IETF
karp@jabber.ietf.org
Tuesday, November 5, 2013< ^ >
Room Configuration
Room Occupants

GMT+0
[22:17:36] Wes George joins the room
[22:18:38] semery joins the room
[22:20:54] hartmans joins the room
[22:21:28] hartmans leaves the room: Disconnected: Replaced by new connection
[22:21:29] hartmans joins the room
[22:24:38] Michael Barnes joins the room
[22:26:01] <Wes George> hi, I'm jabber scribing
[22:26:02] <Wes George> anyone remote?
[22:26:47] <Wes George> discussing http://www.ietf.org/proceedings/88/slides/slides-88-karp-0.pdf
[22:26:49] <Wes George> slide 4
[22:26:59] <Wes George> audio check?
[22:27:28] <Wes George> slide 5
[22:29:14] <Wes George> sam hartman presenting http://www.ietf.org/proceedings/88/slides/slides-88-karp-2.pdf
[22:29:44] <Wes George> slide 2
[22:32:20] <Wes George> slide 3
[22:33:25] Abhay Roy joins the room
[22:34:28] <Wes George> slide 4
[22:37:57] <Wes George> slide 5
[22:39:46] <Wes George> slide 6
[22:40:50] <Wes George> brian discussing http://www.ietf.org/proceedings/88/slides/slides-88-karp-1.pdf
[22:40:51] <Wes George> slide 2
[22:41:58] <Wes George> slide 3
[22:43:15] <Wes George> slide 4
[22:44:48] <Wes George> slide 5
[22:44:53] <Wes George> actually slide 7
[22:44:57] <Wes George> slide 8
[22:48:24] <Wes George> my comments: operators agree important, but not paying attention - not on list (me for example)
[22:48:40] <Wes George> need to cross-promote - within ietf, opsec, opsarea, etc, and outside of ietf
[22:48:53] <Wes George> Ruediger and I are the only two "operators" in room
[22:49:37] <Wes George> ruediger echoes my comments, we are working on security within sidr, might be worth leveraging (instead of parallel stuff)
[22:49:49] <Wes George> sean turner - support, want to see this move forwards
[22:50:07] <Wes George> russ h. - history (when I was security ad, 9 yrs ago)
[22:50:25] <Wes George> took a long time to get things moving. issue is that so many people were doing back of envelope key mgmt
[22:50:40] <Wes George> had to make sure arch supported that since that's what people were doing, and then allow automated key mgmt later
[22:51:09] <Wes George> hate to see this stop now - took long to get here
[22:51:21] <Wes George> let's finish it, but if no one's going to use it, don't want to spend any more time
[22:51:25] Abhay Roy leaves the room
[22:51:51] <Wes George> uma - karp charter - all routing protocols were analysed
[22:51:54] Abhay Roy joins the room
[22:52:00] <Wes George> that's done
[22:52:02] <Wes George> moved to key mgmt
[22:52:09] kivinen joins the room
[22:52:32] <Wes George> routingg protos should be able to gen keys without affecting operation
[22:52:36] <Wes George> tcp-ao is there
[22:52:51] <Wes George> basic support for automatic keys is not there for others, isis
[22:52:55] <Wes George> affects operation
[22:54:37] <Wes George> jeff haas - juniper/vendor - demand is not hitting the operators
[22:54:45] <Wes George> no roadshow for those actually trying to implement security
[22:54:55] <Wes George> not going to get push back to vendorrs to get them to implement
[22:55:09] <Wes George> some gov't will have upfront req's but not across the board
[22:55:19] <Wes George> not that you don't have good tech, but you need more demand
[22:55:38] <Wes George> wg has interesting problem because it seems analytically solid
[22:56:16] <Wes George> acee lindem - don't think it's still really broken. proprietary mechanisms for key rollover
[22:56:50] <Wes George> now with things that are already rfcs, you can gracefully roll over all of these protos (except the example uma mentioned)
[22:57:05] <Wes George> could use i2RS interface (or netconf) to orchestrate
[22:58:04] <Wes George> sam hartman - acee is right, big operators can use netconf, could design a system for your org
[22:58:13] <Wes George> would produce semi-reasonable results
[22:58:22] <Wes George> we design for internet as a whole, not just large isps
[22:58:41] <Wes George> faced with the question - is anyone going to deploy that?
[22:58:52] <Wes George> life becomes hard if you consider that question. build security stds that are good
[22:58:59] <Wes George> hopefully people choose to implement and deploy
[22:59:13] <Wes George> couple of cases where acee's solution of just using netconf is a bad one
[22:59:16] <Wes George> links between orgs
[22:59:34] <Wes George> don't want my partner to allow access to my router
[22:59:46] <Wes George> separate groups
[23:00:06] <Wes George> completely understand chair's frustration when asking for reviews and getting crickets
[23:00:19] <Wes George> worth doing this even if we're not sure
[23:00:26] <Wes George> people will deploy today
[23:00:44] <Wes George> do need to make sure that there are enough people contributing to ensure that there is a quality standard
[23:00:54] <Wes George> challenge: what are you willing to do to contribute
[23:01:08] <Wes George> dan harkins
[23:01:26] <Wes George> don't udnerstand "operators still don't trust akm"
[23:01:34] <Wes George> can we figure out what they don't trust?
[23:01:57] <Wes George> joel - i did go to nanog
[23:02:16] <Wes George> don't break, don't change anything
[23:02:49] <Wes George> less interested in akm, keytables give them what they need
[23:03:03] <Wes George> ruediger - missing one factor
[23:03:37] <Wes George> asking operator forums a couple of years ago when you started the work and getting the response "don't do anything that interferes" is not an endorsement that the audience is expecting you to deliver
[23:04:08] <Wes George> I suspect that the operational view on this dev work is "another group doing excellent work in an ivory tower, no delivery"
[23:04:59] <Wes George> I'd like to work with vendors to get functional implementations or mock-ups
[23:06:17] <Wes George> jeff - transport security karp work has been valuable
[23:06:23] <Wes George> vendors have implemented
[23:06:27] <Wes George> that's not the key mgmt piece
[23:06:39] <Wes George> proto security is being done
[23:07:17] <Wes George> nanog roadshow was 7 yrs ago, no solid proposals what this is supposed to look like
[23:07:27] <Wes George> now we have real stuff and can show what it looks like
[23:07:36] <Wes George> is netconf enough, etc?
[23:10:21] <Michael Barnes> Sending e-mail to the list would be helpful
[23:10:21] Dave Sinicrope joins the room
[23:12:42] Dave Sinicrope leaves the room
[23:14:11] Dave Sinicrope joins the room
[23:20:13] <Wes George> session ends
[23:20:15] Wes George leaves the room
[23:20:28] semery leaves the room
[23:20:52] Michael Barnes leaves the room
[23:21:48] kivinen leaves the room
[23:28:38] Dave Sinicrope leaves the room
[23:31:39] hartmans leaves the room: Disconnected: Replaced by new connection
[23:31:39] hartmans joins the room
[23:53:07] hartmans leaves the room: Disconnected: connection closed
[23:56:34] semery joins the room
[23:56:41] semery leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!