One Small Voice: The Journal of Peter Saint-Andre

RFC 7565: Account URIs


RFC 7564 is a good example of a necessarily complex piece of work that required a long time to produce. Yet sometimes even simple things take time. Case in point: the specification of the 'acct' URI scheme, also published today as RFC 7565. In June of 2012 I split the definition of this scheme out from the WebFinger document so that it could stand on its own. Indeed, the 'acct' URI spec was approved for publication almost 2 years ago, but couldn't be published as an RFC until the PRECIS framework was published today as RFC 7564. Ah, the wonderful world of technology standardization...

RFC 7564: An Internationalization Odyssey


It all started in 1998 when Jeremie Miller chose XML as the basis for Jabber. Although XML seems old-fashioned now, at the time it was the cutting edge, in part because from the beginning Jabber Identifiers could include characters outside the US-ASCII range (unlike textual protocols of the time such as email or SIP). In 2002, Craig Kaes and I started to codify the Jabber address format in JEP-0029 - an effort that was superseded by activity in the IETF's XMPP Working Group, which eventually led to the core specification for XMPP in the form of RFC 3920 in October 2004.

That original definition handled internationalized addresses using a method called Stringprep, which at the time was also used for domain names and other application identifiers. Unfortunately, over time the Internet community discovered some issues with Stringprep, first among them that it was tied to version 3.2 of Unicode (the underlying set of characters for all modern, and some ancient, human languages). These days we're up to Unicode version 7, with further improvements and updates on the way. After the DNS community decided to move beyond Stringprep in 2008, other application protocols (XMPP, LDAP, iSCSI, and the like) concluded that they needed to follow suit.

That was in March of 2010. Fast forward 5 years, and today the IETF's PRECIS Working Group has finally produced a new and better framework for handling internationalized strings in Internet protocols: RFC 7564, which I co-authored with Marc Blanchet. Although the exact reasons why I volunteered to help are lost in the mists of time (probably something about "the good of the Internet"), I ended up learning a lot more about internationalization than I ever thought possible. Unfortunately, internationalization is such an exceedingly complex and messy topic that I still feel like I have only scratched the surface. But at least now we have an internationalization framework that can serve us for the next 10+ years. Or so we hope!

RFC 7525: SSL/TLS Best Practices


Internet security is very important to me. That's why I pushed hard last year to encrypt the XMPP network. It's also why I've been working on two specifications at the IETF that document major attacks on SSL/TLS as well as best practices for preventing those attacks on a wide range of Internet applications (websites, mobile apps, email, messaging, etc.). I'm happy to report that those best practices were published today as RFC 7525 and that before long we'll also be strengthening the use of TLS in XMPP to further enhance the security profile of the XMPP network. Is that security perfect? No, because we still need end-to-end encryption and several other improvements (indeed, our work is never over because the attacks keep getting better, too). But we're doing what we can within the confines of existing technologies to make Internet applications as secure as possible. Onward and upward!



During a conversation not long ago with my friend Sarah, she mentioned the view of author John Maxwell that you cannot be a success in life unless you know your purpose, as in the one and only reason you are here on this earth.

Wow, what a destructive idea it is to assume that you must have a single purpose in life, or else you'll never be a success! Who says you can't have multiple purposes? For example: bringing joy to your family, building excellent products or providing excellent service in your work, helping your teammates, strengthening your community, and understanding yourself and the world around you (to name just a few). Even further: perhaps being truly successful at living a deeply human life is a matter of balancing and being good at a wide range of passions and pursuits, not some having a single-minded focus on one thing to the exclusion of all others.

The misguided notions put forth by so-called gurus never cease to amaze me.



A friend recently pointed me to a fascinating essay over at the Atlantic entitled The Death of the Artist — and the Birth of the Creative Entrepreneur by William Deresiewicz. After exploring the major financial models for artistic creation over the centuries (classic patronage, aristocratic independence, the never-popular starving artist, twentieth-century credentialed professionalism, and just recently a kind of hustling entrepreneurship), the author wonders if the artist as entrepreneur provides a model under which it is possible to create art that can serve as as a "vessel for our inner life" (since artists who are hustling for a living might tend more toward entertainment than deep and lasting art).

These are good questions, and they apply to more than the fine arts since they might be asked of philosophy, history, and other forms of inquiry, too. Yet I suspect that there might be more economic approaches here than the author has imagined. In particular, my financial model for the scholarly and artistic work I do is what we might call self-patronage: I strive to earn enough money from my primary career in technology that I can write and create whatever I please. I feel that acting as my own patron gives me a high degree of freedom: I don't have to worry about achieving tenure, maintaining academic respectibility, surviving the publish-or-perish treadmill, pleasing some rich benefactor, or building a large fanbase. Instead, I can take 5 or 10 years to write a book about Epicurus or Thoreau, explore fundamental truths instead of producing what some academic journal will accept for publication, spend my time on creation instead of marketing, and so on.

The only problem is time: I've been so busy in my career for the last 20 years that I haven't been able to devote as much time as I would have liked to philosophy or music. Yet I am starting to get more disciplined about carving out creative time, and I expect that will begin to bear fruit over the next 5 years or so...

Long-Term Projects


People I interact with sometimes ask me how I accomplish so much. The last time I gave some thought to it, I wrote a blog post about My To-Don't List - all the things I don't spend time on.

A recent conversation with my friend and &yet teammate Adam Brault yielded another insight: the power of long-term projects.

As an example, in the last week I've had two major specifications on security and internationalization approved for publication as RFCs through the IETF. Yet the security document is something I've been laboring on for about 18 months, and the internationalization initiative started 5+ years ago when folks in the Internet community realized that our old approach (based on "stringprep") was unsustainable. Right now at the IETF I'm also pushing to finish a few other long-term efforts, including definitions for SIP-XMPP interoperability that I began probably 10 years ago.

And that's far from a record with me. I've been helping to build Jabber/XMPP (and, more broadly, open communication) technologies for over 15 years. My book The Tao of Roark was 17 years in the making. I've even written a bunch of guitar pieces and songs that have gone unrecorded for almost 30 years. (That's too long!)

What I tend to do is work on these long-term projects in parallel. At any one time I have several on the front burner and others on the back burner. For example, these days I'm spending a lot of time reading all 7000 pages of Thoreau's Journal in preparation for writing a book about his approach to the art of living; however I also continue to do a bit of research on the side into the subjects of subsequent books I have planned on Nietzsche, Aristotle, and Lao Tzu. On the music front, I'm improving my arrangements and performances of six pieces by Yes for solo electric bass, but I'm also practicing some songs by Bob Dylan and my own folk-rock compositions. And even as I finish up an ungodly number of Internet-Drafts at the IETF, I'm also starting to think seriously about some more future-oriented technology initiatives centered on real-time collaboration.

I don't know if working on so many projects in parallel over such long spans of time is the best way to accomplish a lot in life (I always hesitate to say that my way is the right way for anyone else). And it has its hazards: I could get hit by a bus tomorrow and leave all these projects unfinished. Plus it's important to complete something once in a while, if only to get things off my plate. But for me I find that long-term parallel processing is the most effective and engaging approach to getting things done. Your mileage may vary. :-)

For older entries, check the archive. To track changes, follow the feed.

Peter Saint-Andre > Journal