Session Date/Time: 04 Nov 2024 15:30

alldispatch

Summary

This session covered several proposals for new or updated standards, including updates to IETF processes, decentralized identifiers, authorization languages, securing home networks, incident detection message exchange format, and security event delivery. Decisions were made regarding the appropriate venue (IETF working group, IAB, W3C, etc.) for each proposal and next steps.

Key Discussion Points

Internet Standard Process Updates (RFC 2026bis, 2418bis): The presenter proposed AD sponsorship. However, significant community feedback favored a dedicated, narrowly focused working group for these essential documents to ensure broad participation and address potential changes beyond editorial updates.
IETF Chair Delegation: The presenter proposed AD sponsorship for a draft enabling delegation of IETF chair responsibilities. However, there was considerable support for a working group due to potential broader implications and overlap with existing process-related documents. A key question was how to separate the emergency stand-in succession plan from the delegation of roles for typical operation.
High Assurance DIDs with DNS: The presenter proposed this work for IETF standardization. The consensus, strongly echoed by multiple participants, pointed to the W3C as a more appropriate venue due to the focus on DID resolution methods and broader interactions with decentralized identity.
Alpha 2.0 Authorization Language: The presenter advocated for IETF adoption over Oasis. The suggested outcome was a birds-of-a-feather (BOFF) session, ideally within the security area, to explore the language's potential.
Secure Connections to Home Servers: The presenter argued for a dedicated approach to facilitate secure connections to servers in home networks, currently hindered by various technical and practical challenges. A boff was favored to explore the problem space and potential solutions, although some participants suggested focusing on research first.
Incident Detection Message Exchange Format (IDMFEv2): The presenter argued for renewing the former intrusion detection working group. Discussion centered on AD sponsorship for updating IDMFE given concerns about the limited adoption of version 1 and potential overlap with existing standards like OCSF. One AD was willing to do AD sponsorship only with strong evidence of the necessity of the standard.
Security Event Delivery (SEC Events): Multiple drafts were presented. It was decided that a dedicated working group, SEC Events, should be reopened and explore whether the drafts are still necessary. The HTTP Directorate should be involved to review the drafts.
Privacy.text: The presenter proposed this draft. Discussion included concerns about the incentives for websites to truthfully declare their privacy practices in a machine-readable format. Participants suggested mailing list discussions and collaboration with the W3C.

Decisions and Action Items

RFC 2026bis and 2418bis: No AD sponsorship. Create a focused, narrow working group to update these RFCs.
IETF Chair Delegation: Form a working group to address issues surrounding delegation of IETF Chair responsibilities, potentially combined with the working group for standards process updates.
High Assurance DIDs with DNS: Direct the work to the W3C.
Alpha 2.0 Authorization Language: Conduct a BOFF session in the security area. Contact the security area directors.
Secure Connections to Home Servers: Hold a BOFF to further define the problem and explore potential solutions.
Incident Detection Message Exchange Format (IDMFEv2): Explore AD sponsorship if evidence of significant use can be presented. Discuss further with the ADs. The AD has yet to be determined.
Security Event Delivery (SEC Events): Reopen the SEC Events working group and review the drafts. Involve the HTTP Directorate.
Privacy.text: Start a mailing list to discuss the proposal and gather interest from sites and user agents. Consider discussions within the W3C.

Next Steps

RFC 2026bis and 2418bis: The ADs will initiate the process of chartering a working group.
IETF Chair Delegation: The ADs will initiate the process of chartering a working group, which may be combined with the previous workgroup
High Assurance DIDs with DNS: Presenter to engage with the W3C.
Alpha 2.0 Authorization Language: Proponents to contact the security area directors to organize a BOFF.
Secure Connections to Home Servers: Proponents to coordinate a BOFF.
Incident Detection Message Exchange Format (IDMFEv2): Proponents to gather evidence of existing use and contact the ADs.
Security Event Delivery (SEC Events): The ADs will restart the SEC Events WG.
Privacy.text: Proponents to create a mailing list and discuss the proposal.