IETF
dhc
dhc@jabber.ietf.org
Thursday, July 23, 2015< ^ >
tomek has set the subject to: DHC meeting: IETF'92 Dallas
Room Configuration
Room Occupants

GMT+0
[10:48:00] Meetecho joins the room
[10:57:55] Wlodek Wencel joins the room
[10:59:58] Brian Haberman joins the room
[11:00:22] Ted Lemon joins the room
[11:00:30] Marcin Siodelski joins the room
[11:01:13] Ishan Yelurwar joins the room
[11:01:37] <Ted Lemon> The room looks empty!
[11:01:42] Suzanne joins the room
[11:01:47] <Ted Lemon> Except for the chairs, of course.
[11:01:57] Carsten Strotmann joins the room
[11:02:15] Andrew Sullivan joins the room
[11:02:16] cas joins the room
[11:02:25] <Ted Lemon> Jabber scribe is needed for relay, not reporting.
[11:02:39] <Andrew Sullivan> I'll do relay
[11:02:40] Cong LIU joins the room
[11:02:48] <Ted Lemon> Thanks, Andrew!
[11:02:50] <Andrew Sullivan> yw
[11:06:46] Ishan Yelurwar leaves the room
[11:09:44] <Andrew Sullivan> BTW, slide 10
[11:09:52] <Andrew Sullivan> (I suppose I should relay that too)
[11:10:00] <Andrew Sullivan> slide 11
[11:10:48] sarikaya2012 joins the room
[11:11:24] Victor Kuarsingh joins the room
[11:11:34] <Andrew Sullivan> chairs asking for comment
[11:12:00] Thomas Markwalder joins the room
[11:12:17] <Ted Lemon> mic: it's useful to have a document that specifies an algorithm, because otherwise there is no documented algorithm, and implementors may use algorithms that are not privacy-safe.
[11:12:33] <Carsten Strotmann> audio from Lorenzo is thin (mic not on?)
[11:13:42] <Andrew Sullivan> was that better?  I used the same mic as L. and spoke closely
[11:13:51] <Ted Lemon> yes, thanks, I heard you just fine.
[11:14:02] wpk joins the room
[11:14:05] <Carsten Strotmann> yes, much better
[11:14:08] <Ted Lemon> I could sort of hear lorenzo, but not very well.
[11:14:13] Wlodek Wencel leaves the room
[11:14:28] Wlodek Wencel joins the room
[11:15:12] <Andrew Sullivan> He's at the same mic, so see whether this is better
[11:15:21] <Ted Lemon> mic: that's what applicability statements are for.
[11:15:38] <Ted Lemon> mic: the applicability statement should say "do this if you want privacy."
[11:15:50] cas leaves the room: Disconnected: closed
[11:15:51] cas joins the room
[11:16:32] Ralf Weber joins the room
[11:16:52] <Ted Lemon> mic: or if you want privacy of this sort.
[11:17:37] <Ted Lemon> sigh.
[11:17:54] <Ted Lemon> if the site wanted to support privacy, it would not require the use of DHCP.
[11:18:15] <Andrew Sullivan> well, that's also true, Ted
[11:18:21] <Ted Lemon> stable privacy addresses specifically avoid leaking information about the movement of clients from one network to another.
[11:18:58] <Ted Lemon> the current applicability statement is wrong, because  servers that do this are excluded from doing antyhing else.
[11:19:07] <Ted Lemon> but that's easy to fix.
[11:19:07] <Andrew Sullivan> But the point I was really trying to say was that what Christian said seemed right to me — "this is the kind of privacy you want, do A, that kind do B, &c."
[11:19:20] <Andrew Sullivan> Is that still mic: or no?
[11:19:25] <Ted Lemon> yeah, I thought what Christian said was right too.
[11:19:36] <Ted Lemon> Honestly, we should just deprecate IA_NA for general use.
[11:20:15] <Ted Lemon> can't hear
[11:20:24] <Ted Lemon> meetecho should up the gain on that microphone
[11:21:17] <Andrew Sullivan> 3 choices:
[11:21:19] <Andrew Sullivan> mark dead
[11:21:25] <Andrew Sullivan> move ahead
[11:21:28] <Ted Lemon> hummmmm
[11:21:30] <Andrew Sullivan> change to info
[11:21:31] Lishan Li joins the room
[11:21:34] <Ted Lemon> hummmmm
[11:21:37] <Andrew Sullivan> was that 1 2 or 3?
[11:21:42] <Ted Lemon> 2 and 3
[11:21:43] Lishan Li leaves the room
[11:21:45] <Andrew Sullivan> consensus to kill
[11:22:13] <Ted Lemon> I think this means that we should deprecate IA_NA.
[11:22:18] <Andrew Sullivan> mic?
[11:22:28] <Ted Lemon> if you want to start a fight!
[11:22:41] <Ted Lemon> :)
[11:23:24] <Andrew Sullivan> Sheng Jiang
[11:23:27] <Andrew Sullivan> 1/6
[11:23:37] <Andrew Sullivan> 2/6
[11:24:24] Lishan Li joins the room
[11:24:28] sarikaya2012 leaves the room
[11:25:15] <Andrew Sullivan> 3/6
[11:25:26] <Brian Haberman> If the document hangs around long enough it will get 3 AD reviews.
[11:25:46] <Andrew Sullivan> It would be the best-reviewed document ever!
[11:28:15] <Ted Lemon> mic: I don't see any point in multiple certs
[11:28:43] <Ted Lemon> mic: as you say, Sheng, if there is more than one cert to try, which I consider unlikely, it can be done in sequential attempts.
[11:29:18] <Ted Lemon> exactly
[11:29:41] <Ted Lemon> it doesn't make sense for server to send more than one cett.   client probably wants to choose cert based on server.
[11:29:52] <Ted Lemon> no need to relay, just thinking aloud
[11:31:27] <Andrew Sullivan> ok
[11:31:59] <Andrew Sullivan> oops, 4/6
[11:33:40] <Ted Lemon> in that case a lot of things will have to change.
[11:35:51] <Ted Lemon> mic: we can't solve this problem in this working group, and it is not a problem that exists in current practice today.
[11:36:29] <Ted Lemon> mic: not sending the data is really hard.
[11:36:39] <Ted Lemon> mic: best is the enemy of good enough
[11:38:50] Francis Dupont joins the room
[11:39:49] <Andrew Sullivan> 5/6
[11:40:26] <Brian Haberman> The DHCPv6 security document needs a strong applicability statement describing where they approach is safe to use.
[11:40:37] <Brian Haberman> s/they/this/
[11:40:51] <Andrew Sullivan> is that for the mic?
[11:41:09] <Brian Haberman> I'm in the room, so no.  I will get to it if needed.
[11:41:12] <Ted Lemon> I think that we actually need a threat analysis that's aimed at justifying the current document, plus some example profiles that illustrate how this could be used.
[11:41:19] <Ted Lemon> As written, it's not really applicable without a profile.
[11:41:30] <Andrew Sullivan> (6/6, end of slides)
[11:41:41] <Ted Lemon> That doesn't need to be said at the mic, just saying it to Brian.
[11:41:56] <Andrew Sullivan> Brian is up at the mic now
[11:42:04] <Andrew Sullivan> and speaking for Ted too!
[11:42:24] <Ted Lemon> Nice that you get a break, Andrew.   You're being a real mensch.
[11:43:24] <Andrew Sullivan> I don't regard this as the most onerous thing I've done all week :)
[11:43:29] <Ted Lemon> can't hear at all.
[11:43:32] <Ted Lemon> yeah, I can imagine!
[11:43:36] <Andrew Sullivan> Christian Huitema is getting up
[11:43:44] <Andrew Sullivan> p1
[11:43:46] <Andrew Sullivan> p2
[11:43:49] <Brian Haberman> Andrew is still apologizing for canceling the IAB open mic session. :)
[11:43:56] <Ted Lemon> Leadership is a thankless task.   Thanks for doing it.
[11:44:13] <Andrew Sullivan> Some people wanted to see the IAB parade across the stage, apparently
[11:44:25] <Andrew Sullivan> maybe we could get that Henry Mancini tune to do it by
[11:44:27] <Ted Lemon> Pomp and circumstance.
[11:44:34] <Andrew Sullivan> Oh, that'd also be good!
[11:44:37] <Ted Lemon> :)
[11:44:38] <Brian Haberman> For those of you interested in certificate sizes, take a look at http://fm4dd.com/openssl/certexamples.htm
[11:44:41] <Suzanne> No, no, the circus clown riff
[11:44:50] <Ted Lemon> Yakity sax?
[11:45:01] <Suzanne> would work
[11:45:08] <Suzanne> or some Scott Joplin
[11:45:24] <Suzanne> Andrew gets "The Entertainer" next time
[11:46:10] <Francis Dupont> Note most of the PKI use discussion is not very sound: my secure DHCPv6 code by default does "offline" validation: on the server the client was configurated with a credential (public key or certificate file name) so the code simply compares the content of the option with the content of the file... BTW it is not very reasonable to expect long/expensive crypto on each packet.
[11:46:14] Victor Kuarsingh leaves the room
[11:46:46] <Andrew Sullivan> p3
[11:48:06] <Andrew Sullivan> p4
[11:49:22] <Andrew Sullivan> p5
[11:49:25] <Andrew Sullivan> (end)
[11:51:33] <Ted Lemon> meetecho: can't hear this mic at all.
[11:51:39] <Andrew Sullivan> Battery is dead apparently
[11:51:43] <Andrew Sullivan> changing mics
[11:52:02] <Andrew Sullivan> dead mic is removed
[11:53:28] <Ted Lemon> The irony here is that clients sending hostname option aren't even standardized.
[11:53:39] <Andrew Sullivan> mic?
[11:53:44] <Ted Lemon> no
[11:53:45] <Ted Lemon> thanks
[11:54:07] <Ted Lemon> it doesn't matter--it's a de facto standard.   it's just a bit sad that it's an issue.
[11:57:54] <Andrew Sullivan> Now DHCPv6bis
[11:57:58] <Andrew Sullivan> 1
[11:58:05] <Andrew Sullivan> 2
[11:58:10] Victor Kuarsingh joins the room
[11:58:40] <Andrew Sullivan> 3
[12:02:15] <Ted Lemon> mic: the point is to not require special cases in server code.
[12:03:02] <Andrew Sullivan> 4th in line
[12:05:20] <Ted Lemon> mic: if the oro contains container option code and suboption code, then it should send it in the container, right?
[12:05:49] <Ted Lemon> iow, not actually a problem
[12:06:04] <Ted Lemon> +1 to bernie
[12:06:06] <Andrew Sullivan> there was nodding, so I think people agree
[12:06:10] <Andrew Sullivan> (and I already sat)
[12:06:13] <Andrew Sullivan> slide 4
[12:06:17] <Ted Lemon> :)
[12:08:31] <Ted Lemon> mic: client-initiated renumbering could also be done simply by acquiring a new address and releasing the old one.
[12:10:25] <Ted Lemon> mic: release/acquire doesn't work because it would just be a renewal.
[12:10:32] <Ted Lemon> mic: so yu'd get the same address.
[12:11:28] Marcin Siodelski leaves the room
[12:11:29] Marcin Siodelski joins the room
[12:11:54] <Andrew Sullivan> 5
[12:12:42] Andrew Yourtchenko joins the room
[12:12:57] <Andrew Sullivan> 6
[12:13:41] <Andrew Yourtchenko> re. the comments about the acquiring the new address, I have that ticket here: http://trac.tools.ietf.org/group/dhcpv6bis/ticket/147
[12:13:54] <Andrew Yourtchenko> with the proposed text of "If the client wishes to obtain a distinctly new address (or prefix) and deprecate the existing one, it needs to create a new IAID, perform a transaction to acquire
the address/prefix and then perform a transaction releasing the old address/prefix when it is deprecated."
[12:14:50] <Andrew Sullivan> is that for the mic?
[12:15:49] <Andrew Sullivan> um, duh, never mind :)
[12:15:53] <Andrew Yourtchenko> nah, that's fine - Bernie already mentioned that the ticket exists :)
[12:16:03] Andy Malis joins the room
[12:16:36] <Andrew Sullivan> oops, didn't say we're on slide 7.  Sorry
[12:16:47] Andy Malis leaves the room
[12:20:54] <Ted Lemon> mic: to fix that problem the software update should just change the IAID
[12:23:14] <Ted Lemon> oh, the brokenness.
[12:23:50] <Andrew Sullivan> YANG data model
[12:24:01] <Andrew Sullivan> slide 2
[12:25:09] <Andrew Sullivan> 3
[12:25:54] <Andrew Sullivan> 4
[12:27:23] <Andrew Sullivan> sorry, priority interrupt here.  Now we're on 6
[12:34:24] <Andrew Sullivan> 7 (next steps)
[12:34:35] <Andrew Sullivan> deciding what to do
[12:34:59] <Ted Lemon> hummmmm
[12:35:44] <Andrew Sullivan> next Auth & Enc DHPv6
[12:35:47] <Andrew Sullivan> oops
[12:35:51] <Andrew Sullivan> dead mic
[12:35:56] <Andrew Sullivan> DHCPv6
[12:36:04] <Andrew Sullivan> 2 mics down
[12:36:10] <Andrew Sullivan> mic back!
[12:36:31] <Andrew Sullivan> slide 1
[12:36:33] <Ted Lemon> Dynamic Host Protocol sounds like some sort of cloud/vps thing.
[12:37:08] <Andrew Sullivan> DHP actually stands for "digits hoping and praying"
[12:37:11] <Andrew Sullivan> I can't type
[12:38:03] <Francis Dupont> p3
[12:38:48] <Francis Dupont> (dhc-5 : auth and encrypt mechs for DHCPv6)
[12:39:03] <Andrew Sullivan> 4
[12:39:28] Victor Kuarsingh leaves the room
[12:39:59] <Andrew Sullivan> 5
[12:40:32] <Andrew Sullivan> 6
[12:41:18] <Andrew Sullivan> 7
[12:43:24] <Francis Dupont> Christian Huitema at the mic
[12:43:33] <Andrew Sullivan> I know!  We could put the cert in the DNS with DANE! Oh, wait …
[12:44:34] Ishan Yelurwar joins the room
[12:44:40] <Francis Dupont> offline: I met authors and I strongly suggested to fix the crypto with a real expect (ipsecme chair for instance).
[12:44:43] <Lishan Li> Before the DHCPv6 process, the client is offline. So I afraid that the client can not connect to DNS server
[12:44:50] Thomas Markwalder leaves the room
[12:45:31] <Andrew Sullivan> @Lishan Li yeah, sorry, I was kidding.  Sorta poking fun at a monomania one sometimes hears.
[12:46:02] Suzanne leaves the room
[12:47:49] <Andrew Sullivan> back to slide 4
[12:47:54] <Andrew Sullivan> for discussion
[12:50:19] <Andrew Sullivan> 4o6 Bulk & Active Leasequery
[12:50:32] <Andrew Sullivan> 1
[12:51:11] Ralf Weber leaves the room
[12:51:23] <Andrew Sullivan> 2
[12:51:36] <Andrew Sullivan> 3
[12:52:22] <Andrew Sullivan> 4
[12:52:59] <Andrew Sullivan> 6
[12:53:25] <Ted Lemon> seems fine.   no comments,
[12:53:37] <Andrew Sullivan> relay initiated release
[12:53:42] <Andrew Sullivan> 2
[12:54:28] <Andrew Sullivan> 3
[12:54:43] <Andrew Sullivan> 4
[12:56:00] <Andrew Sullivan> 5
[12:56:30] <Andrew Sullivan> 6
[12:56:36] <Ted Lemon> this is a classic example of too loon for a sales pitch.   sigh.
[12:56:47] <Ted Lemon> long
[12:57:00] <Andrew Sullivan> I was going to say, "Be nice!"
[12:57:12] <Andrew Sullivan> 7
[12:57:13] <Ted Lemon> yeah. I think it's actually a good idea.
[12:57:25] <Ted Lemon> mic: why do we need this for DHCPv6?   Looks good for v4.
[12:58:18] <Ted Lemon> would the hg actually reuse the lease in this case?
[12:58:37] <Andrew Sullivan> in case in current discussion?
[12:58:43] <Ted Lemon> yes
[12:58:49] <Ted Lemon> Ian clarified.
[12:58:52] <Andrew Sullivan> y
[12:58:59] <Ted Lemon> I think this is useless for DHCPv6, so it's a moot point.
[13:01:35] <Ted Lemon> In case this comes up after meetecho dies, I favor adoption of v4 draft, don't see point of v6 draft, and if w eneed it for v6, it should be a single draft, because most of the v6 draft is just a copy o fhe v4 draft.
[13:02:42] <Andrew Sullivan> why useless, Ted?
[13:02:55] <Ted Lemon> there is no shortage of IPV6 addresses
[13:02:59] <Ted Lemon> he sort of addressed that
[13:03:16] <Ted Lemon> I am not sure I buy his explanation, but I'm willing to think harder about it.
[13:03:26] <Ted Lemon> I still think the drafts should be merged.
[13:03:56] Brian Haberman leaves the room
[13:04:03] <Ted Lemon> +1 to Bernie
[13:04:39] <Andrew Sullivan> I am going to need to drop in a moment
[13:04:49] <Andrew Sullivan> that was good timing
[13:04:51] <Andrew Sullivan> bye
[13:04:54] Andrew Yourtchenko leaves the room
[13:04:56] Andrew Sullivan leaves the room
[13:05:08] <Ted Lemon> thanks for scribing!
[13:05:09] Marcin Siodelski leaves the room
[13:05:12] <Ted Lemon> very much appreciated
[13:05:17] Carsten Strotmann leaves the room
[13:05:21] Francis Dupont leaves the room: Computer went to sleep
[13:05:22] Wlodek Wencel leaves the room
[13:05:56] Lishan Li leaves the room
[13:06:15] Victor Kuarsingh joins the room
[13:07:10] wpk leaves the room
[13:07:23] Ishan Yelurwar leaves the room
[13:07:23] Cong LIU leaves the room
[13:14:18] Meetecho leaves the room
[13:24:23] Suzanne joins the room
[13:24:36] Ralf Weber joins the room
[13:24:55] Ralf Weber leaves the room
[13:26:16] Ralf Weber joins the room
[13:32:32] Suzanne leaves the room
[13:36:16] Suzanne joins the room
[13:41:21] wpk joins the room
[13:59:08] Victor Kuarsingh leaves the room: Disconnected: closed
[14:00:59] wpk leaves the room
[14:25:32] Suzanne leaves the room
[14:25:34] Suzanne joins the room
[14:31:00] cas leaves the room: Disconnected: closed
[14:31:33] Suzanne leaves the room
[15:24:52] Ralf Weber leaves the room
[15:25:03] Ted Lemon leaves the room
[15:26:05] Ralf Weber joins the room
[15:48:41] Suzanne joins the room
[15:55:03] Suzanne leaves the room
[16:11:28] Suzanne joins the room
[16:12:36] wpk joins the room
[16:15:08] wpk leaves the room
[17:28:36] Suzanne leaves the room
[17:31:31] Ralf Weber leaves the room
[17:31:53] Ralf Weber joins the room
[23:46:41] Suzanne joins the room
[23:52:38] Suzanne leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!