Monday, 26 March 2012< ^ >
stpeter has set the subject to: Plenary @ IETF-82
Room Configuration

[11:51:52] malc joins the room
[12:12:27] malc leaves the room
[12:12:56] malc joins the room
[14:06:29] cmorgan joins the room
[14:21:16] yone joins the room
[14:22:27] SM joins the room
[14:22:55] jlcJohn joins the room
[14:27:20] Hugo Salgado joins the room
[14:29:05] tomkrist joins the room
[14:32:17] Hollenbeck joins the room
[14:32:32] Andrew Sullivan joins the room
[14:32:43] jpc joins the room
[14:33:04] <Hugo Salgado> Hi SM. Now I'm receiving signal from . A quiet one, but it connects ;)
[14:33:17] <SM> Thanks Hugo:)
[14:34:01] Thomas Hardjono joins the room
[14:34:57] rstory joins the room
[14:35:21] <rstory> is there an audio feed? I'm getting nothing on
[14:35:30] hildjj joins the room
[14:35:41] <SM> That is supposed to be the feed
[14:36:04] wseltzer joins the room
[14:36:07] cabo joins the room
[14:36:19] redaka joins the room
[14:36:27] cabo leaves the room
[14:36:34] dcrocker joins the room
[14:36:37] tomkrist leaves the room
[14:36:38] tomkrist joins the room
[14:37:17] Lee Howard joins the room
[14:37:59] kazubu joins the room
[14:38:05] frodek joins the room
[14:38:09] Klensin joins the room
[14:38:17] weiler joins the room
[14:38:37] Wes George joins the room
[14:38:45] tsuichi joins the room
[14:38:53] FJB joins the room
[14:39:40] Gregory Shapiro joins the room
[14:39:51] Dominik Elsbroek joins the room
[14:41:05] markushx joins the room
[14:41:18] hardaker joins the room
[14:41:55] pselkirk joins the room
[14:42:17] Dan York joins the room
[14:42:33] <jlcJohn> Can somebody local say _whether_ it has started?
[14:42:43] <SM> It has started
[14:43:09] <rstory> jlcJohn: so it's not just me.. you aren't getting audio either?
[14:43:16] <Thomas Hardjono> Any audio yet...
[14:43:17] <Dan York> There has been a presentation by the IRTF
[14:43:28] <Dan York> They are getting ready for the IAB report
[14:44:07] iljitsch joins the room
[14:44:10] <Klensin> No audio. Player finds the control file, but is waiting for bits
[14:44:24] <malc> someone earlier said that the audio was working but very quiet...
[14:44:26] <jlcJohn> I'm getting absolute silence on stream 9.
[14:44:37] <Klensin> Perhaps this is actually the remote participation bof in disguise.
[14:44:51] <SM> Yes, John :-)
[14:44:52] Chris Griffiths joins the room
[14:44:59] <jlcJohn> (There are a bunch of folks talking on stream 1, but clearly no presenter...
[14:45:42] iljitsch65647 joins the room
[14:45:42] iljitsch65647 leaves the room
[14:45:42] iljitsch84725 joins the room
[14:45:48] iljitsch leaves the room
[14:45:59] jpc leaves the room
[14:46:42] iljitsch84725 leaves the room
[14:47:01] iljitsch joins the room
[14:47:03] <Klensin> The remote participation page gives a separate link to the plenary (.../ietf839.m3u) and it clearly says "APlenary / Ampitheatre Bleu), but not a peep.
[14:47:06] <iljitsch> anyone else having trouble reading the slides from the back or is it just me?
[14:47:22] <iljitsch> anyone else having trouble reading the slides from the back or is it just me?
[14:47:43] Randall Gellens joins the room
[14:48:00] <hildjj> iljitsch: move closer?
[14:48:01] <Lee Howard> I can see fine from back row
[14:48:02] <Dan York> I'm not sure who to contact about the audio issue. The guys in the booth at the back of the auditorium are local working on the room.
[14:48:18] pselkirk leaves the room
[14:48:47] <malc> york: try the meeting trouble desk, ?
[14:48:52] Gregory Shapiro is now known as gshapiro
[14:48:56] gshapiro leaves the room
[14:48:56] <Klensin> Of course, since the Tools agenda doesn't show links for slides, audio, captioning, or anything else, it is tempting to say "what slides" or perhaps "really hard to see from here" :-(
[14:49:35] <jlcJohn> ... a blip on audio, now nothing again... :^(
[14:49:42] Melinda joins the room
[14:49:48] <Klensin> @Dan: messages have been sent to the noc, to the trouble ticket address, and to the Veriland streaming problems address..
[14:50:00] <Lee Howard> can someone closer read the URL of the live stenograph?
[14:50:07] <SM>
[14:50:08] <iljitsch> jhildebr: that's not a solution if it's a problem for everyone
[14:50:15] <SM>
[14:50:27] <iljitsch> Fred's text is of a reasonable size
[14:50:27] <Klensin> I just got my first sound -- a rather loud "pop"-- then back to silence
[14:50:43] <Melinda> No audio here. Is this not being streamed?
[14:50:46] <malc> the last presentation wasn't running full-screen
[14:50:47] <Dan York> klensin-ietf Thanks. I have sent messages as well. (I am in the room)
[14:50:48] <iljitsch> but it still seems to me that it would be good to use the entire screen
[14:50:57] <SM> It is supposed to be streamed
[14:51:09] <jlcJohn> ... some soft clicks...
[14:51:32] jpc joins the room
[14:51:33] mattlarsonamsl joins the room
[14:51:48] <Dan York> Currently the RFC Editor presentation is underway
[14:52:01] Lars joins the room
[14:52:11] mattlarsonamsl leaves the room
[14:52:14] <Klensin> @jfc: yeah, got those too. We could hypothesize a robot speaker communicating in a highly-compressed language, but I somehow doubt it.
[14:52:21] <jlcJohn> Folks should try SM's link!
[14:52:24] <iljitsch> some illumination on the speakers wouldn't suck either
[14:52:47] <Klensin> @Melinda, the stream appears to be emptying directly into the Seine.
[14:52:57] mnot joins the room
[14:53:19] <jlcJohn> (With the speech-to-text, it would be good to have someone posting slide numbers...
[14:53:26] Yves Lafon joins the room
[14:53:52] <Andrew Sullivan> RSE slide 4
[14:53:58] <jlcJohn> thx
[14:53:59] <Andrew Sullivan> (does that help?)
[14:54:01] <mnot> does the audio feed work for anyone?
[14:54:15] <SM> No, Mark and it is supposed to be channel 9
[14:54:25] mwm joins the room
[14:54:39] Lars leaves the room
[14:54:42] <Lee Howard> Leslie approaches the stage
[14:54:43] <mnot> yep, I'm on channel 9; nothing.
[14:54:44] <Klensin> Mark, Not for anyone who has reported in. Given the clicks and pinging sounds that are now coming through, it is pretty conclusively broken.
[14:54:47] <Andrew Sullivan> Now Leslie. No slides. Something quit unexpectedly
[14:54:53] <mnot> thx
[14:54:58] <Andrew Sullivan> slide 1 ipv6 day
[14:55:06] <Andrew Sullivan> or rather launch
[14:55:10] <Andrew Sullivan> slide 2
[14:55:11] <Andrew Sullivan> cats
[14:55:13] <Lee Howard> correction: IPv6 Launch
[14:55:14] <Andrew Sullivan> slide 3
[14:55:21] <Andrew Sullivan> badge on it
[14:55:26] <Melinda> That "thunk thunk" was promising.
[14:55:44] <Andrew Sullivan> slide 4
[14:56:08] RjS joins the room
[14:56:44] <Melinda> Hi, Andrew: to be honest, in the absence of audio a listing of slide numbers is not very helpful.
[14:57:05] <Andrew Sullivan> ok. I just saw John's request for slide numbers on the transcript
[14:57:20] <Andrew Sullivan> so that's what I was doing (is slide 5 now)
[14:57:32] Chris Waigl joins the room
[14:58:04] naptee joins the room
[14:58:10] <Andrew Sullivan> 6
[14:58:23] <jlcJohn> Melinda, I have fond memories of working from _only_ jabber and slide numbers!
[14:58:30] cabo joins the room
[14:58:32] <Melinda> Okay. There's no downside, it's just that if we're not following the transcript, seeing "6" isn't helpful.
[14:58:35] <Klensin> @Melinda, you can pick up the slide decks from links on
Not hyper-convenient, but it works and, once downloaded, no network delay.
[14:58:38] <jlcJohn> (besides, I now have the text transcription...)
[14:58:58] <Melinda> Jabber and sled numbers are great but only when there's a jabber scribe.
[14:59:04] <Andrew Sullivan> I can't do anything about the audio, sorry
[14:59:05] cmorgan leaves the room
[14:59:09] <Andrew Sullivan> I have no idea about it
[14:59:12] <Melinda> slide numbers, sorry.
[14:59:26] <Andrew Sullivan> I like sled numbers better :)
[14:59:28] <Andrew Sullivan> 7
[14:59:43] mattlarson joins the room
[14:59:46] mattlarson leaves the room
[15:00:19] <Andrew Sullivan> 8
[15:00:21] cmorgan joins the room
[15:01:21] <Thomas Hardjono> r those Leslie's cats...
[15:01:30] <Andrew Sullivan> 9
[15:01:39] <cmorgan> All: sorry for the audio issues, it is being worked on now.
[15:01:54] <SM> Thanks Cindy
[15:02:04] <Andrew Sullivan> 10
[15:02:19] <cmorgan> And to answer an earlier question, the link to the transcript is at
[15:02:57] Dominik Elsbroek leaves the room
[15:02:57] SM leaves the room
[15:02:59] <Andrew Sullivan> big cat
[15:03:06] <Andrew Sullivan> now badge
[15:03:13] <Andrew Sullivan> and now done
[15:03:19] <mnot> that's a promising buzz...
[15:03:27] SM joins the room
[15:03:34] <Klensin> Cindy, thanks. Unfortuately, "being worked on now" was the answer almost two hours ago. Consider turning off the speakers in the room to give local participants a better sense of the issue -- although they would then be spared the annoying buzzing noises we just got :-(
[15:03:45] Dominik Elsbroek joins the room
[15:04:01] <Andrew Sullivan> Panellists going to the stage
[15:04:22] <Andrew Sullivan> Title slide: Implementation challenges with browser security
[15:04:39] <Dan York> Hannes Tschofenig moderating
[15:05:21] <Andrew Sullivan> Background and Motivation (no numbers)
[15:07:09] <Andrew Sullivan> "The Web" slide
[15:09:04] <Andrew Sullivan> Key questions slide
[15:09:14] <Andrew Sullivan> (sorry John; dilatory.)
[15:09:49] <Andrew Sullivan> Plenary Agenda
[15:10:15] RjS leaves the room
[15:11:01] <jlcJohn> (Any bets on whether the transcription will be able to keep up with EKR?)
[15:11:57] Wes George leaves the room
[15:12:00] <Andrew Sullivan> Will not take that bet
[15:12:12] <Andrew Sullivan> Or maybe I should say wilntkethatbet
[15:12:20] <Andrew Sullivan> ekr slide 1
[15:12:53] guest1 joins the room
[15:12:54] <Andrew Sullivan> slide 2
[15:13:00] <Randall Gellens> Wow, he's running at about 0.25 EKRs
[15:13:17] smb joins the room
[15:13:29] <Randall Gellens> 0.5 EKRs
[15:13:38] <Andrew Sullivan> 3
[15:13:57] <Melinda> Well, the transcrption software is still having difficulties, anyway
[15:13:58] <Andrew Sullivan> 4
[15:14:04] <iljitsch> encrypting everything is STUPID
[15:14:12] stpeter joins the room
[15:14:18] <iljitsch> lots of stuff is public anyway
[15:14:23] <iljitsch> it's slower in RTTs
[15:14:28] <iljitsch> it uses more CPU
[15:14:30] <Andrew Sullivan> (Transcription software is clearly not having any luck)
[15:14:34] <iljitsch> it uses more battery
[15:14:38] <iljitsch> it's harder to debug
[15:14:47] <iljitsch> only use encryption when you really need it!
[15:14:50] <Melinda> ilijitsch, the issue is server authentication rather than encryption, I think.
[15:15:12] <Andrew Sullivan> 5
[15:15:16] SM leaves the room
[15:15:34] SM joins the room
[15:15:37] <Andrew Sullivan> excellent IM from fluffy
[15:15:37] <jlcJohn> (room noise, but I don't think it's the right room...)
[15:15:40] <Thomas Hardjono> My question to the panel: will the browser vendors care about what the IETF produces (in terms of RFCs). Will they implement?
[15:15:47] <Andrew Sullivan> slide 6
[15:16:02] <Andrew Sullivan> Lots of designs, skipping over
[15:16:05] <iljitsch> findthomas: ask the browser vendors, they are the only ones who know that
[15:16:16] <Andrew Sullivan> points out DANE
[15:16:20] <Klensin> Actually, we are training people (again) to just type domain names or domain names and tails, and not either http or https
[15:16:23] <Andrew Sullivan> slide 7, transition problems
[15:16:24] <Thomas Hardjono> Can someone relay my question to the panelist
[15:16:32] <iljitsch> this text is RIDICULOUSLY small
[15:16:38] <Randall Gellens> Questions are being held until the end
[15:17:06] <SM> So is the audio :-)
[15:17:34] <Andrew Sullivan> "can't ever ditch PKIX"
[15:17:39] <Andrew Sullivan> 8
[15:17:41] <Andrew Sullivan> worked example
[15:17:41] <jlcJohn> (false alarm... my iTunes switched streams...)
[15:18:04] <Andrew Sullivan> originally TLS 1 server/IP
[15:18:27] <Andrew Sullivan> SNI infrastricture, fixed in 2003, still not everywhere.
[15:18:37] <Andrew Sullivan> still not totally safe
[15:19:06] <Andrew Sullivan> (is this non-transcript summary helpful? if not, I'll stop)
[15:19:08] <Andrew Sullivan> 9
[15:19:13] <SM> It is
[15:19:16] <Andrew Sullivan> now what?
[15:19:30] <Andrew Sullivan> redirect, nit active attack
[15:19:49] <Andrew Sullivan> Other possibilities.
[15:20:01] <Andrew Sullivan> redirects, SPDY, DNS records, https everywhere
[15:20:04] <Andrew Sullivan> needs something
[15:20:05] <Andrew Sullivan> 10
[15:20:13] <SM> Audio is back
[15:20:15] <Andrew Sullivan> another problem
[15:20:37] Chris Griffiths leaves the room
[15:20:39] <Melinda> Excellent - thanks
[15:21:05] <Andrew Sullivan> (stopping summarizing because of audio)
[15:21:11] <Andrew Sullivan> 11
[15:21:14] <Andrew Sullivan> 12
[15:21:32] <Andrew Sullivan> 13
[15:22:10] Chris Griffiths joins the room
[15:22:14] <Andrew Sullivan> 14
[15:22:27] <Andrew Sullivan> (mixed-content: another collective action problem)
[15:23:25] <Andrew Sullivan> 15
[15:23:25] <Klensin> Andrew, thanks.
[15:23:47] <Andrew Sullivan> (is everything working now & I can stop?)
[15:24:03] <Andrew Sullivan> (or are the numbers still needed?)
[15:24:21] Lars joins the room
[15:24:34] <SM> Thanks Andrew, you can stop unless someone else ask for slide numbers
[15:24:36] Lars leaves the room
[15:24:59] <jlcJohn> Excuse me, what's supposed to be "working"?
[15:25:10] <rstory> jlcJohn: audio is back
[15:25:15] <SM> The audio is working, John
[15:25:27] <rstory> i had to reload my audio player manually..
[15:25:34] Lee Howard leaves the room
[15:25:40] <Hugo Salgado> Me too. Restart is needed.
[15:25:43] <jlcJohn> so it is, on a different computer...
[15:25:59] <Klensin> Yeah, me too. But listening now. thanks to all
[15:26:08] <jlcJohn> BTW, slide numbers will probably still help...
[15:26:24] <Andrew Sullivan> No numbers on this one. Alas. magic of RSA
[15:26:32] Hollenbeck leaves the room
[15:26:34] <rstory> agree.. slide numbers make it easier to follow..
[15:26:41] <Andrew Sullivan> Problem: sure this is ther key
[15:26:44] <Andrew Sullivan> dairy dust
[15:26:47] <Andrew Sullivan> fairy, even
[15:27:01] <Andrew Sullivan> solution
[15:27:09] <Andrew Sullivan> one person everyone trusts
[15:27:35] <Andrew Sullivan> big load of CAs
[15:27:49] <rstory> that's slide 10 in the slide pack..
[15:27:57] <Andrew Sullivan> thanks
[15:27:59] <Andrew Sullivan> 11
[15:28:31] <Andrew Sullivan> 12
[15:28:48] <Andrew Sullivan> 13
[15:28:58] <Andrew Sullivan> (Summary. I mighta missed one. )
[15:29:06] <Andrew Sullivan> 14 implementation details
[15:29:15] <rstory> nope, you're on track
[15:31:16] <Andrew Sullivan> 15 -implementers
[15:31:27] cabo leaves the room
[15:31:47] <Andrew Sullivan> 16 Mitigation
[15:32:28] cabo joins the room
[15:33:24] <Andrew Sullivan> 17 end slide
[15:33:45] <Andrew Sullivan> When Good Standards Go Badd
[15:33:47] <Andrew Sullivan> Bad
[15:33:53] <Andrew Sullivan> title slide
[15:33:59] <Andrew Sullivan> 1
[15:34:04] <Andrew Sullivan> Problem statement
[15:34:50] <Andrew Sullivan> 2 shouldn't be getting easier?
[15:35:27] <Andrew Sullivan> 3 mixed bag
[15:36:16] frodek leaves the room
[15:37:06] FJB leaves the room
[15:37:15] <Andrew Sullivan> 4 Web application, meet web browser
[15:37:19] FJB joins the room
[15:38:02] <Andrew Sullivan> 5 example facebook compromised using CORS
[15:39:09] guest1 leaves the room
[15:40:14] <Randall Gellens> What does the example do?
[15:40:27] <Andrew Sullivan> 6 example: bypassing. . .
[15:40:33] <Randall Gellens> Cause FB to load content from an external site in the logged-in context?
[15:41:43] <Andrew Sullivan> 7 example: inline svg
[15:42:23] hta joins the room
[15:42:26] <Andrew Sullivan> 8 Some root causes
[15:44:00] <Andrew Sullivan> 9 references done
[15:44:23] <Andrew Sullivan> Ian Fette title
[15:45:04] <Andrew Sullivan> 1 Overview
[15:46:44] <Andrew Sullivan> 2 assumed security boundaries
[15:49:17] <Andrew Sullivan> 3 cross-protocol attacks
[15:50:24] FJB leaves the room
[15:50:49] Dan Wing joins the room
[15:52:16] <Andrew Sullivan> 4 deployed infrastructure with bugs
[15:53:25] spromano joins the room
[15:56:27] mwm leaves the room
[15:56:33] <iljitsch> why did we need websockets again?
[15:56:41] <Andrew Sullivan> 5 conclusions
[15:58:02] <Andrew Sullivan> finished. Now =JeffH
[15:58:07] <Andrew Sullivan> title slide
[15:58:26] FJB joins the room
[15:58:29] <Andrew Sullivan> 1 Big Picture
[15:58:47] <Andrew Sullivan> 2 What's a "browser"?
[15:58:52] jpc leaves the room
[16:00:05] <Andrew Sullivan> 3 10+ years ago
[16:00:41] <Andrew Sullivan> 4 today and near future
[16:01:26] <Andrew Sullivan> 5 multi-browser word
[16:01:30] <Andrew Sullivan> world, even
[16:01:43] <Andrew Sullivan> 6 emergent open . . .
[16:02:25] <Andrew Sullivan> 7 security model restriction . . .
[16:02:49] <Andrew Sullivan> 8 issues
[16:02:50] <Klensin> FWIW, in the PDF, current slide (security) is 8
[16:03:12] Wes George joins the room
[16:03:36] <Andrew Sullivan> way forward
[16:03:53] <Andrew Sullivan> (I have no idea what slide number that is, then :-/ Sorry I missed one, I guess)
[16:04:17] <Andrew Sullivan> title slide again
[16:04:27] <Klensin> No problem. "Way forward" is PDF10,, but, as long as you keep giving names, we are golden
[16:04:30] <Andrew Sullivan> questions now, I guess
[16:04:34] FJB leaves the room
[16:04:38] <Andrew Sullivan> no more slides, I think — mic open
[16:07:30] <Dan York> That was me (Dan York) asking the question about mobile vs desktop
[16:07:52] <Andrew Sullivan> Oh, sorry, wasn't reporting "at mic" because the transcript seems to get them
[16:08:11] <Dan York> Ted Hardie at mic
[16:08:16] <Dan York> Ahh... that makes sense
[16:08:41] <Andrew Sullivan> transcribers are way more likely to get it right than I am :)
[16:08:58] <Dan York> Given that I have been a jabber-scribe a lot in the past it was just a knee-jerk reaction :-)
[16:09:18] <Dan York> And yes, I agree with you on getting the names right
[16:09:37] <Klensin> Mic: Would someone like to comment on the consequences to TLS and CA management (and user understanding of what is happening) of hundreds of new TLDs, some with "equivalent" aliases, and some in scripts that get rendered as "?????"
[16:09:49] <Dan York> I can take that question to the mic
[16:09:59] <Klensin> thx Dan
[16:09:59] <Dan York> John Klensin, right?
[16:10:02] <Andrew Sullivan> @Dan: thanks. I'm in the middle of a row
[16:10:03] <Klensin> yep
[16:10:40] mwm joins the room
[16:10:48] <Dan York> I'm in line, but probably 5th in queue
[16:11:30] <Randall Gellens> John — are you looking for a comment more detailed than "Ugly" ?
[16:11:34] <Dan York> (so if anyone else remote has a question, now would be a really good time to raise it ;-) )
[16:12:49] <Andrew Sullivan> I think John's problem is that if (for a trivial example) both abç and abé get rendered as "ab?", we have a problem
[16:12:50] <Klensin> @Randy: I hope so. But getting expressions of disgust on the record would be helpful if that is all people have to say.
[16:13:21] <Klensin> Alternately, I'd love to hear "no problem, you are worrying unnecsssarily"
[16:13:58] <Andrew Sullivan> What is the probability that everyone has thought about this carefully? IDNs remain a niche issue in many locales.
[16:14:22] <Klensin> @Andrew: one of my problems, yes. But I'm also worried about whether the cert handling machinery, especiallly client-side, are up to aliases, etc.
[16:14:47] <Klensin> @Andrew: that is obviously another part of the question.
[16:14:48] <Andrew Sullivan> hah hah hah. Since we don't have an idea of "aliases", we're sorta in trouble there, no?
[16:15:05] <Andrew Sullivan> (Your choir book is open, I trust?)
[16:15:18] smb leaves the room
[16:15:44] <Randall Gellens> John: "no problem, you are worrying unnecsssarily"
[16:15:51] <Klensin> @Andrew: yes. But asking the questions in this forum, aliases and all, is one small way to start the discusson/thinking (or to document that it isn't happening)
[16:16:17] <Randall Gellens> a/k/a "everything is under control, please remain calm and g about your business"
[16:16:17] <Andrew Sullivan> yes, true
[16:16:54] <Klensin> @Randy: after Dan asks the question, you are welcome to give that answer at the mic. :-)
[16:17:41] Dan Wing leaves the room
[16:17:49] <Dan York> :-)
[16:18:36] <Klensin> Mic: If a CA has issued a Cert for example.mars, and ICANN sells .mars to someone, do we have a plan?
[16:18:57] <Dan York> k
[16:21:44] <iljitsch> I'm not sure who it was that turned off RC4/MD5. But what are they waiting for to do it for real?
[16:21:45] <Dan York> I'm next up
[16:25:24] Dan Wing joins the room
[16:25:32] Dan Wing leaves the room
[16:26:34] <Dan York> ok, now i will be up, i assume
[16:28:44] dcrocker leaves the room
[16:29:14] jpc joins the room
[16:29:36] tomkrist leaves the room
[16:29:36] <hildjj> Suggestion from Martin is to show sites with RC4/128 *without* the lock icon
[16:30:33] Suz joins the room
[16:31:24] <Dan York> oh, man, Hannes is going to make me stand here for a bit ;-)
[16:32:29] mrex-ietf joins the room
[16:33:12] <Klensin> sigh.
[16:33:16] <Andrew Sullivan> the transcription "perm mutations" is unreasonably appropriate for this topic
[16:34:07] julian joins the room
[16:34:07] julian leaves the room
[16:34:07] julian joins the room
[16:34:36] <Dan York> I am amused by the number of "(inaudible)" notes whenever they are transcribing ekr's responses :-)
[16:34:40] <Andrew Sullivan> "The user needs to understand what's going on" isn't even fair here, because the security model that needs Angy Birds to access your calendar & ask you that question is one that even a clueful person can't have a model for
[16:38:07] eburger joins the room
[16:38:13] <Klensin> +1 to Dave's comment (and Ross's earlier one)
[16:38:43] <eburger> The Web is just a small, tiny application on the Internet :-)
[16:40:20] <Klensin> At the same time, it would only take a handful of really serious incidents for the politicians and regulatory to wrap themselves in cybersecurity blankets and start shutting it down for us.
[16:40:21] <Randall Gellens> Dave's comments sounds like bootlegers who wanted prohibition to continue (for obvious reasons)
[16:40:24] mcharlesr joins the room
[16:40:35] <mcharlesr> oo!!! "cipher sweets"
[16:40:49] dcrocker joins the room
[16:41:39] <Andrew Sullivan> Why wouldn't we expect security on the web to be approximately as _ad hoc_ as it is in the ordinary human world?
[16:42:00] <SM> Because it does not scale as well
[16:42:32] frodeki joins the room
[16:42:49] <mcharlesr> because most meat-space security errors have very local effects.
[16:43:03] <Andrew Sullivan> Well, another way to look at it is that the web environment isn't rich enough
[16:43:15] <mrex-ietf> @sm but Joe Average will not understand any other scheme, no matter how much pages of Documentation is thrown at them.
[16:43:40] <iljitsch> in the real world there's limits of time and space
[16:44:09] <Andrew Sullivan> and if we gave more context (as the current mic person is saying) it might help
[16:44:21] <Dan York> The laughter is because the Windows Security Center is popping up on the machine that is displaying the transcription
[16:44:27] <iljitsch> on the internet the best criminals in the world are 300 ms away from your computer and you can't see or hear them (or feel their hand down your pocket as they try to take your wallet, like last night in the metro)
[16:44:33] tsuichi leaves the room
[16:44:34] <Andrew Sullivan> yes, but also there are a lot of clues
[16:44:49] <SM> mrex, I don't think that throwing documentation is that helpful, see websec discussion earlier. As things get complex, it becomes more difficult to find even some aletrnatives that might be workable
[16:44:50] <iljitsch> but a lot of this is also that people don't care
[16:45:43] <iljitsch> banks are complicit because it's easier to return the money and raise fees than to investigate whether the customer was at fault
[16:45:49] <Andrew Sullivan> if I'm in a crowded public place where there are a lot of pickpockets, I know to be alert. I don't have that feedback in a Web context. I wonder whether there are ways to provide those social clues.
[16:45:50] <mrex-ietf> @sm: correct, documentation is largely ignored. The problem is see is the assumption that everything has to work out of the box, including trust
[16:46:11] <SM> They don't care until they are the ones losing money or being at the wrong end of the problem
[16:46:22] <iljitsch> ajsaf: make the screen darker with stuff moving in the corners when you're on public wifi
[16:46:39] yone leaves the room: コンピューターが休止します
[16:50:02] weiler leaves the room
[16:50:23] Chris Waigl leaves the room
[16:50:55] smb joins the room
[16:50:56] <smb> By chance, earlier today I was looking at -- look at Shamir's commandments, especially number 4.
[16:52:35] Randall Gellens leaves the room
[16:52:55] <Andrew Sullivan> Clearly, all drivers have clear ideas of the limits of their automobiles.
[16:53:01] <Andrew Sullivan> I have noticed this very often when driving.
[16:53:32] <mrex-ietf> the available crypto-algorithms are sufficiently secure. There are sometimes design flaws in the cypto protocols that are vulnerable & exploited. But the vulnerabilities in the non-crypto parts of the protocols are typically more serious, more numerous and more frequently exploited
[16:54:18] <Andrew Sullivan> @mrex: right. I _wish_ our problem was bad cryptosystems
[16:54:36] <Klensin> I can identifiy several cities in which you could try driving to get vivid examples.
[16:55:15] <Andrew Sullivan> John, IIRC you live in one of those cities :)
[16:55:33] mwm leaves the room
[16:55:47] yone joins the room
[16:55:48] <Klensin> @Andrew: yep, that was high on my list
[16:56:11] <smb> I was in Rome last week; crossing the street there is an interesting experience...
[16:57:59] <iljitsch> I was shouting "the system needs feedback to work"
[16:58:26] <iljitsch> not kicking out bad actors avoids rocking the boat in the short term but it's part of what got us where we are now
[16:59:02] <Andrew Sullivan> @iljitsch: the problem is that the users simply won't understand when suddenly stuff stops working
[16:59:33] <Andrew Sullivan> and this community is so bad at user interfaces that we can't even imagine how to address those issues
[17:00:48] Yves Lafon leaves the room
[17:01:42] <mrex-ietf> for use of TLS with traditional TLS X.509 PKI in Browsers, DNSSEC is completely irrelevant security-wise
[17:02:43] <Andrew Sullivan> that's certainly true if you trust your X.509 CAs.
[17:02:46] mnot leaves the room
[17:03:00] Dominik Elsbroek leaves the room
[17:03:32] <smb> If people type, you're right if the CAs work -- but think of Iran. If they type <> and depend on the redirect, that's much less true.
[17:03:45] <Andrew Sullivan> if it turns out you don't, because they're DigiNotar, then maybe DNSSEC validation gives you a clue something is wrong. Or more accurately, doesn't allow you to connect.
[17:05:12] <Klensin> @Andrew: what you need for a clue that something is wrong is identification of the registrar and knowledge about its policies. And that isn't going to come from DNSSEC.
[17:06:01] stpeter leaves the room: Disconnected: connection closed
[17:06:11] <Andrew Sullivan> That could well be true also. (I am personally marginally — it's a small margin — hopeful that we could turn REPUTE into a mechanism)
[17:06:34] julian leaves the room: Computer went to sleep
[17:07:42] <Dan York> Any questions from the chat?
[17:08:12] <hildjj> mrex: in current browsers. But imagine a hosted situation, where the CNAME was signed, so you could accept the cert of the hosting provider
[17:08:33] hta leaves the room
[17:09:13] hta joins the room
[17:09:20] <Dan York> There's no one at the mic queues... ANY questions for the IAB?
[17:10:05] <Klensin> @Dan: nothing I'd like channelled :-(
[17:10:13] <Dan York> :-)
[17:11:34] redaka leaves the room
[17:13:22] smb leaves the room
[17:13:35] dcrocker leaves the room
[17:13:51] Suz leaves the room
[17:15:14] <Andrew Sullivan> It may require this room!
[17:15:29] Melinda leaves the room
[17:17:05] <Andrew Sullivan> I think we should get the honey badger guy to do them
[17:17:18] hta leaves the room
[17:17:18] Chris Griffiths leaves the room
[17:17:21] <Andrew Sullivan> (the voice overs I meant)
[17:17:22] eburger leaves the room
[17:17:25] Andrew Sullivan leaves the room
[17:17:27] <Dan York> And we're done
[17:17:30] Wes George leaves the room
[17:17:32] naptee leaves the room
[17:17:35] Klensin leaves the room
[17:17:43] SM leaves the room
[17:17:44] iljitsch leaves the room
[17:17:49] hildjj leaves the room
[17:18:05] frodeki leaves the room
[17:18:12] cmorgan leaves the room
[17:19:03] <Hugo Salgado> Thanks to scribers. Bye.
[17:19:04] yone leaves the room
[17:19:06] Hugo Salgado leaves the room
[17:19:31] Dan York leaves the room
[17:20:35] wseltzer leaves the room
[17:20:35] wseltzer joins the room
[17:21:21] mrex-ietf leaves the room
[17:22:31] mcharlesr leaves the room
[17:23:25] spromano leaves the room
[17:23:59] jpc leaves the room
[17:34:21] hardaker leaves the room
[17:35:35] cabo leaves the room
[17:35:35] wseltzer leaves the room
[17:35:53] sujing joins the room
[17:36:27] <sujing> is the current chat room at 83?
[17:36:27] kazubu leaves the room
[17:36:56] James Dishongh joins the room
[17:37:06] <James Dishongh> is this thing working?
[17:42:44] sujing leaves the room
[17:45:59] James Dishongh leaves the room
[17:47:45] James Dishongh joins the room
[17:50:03] markushx leaves the room
[17:59:07] James Dishongh leaves the room
[17:59:30] Chris Griffiths joins the room
[18:02:00] Chris Griffiths leaves the room
[18:41:05] Thomas Hardjono leaves the room
[19:06:17] kazubu joins the room
[19:41:09] kazubu leaves the room
[19:41:09] rstory leaves the room
[20:05:14] hardaker joins the room
[20:19:24] dcrocker joins the room
[20:25:21] Chris Griffiths joins the room
[20:26:40] dcrocker leaves the room
[20:32:44] mwm joins the room
[20:32:59] mwm leaves the room
[20:35:02] Chris Griffiths leaves the room
[20:45:19] mcharlesr joins the room
[20:58:20] mcharlesr leaves the room
[21:03:12] hta joins the room
[21:04:54] hta leaves the room
[21:06:47] hta joins the room
[21:11:11] hta leaves the room
[21:27:42] Dominik Elsbroek joins the room
[21:36:40] Dominik Elsbroek leaves the room
[21:37:24] Dominik Elsbroek joins the room
[21:54:47] Yves Lafon joins the room
[21:57:47] Dominik Elsbroek leaves the room
[22:01:49] wseltzer joins the room
[22:24:12] stpeter joins the room
[22:59:57] wseltzer leaves the room
[23:19:21] Yves Lafon leaves the room
[23:33:24] Chris Griffiths joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!