[00:00:07] --- MJDuerst has joined
[00:00:21] --- MJDuerst has left
[00:02:17] --- tlyu has left: Disconnected
[00:11:34] --- jhutz has joined
[00:26:08] --- hartmans has left: Disconnected
[00:41:09] --- nico-sun has joined
[00:41:58] --- nico-sun has left
[00:44:45] --- masahiro has joined
[00:49:09] --- norifmi has joined
[01:01:57] --- jhutz has left: Disconnected
[01:18:17] --- johani has joined
[01:25:14] --- masahiro has left: Disconnected
[01:28:17] --- johani has left: Disconnected
[02:04:06] --- norifmi has left
[04:40:50] --- tlyu has joined
[04:41:07] --- tlyu has left
[08:40:25] --- MJDuerst has joined
[10:10:02] --- MJDuerst has left
[10:24:38] --- jishac has joined
[10:34:54] --- avri has joined
[10:40:42] --- masahiro has joined
[10:41:12] --- masahiro has left: Disconnected
[10:45:39] --- tuy has joined
[10:52:07] --- tuy has left: Replaced by new connection.
[10:52:08] --- tuy has joined
[10:52:09] --- tuy has left
[11:02:25] --- RandyG has joined
[11:07:57] --- jhutz has joined
[11:08:06] --- jhutz has left
[12:24:26] --- leg has joined
[12:26:16] --- leg has left: Disconnected
[12:26:39] --- leg has joined
[12:34:21] --- RandyG has left
[12:57:29] --- jishac has left
[13:13:35] --- avri has left: Disconnected
[13:29:14] --- leg has left: Disconnected
[14:10:15] --- wrstuden has joined
[14:30:26] --- avri has joined
[14:51:57] --- ohm has left: Replaced by new connection
[14:51:57] --- ohm has joined
[14:52:27] --- loa has joined
[14:52:48] --- loa has left
[14:52:59] --- avri has left
[15:05:15] --- leg has joined
[15:06:12] --- leg has left: Disconnected
[17:07:15] --- wrstuden has left: Disconnected
[17:15:01] --- ohm has left: Disconnected
[17:16:11] --- wrstuden has joined
[17:19:02] --- ohm has joined
[17:59:05] --- sommerfeld has left
[19:28:15] --- ohm has left: Replaced by new connection
[19:28:15] --- ohm has joined
[19:41:29] --- wrstuden has left: Disconnected
[20:03:43] --- ohm has left: Disconnected
[20:46:47] --- tuy has joined
[21:00:24] --- galvinjamesm has joined
[21:02:21] --- galvinjamesm has left
[21:05:17] --- ohm has joined
[21:09:17] --- ggm has joined
[21:10:30] --- tuy has left: Disconnected.
[21:13:56] --- hartmans has joined
[21:15:19] --- raeburn has joined
[21:15:26] --- galvinjamesm has joined
[21:16:49] --- jis has joined
[21:17:08] --- tlyu has joined
[21:17:14] --- sarolaht has joined
[21:17:57] --- jhutz has joined
[21:18:36] <galvinjamesm> Have they said anything about the audio feed or multicast? I'm not getting anything.
[21:19:37] --- sarolaht has left
[21:20:04] --- sommerfeld has joined
[21:20:09] --- wrstuden has joined
[21:20:59] --- orange has joined
[21:22:25] --- hardie has joined
[21:23:00] --- resnick has joined
[21:23:26] --- javier has joined
[21:24:21] --- brabson has joined
[21:25:14] <ggm> Leslie Daigle at the podium
[21:25:21] <ggm> overview of agenda.
[21:25:33] <galvinjamesm> any news about the multicast or audio? I'm not getting anything?
[21:25:44] <ggm> two tech presentations to kick off, ASRG (John Levine) and IAB Security wkshop then and now (Bernard Aboba)
[21:25:52] <ggm> IETF reorg status, Harald
[21:26:00] <ggm> AdminRest (leslie and harald)
[21:26:02] <ggm> John Levine on ASRG
[21:26:28] <jhutz> do you have some reason to believe the mcast/audio problem is already known?
[21:26:46] <jhutz> or should I stand up and tell the person at the table in front of me?
[21:26:47] <galvinjamesm> I reported it to the email address. haven't heard anything yet.
[21:27:19] <galvinjamesm> No, I'll hang for a bit and see if they answer the email. I guess there's no one else in this chat room listening eh?
[21:27:20] --- dudi has joined
[21:27:25] <ggm> overview of things we mighr or might not do about SPAM
[21:27:30] --- jishac has joined
[21:27:32] --- anewton has joined
[21:27:36] --- shep has joined
[21:27:38] --- masahiro has joined
[21:27:56] --- mallman has joined
[21:27:56] <ggm> the sentence is "spam is bad we have to ... <.>" and the end of the sentence is always different.
[21:28:01] --- tonyhansen has joined
[21:28:10] --- dinakar has joined
[21:28:11] <ggm> spam is a huuumungous percentage of mail.
[21:28:20] <ggm> more spam than real mail, everywhere.
[21:28:27] <ggm> large ISPs see >80% SPAM
[21:28:37] <ggm> even with filters real mail is lost in the noise.
[21:28:49] <ggm> we might be at 98% spam soon.
[21:28:56] --- ohm has left: Disconnected
[21:29:11] --- ekr has joined
[21:29:22] --- ekr has left
[21:29:34] <ggm> severe social problem. porn, kids, people are turning off email
[21:29:44] <ggm> who would give a kid an email account?
[21:29:46] --- ohm has joined
[21:30:18] <ggm> slow and painful to link the discrete islands together, now we're re-balkanizing the net
[21:30:36] <ggm> fraudulent. who would read real email from the bank after phishes?
[21:30:51] <ggm> what isn't the spam problem.
[21:31:07] --- dinakar has left: Disconnected
[21:31:08] --- AndrewDMcGregor has joined
[21:31:11] <ggm> these are problems are the end of the "spam is so bad we have to .."
[21:31:39] <ggm> authentication problem. verification. that a msg is from the sender it puports to be from.
[21:31:59] <ggm> is the sender the same as the person who sent it the last time? weakest form. eg pgp without web of trust
[21:32:09] <ggm> or .. is it a real person (pgp with web of trust)
[21:32:17] <ggm> or person we can retaliate to?
[21:32:42] <ggm> these are all somewhat unsatisfactory versions of identity. problem done the most work on is'who is th emessage from' == MARID
[21:32:47] <ggm> the introduction problem.
[21:32:55] <ggm> mail from people you haven't heard from.
[21:33:07] <ggm> binary divides: all the ones I know are good, the rest is bad.
[21:33:12] --- resnick has left: Disconnected
[21:33:16] --- hta has joined
[21:33:18] --- resnick has joined
[21:33:21] <ggm> hoop to jump through, loose enough humans will jump, tight enough spammers wont.
[21:33:21] --- dfedyk has joined
[21:33:27] <ggm> variety of alleged solutions. all have issues
[21:33:41] <ggm> e-postage, HASHCASH, CAPTCHA.
[21:33:45] <hardie> I have told the NOC about the video stream issue
[21:33:45] <ggm> the filtering problem.
[21:33:54] <ggm> distinguish nice mail from nasty mail.
[21:34:06] <ggm> try not to loose too much nice mail. hope not expensive, turning out not to be true
[21:34:29] <ggm> hope the spam filter authors 'taste' is not too different to yours. eg christians vs libertarians filter expectations
[21:34:29] --- becarpenter has joined
[21:34:31] --- Suresh Krishnan has joined
[21:34:42] <ggm> the accreditation problem
[21:34:52] <ggm> who is that? the accreditor says uh0uh..
[21:34:58] --- kivinen has joined
[21:35:02] <ggm> only have to introduce yourself to widely accepted accreditor.
[21:35:25] <ggm> eg bonded sender, habeas, LADB. (has interest in Habeas, wont speak in detail to any of them) are ok as far as they go.
[21:35:29] <ggm> the reputation problem.
[21:35:33] --- dinakar has joined
[21:35:35] <ggm> who'se nasty and who is nice
[21:35:44] <ggm> state of the art dnsRBLS
[21:35:48] <ggm> needs a lot of work.
[21:35:58] <ggm> what do you ask a reputation system? what answers can they return?
[21:36:06] --- gih has joined
[21:36:06] <ggm> very complicated issue
[21:36:16] <ggm> put them all together, are they the spam problem?
[21:36:16] <ggm> no
[21:36:20] <ggm> are they solution?
[21:36:27] <ggm> no, but parts are useful.
[21:36:40] <ggm> worried about this. reports in press "working on <x> solves the spam problem"
[21:36:41] --- malamud has joined
[21:36:51] <ggm> when its really only addressing accreditation, or reputation or whatever
[21:37:05] --- bernt99 has joined
[21:37:05] <ggm> so when people say "I have a solution" please engage in truth in advertizing
[21:37:10] <ggm> whats ASRG done recently?
[21:37:13] <ggm> its reorganized.
[21:37:17] --- suz-isc has joined
[21:37:22] <ggm> tried to come up with a GRAND PLAN
[21:37:26] --- sakai has joined
[21:37:26] <ggm> didnt work
[21:37:39] <ggm> reorganized into subgroups
[21:37:56] <ggm> threw stuff over the wall into MARID: lightweight authentication mail stuff, LMAP.
[21:38:06] <ggm> did as much pre-standards work, now IETFs problem not IRTF
[21:38:17] --- klensin-ietf has joined
[21:38:24] <ggm> looking into its effect. appreciate it, herding uncooperative cats, even by IETF standards
[21:38:25] --- sarolaht has joined
[21:38:30] <ggm> abuse reporting group
[21:38:31] --- dblacka has joined
[21:38:49] <ggm> turns out to be useful although not very technical. by and large no humans look at them, parsed by grep, some better at grepping than others
[21:39:03] <ggm> even when clearly from their domains you get back mail "its not us"
[21:39:08] <ggm> simple format, not XML.
[21:39:13] --- AndrewDMcGregor has left: Disconnected
[21:39:17] <ggm> this is for you, this is why, this is what we're telling you.
[21:39:28] <ggm> talked to people in large ISPS all say "come up with halfway decent we'll try it"
[21:39:47] <ggm> in same room as head of subgroup, eager to have him active. chances of action in next few months good.
[21:39:57] <ggm> BCPS. if not stds track, direction of good informationals
[21:40:07] <ggm> drafted a few.
[21:40:11] --- Suresh Krishnan has left: Disconnected
[21:40:18] <ggm> what the bits in DNSrbls means. how to block 25, implications
[21:40:24] --- Suresh Krishnan has joined
[21:40:33] <ggm> will find people in IETF to foist them on as potential BCP or other docs.
[21:40:49] <ggm> lots of ISPs have well meaning but not skilled tech groups, eg BCP on zombies, can point them at it.
[21:40:57] --- jerome.durand.renater has joined
[21:41:05] <ggm> 2 headed filtering group.
[21:41:18] --- csp has joined
[21:41:29] <ggm> work slowed down. working on Real-Time exchange of filtering criteria. commercial model is brightmail, twiddling the filter in realtime, pushed to appliances
[21:41:39] <ggm> rules updated centrally but pushed to client.
[21:41:44] --- dblacka has left
[21:42:04] <ggm> nice not to hav eto pay single vendor, XML makes sense, some vendors hope to offer technology, for filter rule exchange. some ISPs would love to have this
[21:42:14] <ggm> group on message verification. probably redundant with MASS.
[21:42:15] --- becarpenter has left
[21:42:30] --- becarpenter has joined
[21:42:34] <ggm> domain keys, S/MIME. granularity of domains, without hierarchy of signing.
[21:42:48] <ggm> all kind of do the same thing. somebody else verifies the sigs on mails
[21:43:00] <ggm> still some researchy things, different systems, ways to extract the common stuff
[21:43:05] <ggm> final group, favourite,
[21:43:09] <ggm> Id, Auth and Reputation
[21:43:17] <ggm> how to ask who, what why, when, how often
[21:43:26] <ggm> dozens of people signed up, then
[21:43:28] <ggm> nothing.
[21:43:33] <ggm> hoping to wake up.
[21:43:43] <ggm> need common i/f to reputation systems.
[21:43:55] <ggm> pick source of advice
[21:43:57] <ggm> what we're not doing
[21:44:00] <ggm> not defining spam
[21:44:07] <ggm> already defined, all the definitions differnt
[21:44:14] <ggm> (but all define the set of mail)
[21:44:24] <ggm> not doing challenge/response
[21:44:25] --- jakob has joined
[21:44:30] <ggm> was doing it, now gone away
[21:44:38] <ggm> signatures seem better
[21:44:46] <ggm> nobody looking at e-postage. have docs on why not useful
[21:44:53] <ggm> not looking at SMTP replacement
[21:44:58] --- peterd has joined
[21:45:08] <ggm> mutant SMTP for quite a while.
[21:45:23] <ggm> have been very busy. turns out, rest of world doesnt realize ASRG is me, and a website under my desk.
[21:45:34] <ggm> WallSt Jnl asked 'whats your financial model' which was odd.
[21:45:41] <ggm> 34 different anti-spam groups
[21:45:51] --- lynn has joined
[21:45:54] <ggm> Open Group does interop. validation profiles. nice.
[21:45:56] --- norifmi has joined
[21:46:13] <ggm> asked if we could have Interop for SMTP, stamp out the bugs? said 'yea, we can do that'
[21:46:48] --- Wag has joined
[21:46:49] <ggm> MAAWG. odd name. giving impl advice to people like cox or turner. good source to use
[21:47:01] <ggm> ITU-T. WSIS anti spam meeting, geneva.
[21:47:13] <ggm> state dept was there. asked who he was
[21:47:31] <ggm> said "I'm ASRG of the IRTF, funded by the IETF for ISOC" and they said "oh"
[21:47:31] --- plenary has joined
[21:47:46] <ggm> people from central africa, syria, big countries too.
[21:47:46] --- plenary is now known as nico
[21:48:00] <ggm> asked the little countrys a few years ago they'd say "no, no problem, level playing field"
[21:48:12] <ggm> now say "its awful: we still pay by the byte. its killing us"
[21:48:20] --- hta has left: Replaced by new connection
[21:48:21] --- hta has joined
[21:48:21] --- hta has left
[21:48:23] <ggm> have sat dishes, could do it, too scary, drowining in spam too
[21:48:26] --- ray_atarashi has joined
[21:48:34] <ggm> lots of interest in'human capital formation' ITUese for 'training people'
[21:48:37] --- SharonChisholm has joined
[21:48:45] <ggm> people around for X400 wars will remember
[21:48:55] --- mlshore has joined
[21:49:07] <ggm> ITU is a bunch of bureaucrats, combersome when we are small and light [laughter] things do change
[21:49:17] <ggm> lunches at ITU way better.
[21:49:30] <ggm> work is fundamentally different to ours, but have conduit into every gov telcoms ministry in the world.
[21:49:44] <ggm> if want to encourage good standards and squich bad ones, they'll do it.
[21:49:57] <ggm> will call meetings, will travel. was pleasent suprise. thanks to HTA for funding
[21:50:00] <ggm> where are we
[21:50:02] <ggm> spam is bad,
[21:50:09] <ggm> easy solutions are wrong. its hard
[21:50:17] <ggm> needs solutions, can make incremental progress.
[21:50:25] <ggm> needs tech and social and legal approaches. not our forte
[21:50:29] <ggm> tech has to lead, right people to do it.
[21:50:31] <ggm> get to work.
[21:50:32] <ggm> thank you
[21:50:34] --- faultylink has joined
[21:50:37] <ggm> did I take 20 min? time for Qs?
[21:50:45] <ggm> did I leave you all speechless?
[21:50:51] <ggm> Dave Crocker
[21:51:23] <ggm> you're reference to reputation systems, is spec in CSV proposal, has accreditation record, intended to be useful, but serves people to look at and throw darts thats ok too
[21:51:45] <ggm> refs thumbs up or thumbs down vs details
[21:51:53] <ggm> feedback greatfully appreciated.
[21:51:54] --- hta has joined
[21:52:02] <ggm> ASRG web is http://asrg.sp.am/
[21:52:20] --- ole has joined
[21:52:34] <ggm> Brian C. heard respected chair at ITU mtg say "will be solved in 2 years" wondering what is the real factor, to get real goal.
[21:52:38] --- mocmobile has joined
[21:52:39] --- csp has left
[21:52:50] <ggm> John we'll never solve it. always some spam.
[21:52:57] <ggm> unpleasant people.
[21:53:15] <ggm> hope we have a handle on it, in 2 years. could be the amount is plateau'ing in 2 years.
[21:53:31] <ggm> something will be different, cant say 2/5/ to fix. if we dont try, they;ll give up on email and we wont care
[21:53:43] --- kivinen has left: Logged out
[21:53:43] --- kivinen has joined
[21:53:43] --- kivinen has left: Logged out
[21:53:48] <ggm> Scott Bradner, got letter back from ITU, asking IETF how the IETF can cooperate on fighting this problem
[21:54:35] <ggm> harmonized standards sounds fine.
[21:54:52] --- warlord has joined
[21:54:59] --- kivinen has joined
[21:54:59] <ggm> wow. left you speechless. thanks [applause]
[21:55:01] --- malamud has left: Disconnected
[21:55:14] <ggm> [ the scribe is tired. can somebody else do some for a bit? -ggm]
[21:56:06] --- kivinen has left: Disconnected
[21:56:07] --- gih has left: Disconnected
[21:56:08] <galvinjamesm> Hoping for a scribe...??
[21:56:18] --- faultylink has left: Replaced by new connection
[21:56:19] --- faultylink has joined
[21:56:29] <ggm> Report of IAB security arch wkshop, 1997.
[21:56:47] <ggm> goals, to id core security components, spec, and guide protocols
[21:56:54] <galvinjamesm> Still no audio link or response from the tech team. Anybody out there actually getting the multicast or audio, or are you all sitting in the room?
[21:56:55] <ggm> agreed at the time 'security needs to be designed in'
[21:57:01] --- gih has joined
[21:57:13] --- randy has joined
[21:57:13] --- wyllys has joined
[21:57:15] <ggm> graph of cert incidents by year.
[21:57:23] <ggm> goes up order of magnitude every three years
[21:57:29] <ggm> very very very exponential.
[21:57:37] <ggm> what hasnt changed
[21:57:44] <ggm> trends identified in '97 still true
[21:57:49] <ggm> rate of attacks increasing.
[21:57:54] <ggm> attackers getting smarter
[21:58:06] <ggm> several concls now common wisdom
[21:58:15] <ggm> eg 'no cleartext psswds'
[21:58:30] <ggm> nothing added today. same security mechanisms in 7 years.
[21:58:32] <ggm> so what has changed?
[21:58:42] <ggm> scope/sophistication of attacks grown dramatically
[21:58:52] <ggm> motivation changed: MONEY. its not pranksters any more
[21:59:04] --- andreas-b has joined
[21:59:07] <ggm> increase in p2p vs client/server. not clear security work has addressed this
[21:59:13] --- BP has joined
[21:59:20] <ggm> more multi-party. fuzzy trust models. hard to show designs secure or prudent
[21:59:26] <ggm> auth is increasingly important
[21:59:30] --- BP has left: Disconnected
[21:59:42] --- avri has joined
[21:59:43] <ggm> most serious vulns now at apps layer. then, was mostly down the stack
[21:59:45] --- BP has joined
[21:59:49] <ggm> evolution of the threat model
[21:59:57] <ggm> old model. classic model.
[22:00:02] <ggm> new model. Qs like
[22:00:12] <ggm> "can attacker make money by exploiting vuln"
[22:00:20] <ggm> eg phishing, blackmail.
[22:00:34] <ggm> authorities dont care about DoS, but the DOS subject can be blackmailed
[22:00:43] <ggm> can attacker cause widespread chaos? attack critical services
[22:00:47] <ggm> mechanism retrospective
[22:00:51] <ggm> divide into core/non-core
[22:00:54] <ggm> core not faring well.
[22:00:58] <ggm> dnssec not deployed.
[22:01:08] --- faultylink has left: Replaced by new connection
[22:01:08] --- faultylink has joined
[22:01:09] --- hta has left: Replaced by new connection
[22:01:09] --- hta has joined
[22:01:09] --- hta has left
[22:01:12] <ggm> dnskey rr now deprecated. opponents to trust model probably right
[22:01:25] <ggm> TLS deployed, but not IPSEC/ISKAMP. as much as expected/desired
[22:01:27] --- rpayne has joined
[22:01:28] <ggm> S/MIME not widely used
[22:01:32] --- norifmi has left: Disconnected
[22:01:34] <ggm> non-core now very populsar
[22:01:38] <ggm> Kerb/Radius/SASL
[22:01:42] <ggm> why did the non-core work?
[22:01:44] --- norifmi has joined
[22:01:48] <ggm> ease of use significant issue
[22:01:55] <ggm> ssh ssh/tls easy to deploy
[22:02:01] <ggm> SASL/EAP easy to develop
[22:02:07] --- mgupta has joined
[22:02:08] <ggm> deployment at edge easier than at core
[22:02:12] <ggm> edge client VPN
[22:02:16] <ggm> core router security
[22:02:18] --- norifmi has left
[22:02:45] <ggm> mechanisms which require coordination harder.
[22:02:50] <ggm> Lessons of ISAKMP
[22:02:59] <ggm> proposed wide use in 97. did not turn out that way. why?
[22:03:04] <ggm> complexity is enemy of ease of use
[22:03:05] --- faultylink has left: Replaced by new connection
[22:03:13] <ggm> general purpose crypto frameworks hard to design.
[22:03:18] <ggm> not all problems the same.
[22:03:22] <ggm> service defns differ
[22:03:40] <ggm> will we relearn this with GSSAPI and SASL, EAP?
[22:03:44] <ggm> 97 missing pieces
[22:04:07] <ggm> object security. have them now. gen purp. toolkits maybe missing. could be why not deployed well
[22:04:21] <ggm> Secure email. demand problem, requires changes in infra. impl quality
[22:04:25] <ggm> ROuting security. made some progress
[22:04:28] --- tuy has joined
[22:04:31] <ggm> 2004 missing pieces
[22:04:34] <ggm> p2p security issues
[22:04:46] <ggm> multi-party security trust models, break into known problems and solve?
[22:05:00] <ggm> D-DoS. can we design DoS resistent protocols? net mechanisms to use? eg pushback
[22:05:02] --- atarashi has joined
[22:05:07] <ggm> Phishing problem. auth mechanisms to help
[22:05:13] --- Wag has left
[22:05:14] <ggm> Are we working on the right problems?
[22:05:31] --- norifmi has joined
[22:05:39] --- BP has left: Replaced by new connection
[22:05:39] --- BP has joined
[22:05:39] --- BP has left
[22:05:53] --- sleinen has joined
[22:05:55] <ggm> most serious issues? spam/malware/zombies/phishing. can interact. all related. virus spam spreading. too much looking in isolation
[22:06:05] --- BP has joined
[22:06:12] --- sleinen has left: Disconnected
[22:06:18] <ggm> system issues
[22:06:27] <ggm> not considered monetary/financial gain aspects
[22:06:39] <ggm> [does anybody read this? does anybody want me to keep going? -ggm]
[22:06:56] --- norifmi has left: Replaced by new connection
[22:06:57] --- norifmi has joined
[22:06:58] --- norifmi has left
[22:06:59] <ggm> does this vuln lead to potentially exposing other ones? does the fix apply to other problems? get cross pollenation
[22:06:59] --- sleinen has joined
[22:07:04] <ggm> document assumptions
[22:07:12] <ggm> look for cascading failures
[22:07:16] <Suresh Krishnan> Go ggm. I am reading.
[22:07:22] <ggm> think aout the big risks, not the small ones.
[22:07:25] <Suresh Krishnan> even though I am in the room
[22:07:28] <ggm> internet increasingly critical infrastructure
[22:07:42] <ggm> monetary incentive to overcome risks. can make remote threats likely
[22:07:55] <ggm> not just underfunded students. adversaries that are powerful
[22:07:58] <tuy> i'm reading too ... and am admirative the way you take notes !
[22:07:58] <ggm> questions.
[22:08:33] <Suresh Krishnan> [me too. Great work]
[22:08:38] <ggm> [missed questions] about organized crime
[22:08:49] <ggm> definitely out there. credit card theft, in that category
[22:08:56] <ggm> comment. [no name]
[22:09:09] <ggm> some spammers have bounty on compromised systems. based on number can do to put spambots
[22:09:27] <ggm> [no name on podium] yes
[22:09:40] --- kivinen has joined
[22:09:41] <ggm> Resnick. spammers doing this, does have monetary mode, trying to sell things
[22:09:46] <galvinjamesm> that's ekr, eric escorla
[22:09:52] <galvinjamesm> before pete resnick
[22:10:01] <ggm> Elliot. find it interesting, but, notice doing as best they can with what they have
[22:10:15] <tuy> [stupid question to ggm: isn't it possible to load the speaker slides in advance in jabber app ? ]
[22:10:40] <ggm> give card, pin, details, for one a/c and expect people to use it for one a/c. useability, API, issues. awash in keys
[22:10:42] <ggm> as consumers.
[22:10:47] <ggm> need to address consumer level issues
[22:11:01] <ggm> [stupid answer yes, but this is the IETF. we dont do it easy here]
[22:11:20] --- tskj has joined
[22:11:46] <ggm> Ted Hardie. broad categories mask more than they tell us. no difference between slashdot effect and ddos. true at time, but.. there are differernt kinds of DDOS, depending on how its vectored, service, cascade issues
[22:12:05] <ggm> as we look at how to think about it when designing protocol, used so widely, what tools can we give people? models? to understand attack vectors
[22:12:23] <ggm> Eric cut between DDOS client behave as though legit, and ones where they dont
[22:12:47] <tuy> [stupid's going on then: if you can get the slides from 1 of 2 speakers, it'll ease a bit the typing work ... did you ever ask to someone or simply don't dare to waste your time ?]
[22:13:00] --- csp has joined
[22:13:00] --- leg has joined
[22:13:04] <ggm> [Im not an organizer. this is grassroots. who to ask?]
[22:13:16] <ggm> [sorry, missed it]
[22:13:16] --- jerome.durand.renater has left
[22:13:34] <ggm> Ted would it help if in designing, describe to security area how to distinguish legit use? need to track over time?
[22:13:53] <ggm> Eric problem is, want to bring website down, set up zombies, just do it.
[22:14:02] --- csp has left: Disconnected
[22:14:08] <tuy> [every session has a chair ... it seems to be the first person to ask, isn't it ?]
[22:14:13] <ggm> Looking back at RFC 2316, guide to tools. but threat model has changed. need different type
[22:14:28] <ggm> HIlary. threat model hasnt changed. whats in news has changed. its always about money
[22:14:33] <ggm> [so you ask. I'm busy]
[22:14:47] <ggm> I used to be young when I came into the security business. doesnt look like a change.
[22:15:02] <ggm> one is to really take security seriously in designing new protocols
[22:15:10] <ggm> does require trust and cooperation and other areas
[22:15:14] <ggm> seeing a lot more of that
[22:15:20] <ggm> not going to change unless want to.
[22:15:29] <ggm> attempts to address, some half hearted or misguided
[22:15:42] <ggm> or deliberately corrupted form the beginning. lack of trust. will require work to address
[22:15:52] <ggm> other thing, to address is infrastructure security
[22:16:00] <tuy> [it's probably too late for tonight. but be tried for next time ... what we do risk at the end of the day ?]
[22:16:22] --- norifmi has joined
[22:16:24] <ggm> the inf security people are looking to the IETF for this I think that should be a special focus
[22:16:27] --- jeromedu has joined
[22:16:44] <ggm> Eric. less sanguine about this. not sure problem is trust
[22:16:49] <ggm> think it has changed.
[22:17:00] --- nov has joined
[22:17:27] <ggm> wether or not was about money, assumed infinitiely powerful attacker going against you. slug-it-out protocols, pay attention, fail catastrphically. not accurate model why we have not adequate stuff today
[22:17:30] --- jeromedu has left: Replaced by new connection
[22:17:49] <ggm> Pete Resnick. part of the reason I'm up here, I think the security issues have moved up into apps, wasnt there before.
[22:18:01] --- jeromedu has joined
[22:18:21] <ggm> lot of appliction out there on the net, connectivity just for joe-user clients, didnt exist long ago. spam attacks, we cant do anything about buffer overflows, people running perfectly validSMTP clients
[22:18:24] <ggm> doing the damage
[22:18:49] --- Doug has joined
[22:18:51] <ggm> the infra. security issues, still there, but some have moved into the nosebleed area. we dont get much oxygen. app has to think about things on different scale
[22:19:03] <ggm> [guys, I've lost it. somebody else has to type now -=ggm]
[22:19:25] <tonyhansen> [keep up the good work ggm -- it's useful from a variety of points: for review later, for immediate review when you don't know who's talking, and for immediate review when you missed part of what someone said]
[22:20:06] --- hta has joined
[22:20:06] <Suresh Krishnan> APIs for IPSec is a milestone
[22:20:26] <Suresh Krishnan> <DKW> It is not so much the threat model has changed
[22:20:33] <Suresh Krishnan> the density of the threat has changed
[22:20:47] <Suresh Krishnan> The attacker has much more resources than you think
[22:20:58] <Suresh Krishnan> Dave Crocker?:
[22:21:03] <galvinjamesm> yes
[22:21:03] <tonyhansen> [yes]
[22:21:25] <Suresh Krishnan> The issues are more complicated than the ones we have been dealin with
[22:21:28] --- kivinen has left: Logged out
[22:21:28] --- kivinen has joined
[22:21:28] --- kivinen has left: Logged out
[22:21:44] <Suresh Krishnan> the issues are well understood now
[22:21:52] <Suresh Krishnan> we have to figure out how to approach this
[22:22:17] <Suresh Krishnan> we have to figure out what to focus on
[22:22:41] <Suresh Krishnan> <DKW>: IPSec and DNSSec have not been deployed.
[22:22:42] --- csp has joined
[22:22:48] <Suresh Krishnan> Did we learn our lessons?
[22:23:00] <Suresh Krishnan> How can we learn to do better?
[22:23:27] <Suresh Krishnan> Bernard: Developers and Admins are very important to focus on
[22:23:33] --- mgupta has left: Disconnected
[22:23:41] <Suresh Krishnan> Developers are very important and we need to appreciate it.
[22:23:56] <Suresh Krishnan> <DKW> Are DNSSec and IPSec ever going to be deployed?
[22:24:26] <Suresh Krishnan> Bernard: IPSec is SHOULD or MUST in most of the places
[22:24:55] <Suresh Krishnan> <DKW>: DNSSec ran into operational issues
[22:24:56] --- lynn has left: Disconnected
[22:25:03] <randy> Are these slides (and the earlier irtf ones) available on on-line somewhere?
[22:25:13] --- hta has left: Disconnected
[22:25:19] --- hta has joined
[22:25:22] <Suresh Krishnan> it was academic and had lots of issues
[22:25:37] <Suresh Krishnan> Leslie: wants to close the mic
[22:25:43] --- resnick has left: Lost connection
[22:25:54] --- kivinen has joined
[22:26:09] <Suresh Krishnan> <DKW>: I have hung around with DNS for a long time. DNS was a great accomplishment by itself.
[22:26:20] <sommerfeld> Russ Mundy
[22:26:33] <jakob> DNS KEY RR was not deprecated due to trust model mismatch - it was deprecated by other reasons.
[22:26:50] <Suresh Krishnan> The designers were guilty of ignoring the Operational issues
[22:27:08] <Suresh Krishnan> the user set needs to be involved early in the design
[22:27:13] <Suresh Krishnan> otherwise it is doomed
[22:27:32] --- klensin-ietf has left
[22:27:38] <Suresh Krishnan> security is never free
[22:28:06] <Suresh Krishnan> and it is often ignored in face of getting things out
[22:28:31] <Suresh Krishnan> we get it wrong a lot of times and it is a credibility issue
[22:28:44] <Suresh Krishnan> eric: it happens less frequently last 2 years
[22:28:58] --- ogud has joined
[22:29:00] --- csp has left
[22:29:06] --- keitaro has joined
[22:29:15] <Suresh Krishnan> there is laziness but it is rational
[22:30:39] <Suresh Krishnan> Eric Fleischmann: IETF does work in a piecemeal fashion, but integration is not considered
[22:30:46] <Suresh Krishnan> that is true for the security community as well
[22:31:04] <Suresh Krishnan> <DKW>: Security in APP area is not new, just ignored
[22:31:11] <Suresh Krishnan> it has become more prevalent now
[22:31:45] <Suresh Krishnan> we need a large multi layer cooperation to secure from physical -> app layers
[22:32:03] <Suresh Krishnan> Pete: I did not intend to say that exactly
[22:32:59] <Suresh Krishnan> <DKW>: We need a holistic view of the problem
[22:33:17] --- SteveCrocker has joined
[22:33:28] <Suresh Krishnan> Pete: Absolutely. People working on protocols need to think about interactions
[22:34:04] <Suresh Krishnan> <DKW>: Talking about IPSec, EAP etc.
[22:34:15] <jhutz> current speaker is Nicolas Williams
[22:34:30] <Suresh Krishnan> Some of the security protocols so not have clear interfaces defined
[22:34:33] <warlord> DKW?
[22:34:41] <jhutz> "don't know who" ?
[22:34:54] <Suresh Krishnan> I am not mandating any specific language i/fs but an abstract interface
[22:34:55] <warlord> AH. Clearly I should have stated my name...
[22:35:01] <Suresh Krishnan> [Yup]
[22:35:10] <warlord> That DKW is "Derek Atkins"
[22:35:26] --- bert has joined
[22:35:30] <Suresh Krishnan> Bernard: Lack of APIs delayed deployment of IPSec.
[22:35:46] <Suresh Krishnan> Eric: SSL was a case where the interface was obvious
[22:35:52] <Suresh Krishnan> SSH did not have an interface
[22:36:45] <Suresh Krishnan> The user interfaces for SSH/SSL are simple and hence led to more deployment
[22:37:11] --- hta has left
[22:37:11] <Suresh Krishnan> person at mic Derek: SSL is simpler than SSH
[22:37:14] <Suresh Krishnan> ---
[22:37:22] --- hildjj has joined
[22:37:40] <Suresh Krishnan> Harald to talk about reorg
[22:37:42] --- SteveCrocker has left
[22:37:42] <hardie> Blessh you!
[22:37:43] --- admcd has joined
[22:37:46] --- nico has left
[22:37:53] --- nico-sun has joined
[22:37:54] <Suresh Krishnan> Harald left the jabber room
[22:38:24] <Suresh Krishnan> This is about process reform at IETF.
[22:38:27] <nico-sun> person at mic was me
[22:38:32] --- ogud has left: Replaced by new connection.
[22:38:32] --- ogud has joined
[22:38:33] --- ogud has left
[22:38:36] --- nico-sun is now known as nico
[22:38:38] <Suresh Krishnan> [People pointing to blank screen]
[22:38:39] <galvinjamesm> what is the URL for where he put the slides
[22:38:45] --- aen has joined
[22:39:01] <Suresh Krishnan> [Don't know]
[22:39:27] <Suresh Krishnan> [Sorry for the lack of attributions. Noone stated their name]
[22:39:37] <nico> I know, I forgot :)
[22:39:45] <nico> apologies
[22:39:47] <Suresh Krishnan> Harald: Tried to make up a mission statement
[22:39:55] <Suresh Krishnan> It just got approved
[22:40:05] <Suresh Krishnan> ICAR and NEWTRK got started
[22:40:25] <Suresh Krishnan> Changes to ml management
[22:40:34] <Suresh Krishnan> proto tem working on process changes
[22:40:36] <Suresh Krishnan> ---
[22:40:47] <Suresh Krishnan> proto team concluded phase 1 successfully
[22:40:50] <Suresh Krishnan> people want more
[22:40:52] <Suresh Krishnan> ---
[22:40:59] --- norifmi has left: Replaced by new connection
[22:40:59] --- norifmi has joined
[22:41:00] --- norifmi has left
[22:41:03] --- marka has joined
[22:41:03] <Suresh Krishnan> icar created a lot of buzz
[22:41:11] <Suresh Krishnan> need to do some work
[22:41:19] <Suresh Krishnan> real work
[22:41:29] <Suresh Krishnan> we want YOU (like Uncle Sam)
[22:41:42] <Suresh Krishnan> Newtrk is on track
[22:42:16] <Suresh Krishnan> We want people to read and critique other people;s work and make it better
[22:42:22] <Suresh Krishnan> ---
[22:42:30] <Suresh Krishnan> mission statement approved as BCP
[22:42:39] <Suresh Krishnan> got stuck with RFC editor for too long
[22:43:07] <Suresh Krishnan> new procedure for IESG and RFC Ed documents as CP
[22:43:18] <Suresh Krishnan> downref doc becomes a BCP
[22:43:35] <Suresh Krishnan> margarets mailing list draft becomes BCP
[22:43:49] <Suresh Krishnan> process experiments draft becomes BCP
[22:44:13] <Suresh Krishnan> alternate consensus process document approved as BCP
[22:44:16] <Suresh Krishnan> ---
[22:44:29] <Suresh Krishnan> iesg is more effective than before
[22:44:41] <Suresh Krishnan> -> focus more on critical issues
[22:44:48] <Suresh Krishnan> even though we still pick out nits
[22:45:00] <Suresh Krishnan> -> better edit cycles
[22:45:14] <Suresh Krishnan> -> the results show up in the increased throughput
[22:45:46] <Suresh Krishnan> the process change lists have not seen much activity
[22:45:50] <Suresh Krishnan> why?
[22:45:57] <Suresh Krishnan> people gave up?
[22:46:03] <Suresh Krishnan> people happy?
[22:46:10] <Suresh Krishnan> people to busy?
[22:46:29] <Suresh Krishnan> Don't know which is the real reason
[22:46:45] <Suresh Krishnan> There are good people working on these. So we will do well
[22:46:46] --- nico has left: Replaced by new connection
[22:46:46] <Suresh Krishnan> ---
[22:46:59] <Suresh Krishnan> Will continue to improve IESG processing
[22:47:00] --- plenary has joined
[22:47:12] <Suresh Krishnan> tracker tool
[22:47:33] <Suresh Krishnan> Consensus of what to block on
[22:47:40] <Suresh Krishnan> Work closely with WG chairs
[22:47:50] <Suresh Krishnan> ICAR starting soon
[22:47:57] <Suresh Krishnan> We need volunteers
[22:47:57] --- plenary has left
[22:48:02] --- leifj has joined
[22:48:16] <Suresh Krishnan> We need to measure the impact of our changes
[22:48:25] <Suresh Krishnan> The effects are mostly subjective
[22:48:31] <Suresh Krishnan> ---
[22:48:33] <Suresh Krishnan> summary
[22:48:45] <Suresh Krishnan> we have made a number of small changes and it is helpin
[22:49:01] <Suresh Krishnan> we are making bigger changes and we hop to make things better
[22:49:23] <Suresh Krishnan> the progress is slow.Thanks for your patience and support
[22:49:30] <Suresh Krishnan> [open to questions]
[22:49:48] --- ggm has left
[22:50:05] --- plenary has joined
[22:50:13] <Suresh Krishnan> Dave Crocker: 2 years back people thought things were not good.
[22:50:39] <Suresh Krishnan> We need to measure the satisfaction
[22:50:40] <plenary> my client is insisting on naming me "plenary," after the room name
[22:50:49] <plenary> but I'm nico
[22:50:56] <Suresh Krishnan> Harald: Don't know how to measure
[22:51:10] <Suresh Krishnan> Scott: Is the "blocked" I-D going to become public
[22:51:14] <Suresh Krishnan> Harald: Yes
[22:51:39] --- jishac has left
[22:51:45] <Suresh Krishnan> Brian Carpenter: Satisfaction surveys are hard to fill in
[22:52:05] --- plenary is now known as nico
[22:52:22] --- nico is now known as nico2
[22:52:22] <Suresh Krishnan> [Scale of 1-5 always ends up answering with 3]
[22:52:28] --- nico2 is now known as nico
[22:52:28] <Suresh Krishnan> We need to publicize good news
[22:52:39] <Suresh Krishnan> Harald: Let's work on this
[22:53:22] <Suresh Krishnan> [Harald looking for a document]
[22:53:50] <Suresh Krishnan> [It is an Attendance graph]
[22:53:58] <Suresh Krishnan> [It has stopped dropping]
[22:54:29] <Suresh Krishnan> Alex Conta: Question about yesterday's plenary
[22:54:44] <gih> Leslie's presentation on IETF admin restructuring is at http://www.iab.org/iab/adminrest-ietf60.pdf
[22:54:51] --- jishac has joined
[22:54:51] <Suresh Krishnan> How many heads of state were present at the ITU-T conference
[22:55:04] <Suresh Krishnan> Plenaries are much quieter than before
[22:55:07] <Suresh Krishnan> why?
[22:55:08] --- BP has left: Disconnected
[22:56:03] <Suresh Krishnan> Harald: Heads of State? Many people take ITU seriously, but if the president of Uganda walked in
[22:56:11] <hildjj> what was that that harald just said?
[22:56:13] --- keitaro has left: Disconnected
[22:56:17] <Suresh Krishnan> the first question would be "have you read the drafts"
[22:56:21] <Suresh Krishnan> [laughter]
[22:56:21] <hildjj> got it.
[22:56:39] --- csp has joined
[22:56:42] <Suresh Krishnan> Alex:Without government nothing happens. You know that as a European
[22:57:01] <nico> right, sure
[22:57:05] --- csp has left
[22:57:14] --- galvinjamesm has left
[22:57:22] <Suresh Krishnan> Harald: In order for the internet to function well, the govts should send engrs. here as well
[22:57:37] <Suresh Krishnan> govts and engrs are not incompatible
[22:57:51] <Suresh Krishnan> they have to come.
[22:57:55] <Suresh Krishnan> we cannot fetch them
[22:58:25] <Suresh Krishnan> alex: Govts can put up a legal infrastructure to aid the growth of internet infrastructure
[22:58:31] --- klensin-ietf has joined
[22:58:33] <Suresh Krishnan> [lot of people snickering]
[22:58:53] <Suresh Krishnan> Harald: Next speaker
[22:59:25] <Suresh Krishnan> Hillary: [Imagines certain heads of state on stage answering questions]
[22:59:39] --- JoelMHalpern has joined
[22:59:42] <Suresh Krishnan> [Appreciates the increased transparency]
[23:00:00] --- timbray has joined
[23:00:03] <Suresh Krishnan> No more social events, t-shirts :-(
[23:00:11] <Suresh Krishnan> Hope the coffee stays
[23:00:28] <Suresh Krishnan> Harald: Coffee comes from the regn. fees. So it will stay
[23:01:19] <Suresh Krishnan> Spencer Dawkins: [Talks about dealing with sponsors and justifying what the IETF does]
[23:02:03] <Suresh Krishnan> [Thanks the IESG members present/past for changes in the IESG]
[23:02:06] <Suresh Krishnan> [applause]
[23:02:34] <Suresh Krishnan> Fred Baker: Attendance is back to the numbers in 2000
[23:03:05] <Suresh Krishnan> people who needed to be here are still here
[23:03:16] <Suresh Krishnan> the tourists/curious folks are gone
[23:03:32] <randy> (he said back to number at Adelaide meeting in 2000, and back to average of meetings in 1998)
[23:03:38] --- raeburn has left: Lost connection
[23:03:39] --- keitaro has joined
[23:04:01] --- javier has left: Disconnected
[23:04:04] <Suresh Krishnan> [Talks about IAB and a tea party in Boston]
[23:04:30] --- javier has joined
[23:04:58] <Suresh Krishnan> The relative calm in the plenary meetings is the result of the amount of work we have done to fix issues
[23:05:22] --- JoelMHalpern has left
[23:05:37] <Suresh Krishnan> Sue Harris: Still concerned about some issues.
[23:06:04] <Suresh Krishnan> Concered about WG chairs holding editor/author roles
[23:06:16] <Suresh Krishnan> Looking forward to ICAR work
[23:06:26] <Suresh Krishnan> [Leslie back on the mic]
[23:06:53] <Suresh Krishnan> ---
[23:06:57] --- mgupta has joined
[23:07:05] <Suresh Krishnan> IETF administrative restructuring
[23:07:10] <Suresh Krishnan> status report
[23:07:23] <Suresh Krishnan> this is not news but has been around for some time
[23:07:54] <Suresh Krishnan> as fred said earlier , this is about growing up
[23:08:14] <Suresh Krishnan> we should remember the people who have helped us to get here
[23:08:25] --- sarolaht has left
[23:08:32] <Suresh Krishnan> Bob Kahn and CNRI have been around since time immemorial
[23:08:39] <mgupta> s/Sue Harris/Sue Hares
[23:08:46] <Suresh Krishnan> longer than most of us here have participated
[23:09:13] <Suresh Krishnan> [Thx]
[23:09:23] <Suresh Krishnan> overview of chanes
[23:09:30] <Suresh Krishnan> better tools for WG support
[23:09:40] <Suresh Krishnan> [missed somethin. too fast]
[23:09:50] <Suresh Krishnan> mission statement approved
[23:09:58] <Suresh Krishnan> implementation proposal being worked on
[23:10:15] <Suresh Krishnan> done by consultant carl malamud
[23:10:23] <Suresh Krishnan> will get monthly status reports
[23:10:27] <Suresh Krishnan> ---
[23:10:42] <Suresh Krishnan> this is an update. it is not an announcement
[23:10:53] <Suresh Krishnan> carl has been busy
[23:11:00] <Suresh Krishnan> more editing needed
[23:11:08] --- leifj has left
[23:11:13] <Suresh Krishnan> document out if few weeks
[23:11:22] <Suresh Krishnan> there will be a chance for you folks to comment
[23:11:32] <Suresh Krishnan> [Carl called to the stage]
[23:11:39] <Suresh Krishnan> Carl: Will keep it short
[23:11:46] <Suresh Krishnan> I have been around for a while
[23:11:52] <Suresh Krishnan> I have been a co-chair
[23:12:00] <Suresh Krishnan> I ave worked a lot in operations
[23:12:11] <Suresh Krishnan> I have chaired 3 non profits including ISC
[23:12:18] <Suresh Krishnan> (who makes bind)
[23:12:38] <Suresh Krishnan> Read up on the problems
[23:12:46] <Suresh Krishnan> Checked up on the financials
[23:12:51] --- norifmi has joined
[23:12:53] <Suresh Krishnan> Checked with the lawyers
[23:13:08] <Suresh Krishnan> Working on getting the details straight
[23:13:14] <Suresh Krishnan> I just started in June
[23:13:20] --- wyllys has left: Disconnected
[23:13:25] <Suresh Krishnan> Leslie and Harald initiated this
[23:13:36] <Suresh Krishnan> I have spoken to IAB/ISOC and people of the community
[23:13:56] <Suresh Krishnan> we will publish a draft and ask for comments
[23:14:13] <Suresh Krishnan> the proposal will be concrete
[23:14:18] <Suresh Krishnan> not wishy washy
[23:14:36] <Suresh Krishnan> it will be 60-70 pages long
[23:14:51] <Suresh Krishnan> be brutually honest with your opinions
[23:15:21] <Suresh Krishnan> Spencer: Where will this be discussed?
[23:15:28] <Suresh Krishnan> Harald: On the IETF list
[23:16:47] --- galvinjamesm has joined
[23:16:51] <Suresh Krishnan> ---
[23:17:08] <Suresh Krishnan> [I do not understand this]
[23:17:22] <Suresh Krishnan> We are creating an administrative entity
[23:17:56] <Suresh Krishnan> it manages the support functions of the IETF process
[23:18:04] <Suresh Krishnan> it is resonsive and supportive to the IETF
[23:18:29] <Suresh Krishnan> s/resonsive/responsive/
[23:18:34] <Suresh Krishnan> ---
[23:18:42] <Suresh Krishnan> positioning this entity
[23:19:18] <Suresh Krishnan> [talks about how the ISOC and IETF community work together]
[23:19:23] --- gih has left: Disconnected
[23:19:49] <Suresh Krishnan> they are heavily interdependent
[23:20:14] --- malamud has joined
[23:20:18] <Suresh Krishnan> we are introducing an entity to support the standards process not to influence it
[23:20:36] <Suresh Krishnan> this is a different kind of relationship than between the IETF and ISOC
[23:20:48] --- aen has left: Lost connection
[23:20:59] <Suresh Krishnan> ISOC selects the IAB and the IETF chooses the board members. Nobody is in control
[23:20:59] --- lynn has joined
[23:21:09] <Suresh Krishnan> how does the "entity" work with the ISOC
[23:21:37] <Suresh Krishnan> IT(the entity) will be responsible and responsive to the IETF community
[23:22:02] <Suresh Krishnan> will be staffed by a single person
[23:22:09] <Suresh Krishnan> will not change the standards process
[23:22:15] <Suresh Krishnan> ---
[23:22:16] <Suresh Krishnan> goals
[23:22:33] <Suresh Krishnan> clear and xparent mechanism for all support mechanism
[23:22:43] <Suresh Krishnan> web pages/registration etc.
[23:23:06] <Suresh Krishnan> open to carving out work with commercial contracts if needed
[23:23:21] <Suresh Krishnan> will issue RFPs if needed
[23:23:32] <Suresh Krishnan> will NOT be based on lowest bidder
[23:23:46] --- csp has joined
[23:23:48] <Suresh Krishnan> will be based on BEST FIT
[23:24:25] <Suresh Krishnan> ---
[23:24:27] <Suresh Krishnan> Transition
[23:24:44] <Suresh Krishnan> will be performed over time with no disruptions
[23:24:56] <Suresh Krishnan> need to move in an orderly fashion and to get there
[23:25:06] <Suresh Krishnan> this has not been decided
[23:25:20] --- csp has left
[23:25:23] <Suresh Krishnan> we are asking you "is this the right thing?"
[23:26:01] <Suresh Krishnan> A big issue is the definition of the relationship between the ENTITY and ISOC
[23:26:15] <Suresh Krishnan> -> Should they be strongly related
[23:26:26] <Suresh Krishnan> -> Is it a peer to ISOC or part of ISOC
[23:26:51] <Suresh Krishnan> Draft will discuss both of the paths before making any recommendations
[23:27:40] <Suresh Krishnan> [Discussing the two options using diagrams]
[23:28:18] <Suresh Krishnan> option 2 will mean IETF will have two kinds of relationships with ISOC
[23:28:25] <Suresh Krishnan> ---
[23:28:41] --- tuy has left: Disconnected.
[23:28:45] <Suresh Krishnan> governance structure for ENTITY(can I call this crutch since it is a support group)
[23:28:54] <Suresh Krishnan> to be put in place
[23:29:23] <Suresh Krishnan> need to ensure crutch is responsive to IETF(most important)
[23:29:32] <Suresh Krishnan> ---
[23:29:48] <Suresh Krishnan> this is not yet decided
[23:29:57] <Suresh Krishnan> not asking for consensus yet
[23:30:05] <Suresh Krishnan> will make sufficient documentation soon
[23:30:09] <Suresh Krishnan> ---
[23:30:21] <Suresh Krishnan> starting to execute
[23:30:35] <Suresh Krishnan> need a transition leadership team
[23:30:47] <Suresh Krishnan> they will find the first employee
[23:31:12] <Suresh Krishnan> make an RFP for the functions currently performed y the IETF secretariat
[23:31:30] <Suresh Krishnan> process complete by end of 2004
[23:31:41] --- Doug has left
[23:31:45] <Suresh Krishnan> service providers will start working in beginning of 2005
[23:31:51] <Suresh Krishnan> ---
[23:31:53] <Suresh Krishnan> final thoughts
[23:32:12] <Suresh Krishnan> we heard yesterday about the beginnings of the IETF
[23:32:23] <Suresh Krishnan> we have changed
[23:32:45] <randy> BTW, asrg slides are at <http://www.taugh.com/ietf60-asrg.pdf>
[23:32:50] <Suresh Krishnan> the hallmark is the way individuals (mainly) and orgnzn.s come toghether to make the internet work
[23:32:56] <Suresh Krishnan> hope this will stay this way
[23:33:17] <Suresh Krishnan> ? from MCI: Why fix something which isn't broken
[23:33:29] --- gih has joined
[23:33:37] <Suresh Krishnan> have you read RFC3716
[23:33:43] <Suresh Krishnan> -Harald
[23:34:04] <admcd> ? is Henry Sinnreich
[23:34:09] <Suresh Krishnan> [Thx]
[23:34:28] <Suresh Krishnan> April: I think this is the right direction to go
[23:35:14] <Suresh Krishnan> The term "responsible to" is not clearly defined.
[23:35:39] <Suresh Krishnan> The reporting structure has to be clearly defined
[23:35:57] <Suresh Krishnan> Don't paint too rosy a picture
[23:36:55] <Suresh Krishnan> Fred:[Explains the organizational structure]
[23:37:09] <Suresh Krishnan> ISOC and IETF are symbiotic
[23:37:24] <Suresh Krishnan> ISOC will provide the office and paycheck for the person
[23:37:32] <Suresh Krishnan> they report and work for the IETF
[23:38:02] <Suresh Krishnan> s/they/he\/she/
[23:38:11] --- jeromedu has left: Disconnected
[23:38:41] <Suresh Krishnan> Leslie: The person will not be responsible to the mailing lists of the IETF but to a person
[23:38:53] --- Doug has joined
[23:38:57] --- gih has left
[23:39:01] <Suresh Krishnan> April: Will need to look at the details when they are out
[23:39:20] --- jakob has left: Disconnected
[23:39:23] <Suresh Krishnan> Joe: Thinks crutch may be understaffed
[23:40:09] <Suresh Krishnan> Harald: Some functions like PR can be better performed elsewhere. Will keep this in mind
[23:40:50] <Suresh Krishnan> Jonne: Stupid Question [sic] Wants to know about the consensus process.
[23:41:00] <Suresh Krishnan> will there be a last cal etc.
[23:41:00] --- malamud has left: Disconnected
[23:41:03] <Suresh Krishnan> Harald: Yes
[23:41:11] <Suresh Krishnan> Bob Kahn to speak
[23:41:20] <Suresh Krishnan> head of CNRI
[23:41:37] <Suresh Krishnan> I have a feeling of surrealism
[23:41:50] <Suresh Krishnan> I did not see the CNRI in the picture
[23:42:02] <Suresh Krishnan> Maybe you want a future without us
[23:42:17] <Suresh Krishnan> We have been intimately involved with the IETF
[23:42:28] <Suresh Krishnan> we have sheperded the IETF into what it has become
[23:43:22] <Suresh Krishnan> we have let you folks have a free rein over the standards making process
[23:43:44] --- mgupta has left
[23:43:47] <Suresh Krishnan> I would like to thank Foretech(is it spelt right) who man the IETF secretariat
[23:43:55] <Suresh Krishnan> ---
[23:44:01] --- malamud has joined
[23:44:16] <randy> I think it is "Fortec"
[23:44:27] <timbray> Foretec
[23:44:35] <Suresh Krishnan> I was involved in separating the Internet from the government
[23:44:55] <Suresh Krishnan> What is at stake?
[23:44:59] --- dinakar has left
[23:45:02] <Suresh Krishnan> This is not about who runs what
[23:45:18] <Suresh Krishnan> There are issues which are not addressed today
[23:45:37] <Suresh Krishnan> What we worked so hard for so long to achieve is at stake
[23:46:03] --- mlshore has left: Disconnected
[23:46:12] <Suresh Krishnan> [Talking about attendance fees and government funding]
[23:46:36] <Suresh Krishnan> we (CNRI) played a major role in the growth of the IETF
[23:47:09] <Suresh Krishnan> I heard about the restructuting end of last year
[23:47:19] <Suresh Krishnan> I had a couple of misgivings
[23:47:30] --- csp has joined
[23:47:46] <Suresh Krishnan> I raised the issues between the IESG and the secretariat
[23:47:57] <Suresh Krishnan> -> identifying the resources
[23:48:00] --- nico has left
[23:48:13] --- csp has left
[23:48:13] <Suresh Krishnan> -> staying within those resources
[23:48:37] <Suresh Krishnan> CNRI recognizes the role of the IETF to carry out its technical mission
[23:49:13] <Suresh Krishnan> we suggested an independent entity ro replace the secretarial work we have done so long
[23:49:16] <Suresh Krishnan> ---
[23:49:36] <Suresh Krishnan> I heard about this new orgnzn recently
[23:49:44] <Suresh Krishnan> The devil is in the details
[23:49:53] <Suresh Krishnan> there is a report in progress.
[23:50:06] <Suresh Krishnan> I hope this will shed more light on this entity
[23:50:23] <Suresh Krishnan> hopefully everyone can get to comment on this proposal if if gets that far
[23:51:00] <Suresh Krishnan> major concern aout the composition of the board of directors of this entity
[23:51:10] <Suresh Krishnan> and the independence of this entity
[23:51:30] --- klensin-ietf has left
[23:51:38] <Suresh Krishnan> CNRI supports this work
[23:51:56] <Suresh Krishnan> but the community needs to be involved and recognize the impacts
[23:52:25] <Suresh Krishnan> premature action can cause unexpected results
[23:52:43] <Suresh Krishnan> don't rush to implement this before getting extensive feedback
[23:53:01] <Suresh Krishnan> CNRI will do all it can to maintain stability
[23:53:04] --- brabson has left
[23:53:18] <Suresh Krishnan> this is really about the FUTURE OF THE IETF
[23:53:37] <Suresh Krishnan> IETF has done a lot of contributions to public interest
[23:53:38] --- yushun has joined
[23:53:46] <Suresh Krishnan> what worked in the past may not work in the future
[23:54:10] <Suresh Krishnan> Ted: Talking to Bob. You were too modest
[23:54:28] <Suresh Krishnan> It was really you when you said CNRI
[23:54:36] <Suresh Krishnan> [Applause for Bob]
[23:55:22] --- mrose has joined
[23:55:29] <Suresh Krishnan> We have looked up to certain individuals You, Vint Cerf, Postel
[23:55:50] --- ole has left
[23:55:57] <Suresh Krishnan> Talks about next generation Harald, Leslie...
[23:56:31] <Suresh Krishnan> Bob: I am not here for mic time.
[23:57:01] <Suresh Krishnan> The issues need to be on the table before we discuss them
[23:57:28] <Suresh Krishnan> Harald and Leslie are working for the good of the community
[23:58:52] <Suresh Krishnan> We decided to elect the leadership of the community FROM the community
[23:59:17] <Suresh Krishnan> Harald: Looking forward to Bob's input
[23:59:59] <Suresh Krishnan> Hillary: This is a serious issue. [Still wants a t-shirt which says "Listen to Bob"]
[00:00:08] <Suresh Krishnan> [Jokes about 802.IETF and ITU.I]
[00:00:20] --- raeburn has joined