Markdown Version | Session Recording

Session Date/Time: 14 Oct 2025 18:00

TOOLS

Summary

The TOOLS working group meeting focused on ongoing RPC modernization efforts, significant updates to IETF tooling infrastructure, and future plans. Key discussions included the increasing reliance on JavaScript in applications, updates to email systems, the beta release of ID NITS 3, and various improvements to the Data Tracker. A crucial security review of the Data Tracker and cloud infrastructure was discussed, along with ongoing work on author tools and the Mail Archive. The need for a replacement roadmap and the return of stats pages was also highlighted.

Key Discussion Points

• RPC Modernization Focus: The TOOLS team continues to prioritize RPC modernization, including the new RFC Editor website, RPC workflow management, and editing tooling, in anticipation of RFC 10K. This focus is expected to continue until February.
• IETF 124 In-Person Side Meeting: An in-person side meeting for TOOLS is scheduled for Thursday morning at IETF 124. An agenda will be uploaded for community feedback.
• JavaScript Reliance in Applications:
  • Context: The IETF's approach to JavaScript has evolved from strict avoidance two decades ago to current applications being engineered to rely on client-side JavaScript (e.g., RFC Editor website, future Data Tracker views like agenda and heavy view pages). This shift is driven by the need for modern user interfaces, performance, scalability (serving from the edge), and improved telemetry for debugging.
  • Concerns: A participant (Robert Field) questioned the necessity for the Data Tracker to fully move to JavaScript frameworks, citing concerns about effort, potential disruption, and community resistance to change. The response highlighted the need to address technical debt in existing code (e.g., mutating data with GET requests) and to enable sophisticated UI features now considered baseline user expectations that are difficult to deliver otherwise.
  • Community Communication: Suggestions were made for communicating this shift to the broader community, including a banner on the Data Tracker and an FAQ page to address potential objections and articulate the benefits (new features, maintainability, cost savings).
• Cloudflare Stream Integration: Cloudflare Stream has been integrated with the MediCo recording player, allowing users to choose between Cloudflare and YouTube for video playback. This enhances content accessibility and provides options for future migration. An API will be built into the Data Tracker to display Cloudflare Stream links alongside existing YouTube links for sessions.
• Email System Updates (New Machine Futures/Sam):
  • Mail Server Backups: Full backups of the mail2 system (primary mail server hosting Mailman) are now in place, targeting an 8-hour recovery time in case of catastrophic failure.
  • Spam Blocking: Large net blocks previously dropped at the firewall level due to spam abuse are being removed, which may enable some previously blocked participants to email lists.
  • Postfix Post-screen: Postfix post-screen (to drop connections not following SMTP protocol) is planned for incremental implementation after IETF 124 to maintain stability during the meeting.
  • Post-Confirm v2: A new version of the Post-Confirm email challenge-response system is planned after IETF 124. This new system, implemented as a milter, will perform checks at the protocol level, hold messages for new participants, and offer architectural benefits by moving checking functionality to a scalable Azure cluster.
  • Sam and Dane Foster will be available at IETF 124 for mail handling concerns.
• ID NITS 3 Update (Nick):
  • Beta Release: There is one remaining issue (IPR boilerplate for XML submission) before a beta release of ID NITS 3. This should be completed this week, followed by the beta release. Community testing is encouraged.
  • Transition Plan: ID NITS 3 will have an overlap period with ID NITS 2. The hard cutover for ID NITS 3 to block submissions is expected after the ID submission deadline for IETF 125, allowing both versions to run concurrently during an ID submission deadline week.
  • Documentation: A request was made to document the differences and "goodness" of ID NITS 3 compared to ID NITS 2. A key highlight is the ability to validate XML directly for higher-precision validation. This documentation will be created.
  • RPC Integration: The RPC will add a link to ID NITS 3 in the intake form to encourage authors to test it.
• Data Tracker Updates (Jennifer):
  • Cloudflare Managed Challenges: Cloudflare managed challenges, previously used to prevent heavy automated traffic from impacting Data Tracker, are planned for removal before IETF 124. This aims to improve access for remote attendees. Meeting materials will now be served from Cloudflare R2 at the edge, significantly reducing load on the Data Tracker. This also marks the first time the new blob infrastructure is used in a read mode.
  • RFC Author Data Reconciliation: The data model for RFC authors in the Data Tracker is being reworked to accurately synchronize with published RFCs, especially for older documents. This is in preparation for RED (RFC Editor Database) and will be demonstrated at IETF 124, with automated reconciliation and human curation.
  • Working Group Call Workflows: Workflows for issuing Working Group Last Calls and Calls for Adoption are being updated at ISG request to allow chairs to preview and customize associated emails, addressing previous "surprises" and smoothing out jarring spots in the process. These changes will undergo review with WG chairs on a development site.
  • ISG Balloting Process: The ISG balloting process is being collapsed from two views into an atomic action, ensuring that taking a ballot position and sending the associated email are completed together, preventing issues where emails were not sent despite the Data Tracker claiming they were. This change has received positive feedback from the ISG and is planned for the next release.
• Security Review (Robert):
  • Scope: The chosen security firm has completed reviews of the Data Tracker and the new cloud infrastructure. Most identified concerns have been mitigated.
  • Review Team: A review team (including IEQF chair, security ADs, ISG liaisons, and community members Rich and Russ) has been given access to the reports and response plans.
  • Findings: High-level findings include vulnerabilities related to applications processing arbitrary user input (e.g., Internet Drafts in XML to RFC, fetching references), leading to ongoing efforts to limit external reach and compute for such applications. Minor deployment issues were also quickly addressed.
  • Transparency: Community members on the review team (Rich, Russ) provided positive feedback on the reports, noting few serious issues, most of which were easily mitigable.
• XML to RFC Updates: XML to RFC now self-hosts fonts to address an issue where bold fonts were not displaying correctly (particularly in Chrome). This affects newly published RFCs, with discussions ongoing for how to handle older RFCs that use Google-hosted fonts.
• Mail Archive Search: Effort is underway to replace Mail Archive's use of Elasticsearch with TypeSense to unify search across applications and improve performance. Initial assessments indicate this transition is feasible, possibly requiring a quick parser adaptation.
• Purple/RED Updates: For Purple, new functionality has been added for assigning drafts to editors in specific roles, including unassigning and withdrawing assignments, and flagging "blocked assignments" due to conditions like holds. A blog post about RED (RFC Editor Database) is expected soon, and a RED demo is planned for IETF 124.
• Roadmap Replacement: The need for a replacement for the IETF roadmap was reiterated to provide visibility into product backlogs, upcoming features, and scheduling.
• Stats Pages: The absence of the stats pages (showing participation, regional attendance, meeting attendance over time) was raised. This is a significant project likely requiring external contractor help, potentially starting in March-April with a summer landing. A temporary solution to present existing Secretariat-generated attendance numbers (e.g., annual regional data) on a web page or wiki was suggested and agreed upon.

Decisions and Action Items

• Decision: IETF applications, including the RFC Editor website and future Data Tracker views, will rely on JavaScript running in the browser to provide modern user experiences, performance, and scalability.
• Action Item: Tools team to develop an FAQ and/or banner to communicate the increasing reliance on JavaScript in IETF applications to the community.
• Action Item: Tools team to build an API into the Data Tracker to provide Cloudflare Stream URLs alongside YouTube links for session recordings.
• Action Item: New Machine Futures to release ID NITS 3 beta this week after addressing the IPR boilerplate issue.
• Action Item: Tools team (Nick/Greg) to prepare documentation describing the differences and new functionality of ID NITS 3 compared to ID NITS 2.
• Action Item: RPC to add a link to ID NITS 3 in the intake form to encourage community testing.
• Action Item: Jennifer to merge the collapsed ISG balloting view changes later today, to be included in the next release.
• Action Item: Review team and Tools Team to continue gathering feedback on the security reviews and response plans.
• Action Item: Tools team to provide a concrete proposal for a replacement roadmap system.
• Action Item: Secretariat/Data Team to implement a temporary solution for publishing attendance stats (e.g., annual regional data) on a web page or wiki.

Next Steps

• Continue the primary focus on RPC modernization efforts.
• Hold the in-person TOOLS side meeting at IETF 124, with an agenda to be published and reviewed.
• Incrementally implement Postfix post-screen after IETF 124.
• Implement the new Post-Confirm version after IETF 124.
• Roll out ID NITS 3 beta and plan for an overlap period with ID NITS 2, targeting hard cutover after IETF 125 ID submission deadline.
• Continue reconciliation and synchronization of RFC author data in the Data Tracker.
• Conduct a review of the updated Working Group Last Call and Call for Adoption workflows with WG chairs on the development site.
• Publish a blog post about the RED (RFC Editor Database) soon and demonstrate RED at IETF 124.
• Evaluate potential external contractors for a permanent solution for the stats pages, targeting activity in March-April and a landing in the summer.