[07:57:11] synp has set the subject to: IPsecME Meeting at IETF 109
[07:59:22] synp joins the room
[07:59:32] <synp> Testing...
[07:59:53] synp leaves the room
[08:30:43] metricamerica joins the room
[08:30:53] paulwouters joins the room
[08:37:49] Meetecho joins the room
[08:50:03] Michael Jenkins joins the room
[08:50:03] Lorenzo Miniero joins the room
[08:50:03] Zidago Sako joins the room
[08:50:03] Feng Yang joins the room
[08:50:03] Paul Wouters joins the room
[08:50:03] Don Fedyk joins the room
[08:50:03] Daniel Migault joins the room
[08:50:03] Quynh Dang joins the room
[08:50:03] Dirk Hugo joins the room
[08:50:03] Alessandro Toppi joins the room
[08:50:03] Leonie Bruckert joins the room
[08:50:23] Alessandro Toppi leaves the room
[08:50:27] Alessandro Toppi joins the room
[08:50:49] Paolo Saviano joins the room
[08:50:56] Steffen Klassert joins the room
[08:51:23] Christian Hopps joins the room
[08:51:37] Christian Hopps leaves the room
[08:51:37] Daniel Migault leaves the room
[08:51:37] Leonie Bruckert leaves the room
[08:51:37] Dirk Hugo leaves the room
[08:51:37] Michael Jenkins leaves the room
[08:51:37] Zidago Sako leaves the room
[08:51:37] Paolo Saviano leaves the room
[08:51:37] Paul Wouters leaves the room
[08:51:37] Steffen Klassert leaves the room
[08:51:37] Feng Yang leaves the room
[08:51:37] Alessandro Toppi leaves the room
[08:51:37] Don Fedyk leaves the room
[08:51:37] Quynh Dang leaves the room
[08:51:37] Lorenzo Miniero leaves the room
[08:51:45] Alessandro Toppi joins the room
[08:51:52] Paul Wouters joins the room
[08:51:53] Christian Hopps joins the room
[08:52:08] Steffen Klassert joins the room
[08:52:26] Zidago Sako joins the room
[08:52:38] Michael Jenkins joins the room
[08:52:54] Bob Moskowitz joins the room
[08:53:14] Leonie Bruckert joins the room
[08:53:16] Robert Moskowitz joins the room
[08:53:19] Yoav Nir joins the room
[08:53:21] <Paul Wouters> helllo :)
[08:53:24] Mohamed Boucadair joins the room
[08:53:53] Juhamatti Kuusisaari joins the room
[08:53:54] Antony Antony joins the room
[08:53:58] Scott Fluhrer joins the room
[08:54:08] paulwouters leaves the room
[08:54:39] Quynh Dang joins the room
[08:54:51] <Paul Wouters> i heard something very faint
[08:54:52] Valery Smyslov joins the room
[08:54:58] <Bob Moskowitz> I hear voices!
[08:55:04] Lorenzo Miniero joins the room
[08:55:06] Mark McFadden joins the room
[08:55:09] <Bob Moskowitz> Yoav, you are very faint.
[08:55:25] Tero Kivinen joins the room
[08:55:38] <Meetecho> Sounds more like a capture issue
[08:55:43] Tommy Pauly joins the room
[08:55:53] <Meetecho> Too much distortion/saturation on the mic feed?
[08:56:09] John Border joins the room
[08:56:24] <Meetecho> :D
[08:56:36] <Meetecho> Yoav, do you have another mic you can try?
[08:56:55] Mike Boyle joins the room
[08:57:03] Donald Eastlake joins the room
[08:57:03] Yoav Nir leaves the room
[08:57:04] Timothy Winters joins the room
[08:57:06] <Meetecho> (you can show the in-flight dialog using the Settings button)
[08:57:30] <Paul Wouters> meetecho claims this is all already recording? :)
[08:57:45] Yoav Nir joins the room
[08:58:16] <Valery Smyslov> Yes!
[08:58:24] <Meetecho> Everything before the start of the session is cut from the recording that is uploaded
[08:58:37] <Paul Wouters> but super soft
[08:58:51] <Paul Wouters> ahh thanks meetecho :)
[08:59:16] John Mah joins the room
[08:59:33] Lou Berger joins the room
[08:59:47] Yoav Nir leaves the room
[08:59:58] Don Fedyk joins the room
[08:59:58] Daniel Migault joins the room
[09:00:11] Yoav Nir joins the room
[09:00:12] Feng Yang joins the room
[09:00:25] LouBerger joins the room
[09:00:32] Benjamin Kaduk joins the room
[09:00:44] kaduk@jabber.org/barnowl joins the room
[09:00:56] <Bob Moskowitz> Yoav, much better...
[09:01:02] Kirsty P joins the room
[09:01:37] Juan Cerezo joins the room
[09:01:50] Oshani Dayaratna joins the room
[09:01:59] Kazunori Fujiwara joins the room
[09:02:00] Feng Yang leaves the room
[09:02:11] Kazunori Fujiwara leaves the room
[09:02:45] <synp> So in case other people have audio issues, I am monitoring this room
[09:02:52] <kaduk@jabber.org/barnowl> Tero: "something"
[09:02:54] Alister Winfield joins the room
[09:03:19] Jan-Frederik Rieckers joins the room
[09:04:14] Tarek Hamouda joins the room
[09:05:08] Tarek Hamouda leaves the room
[09:05:33] Mohit Tahiliani joins the room
[09:05:56] Jennifer Gabriel joins the room
[09:06:30] <synp> And in case you're wondering, the wall really is pink.  It's not a bug in the Webcam
[09:07:44] <Mohamed Boucadair> draft-ietf-ipsecme-ipv6-ipv4-codes is in the IETF LC. It ends 2020-12-01.
[09:08:04] Wes Hardaker joins the room
[09:09:27] Junyu Lai joins the room
[09:11:22] <Valery Smyslov> Yes
[09:11:47] Martin Wu joins the room
[09:11:48] Dan Harkins joins the room
[09:11:51] <Valery Smyslov> Not implemented
[09:12:05] Gijs Beernink joins the room
[09:13:58] Tirumaleswar Reddy.K joins the room
[09:20:05] Srihari Sangli joins the room
[09:24:57] Dan Harkins leaves the room
[09:26:41] Robert Moskowitz leaves the room
[09:26:52] Robert Moskowitz joins the room
[09:27:11] Donald Eastlake leaves the room
[09:27:23] Donald Eastlake joins the room
[09:28:11] Donald Eastlake leaves the room
[09:28:14] <Mohamed Boucadair> https://datatracker.ietf.org/doc/html/draft-boucadair-ip-version-5-8-9-historic-00
[09:28:16] Donald Eastlake joins the room
[09:28:28] Robert Moskowitz leaves the room
[09:28:32] <Mohamed Boucadair> which means that version 5 is sent again to the available pool
[09:28:57] Robert Moskowitz joins the room
[09:29:01] <Mohamed Boucadair> https://datatracker.ietf.org/doc/status-change-ip-versions-5-8-9-to-historic/01/
[09:30:07] <Mohamed Boucadair> Sorry: https://datatracker.ietf.org/doc/status-change-ip-versions-5-8-9-to-historic/
[09:31:04] Srihari Sangli leaves the room
[09:31:09] <synp> Still an expired draft
[09:32:16] <Mohamed Boucadair> @sync: which draft?
[09:32:28] Wes Hardaker leaves the room
[09:32:33] <kaduk@jabber.org/barnowl> The status-change document is an approved status change.
[09:32:54] <Paul Wouters> i followed the discussion
[09:32:56] <Mohamed Boucadair> that's normal because it is replaced with the IESG statement.
[09:32:56] Harin Sarda joins the room
[09:33:10] <Yoav Nir> Ah.  OK.  Thanks.
[09:34:28] Harin Sarda leaves the room
[09:35:26] <Yoav Nir> So if it's available, using it would be squatting.  But it only matters if we want to use IPsec to protect some future protocol number 5
[09:36:02] <Mohamed Boucadair> Agree, Yoav
[09:36:25] Harin Sarda joins the room
[09:36:39] Junyu Lai leaves the room
[09:37:08] dee3@hot-chilli.net joins the room
[09:37:22] Cheng Li joins the room
[09:37:29] <LouBerger> depends on the registry... it's still marked as ssigned in https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
[09:38:53] Harin Sarda leaves the room
[09:38:56] Harin Sarda joins the room
[09:39:12] Harin Sarda leaves the room
[09:39:15] Harin Sarda joins the room
[09:41:02] <kaduk@jabber.org/barnowl> Hmm, but
https://mailarchive.ietf.org/arch/msg/ietf-announce/IIQ30AX1aTFJp4iG21gKvToRxSQ/
was sent out.  I guess I should follow up with IANA or the secretariat
to see what happened/what should have happened.
[09:42:07] Junyu Lai joins the room
[09:43:00] <Christian Hopps> In any case this could be updated if there's an objection. I'm guessing the only objection about ESP payload type *not* being allocated from the IP protocol number registry would come from the security AD :)
[09:43:22] Tommy C joins the room
[09:45:34] Francois Ortolan joins the room
[09:45:52] Francois Ortolan leaves the room
[09:46:07] Alessandro Toppi leaves the room
[09:46:13] Alessandro Toppi joins the room
[09:47:13] Robert Moskowitz leaves the room
[09:47:53] Robert Moskowitz joins the room
[09:48:44] Mohit Tahiliani leaves the room
[09:52:09] <Paul Wouters> 100 fragments is easy to DoS.
[09:52:29] <Paul Wouters> (but so is TCP)
[09:52:49] <kaduk@jabber.org/barnowl> RST! RST!
[09:53:39] <synp> IKEv2 over QUIC?
[09:53:57] <Paul Wouters> over quantumsafe QUIC? :)
[10:01:12] <Mohamed Boucadair> @Tommy: add is more focusing on untrusted discovery as these are inducing more issues than in this draft
[10:01:59] <kaduk@jabber.org/barnowl> Depending on the motivation for the current doc, waiting to see what
ADD ends up doing may make a lot of sense.
(Also, it looks like we'd have to recharter to take on this work.)
[10:02:52] Lou Berger leaves the room
[10:03:11] LouBerger leaves the room
[10:03:32] <kaduk@jabber.org/barnowl> I know a bunch of people that would be sad if we come up with
something new after DoQ
[10:04:04] Robert Moskowitz leaves the room
[10:04:22] Robert Moskowitz joins the room
[10:05:13] <kaduk@jabber.org/barnowl> I'm not sure I understand Paul's concern that would need a cert
payload for the Do<X> server -- isn't the Do<X> server going to send
their cert in the TLS handshake, and it will chain up to some CA
that's in the trust store?
[10:06:26] <Paul Wouters> shouldn't there be an ip family type in the "IP addresses" field? how else do you know length  of v4 vs v6 ?
[10:06:33] <kaduk@jabber.org/barnowl> Apparently Tiru did understand Paul's concern, and the response helps
me understand.
[10:06:53] <Yoav Nir> In the corporate remote access scenario, the internal DNS server may use a corporate certificate. The internal hosts are pre-configured so they trust the DNS server. Remote clients might not.
[10:07:27] Amelia Andersdotter joins the room
[10:07:46] Martin Wu leaves the room
[10:07:55] <Tirumaleswar Reddy.K> yes
[10:08:00] <Paul Wouters> kaduk: possibly if the CA is same for IKE and DNS/HTTPS. It's not always the same CA
[10:10:20] <Mohamed Boucadair> @Yoav: for the v4/v6 question, this is inferred from the attribute type. In 00, we used mapped addresses for IPv4. We don't need that anymore as we don't mux the attributes
[10:11:16] Robert Moskowitz leaves the room
[10:11:21] <Daniel Migault> can the problen comes with req1 (resend) as well ?
[10:11:24] <Yoav Nir> Thanks, but it was Paul that asked.
[10:11:40] andrew_liu joins the room
[10:11:40] Robert Moskowitz joins the room
[10:11:52] Ignas Bagdonas joins the room
[10:11:55] <kaduk@jabber.org/barnowl> Paul: understood it can be a separate CA.  I wonder, though -- what
are you going to be doing on the internal network that wouldn't
require you to have the internal TLS CA that signs the cert of the
Do<X> server already?  Is there some bespoke PKI setup that uses an
entirely different hierarchy for Do<X> vs normal internal HTTPS?  (Or
not a PKI at all, I suppose.)
[10:11:57] Ville Hallivuori joins the room
[10:12:39] Xing Jiang joins the room
[10:13:57] Bernie Innocenti joins the room
[10:15:09] <kaduk@jabber.org/barnowl> I assume REVISED_COOKIE is a placeholder name...
[10:15:40] <Yoav Nir> I'm wondering if this really solves something.  OK, maybe we get IKE to complete, but with a network this bad, is the IPsec SA going to be usable?  IOW: is it worth fixing?
[10:15:47] Gijs Beernink leaves the room
[10:17:32] Luigi Iannone joins the room
[10:17:53] <Scott Fluhrer> Question: wouldn't having the implementation select a fresh IKE SPI when it changes cookies solve this problem without the need for protocol change?
[10:18:20] <Yoav Nir> It can't be called COOKIE2 because that is already defined in RFC 4555
[10:20:01] <kaduk@jabber.org/barnowl> So, COOKIE3, then?
[10:20:30] Olaf Kolkman joins the room
[10:21:20] Eduard V joins the room
[10:22:27] Michael Tüxen joins the room
[10:23:29] <kaduk@jabber.org/barnowl> There is a benefit to Paul's new idea: you get to have a magic cookie
in your cookie :)
[10:23:45] Oshani Dayaratna leaves the room
[10:23:49] Oshani Dayaratna joins the room
[10:24:44] Xing Jiang leaves the room
[10:24:53] <Paul Wouters> responder does not send a cookie yet. it sends all 0000000
[10:25:07] <Paul Wouters> sorry i mean spi 00000000
[10:25:50] andrew_liu leaves the room
[10:26:05] Eduard V leaves the room
[10:26:32] <synp> It shows your age to call the IKE SPI a "cookie"
[10:26:42] <Paul Wouters> i know :)
[10:26:45] <Paul Wouters> ssshhh
[10:27:40] <Paul Wouters> yes i agree it is ME :)
[10:28:01] <synp> Oil change document
[10:29:57] Michael Tüxen leaves the room
[10:30:40] <Yoav Nir> Relevant draft: https://datatracker.ietf.org/doc/draft-pwouters-multi-sa-performance/
[10:30:46] Mehmet Ersue joins the room
[10:31:24] Mehmet Ersue leaves the room
[10:32:59] Simon Hicks joins the room
[10:38:34] Quynh Dang leaves the room
[10:39:12] Oshani Dayaratna leaves the room
[10:41:26] Olaf Kolkman leaves the room
[10:44:10] Tommy C leaves the room
[10:46:52] John Mah leaves the room
[10:46:58] John Mah joins the room
[10:47:35] Tommy Pauly leaves the room
[10:50:21] Juhamatti Kuusisaari leaves the room
[10:51:14] Juhamatti Kuusisaari joins the room
[10:51:40] <kaduk@jabber.org/barnowl> I think 6 bits, yes
[10:52:07] Junyu Lai leaves the room
[10:52:17] Junyu Lai joins the room
[10:52:23] Jennifer Gabriel leaves the room
[10:54:33] Timothy Winters leaves the room
[10:54:49] Luigi Iannone leaves the room
[10:54:58] Mark McFadden leaves the room
[10:54:59] Daniel Migault leaves the room
[10:55:08] Leonie Bruckert leaves the room
[10:55:11] Junyu Lai leaves the room
[10:55:12] Ville Hallivuori leaves the room
[10:55:14] Benjamin Kaduk leaves the room
[10:55:14] Valery Smyslov leaves the room
[10:55:15] Antony Antony leaves the room
[10:55:16] Paul Wouters leaves the room
[10:55:17] Don Fedyk leaves the room
[10:55:18] Yoav Nir leaves the room
[10:55:19] Juhamatti Kuusisaari leaves the room
[10:55:19] Harin Sarda leaves the room
[10:55:21] Mike Boyle leaves the room
[10:55:21] Kirsty P leaves the room
[10:55:22] Donald Eastlake leaves the room
[10:55:23] Jan-Frederik Rieckers leaves the room
[10:55:24] Christian Hopps leaves the room
[10:55:26] Juan Cerezo leaves the room
[10:55:27] Amelia Andersdotter leaves the room
[10:55:28] Robert Moskowitz leaves the room
[10:55:29] Tero Kivinen leaves the room
[10:55:32] Michael Jenkins leaves the room
[10:55:32] Alessandro Toppi leaves the room
[10:55:41] Zidago Sako leaves the room
[10:55:42] Ignas Bagdonas leaves the room
[10:55:45] John Mah leaves the room
[10:55:47] metricamerica leaves the room
[10:55:50] Steffen Klassert leaves the room
[10:55:54] Lorenzo Miniero leaves the room
[10:55:57] Zidago Sako joins the room
[10:56:05] Zidago Sako leaves the room
[10:56:21] Scott Fluhrer leaves the room
[10:56:33] Alister Winfield leaves the room
[10:57:14] Meetecho leaves the room
[10:59:14] Bernie Innocenti leaves the room
[11:01:22] John Border leaves the room
[11:13:22] dee3@hot-chilli.net leaves the room
[11:33:26] Cheng Li leaves the room
[11:51:19] Tirumaleswar Reddy.K leaves the room
[11:51:19] Mohamed Boucadair leaves the room
[11:51:19] Simon Hicks leaves the room
[16:57:46] halfshot joins the room
[16:57:52] halfshot leaves the room
[17:07:53] undefined joins the room