[03:48:28] --- alan.dekok has joined
[03:48:42] --- alan.dekok has left
[11:52:34] --- alan.dekok has joined
[11:54:00] --- Dave Nelson has joined
[11:54:18] * Dave Nelson has changed the subject to: RADEXT WG Meeting IETF-70
[11:54:52] --- histerrier has joined
[11:55:48] <Dave Nelson> Streaming audio is on channel 6, right?
[11:59:25] --- dromasca has joined
[11:59:36] <dromasca> agenda
[11:59:44] <dromasca> documents status
[11:59:55] <dromasca> remote folks, do you hear audio?
[12:00:09] <dromasca> 4590bis in auth48
[12:00:17] <Dave Nelson> Issues and fixes RFC5080 is still in AUTH48, also.
[12:00:49] <Dave Nelson> That one is waiting on action from the ADs (Dan?).
[12:00:52] <dromasca> yes, bernard mentioned it
[12:01:23] <dromasca> AD acknowledges
[12:02:14] <dromasca> design guidelines
[12:03:31] <dromasca> data model issues
[12:03:40] <dromasca> vendor space considerations
[12:03:56] <dromasca> publication of specs RECOMMENDED
[12:05:11] <alan.dekok> improper data types are NOT recommended
[12:05:54] <Dave Nelson> Me.
[12:06:11] <alan.dekok> -02 has minor changes over -01
[12:06:37] <Dave Nelson> (Me measn read -02 design guidelines)
[12:06:38] <alan.dekok> Anyone channelling jabber?
[12:06:47] <Dave Nelson> Dan is channeling.
[12:06:53] --- finn- has joined
[12:06:55] <dromasca> do you like 02?
[12:07:06] <dromasca> channeling but not really writing all
[12:07:10] <alan.dekok> OK.
[12:07:17] <dromasca> can you hear audio feed
[12:07:20] <dromasca> ?
[12:07:22] <alan.dekok> yes
[12:07:27] <Dave Nelson> Audio is good.
[12:07:47] <dromasca> NAS management document
[12:08:18] --- venaas has joined
[12:08:51] <dromasca> comments from WGLC
[12:09:53] --- venaas has left
[12:09:56] --- venaas has joined
[12:10:56] <dromasca> issues to be solved in 02
[12:11:50] <alan.dekok> me
[12:12:03] <dromasca> three people read the draft - including chair and AD
[12:12:18] <dromasca> glen not here - skiping to 802 attributes
[12:12:31] <dromasca> ieee 802.11 review completed
[12:13:51] <Dave Nelson> Gee... I should have chached the slides. Acess to teh IETF meeting materials site is really slow... really, really slow.
[12:13:57] <dromasca> david issue a call for review on the list
[12:14:37] <dromasca> any questions or comments?
[12:14:54] <alan.dekok> <people using mike? >
[12:15:06] <Dave Nelson> Just trying to keep up with the preso in real time. No question.
[12:15:08] <dromasca> not me - i am scribing
[12:15:47] --- stefan.winter has joined
[12:16:12] <dromasca> cryptoagility reqs
[12:16:17] <dromasca> dec from dave nelson
[12:16:57] <dromasca> process steps
[12:17:10] <dromasca> reqs discussion in prague
[12:17:19] <dromasca> call for docs submission
[12:17:25] <dromasca> evluation of proposals
[12:17:39] <dromasca> rfc 4107 published
[12:18:21] <dromasca> were requirements changed?
[12:18:31] <dromasca> process stuck
[12:19:47] <Dave Nelson> Sam told us on the list that he thought it did apply. See slids at end of deck.
[12:19:54] <alan.dekok> I addressed RFC 4107 comments re: DTLS.
[12:19:55] <dromasca> waiting for answer from sam hartman
[12:20:06] --- david.mark.jones has joined
[12:20:08] <alan.dekok> on the radext list. DTLS seems to satisfy RFC 4107
[12:20:50] <stefan.winter> Hi. I guess RadSec does as well - pretty much in parallel to DTLS.
[12:20:59] <alan.dekok> yes
[12:21:04] --- david.mark.jones has left
[12:21:26] <dromasca> bernard - question is does wg agree with iesg guidance?
[12:23:14] <dromasca> joe - was sam answering crypto-agility or automated key management?
[12:23:18] <Dave Nelson> Fowward to slides at the end of the deck -- contains the mails.
[12:25:07] <Dave Nelson> Nest slide..
[12:25:33] <alan.dekok> Key management for RADIUS is not a problem so far as I have heard
[12:25:54] <dromasca> steve - do users ask for automated key management?
[12:26:39] <stefan.winter> key mgmt right now is not flexible enough in large roaming deployments.
[12:27:02] <stefan.winter> @Stephen: I'm on Jabber, my comment pretty mucha nswered his question.
[12:27:48] --- leifj has joined
[12:30:53] <dromasca> proposal - consensus call - automated key management NOT REQUIRED
[12:30:54] <Dave Nelson> Hmmmmm.
[12:30:59] <alan.dekok> Hmm
[12:31:03] <dromasca> hum for NOT required
[12:31:06] <stefan.winter> Hmmmmm.
[12:31:17] <dromasca> for not?
[12:31:27] <stefan.winter> for requiring it.
[12:31:38] <stefan.winter> too bad.
[12:32:35] <dromasca> will write text - run it with security ad
[12:32:42] <dromasca> radius + dtls
[12:33:27] <dromasca> 4347 published
[12:33:28] <alan.dekok> YES
[12:33:36] <dromasca> open ssl implementation
[12:34:03] <dromasca> TLS appear to slove crypto agility reqs
[12:34:46] <alan.dekok> Yes: same port can be used
[12:34:58] <dromasca> RADIUS + DTLS orthogonal - can use same port
[12:35:12] <dromasca> no DIAMETER impact
[12:35:37] <dromasca> has this been implemented?
[12:35:47] <alan.dekok> Someone from Avaya at last IETF
[12:36:17] <alan.dekok> (rumors, perhaps)
[12:36:27] <leifj> didn't you do it Alan?
[12:36:33] <alan.dekok> Not yet.
[12:36:39] <leifj> k
[12:37:46] <dromasca> RADIUS attribuites for crypto-agility
[12:42:15] <dromasca> RADSEC
[12:43:00] <dromasca> implementation updates
[12:43:08] <dromasca> FreeRADIUS
[12:43:19] <dromasca> alan considering implementation
[12:43:43] <dromasca> Access Points
[12:44:02] <dromasca> LANCOM - alpha release w/RadSec support
[12:44:19] <dromasca> target 7.40 release
[12:44:28] <dromasca> interoperability
[12:44:39] <stefan.winter> also do routers. Can be used right now with UMTS card to get 802.1x networks everywhere. Uite cool.
[12:44:49] <stefan.winter> (that wa regarding lancom)
[12:48:48] <stefan.winter> radsecproxy can replace proxy-only servers completely
[12:48:55] <stefan.winter> is running on eduroam .lu TLD server
[12:49:01] <dromasca> questions?
[12:51:55] <alan.dekok> I think RadSec is acceptable as a WG item, too.
[12:52:14] <alan.dekok> Many people use IPSec + RADIUS, and RadSEC (TLS or DTLS) is easier.
[12:52:32] <stefan.winter> I know some people with IPSec+RADIUS as well. It is a pain.
[12:52:32] <Dave Nelson> Didn't we suggest that RADSEC (TCP) be limited to proxy uses, not end node client uses?
[12:53:27] <stefan.winter> Don't remember that.
[12:54:17] <Dave Nelson> Yeah, IPsec is not an idel solution.
[12:54:29] <Dave Nelson> ideal
[12:55:37] <alan.dekok> There may be TCP issues (e.g. slow-start) on low-traffic NASes.
[12:55:53] <alan.dekok> (Bernard is a co-author on RFC 3...?)
[12:55:53] <Dave Nelson> Don't romaing consortia pretty much dictate the use of proxies?
[12:56:02] <alan.dekok> Dave: yes.
[12:57:58] <alan.dekok> Stig: I have a Status-Server draft for RADIUS (may be expired)
[12:58:26] <stefan.winter> Right - would like to see Status-Server draft moving forward.
[12:58:58] <alan.dekok> yes
[13:01:46] <venaas> know you got status server, and have implemented it and using it for failover :)
[13:02:18] <venaas> would definitely like to see status server draft go forward
[13:02:29] <alan.dekok> OK
[13:04:29] --- dromasca has left
[13:05:32] <Dave Nelson> URL of slides from IETF-69 proceedings: http://www3.ietf.org/proceedings/07jul/slides/radext-10/sld1.htm
[13:05:44] --- dromasca has joined
[13:06:41] <dromasca> RADIUS - ERP
[13:06:58] <Dave Nelson> Thsi is based on Zorn keywrap. Can it work with any other RADIUS Crypto-Agility solutions?
[13:07:52] <dromasca> it should
[13:08:31] <dromasca> rather reuse wxisting proposals
[13:09:19] <Dave Nelson> Have you talked to Sam Hartman about the applicibility of RFC 4107 to your use case?
[13:11:35] --- behcet.sarikaya has joined
[13:14:11] <dromasca> taking a 2-party protocol and adding 3rd party - security considerations?
[13:14:34] <dromasca> n**2 vs. n or 2n
[13:17:41] --- behcet.sarikaya has left
[13:18:05] <dromasca> reopens questions for automated key management in roaming environments
[13:18:05] <dromasca> reopens question
[13:19:18] <dromasca> radext to review the document
[13:20:07] <dromasca> back to glen extended attributes
[13:20:12] <dromasca> no slides
[13:20:29] <alan.dekok> Me!
[13:20:41] <Dave Nelson> Me.
[13:20:57] <stefan.winter> skimmed over it.
[13:21:51] --- behcet.sarikaya has joined
[13:22:10] <dromasca> proposal - add flag to tlv header
[13:22:18] <dromasca> say it's a legacy atributes
[13:22:30] <dromasca> not to confuse the number space
[13:22:43] <alan.dekok> I'm not sure what he means by overlaps...
[13:22:59] <Dave Nelson> TLV header? Does that mean the base RADIUS message?
[13:23:13] <alan.dekok> WiMAX uses the same layout... changes from their definition are problematic...
[13:23:25] <Dave Nelson> Or just inteh header of the Extended Atribute (wrapper)?
[13:24:02] <alan.dekok> Dave: Yes. Extended attr is normal VSA *with* a continuation byte.
[13:24:14] <Dave Nelson> Well, are you saying that the WiMAX usage preempts RADEXT from doing something different in thsi space?
[13:24:31] <alan.dekok> No, but we need to be careful about multiple similar approaches.
[13:25:14] <Dave Nelson> Not sure that tha means. We either acknowledge the WiMAX work or we don't.
[13:26:11] --- ldondeti has joined
[13:26:46] <Dave Nelson> Yes, grouping is a good thing to have.
[13:26:59] <dromasca> open discussion
[13:27:10] <dromasca> stephen
[13:27:13] <Dave Nelson> Has anyone looked at the MIP-6 RADIUS draft?
[13:27:29] <dromasca> automated key management question
[13:27:29] <alan.dekok> Dave: No.
[13:28:18] <stefan.winter> eduroam has one (obscure) need for protecting stuff from end-RADIUS to end-RADIUS
[13:28:21] <Dave Nelson> Audio starting to cut out.
[13:28:26] <stefan.winter> can follow up on ML
[13:28:34] <alan.dekok> Audio cut out for me, too.
[13:28:40] <alan.dekok> Can't re-connect.
[13:28:40] <Dave Nelson> Audio failed.
[13:28:42] <stefan.winter> Yep, am deaf now :-(
[13:29:01] <alan.dekok> Take it too the mailing list, I guess...
[13:29:05] --- alan.dekok has left
[13:29:08] <stefan.winter> ok
[13:29:51] <Dave Nelson> Wish they'd turn off whatever logging on the adio serves that's cauding this...
[13:30:49] <Dave Nelson> Dan, can you scribe more detail? Audio is down.
[13:31:45] --- histerrier has left
[13:33:41] <stefan.winter> Bye
[13:33:47] --- stefan.winter has left: offline
[13:35:25] <dromasca> bernard - consensus call
[13:35:36] <dromasca> automatic key management not required?
[13:35:38] <dromasca> hummm
[13:35:48] <Dave Nelson> Consensus on what? Audio is down.
[13:36:03] <dromasca> automatic key reuirement NOT required?
[13:36:20] <dromasca> automatic key management required?
[13:37:47] --- behcet.sarikaya has left
[13:39:38] <Dave Nelson> OK, audio is back. Where are we? Adjourned?
[13:41:04] --- finn- has left
[13:44:58] <Dave Nelson> Guess we're adjourned. Bye!
[13:44:58] --- ldondeti has left
[13:45:03] --- Dave Nelson has left
[13:58:29] --- leifj has left
[13:59:30] --- dromasca has left
[14:02:35] --- venaas has left
[14:09:49] --- leifj has joined
[14:35:10] --- leifj has left
[14:54:59] --- john.zhao has joined
[15:12:31] --- john.zhao has left