IESG Narrative Minutes

Narrative Minutes of the IESG Teleconference on 2008-09-11. These are not an official record of the meeting.

Narrative scribe: John Leslie (The scribe was often uncertain who was speaking.)

Corrections from: Magnus, Pasi, Dan, Russ, Mark

1 Administrivia

1. Roll Call 1134 EDT Amy:
   • Loa Andersson--- regrets
   • Jari Arkko--- y
   • Marc Blanchet--- -
   • Ron Bonica--- y
   • Ross Callon--- y
   • Michelle Cotton--- y
   • Spencer Dawkins--- -
   • Lisa Dusseault--- soon
   • Lars Eggert--- -
   • Pasi Eronen--- y
   • Marshall Eubanks---
   • Sandy Ginoza--- y
   • Russ Housley--- y
   • Cullen Jennings--- y
   • Olaf Kolkman--- y
   • John Leslie--- y
   • Cindy Morgan--- y
   • Chris Newman--- y
   • Ray Pelletier--- (regrets)
   • Jon Peterson--- y
   • Tim Polk--- y
   • Dan Romascanu--- y
   • Mark Townsley--- y
   • Amy Vezza--- y
   • Dave Ward--- y
   • Magnus Westerlund--- y
2. Bash the Agenda
   • Jari: mgmt item EAP typecode allocation
   • Russ: reminder Ray was invited for discussion of interim
3. Approval of the Minutes of the past telechat
   • August 28 minutes--- approved
   • August 28 narrative minutes--- approved
4. Review of Action Items from last Telechat
   • Amy: magnus BCP 32
   • Magnus: finding time now
   • Amy: 4byte ASN
   • Dave: adopted as WG, should be done within 2 weeks; also expecting reserved range
   • AmyS EAP hardware type

2 Protocol Actions

2.1 WG submission

2.1.1 - New Items

1. RTP Payload Format for Adaptive TRansform Acoustic Coding (ATRAC) Family (Proposed Standard)
   draft-ietf-avt-rtp-atrac-family-18.txt
   Token: Cullen Jennings Note: Document Shepherd is Tom Taylor.
   Extracted from Balloting:
   1. Russ Housley: Discuss [2008-09-10]: Please consider the comments in Gen-ART Review. This review deserves a response.
   2. Chris Newman: Discuss [2008-09-10]: According to BCP 13 (RFC 4288), the change controller for a standards track media type registration needs to be the standards body itself.
      I recommend splitting author and change controller into separate fields, as both are useful.
   3. Tim Polk: Discuss [2008-09-10]: While the Security Considerations references RFC 4855, it does not directly address some of the aspects that 4855 requires or recommends in the security analysis.
      - A media type that employs compression may provide an opportunity for sending a small amount of data that, when received and evaluated, expands enormously to consume all of the recipient's resources.
      I would appreciate it if the authors could review the second list in RFC 4855's security considerations. There may be other relevant issues that I failed to recognize.
   4. Magnus Westerlund: Discuss [2008-09-08]:
      Section 4.5.2: The common solution for this problem has been to either use CNAME bindings to find them or require the same SSRC in both RTP session.
      Section 5.3.1: Can someone please explain how any any other value than 0 can be allowed for an unfragmented frame.
      Section 7.6: Can you please motivate the choice of not talking about this for offer/answer?
      Comment [2008-09-08]: Section 5.3.1: Shouldn't this be defined as "The number of audio frames in this packet are field value + 1"?

   Telechat:

   • Amy: 1 open, not here; number of discusses
   • Cullen: revised-ID needed
2. Sieve Email Filtering: Reject and Extended Reject Extensions (Proposed Standard)
   draft-ietf-sieve-refuse-reject-07.txt
   Token: Lisa Dusseault
   Extracted from Balloting:
   1. Pasi Eronen: Discuss [2008-09-11]: It's a bit strange to have "Updates: 3028" (and a normative reference to RFC 3028) here, since RFC 3028 has been obsoleted by RFC 5228.
      The document says the main difference between 'reject' and 'ereject' is that the latter allows SMTP/LMTP level rejection... but it seems there's another difference: the former talks about sending an MDN, while the latter sends a DSN. I think the document would benefit from short description here, reminding readers that they're not the same thing, and explaining why 'reject' and 'ereject' do things differently.
      From Carl Wallace's SecDir review: Section 2.1: as noted in Tim's DISCUSS, the text about "return-path verification", and discarding the message is that fails, needs some more text explaining this step.
      Comment [2008-09-11]: For reference [Joe-DoS], it'd be nice to have some more bibliographical information (such as name(s) of author(s), and publication venue or URL).
   2. Russ Housley: Discuss [2008-09-10]: Please consider the comments provided by Spencer Dawkins in his Gen-ART Review. I have not seen a response to this review, and it deserves one.
   3. Cullen Jennings: Comment [2008-09-10]: Support Tim's discuss
   4. Chris Newman: Comment [2008-09-04]: I believe this proposal appropriately balances the competing goals of i18n, joe-job defenses and backwards compatibility.
      (if I were aware of a Sun Microsystems economic interest, I would recuse).
   5. Tim Polk: Discuss [2008-09-10]: AFAIK, Carl Wallace's secdir review (submitted 8/14/08) has not received a response, so I integrated his issues into my own review.
      I am particularly concerned about the circumstances for silent discard and conformance requirements for ereject implementations:
      As noted in Carl's secdir review, there is no definition for return-path verification... Is there an accepted algorithm for determining a forged return-path? In the absence of a solid reference, this step is worriesome: silent discard of a legitimate message in a store-and-forward application constitutes an undetectable denial of service attack. If an implementor relies on bad heuristics to make this determination, the results could be ugly.
      To expand on the second issue in Carl's secdir review, the conformance requirements for implementations of ereject are unclear.
      Comment [2008-09-10]:
      • The Security Considerations states: "The Introduction to this document discusses why rejecting messages before delivery is better than accepting and bouncing them." There is no such discussion in the Introduction, just a reference to [Joe-DoS]. I have no idea how to find that document.
      • I thought the security considerations omitted two useful concepts. The first is that upgrading current implementation of reject and use of the new ereject extension will help mitigate some of problems identified in RFC 3834. The second issue is the silent discard problem noted in my discuss. Consider noting that silent discard of legitimate messages constitutes denial of service and that determination of a forged return-path should be performed very carefully
      • From Carl's review: Why is a user interface allowed to silently upgrade from reject to ereject but other implementations are not? Are silent downgrades OK, i.e., for cases where ereject is not supported?
      • from Carl's review: Reason text uses UTF-8 to align an SMTP language extension spec... Should UTF-8 be used here without a normative reference to support it?
      • from Carl's review: There are some unexpanded acronyms, minimally MUA and MTA.

   Telechat:

   • Amy: couple of discusses
   • Lisa: revised-ID needed; haven't fully digested Matthew Elvey email of this morning, give a chance to settle

2.1.2 Returning Items

1. Session Initiation Protocol Service Examples (BCP)
   draft-ietf-sipping-service-examples-15.txt
   Token: Jon Peterson
   Extracted from Balloting:
   1. Pasi Eronen: Comment [2008-09-08]: I think people who want to understand how SIP works will find this document very useful.
   2. Cullen Jennings: Comment [2008-03-02]: Questions about call flow in section 2.16. If there was a parallel forking proxy between Alice and Bob, do we end up in a situation where Bill will send a replaces with a to-tag but Alice will not know the to-tag for the dialog?

   Telechat:

   • Amy: no discusses, enough positions, approved, no notes needed
2. Unicast UDP Usage Guidelines for Application Designers (BCP)
   draft-ietf-tsvwg-udp-guidelines-10.txt
   Token: Magnus Westerlund
   Extracted from Balloting:
   1. Jari Arkko: Comment [2008-08-14]: I don't quite understand how the tracker brought this document to the telechat without having Magnus vote "Yes".
   2. Pasi Eronen: Comment [2008-08-11]: There's some repetition of text in Sections 3.1.2 and 3.5, but presumably RFC editor copyediting will take care of that.

   Telechat:

   • Amy: one open: Lisa
   • Lisa: no-objection
   • Magnus: start with Cullen
   • Cullen: it's about what we do in future, not delay document, are we going to violate these guidelines routinely
   • Magnus: guidelines only; updates will need to follow; I recommend we try to address such questions.
   • Cullen: is "we get better performance" adequate justification?
   • Magnus: DNS... RTP... depends if better enough and safe enough.
   • Cullen: I think every UDP protocol is likely to violate these guidelines. Expect to discuss why violating these SHOULDs.
   • Magnus: we'll be more consistent after this document is published.
   • Magnus: packet marking and QoS are not UDP specific; can't rely on QoS being present.
   • Dave: why no mention of congestion control? Is this only discussing "best-effort" packets? Would have expected mention filtering in Security Considerations... GTSM... No mention of raw socket technique - biggest can of worms, so often being done.
   • Magnus: revised-ID needed

2.2 Individual Submissions

2.2.1 New Items

1. Web Distributed Authoring and Versioning (WebDAV) SEARCH (Proposed Standard)
   draft-reschke-webdav-search-18.txt
   Token: Chris Newman Note: AD is shepherding
   Extracted from Balloting:
   1. Tim Polk: Discuss [2008-09-11]: This is a discuss discuss, and I will definitely clear on the call.
      I wonder if the spec should recommend or even mandate support for Result Set Truncation (2.3.1).
   2. Magnus Westerlund: Comment [2008-09-10]:
      Section 3.2: I find it a bit confusing that one uses two different ABNFs in this document.

   Telechat:

   • Amy: couple of open: Cullen
   • Cullen: no pos
   • Chris: Magnus comment: hash operator is messy, not simple to express in ABNF, but not now
   • Chris: will take back to WG, Result Set Truncation... asking Lisa
   • Lisa: recommend
   • Chris: back to WG
   • Amy: approved, point raised

2.2.2 Returning Items

1. (none)

3 Document Actions

3.1 WG Submissions

3.1.1 New Items

1. (none)

3.1.2 Returning Items

1. (none)

3.2 Individual Submissions via AD

3.2.1 New Items

1. (none)

3.2.2 Returning Items

1. (none)

3.3 Independent Submissions via RFC Editor

3.3.1 New Items

1. WiMAX Forum/3GPP2 Proxy Mobile IPv4 (Informational)
   draft-leung-mip4-proxy-mode-09.txt
   Token: Jari Arkko
   Extracted from Balloting:
   1. Jari Arkko: Comment [2008-09-02]: Three of the comments below are blocking (process issues and the EAP keying framework issue) in the sense that I would like to see them resolved before the IESG approves this spec according to RFC 3932 criteria. Given the small importance of those three issues, I am assuming that the authors are willing to do this.
      There is a fair number of other comments, which are not blocking but could affect interoperability, correctness of behaviour, or clarity of the specification. I am hoping that the authors are willing to revise the specification one more time in order to address these.
      Technical: Section 4.1.1 refers to an expired ID about the usage of GRE keying, in a manner that appears normative.
      Section 4.1.1 Step 6 claims that at this point the host has an address and DNS config. However, you did not mention earlier in the DHCP or IPCP cases that the DNS configs are exchanged;
      Section 4.3 explanation of IPsec usage is sketchy.
      Section 6.2 appears to propose an ICMP-based movement detection scheme which is likely inferior to the standard schemed defined in RFC 4436.
      Section 10 mentions that the relevant keys will be "derived by the EAP keying framework".
      There is no discussion of MTU issues in the document at all.
      There is no discussion of the requirements for the identification of a mobile node.
      There is no discussion of the implications of using Mobile IPv4 as defined and Proxy Mobile IPv4 for the same nodes.
      If you run this over PPP, bringing down the previous PPP connection and creating a new one would appear to cause the host to lose the IP address (and consequently, all ongoing sessions).
      The document does not at all discuss the role of the various identifiers (interface ID, device ID, subscriber ID, authentication NAI) and the access technology type.
      Section 3 claims IPv6 will work with PMIPv4 merely by the use of PMIPv4 and DSMIPv4 together. I find this hard to believe.
      Process issues: I think it would be useful to mention somewhere that there exists an IETF standard proxy mobile, RFC 5213.
      Section 3 says "In addition, the solution leverages standardized specification and highly available implementations." This could be mis-interpreted as PMIPv4 being a standard.
      Editorial: [8 nits]

   Telechat:

   • Amy: no discusses, anyone object
   • Russ: hearing no objection, approved
   • Amy: IANA note RFCed note
   • Jari: taking some existing space, attribute numbers, I haven't been in the loop
   • Amy: no-problem note to RFCed
2. Credential Protection Ciphersuites for Transport Layer Security (TLS) (Experimental)
   draft-hajjeh-tls-identity-protection-06.txt
   Token: Pasi Eronen
   Extracted from Balloting:
   1. Chris Newman: Comment [2008-09-08]: I concur that note #5 from RFC 3932 applies.

   Telechat:

   • Amy: no discusses, anyone object
   • Pasi: ballot writeup, recommending do not publish, haven't done this before
   • Various: agree with Pasi's writeup
   • Russ: what about possibility of TLS within TLS to protect identity?
   • Amy: to RFCed with note already in tracker (everything in ballot writeup box)
3. The Subnetwork Encapsulation and Adaptation Layer (SEAL) (Experimental)
   draft-templin-seal-23.txt
   Token: Mark Townsley
   Extracted from Balloting:
   1. (none, but link wasn't there earlier this morning)

   Telechat:

   • Amy: no discusses, anyone object? no-problem message to RFCed, note already in tracker

3.3.2 Returning Items

1. (none)

4 Working Group Actions

4.1 WG Creation

4.1.1 Proposed for IETF Review

1. (none)

4.1.2 Proposed for Approval

1. (none)

4.2 WG Rechartering

4.2.1 Under evaluation for IETF Review

1. Softwires (softwire)
   Token: Mark

   Telechat:

   • Amy: updated yesterday
   • Mark: external review
   • Amy: will go to external review, on agenda for next telechat

4.2.2 Proposed for Approval

1. Operational Security Capabilities for IP Network Infrastructure (opsec)
   Token: Ron

   Telechat:

   • Amy: anyone object
   • Dan: correspondence
   • Ron: concern about long-term group; that's our intention, thus charter a bit broad; concern pre-empting possible future work; asked for specific, no response
   • Dan: ops area WG, syslog
   • Ron: syslog not much overlap, opsec never generates a new protocol; opsarea, both have broad charter, thus overlap expected, not a reason not to charter more-specific WG
   • Dan: watch opsec work-items being proposed
   • Ron: opsarea necessarily conflicts with anything in the area
   • Dan: OK to let charter pass
   • Amy: approved

5. IAB News We can use

1. Olaf: homing in on topic for technical plenary, evolution of the IP model, enumerate assumptions, are they still correct? Draft soon
   topics for IETF74, hoping to organize a bit in advance
   request from W3C: CT guidelines, OPES considerations drafted 2002, are they still appropriate, working on response saying not worried
   RFCed model discussion: last Friday I wrote what I thought was consensus, discussion more heated not, trying to keep momentum, make sure everyone is heard, need another iteration or two
   ISOC board vis Istar(?) trying to schedule Friday meeting, please reserve lunch on Friday

1229 EDT break

1235 EDT back

• Loa Andersson---
• Jari Arkko--- y
• Marc Blanchet---
• Ron Bonica--- y
• Ross Callon--- y
• Michelle Cotton--- y
• Spencer Dawkins---
• Lisa Dusseault--- y
• Lars Eggert---
• Pasi Eronen--- y
• Marshall Eubanks---
• Sandy Ginoza--- y
• Russ Housley--- y
• Cullen Jennings--- y
• Olaf Kolkman--- y
• John Leslie--- y
• Cindy Morgan--- y
• Chris Newman--- y
• Ray Pelletier---
• Jon Peterson--- y
• Tim Polk--- ?
• Dan Romascanu--- y
• Mark Townsley--- y
• Amy Vezza---
• Dave Ward--- y
• Magnus Westerlund--- y

6. Management Issues

1. Review of arp-parameters request 1 of 2 [IANA #185250] (Michelle Cotton)

   Telechat:

   • Michelle: Jari?
   • Jari: first one OK, need to resolve name; second, we need to discuss further
   • Michelle: when I get name, go ahead; second one, get back to you
   • Jari: we have to give them code points, but need to understand, schedule for next telechat
   • Amy: do we need anything beyond minutes
   • Russ: Suggest approval of Joe Salowey pending his acceptance.
2. Review of arp-parameters request 2 of 2 [IANA #183428] (Michelle Cotton)

   Telechat:

   • Amy: on Sep 25 agenda
3. Transfer of the MIB work from HUBMIB to the IEEE 802.3 (Dan Romascanu)

   Telechat:

   • Dan: approached by IEEE 802.3, intending to extend HUBMIB, coordinating...; RFC defined process of transfer, discussing details, do we need new RFC for this transfer? I think not, check with legal counsel vis IPR, any other opinions or concerns?
   • Russ: support by our silence
   • Amy: need anything in minutes (no)
4. Large Interim Mtgs (Russ Housley)

   Telechat:

   • Ray has joined: mailed... ask Jon+Cullen about RAI in Europe
   • Cullen: yes, no details nailed down
   • Ray: was avoiding January to avoid conflict with RAI
   • Cullen: discuss in abstract, don't say Januarf or not
   • Russ: place you can go if you need the time, no lengthy process, meetings to advance the work, Ray will present strawman
   • Ray: firmly schedule two interim meetings, picked May and September, get things all lined up, tremendous amount of administrative detail, several possible models (stovepipe, random, IETF+outside), Europe and North America, smaller venue than main IETF meetings; some concern with effect on revenue at main IETF: if we undermine the revenue but improve the throughput, our model needs work. Registration cost question: yes, thinking 2-3 days, maybe $250
   • Jon: recruiting sponsors?
   • Ray: these are sponsorable, say $35 - 50,000; large IETF meetings net about $400,000; my gut-feel is sponsorship wouldn't affect registration costs
   • Dave: what about IRTF time requests?
   • Russ: I didn't think about that as an aspect: valuable if IETF area with IRTF overlap is at that interim meeting
   • Jon: we need many interim meetings in RAI; we also need to suppress some interim meetings; I foresee more contention for slots; cool to run one this year (then re-evaluate)
   • Dan: This should not be simply lowering the bar. We don't want eight groups meeting at the interims. IEEE has 3 primary and 3 interim: seems like raising the bar (travel costs)
   • Lisa: if no meetings for my area, do I need to show up?
   • Russ: possibility of easy time to schedule IESG meetings: need to discuss
   • Dan: wouldn't be surprised to see half the attendance of main IETF meeting; believe we should run one.
   • Russ: probe: do one, measure our success... when do we schedule the one? If May, Jari+Mark, what's your guess of WG requests... continue around the areas; OPS 1, ROUTING 1, APPS 0, INT 3, TSV 0, SECURITY 3, RAI 5 (if no Jan); guess 3 days 4 tracks fully booked. Ask Ray to take action item: planning for 3 day 4-5 track; what's the lead-time (possibility of January)
   • Ray: January seemed like a difficult time for attendees, but administratively it's doable. (Ray left the telechat)
   • Amy: minutes to show discussed, on agenda for next mtg.
5. Appeal from JFC (Russ Housley)

   Telechat:

   • Russ: move to end for executive session
6. Question regarding expert review and independent submissions [IANA #189622] (Michelle Cotton)

   Telechat:

   • Michelle: question came up independent submission, how would IANA expert-review get a designated expert
   • Russ: hard to respond without understanding scope of the issue
   • Michelle: current RFC 5226 says IESG designates (always)
   • Jari: that includes independent submissions; would be nice to avoid need for expert (less work for the IESG is better).
7. IESG process change to action approval (Chris Newman)

   Telechat:

   • Chris: IESG internal voting process tilts towards making it too difficult to approve a standard; I'd like to move away from automatic block on one discuss; this is an internal process issue: we can simply try something and see how it works.
   • Ron: it's good to make a "Yes" significantly different from "No Objection"
   • Chris: I'd expect late changes to "No Objection" as issues come up.
   • Tim: This would seem to increase the "need" to vote "Discuss" instead of just supporting someone else's Discuss
   • Chris: It's pretty rare to get a lot of Yes votes. If I raise an issue that other ADs think should be non-blocking, I want other ADs voting Yes.
   • Jon: I understood this as an attempt to find a less controversial way to resolve disagreements: I'd like to find a way to do that.
   • Chris: If someone has an alternative, please put it forward, otherwise I'd like to try something.
   • Jon: I remember when we had to state positions during the call...
   • Chris: Maybe an earlier deadline for Discuss, let's come back to this at a future telechat
   • Dan: suggest it's time to move on
   • Amy: minutes to show "discussed"
8. EAP typecode expert (Jari)

   Telechat:

   • Jari: EAP group was handling, proposing an individual expert.
   • Chris: dislike having to note need for expert review on balloting, but shouldn't necessarily stop progress if expert review not done at IETF LastCall
   • Amy: expert approved pending accepting

7. Agenda Working Group News

• Jari Arkko (Internet)--- Interim coming up
• Ron Bonica (O & M)---
• Ross Callon (Routing)--- 3 documents coming up, about 300 pages; one is ready now (model), do you want it before the others? I'll put the one on the agenda for Sep 25.
• Lisa Dusseault (Applications)---
• Lars Eggert (Transport)---
• Pasi Eronen (Security)--- pass
• Russ Housley (General)--- pass
• Cullen Jennings (RAI)--- pass
• Chris Newman (Applications)--- pass
• Jon Peterson (RAI)--- pass
• Tim Polk (Security)--- pass
• Dan Romascanu (O & M)---
• Mark Townsley (Internet)--- none
• Dave Ward (Routing)--- none
• Magnus Westerlund (Transport)--- FECframe interim 20-22 October

1404 Entered Executive Session