[14:06:27] cem joins the room
[14:18:33] jimsch1 joins the room
[14:22:56] Jonathan Hammell joins the room
[14:26:24] Russ Housley joins the room
[14:28:11] kaduk@jabber.org/barnowl joins the room
[14:29:21] Melinda joins the room
[14:33:47] Roman Danyliw joins the room
[14:34:34] mcr joins the room
[14:35:18] Peter Yee joins the room
[14:35:35] <Roman Danyliw> Webex: https://ietf.webex.com/ietf/j.php?MTID=m19b1d7a9c8b3567f11a10c825d647240
[14:36:56] wilma joins the room
[14:40:23] <jimsch1> I can try to get Outlook this week
[14:41:19] <Roman Danyliw> @Alexey: Let's talk offline.  I have an Outlook setup.
[14:42:45] stf joins the room
[14:43:19] Rich Salz joins the room
[14:43:51] Rich Salz leaves the room
[14:44:51] stf leaves the room
[14:44:56] <mcr> I thought this as a slam-dunk.  Seems done.
[14:45:27] <Jonathan Hammell> Adopted draft name is draft-ietf-lamps-cms-update-alg-id-protect
[14:47:10] kaduk@jabber.org/barnowl leaves the room
[14:48:08] kaduk@jabber.org/barnowl joins the room
[14:50:56] John Levine joins the room
[14:55:07] Corey Bonnell joins the room
[14:56:53] <kaduk@jabber.org/barnowl> [Webex currently shows 37 participants, to have that written down in a
fairly easy to access archive]
[14:58:30] <wilma> Isn't this OID stucture under PKIX?
[14:58:41] <wilma> (this is Deb Cooley)
[14:59:51] <kaduk@jabber.org/barnowl>    The ASN.1 to define these EKUs is:
   id-kp-cmpCA OBJECT IDENTIFIER ::= { id-kp 27 }
   id-kp-cmpRA OBJECT IDENTIFIER ::= { id-kp 28 }
   id-kp-cmpKGA OBJECT IDENTIFIER ::= { id-kp ... }
   < TBD: id-kp-cmpKGA to be defined. >
[15:00:18] bhoeneis joins the room
[15:00:31] <wilma> yes, which is under a iso/...dod/internet/security/mech/pkix
[15:01:09] <wilma> oh those should be id-kp-cmcCA, right?
[15:01:32] <kaduk@jabber.org/barnowl> Hmm, and interesting question; probably worth asking on the list.
[15:01:54] <kaduk@jabber.org/barnowl> (I haven't even pulled up a ref for the id-kp being what you quote
yet)
[15:03:19] <wilma> ?I just looked it up in an OID resolver....
[15:03:39] <wilma> sadly it didn't bring up my favorite - alvastrad's....
[15:03:42] <mcr> looks like a typo.
[15:03:44] <mcr> cmp->cmc.
[15:04:33] <kaduk@jabber.org/barnowl> Oh, it's in 5280; I thought it was going to be closer to CMP/CMC
directly :)
id-kp OBJECT IDENTIFIER ::= { id-pkix 3
[15:04:50] <wilma> right?
[15:04:52] sofia joins the room
[15:05:14] <kaduk@jabber.org/barnowl> RFC 6402 has:
  id-kp-cmcCA OBJECT IDENTIFIER ::= { id-kp 27 }
  id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 }
  id-kp-cmcArchive OBJECT IDENTIFIER ::= { id-kp 29 }
[15:05:30] <kaduk@jabber.org/barnowl> which seems to confirm "typo"
[15:07:56] <kaduk@jabber.org/barnowl> I guess using "..." as a "TBD" marker in an ASN.1 declaration is maybe
not the greatest plan, though probably not worth spinning up a new
revision of this document for.
[15:08:00] <jimsch1> I must have been asleep.  I would have said assign new OID values so that you can distingusih CMP from CMC in terms of support by the server
[15:08:22] <wilma> LOL, too late...
[15:08:33] <wilma> You were in the queue....
[15:08:54] <mcr> jimsch1, I asked that question too, but the author wanted to generalize cmcRA to all possible methods.
[15:10:31] <jimsch1> @mcr:  I think that is because they are not thinking of it as a service filter to know which thing to talk to.  It was very specifically defined as oppose the TLS server one in RFC 5280
[15:15:41] <mcr> I think we could be more generous with OIDs.
[15:16:10] <wilma> I think it is easier to overload them than to register new ones.
[15:18:26] <kaduk@jabber.org/barnowl> Register where?  I can allocate new OIDs right now (from my personal
arc)...
[15:18:43] <jimsch1> There is  CMP arc
[15:19:53] <jimsch1> Registering new ones takes less than a week through IANA for any of the arcs currently under discussion.  It my not even require any document depending on how the DE feels
[15:20:12] <wilma> It would be nice if these things were registered in the right place.  If there is a CMP arc, then they should be there.
[15:20:13] <jimsch1> I managed to lose my personal arc that I took from Microsoft.  Evey
[15:20:28] <wilma> bummer
[15:21:09] John Levine leaves the room
[15:21:09] John Levine joins the room
[15:26:35] <Jonathan Hammell> I am in favour of single value.
[15:26:44] <jimsch1> Single value is fine for this
[15:28:45] <Alexey Melnikov> +1
[15:30:38] <mcr> I didn't read this part of the draft.
[15:34:10] kaduk@jabber.org/barnowl leaves the room
[15:35:01] kaduk@jabber.org/barnowl joins the room
[15:35:45] <kaduk@jabber.org/barnowl> mcr: I am going through the brski -39 examples today, FYI.  Then I
will have to go back through my old ballot positions and decide how
uncomfortable I am about balloting "Yes"...
[15:36:56] <mcr> I don't think that I could contribute a useful CoAP based message transport until I have time to implement.  Anything I wrote would be hand waving.
[15:40:00] <mcr> HAHAHA, the often cited, but never seen "3-page" / "worlds-shortest-RFC".  Truly, a unicorn.
[15:40:45] <Melinda> I'm actually fine with little two-page documents
[15:40:56] <kaduk@jabber.org/barnowl> Like draft-ietf-lamps-5480-ku-clarifications ?
[15:41:03] <Melinda> And less fine with 150-page documents
[15:41:09] <Melinda> yes
[15:41:23] <kaduk@jabber.org/barnowl> I don't categorically oppose 3-page documents.  It's a judgment call.
[15:46:57] <wilma> I'm opposed to 50 2 page documents, especially when they conflict.
[15:48:52] <wilma> why does anyone need RA-RA comms?
[15:49:02] <mcr> I was going to ask the same thing.
[15:49:29] <wilma> TY
[15:51:07] <mcr> I'm unclear if this is a multi-level firewall for the CA, or if this is a way to delegate authority.
[15:51:20] John Levine leaves the room
[15:51:20] John Levine joins the room
[15:51:41] John Levine leaves the room
[15:52:25] John Levine joins the room
[15:53:01] <jimsch1> THis is authroity delegation.
[15:53:06] <wilma> RA's protecting CAs?
[15:53:10] <wilma> seems odd
[15:53:16] <mcr> (odd to me as well)
[15:53:27] <jimsch1> RA's validating that local policy is being followed and the CA relying on the RA to do that enforcement
[15:53:33] <wilma> LRA passing a request to an RA, fine....
[15:53:48] <wilma> RA, forwarding to the correct RA, fine.
[15:54:09] <mcr> I think it is LRA passing to RA.  
[15:54:10] <wilma> those are both authority delegation....
[15:54:10] <jimsch1> But in all of these cases I would expect the RA to add a wrapper.
[15:54:18] <wilma> right
[15:54:32] <wilma> otherwise the CA doesn't know that the right entity has approved it.
[15:54:49] <wilma> It has been forever since I've thought about CMP....
[15:55:01] <jimsch1> It also makes it easier to return errors - since some are about the RA and some about the requester
[15:56:33] <wilma> He speaks English better than I speak any other language.  kudos.
[15:56:52] <jimsch1> @Deb: including english?
[15:57:03] <mcr> https://www.youtube.com/watch?v=onYOhARd-cY infinite wrapping.
[15:57:15] <wilma> @jimsch1:  Indeed
[15:57:33] <jimsch1> My mother always said that mathmatics was my native language
[15:57:41] <wilma> +1
[15:58:11] jimsch1 leaves the room
[15:58:13] Jonathan Hammell leaves the room
[15:58:24] John Levine leaves the room
[15:58:25] Corey Bonnell leaves the room
[15:58:27] Roman Danyliw leaves the room
[15:58:55] cem leaves the room: offline
[15:58:55] wilma leaves the room
[16:00:40] kaduk@jabber.org/barnowl leaves the room
[16:03:06] bhoeneis joins the room
[16:03:10] bhoeneis leaves the room
[16:29:59] Russ Housley leaves the room
[17:00:10] Melinda leaves the room
[17:03:30] sofia leaves the room: Machine is going to sleep
[17:58:24] Alexey Melnikov leaves the room
[18:04:42] sofia joins the room
[18:36:12] sofia leaves the room
[20:46:44] Peter Yee leaves the room