**Session Date/Time:** 17 Mar 2024 22:30 # alldispatch ## Summary The alldispatch session covered nine different topics, each presented with the goal of determining the appropriate IETF working group or forum for further discussion and development. The session included presentations on SSH over HTTP/3, verifiable credentials in TLS, Happy Eyeballs v3, email misdelivery notifications, data minimization techniques, WebSocket masking, DDoS mitigation, and Unicode character subsetting. The session provided feedback and dispatch recommendations for the presented work. ## Key Discussion Points * **SSH over HTTP/3:** The presenter proposed replacing the SSH transport and authentication protocols with HTTP/3, QUIC, and TLS. Discussion focused on whether HTTP adds sufficient value over QUIC, with suggestions to consider WebTransport instead. Participants discussed the need for the work in general, and its scope (just transport or also authentication methods and key usage). * **Verifiable Credentials in TLS:** The presenter proposed adding a new certificate type for verifiable credentials in TLS, primarily targeting IoT devices. Discussion centered on whether this work should be handled by TLS, a W3C group, or a new working group, and whether the VC space is stable enough to be standardized. There was concern about the potential interaction of the proposed mechanism with existing specifications. * **Happy Eyeballs v3:** The presentation outlined updates to the Happy Eyeballs algorithm to incorporate QUIC, ECH, and other recent IETF advancements. Discussion focused on whether the work should continue in V6ops or be moved to a transport working group (e.g., TSBWG) or a new, dedicated working group. The importance of transport layer expertise was highlighted. * **Email Misdelivery Notification:** The presenter proposed a mechanism for recipients to notify senders of misdirected emails, similar to undeliverable postal mail. Discussion focused on its relationship to existing NDR mechanisms, and if it should be addressed under a more general system of trust and safety reports. The mail maintenance working group was identified as the appropriate venue. * **Deterministic Data Elision:** Presentation introduced the concept as a way of enforcing data minimization and human rights consideration, including an implementation called Guardian Outflow. There was confusion regarding the problem being solved, its relationship with existing technologies like the IETF privacy documents, and the suggestion to divide the problem into different pieces, and use a smaller scale thing with COSE, and present the high level view in HRBC. * **WebSocket Masking:** The presenter proposed disabling WebSocket masking on secure connections due to perceived limitations of caching proxies and the overhead of masking. Discussion highlighted that corporate proxies could still be affected by techniques, and the benefit of masking isn't clear. Suggestion for it to be evaluated more with gap analysis on the motivations and benefits, and go through HTTPBis as a first step. * **Extended YANG Data Model for DDoS:** The presentation proposed extending the DOTS data model to improve DDoS mitigation, including structured attack feature data and mitigation capabilities. Participants suggested that the presentation had a specific direction of extending the DOTS data model that may lead to additional collaboration between the enterprise operator, and recommended a BAF to discuss the overall topic. * **Unicode Subsetting:** The presentation defined several subsets of unicode for different uses. Discussion points included what the purpose of the recommendation is, and if this work could be built from PRECI instead, potentially fixing/extending PRECI if it doesn't fulfill some goals of this recommendation. ## Decisions and Action Items * **SSH over HTTP/3:** The consensus was to propose a Birds of a Feather (BoF) session to further explore the proposal. * **Verifiable Credentials in TLS:** The decision was that it should be presented to the TLS working group, if the problem statement is stabilized. * **Happy Eyeballs v3:** The consensus was that the working should be proposed for new dedicated group. * **Email Misdelivery Notification:** The decision was to refer this to the mail maintenance working group (Mailman) once it is chartered. * **Deterministic Data Elision:** The consensus was to break down the work into more manageable pieces, seek feedback from relevant research working groups (IRTF), and potentially revisit the IETF with more specific proposals, or go to Jose with it. * **WebSocket Masking:** The decision was to defer pending additional motivation (measurements) and gap analysis. Suggestion to go to HTTPbis for more discussion. * **Extended YANG Data Model for DDoS:** The consensus was to start with a Birds of a Feather (BoF) session. * **Unicode Subsetting:** The consensus was that the work is useful as a starting point, however the first step would be to create a PRECI profile or improve it. ## Next Steps * Proponents of SSH over HTTP/3 to prepare a BoF proposal. * Presenters on verifiable credentials to consult with the TLS working group. * Presenters for Happy Eyeballs v3 to prepare a BoF proposal. * Email misdelivery notification to be presented to the mail maintenance working group (Mailman) once chartered. * Data minimization proponents to deconstruct their work, and seek feedback from IRTF research groups. * Presenters of the Websocket proposal to revisit their work with further analysis and measurements and provide a better analysis on gaps between the existing web stack. * Presenters for extended YANG data models to prepare a BoF proposal. * Presenters for subsetting unicode to consider creating a preci file, or revisit with clear separation of concerns. ## Other notes Participants were reminded to provide feedback to the ISG on the overall dispatch model.