with wot wg tomorrow
- 07:18:39 [YoshiroYoneya]
- q?
- 07:19:14 [urata]
- JoeAndrieu: https with private domains.. would be viable. below the https layaer but browser may be able to.
- 07:20:03 [urata]
- horiuchi_: realisticity depend on whether create client
- 07:21:35 [urata]
- uuu: depend on origins but skeptical. not subset of origins but think about new origin
- 07:21:51 [urata]
- igarashi: how to guarantee uniqueness of origin?
- 07:22:12 [urata]
- igarashi: uniquness means not overlapping of origins
- 07:22:56 [urata]
- ajitomi: think to need to add force origin such as random numbe or something which can be fingerprint
- 07:23:23 [carlosil]
- carlosil has joined #httpslocal
- 07:23:36 [urata]
- ajitomi: ito-san's case is globally unique name
- 07:24:18 [urata]
- ajitomi: many printer.local may exists all over the world but browser have to distiguish each
- 07:25:10 [urata]
- benfrancis: don't overloaded as concept of origin. locally distiguishable
- 07:25:12 [YoshiroYoneya]
- Don't overload the concept of "ORIGIN".
- 07:25:46 [Mizushima]
- Mizushima has joined #httpslocal
- 07:26:15 [urata]
- JoeAndrieu: ssh in local network works as tofu
- 07:26:30 [JoeAndrieu]
- tofu = Trust on First Use
- 07:27:09 [urata]
- YoshiroYoneya: group direction: WG, IG or work with DID, Web and Network IG
- 07:27:50 [urata]
- JoeAndrieu: writing use case in DID and like to use some of these usecases in DID
- 07:28:56 [urata]
- ryo-k_: suggestion about direction
- 07:29:22 [urata]
- YoshiroYoneya: any other comments, suggestions
- 07:30:15 [urata]
- JoeAndrieu: usecase writing is important. like to cowork as DID if needed
- 07:30:48 [urata]
- ajitomi: from toshiba. wrap up
- 07:31:15 [urata]
- ajitomi: release CG report at Dec2019 but many issues are remaining
- 07:31:44 [urata]
- ajitomi: suggestion from Marin from Mozilla for merging
- 07:32:04 [urata]
- ajitomi: device discovery made as optional
- 07:32:54 [urata]
- ajitomi: group is discussing on github and feel free to join
- 07:33:03 [YoshiroYoneya]
- q?
- 07:34:02 [urata]
- YoshiroYoneya: then group work to publish CG report at end of this year
- 07:34:53 [urata]
- YoshiroYoneya: ending remark
- 07:36:32 [horiuchi]
- horiuchi has joined #httpslocal
- 07:40:21 [YoshiroYoneya]
- rrsagent, generate minutes
- 07:40:21 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/19-httpslocal-minutes.html YoshiroYoneya
- 07:41:27 [carlosil]
- carlosil has left #httpslocal
- 07:45:44 [minami_]
- rrsagent, make logs public
- 07:45:44 [naomi]
- naomi has joined #httpslocal
- 07:46:21 [horiuchi]
- horiuchi has joined #httpslocal
- 07:58:29 [naomi]
- naomi has joined #httpslocal
- 07:59:49 [skk]
- skk has joined #httpslocal
- 08:23:55 [YoshiroYoneya]
- YoshiroYoneya has joined #httpslocal
- 08:30:49 [MasayaIkeo]
- MasayaIkeo has joined #httpslocal
- 08:32:45 [horiuchi]
- horiuchi has joined #httpslocal
- 08:34:37 [horiuchi]
- horiuchi has joined #httpslocal
- 08:37:36 [horiuchi_]
- horiuchi_ has joined #httpslocal
- 08:41:17 [horiuchi]
- horiuchi has joined #httpslocal
- 08:51:06 [naomi]
- naomi has joined #httpslocal
- 08:52:45 [naomi]
- naomi has joined #httpslocal
- 08:58:39 [horiuchi]
- horiuchi has joined #httpslocal
- 09:02:04 [horiuchi]
- horiuchi has joined #httpslocal
- 09:02:31 [horiuchi]
- horiuchi has joined #httpslocal
- 09:18:21 [naomi]
- naomi has joined #httpslocal
- 09:23:19 [horiuchi]
- horiuchi has joined #httpslocal
- 09:31:47 [plinss_]
- plinss_ has joined #httpslocal
- 09:33:39 [Zakim]
- Zakim has left #httpslocal
- 10:00:26 [inamori_]
- inamori_ has joined #httpslocal