[09:20:30] --- levigner has joined
[10:04:04] --- yone has joined
[10:04:08] --- yone has left
[10:04:17] --- uijterwaal has joined
[10:04:21] --- uijterwaal has left
[12:18:02] --- levigner has left
[12:31:17] --- levigner has joined
[12:34:12] --- levigner has left
[14:44:24] --- frodek has joined
[14:44:37] --- frodek has left
[17:47:56] --- mjo has joined
[17:54:53] --- shep has joined
[17:55:18] --- Leslie has joined
[17:55:29] --- mrichardson has joined
[17:56:13] <mrichardson> where can I a bingo sheet?
[17:56:21] --- raeburn has joined
[17:56:31] --- bruce has joined
[17:57:43] --- tlyu has joined
[17:59:10] --- harald has joined
[17:59:10] --- harald has left
[17:59:10] --- harald has joined
[17:59:10] --- harald has left
[18:01:27] <bruce> drums end, and olaf opens.
[18:01:46] <bruce> irtf chair report - aaron falk
[18:02:30] --- iljitsch has joined
[18:03:21] --- levigner has joined
[18:03:51] <bruce> 7 irtf groups met at this ietf ; one draft published on irtf rfc review, 1 irtf rfc published since -68 (4838)
[18:04:20] <bruce> 10 drafts on the way.
[18:05:18] <bruce> routing research group meeting tomorrow - lots of proposals yadda yadda
[18:06:07] <bruce> (running through each research group; slides are there)
[18:07:13] --- frodek has joined
[18:09:54] --- bhoeneis has joined
[18:12:26] <bruce> peer-to-peer research group is looking for new chairs
[18:12:36] <bruce> no questions.
[18:13:07] <bruce> iab update - olaf k
[18:13:29] <bruce> http://www.iab.org/ and go from there.
[18:16:58] --- bert has joined
[18:17:49] --- jishac has joined
[18:18:29] --- keyajima has joined
[18:20:49] --- jimsch1 has joined
[18:20:58] <bruce> end of presentation, iab members to the podium for the bi^H^Hopen mic session
[18:21:14] <bruce> animation of tomatos going past the mic.
[18:23:03] <bruce> ???: after 8-10 years of the same questions, what is new?
[18:23:09] --- trphelan has joined
[18:23:11] <bruce> ??? = elliot lear
[18:23:58] <bruce> ???: puzzled about lack of technical presentation - wants more.
[18:24:04] <bruce> ??? = ross munderson (?)
[18:24:38] <bruce> olaf: no good speaker available for this time, sorry.
[18:25:13] <bruce> aaron: are people interested in a selected researcher giving a presentation?
[18:25:32] --- nm has joined
[18:26:29] <bruce> dave crocker: nothing new to complain about right now...
[18:27:04] <bruce> +++ warning: function gist() failed in monotonal delivery ; restarting. +++
[18:27:30] <bruce> olaf: looking for volunteers for such presentations.
[18:28:29] <bruce> edgar: have seen a lot of boring talks; wants interesting stuff, please tell me.
[18:29:30] <bruce> harald: relationship with itu ; what do you think ietf participant's attitude towards itu should be? range from 'get off my turf' to 'you will be assilimated'
[18:30:38] <bruce> olaf: think that what we try is to tell them .... harald: 'strong fences make good neighbours' -
[18:30:45] --- jhlim has joined
[18:32:02] <bruce> steve hanna: send stuff to iab and let them decide on cool factor (?)
[18:32:54] <bruce> alain durand: home gateways - stateful firewall for ipv6 on by default, essentially ipv6 nat... question is 'what do you guys think about that?'
[18:32:56] --- arifumi has joined
[18:33:47] <bruce> olaf: discussion on sunday on v4-v6 transistion mechanisms... varied opinions within iab/iesg, no common vision.
[18:34:19] --- fp has joined
[18:35:13] <bruce> kurt: end-user management is good (personal view).. anything can do as vendor to limit damage also a good thing. difference between what vendors may do and what ietf wants.
[18:35:51] <bruce> ???: everyone's problem ; must work together.
[18:36:43] <bruce> edgar: not sure; personally don't think ietf should recommend any default security posture.
[18:37:03] --- keith_nm has joined
[18:37:24] <bruce> alain: missed.
[18:37:59] <bruce> ???: highly advisable to have firewalls in edge equipment.
[18:38:38] <bruce> philip hallam-baker: would like to see talks giving out a coherent view on dealing with attacks and how to engage the other parties.
[18:39:14] <bruce> phb: home-user much more worried about bank account drainage/being used to send spam etc than whether they have a full ipv6 view.
[18:39:24] --- yone has joined
[18:40:12] --- levigner has left: Replaced by new connection
[18:40:42] <bruce> leslie: specific awareness on what the ietf is about; general keynote addresses that we've shied away from in last few years. more focus on awareness.
[18:40:59] --- Leslie has left
[18:41:33] <bruce> owen(?): we're working with isoc on increasing user awareness about whats going on.. 6 months to a year.
[18:42:00] <bruce> tony hann: disappointed. no-one in the iab picked up on the difference between firewall and nat.
[18:42:12] <bruce> tony hain
[18:42:31] --- eric has joined
[18:43:48] <bruce> iljitch van beijnum: incredibly harmful to have stateful firewall by default, blocks end to end communication; what protocols still work through such a setup; we can avoid this by making clear statements.
[18:44:35] <bruce> ivb: we need to finish ipv6 (list of stuff that works with v4 but not v6)
[18:45:14] --- levigner has joined
[18:46:04] --- bensons has joined
[18:46:08] <bruce> much swapping back'n'forth with ivb and edgar.
[18:46:43] <bruce> dave thaler: (explaining whats being done)
[18:46:47] <bruce> ivb is not happy.
[18:48:17] <bruce> ross mundie: would love to have irtf-related presentations. principle of least surprise; knowing ahead of time would be good.
[18:48:59] <bruce> greg daly: don't like ICE. don't want to do it with each application. answer is smart firewalls on the host level.
[18:49:11] --- arifumi has left: Replaced by new connection
[18:49:30] <bruce> or swmarter middleboxes. consumer boxes never get updated, must do something right now.
[18:49:40] --- arifumi has joined
[18:50:56] <bruce> joel jaeggli(?): been here for long time, at the time, principles of design were on 'shared vision' across areas. not seeing that now. seeing very narrow pieces of work driven by market needs, and iab not demonstrating a vision.
[18:52:46] <bruce> olaf: we've got some docs to that end 4840, 4903, 4907, 4924. hard to put into documents the whole charter/ideal/etc
[18:54:21] <bruce> edgar: routing on home computers is insecure; that means firewalls, gateways, etc, locking stuff down. some missive from iab to turn off firewalls is unlikely to be listened to or change that.
[18:54:56] --- oak has joined
[18:55:00] <bruce> dave thaler: agreed. edge firewalls have two points; protect the internal bandwidth, and protect nodes without their own firewall.
[18:56:05] <bruce> dave: host firewall has more knowledge (about what the host is doing) than the edge/gateway firewall. but.. can't trust the host... back'n'forth.
[18:56:12] <iljitsch> this is what I was referring to at the mike, not an actual design team, but still: http://psg.com/lists/v6ops/v6ops.2007/msg00321.html
[18:56:24] --- csp has joined
[18:57:14] <bruce> (didn't get ??? comments)
[18:58:09] <bruce> melinda shaw: ice is not for firewalls. ICE creates nat table mappings and checks for connectivity, doesn't check for firewall policy.
[18:58:32] --- fujiwara has joined
[18:58:39] <csp> ICE: http://www.ietf.org/internet-drafts/draft-ietf-mmusic-ice-17.txt It's in IETF last call.
[18:59:26] <bruce> edgar: ice is a way to discover where some way exists to get packets trhough.
[18:59:37] --- ruri has joined
[18:59:42] <bruce> melinda: its bypassing firewall policy.
[19:02:05] <bruce> dave crocker: technical presentations suggestion... we have RGs and WGs which have gone on for a long time, other groups with a broader call and/or have run into a brick wall.. be helpful to us to have presentations about such. not religious debate, increase awareness of what groups are doing.
[19:03:05] <bruce> ???: have done before, result was not so good.
[19:03:36] <bruce> dave: still like that efforts be made.
[19:04:47] <bruce> phillip hallam-baker: native ipv6 is a feature. ability to have unrestricted acceptance of inbound connections is a desire(?).
[19:05:46] <bruce> phb: too many end-points and too complex, don't want to manage at the end-point, core is also bad point for complexity.. compromise placement (gateway)
[19:06:08] <bruce> phb: got to be thinking forward, and be ready to realise when our assumptions do not apply.
[19:06:41] <iljitsch> So Philip, will you be taking a portable firewall with you as you travel with your laptop?
[19:06:56] --- keith_nm has left
[19:07:24] --- levigner has left: Replaced by new connection
[19:07:41] --- levigner has joined
[19:07:45] <bruce> ???: not about complexity; robustness. (was a lot more)
[19:08:09] --- keith_nm has joined
[19:09:18] --- klensin has joined
[19:09:21] <bruce> oh, wow... I've got a diagonanl
[19:09:30] <bruce> and someone just shouted out theirs.
[19:09:43] --- nm has left: Replaced by new connection
[19:09:43] --- nm has joined
[19:09:43] --- nm has left
[19:09:59] --- mrex has joined
[19:10:39] --- nm has joined
[19:11:22] --- bensons has left
[19:12:14] <bruce> thomas narten: (bit missed) look at nat, ietf didn't comment on that, and look at the usage of it all round.
[19:12:18] --- mjo has left
[19:13:21] <bruce> thomas: how many people use public IPs (few) vs behind a nat (lots) - all at home.
[19:13:38] <bruce> thomas: theres an rfc out there that we've punted on.
[19:14:31] <bruce> (someone else feel like typing for a while?)
[19:14:37] --- fujisaki has joined
[19:15:14] <iljitsch> here you go: http://tools.ietf.org/wg/v6ops/draft-van-beijnum-v6ops-connect-method-00.txt
[19:15:37] --- keyajima has left
[19:16:07] --- Melinda has joined
[19:16:16] <bruce> bob hinden: this is an open network, and I haven't heard of anyone having their laptop compromised during the conference; hosts are getting better.
[19:16:18] <mrex> who is NOT running some kind of firewall on his laptop?
[19:16:42] <mrex> I mean for a Windows box, this would be entirely lunatic to NOT run a firewall
[19:16:45] <iljitsch> apple has the host firewall disabled by default
[19:16:55] <bruce> bob: we need a way for hosts to tell firewalls to send them particular types of traffic
[19:17:07] <mrex> and even Linux Distros come with Firewalling/Filtering pre-installed for some time now
[19:17:11] <bruce> (isn't there some apple-sponsored protocol in draft?)
[19:17:17] --- csp has left
[19:17:27] <bruce> (that does what bob was saying)
[19:17:34] <bhoeneis> which linux distros do this?
[19:17:52] <mrex> OpenSUSE 10.2
[19:18:36] <arifumi> fedora also, i guess
[19:18:54] <mrex> probably Knoppix and Ubuntu as well
[19:18:55] <bruce> ???: not that many levers the iab can pull to solve the problem (lots missed)
[19:19:07] <bhoeneis> ubuntu does not
[19:19:13] <bhoeneis> not that i am aware of
[19:19:57] <bruce> brian carpenter: complaining about speaker order, and change of subject.
[19:20:29] --- keith_nm has left: IETF69, Chicago
[19:20:53] <mrex> I certainly do NOT thank Microsoft for making a Firewall imperative for a Windows Machine, but I'm glad they finally put a firewall per default on every Windows XPsp2 machine
[19:20:54] <bruce> brian: number of papers on the way to fix problems with current internet is to make a new one.
[19:21:39] <mrex> (because the alternative, hundreds of millions of zombie windows machines would have brought down the internet by now)
[19:21:58] <bruce> aaron: familar with some of them, particular the US 'find' (?) program... find protocols that don't have the same constraints and later, how to implement them on current internet.
[19:23:14] <bruce> leslie: me too. thrust of programs is to release constraints that are inevitable in an actual/working system.
[19:23:37] <mrex> I would expect almost every Linux distro to configure ipchains these days
[19:24:21] <bruce> 'future internet directions'
[19:24:30] <bruce> (real men run bsd ;) )
[19:24:59] --- jishac has left
[19:25:48] <bruce> dave crocker: have some review presentations about what did and didn't work.
[19:26:27] <bruce> dave: how many people know that SIP used to refer to something else... and was what is now the core of the current ipv6.
[19:27:11] <bruce> melinda shaw (?): voice has suffered the most because of nat. could use a lot of review from application people. (?)
[19:27:37] --- fujisaki has left: Replaced by new connection
[19:28:42] <bruce> rick lan, rfc user (etc): (various history, thanks etc).
[19:28:59] <bruce> rick: want a summary of what the itu and others are doing.
[19:29:14] <bruce> richard lamb
[19:29:15] --- Melinda has left
[19:29:25] --- eric has left
[19:29:51] --- fujisaki has joined
[19:30:48] --- Glenn Parsons has joined
[19:30:50] <bruce> thomas: 1 BILLION users around now. (emphasis his). we are running out of ipv4 space. short window (<3yrs) before we're in trouble and should really have had v6 rolled out. ietf tends to work best in crunch time.
[19:31:11] <mrex> It is NOT the end user that will need IPv6 -- they're the last to notice the problem
[19:31:45] <bhoeneis> @mrex: Do you mean: we still have NATs?
[19:31:50] <bruce> itojun: eat your own dogfood.
[19:32:04] <iljitsch> tell that to the people who sign up for internet cable/dsl service the day after the isp in question got a big fat zero in response to their arin request
[19:32:15] <mrex> The large majority (me too) has a DSL-router providing NAT -- and it is the problem of the ISP selling the flat rate to keep that thing running
[19:32:28] <bruce> ???: wants presentation on ietf<->itee
[19:33:03] <bruce> (itojun's point was about not much progress has been made on v6 (?) )
[19:33:20] <bruce> leslie: thanks for the reminder
[19:33:37] --- trphelan has left
[19:33:38] <bruce> olaf is closing now.
[19:33:44] <mrex> those who run into the "running out of IPv4 addresses" are hosting providers and ISPs
[19:34:15] <iljitsch> the isps don't get the addresses for the fun of it, it's to address their customers
[19:34:16] --- ruri has left
[19:34:29] --- fp has left
[19:34:32] --- nm has left
[19:34:36] --- klensin has left
[19:34:44] --- yone has left
[19:34:46] --- arifumi has left
[19:34:47] <bruce> *wants to see little ceremonial plaques given to the 'last' ISPs in each area.*
[19:34:52] --- shep has left: Logged out
[19:34:52] --- iljitsch has left
[19:34:56] <bruce> last to get ipv4 that is.
[19:35:05] --- raeburn has left
[19:35:08] <mrex> before we can use IPv6, we will need app software that is IPv6 capable -- and a lot of that software still isn't
[19:35:14] --- bert has left
[19:35:15] --- frodek has left
[19:35:45] --- tlyu has left
[19:36:07] --- oak has left: Disconnected
[19:36:17] <bruce> mrex: its a classic chicken and egg situation. people won't go v6 because nothing supports v6, and people won't support v6 because no-one is doing v6.
[19:36:22] <mrex> I have lately noticed an increased latency on new connections through my DSL router. Maybe they
[19:36:31] --- keyajima has joined
[19:36:33] <mrex> are cascading NATs already
[19:36:57] <mrex> (at my ISP, that is)
[19:37:27] --- bruce has left
[19:41:30] --- levigner has left
[19:45:02] --- bhoeneis has left: Replaced by new connection
[19:49:51] --- arifumi has joined
[19:51:06] --- fujisaki has left: Replaced by new connection
[19:51:25] --- mrichardson has left
[19:51:35] --- arifumi has left
[20:04:58] --- keyajima has left
[20:34:15] --- jimsch1 has left
[20:37:10] --- jhlim has left: Disconnected
[22:48:25] --- fujiwara has left
[23:13:15] --- jhlim has joined
[23:20:22] --- Glenn Parsons has left: Lost connection
[23:21:15] --- mrex has left