[07:03:26] --- LOGGING STARTED
[07:05:04] --- LOGGING STARTED
[07:08:06] --- LOGGING STARTED
[07:09:24] --- LOGGING STARTED
[07:11:34] --- LOGGING STARTED
[13:44:56] --- Joseph (jishac) has become available
[14:10:10] --- Joseph (jishac) has left: Replaced by new connection
[15:09:30] --- leg has become available
[15:17:36] --- lha has become available
[15:20:09] --- raeburn has become available
[15:20:25] --- kenh has become available
[15:20:25] --- kenh has left
[15:20:25] --- kenh has become available
[15:22:30] --- hartmans has become available
[15:25:10] --- leg has left: Disconnected
[15:25:49] --- warlord has become available
[15:28:27] --- perry has become available
[15:28:33] <perry> mooooo
[15:30:14] <perry> bellovin isn't looged in!
[15:30:18] --- leg has become available
[15:30:21] <perry> this limits the number of back channels possible.
[15:30:31] <perry> /whois leg?
[15:30:39] --- tlyu has become available
[15:30:51] --- sakai has become available
[15:31:21] --- hartmans has left: Disconnected
[15:31:39] --- mlshore has become available
[15:32:23] --- jm has become available
[15:34:58] --- tytso has become available
[15:36:13] --- Gordon58 has become available
[15:39:04] --- michael has become available
[15:39:52] --- hartmans has become available
[15:41:31] --- hartmans has left
[15:41:44] --- hartmans has become available
[15:41:46] --- michael has left
[15:44:55] --- sakai has left
[15:49:16] --- maho has become available
[15:53:16] --- ohm has become available
[15:53:25] --- maho has left: Logged out
[15:53:25] --- maho has become available
[15:53:25] --- maho has left: Logged out
[16:05:44] <kenh> Hm, seems to be quiet here.
[16:05:48] <tlyu> someone with a strong-ish signal up as adhoc network "ietf58" on channel 3...
[16:06:04] <warlord> lovely
[16:06:17] <hartmans> Does someone want scribing?
[16:06:46] <hartmans> If not, quiet is probably fine.
[16:07:12] <perry> quiet is fine I think unless someone is outside of the room and really needs a transcript
[16:08:39] <perry> btw, this is good stuff
[16:08:44] <perry> (the draft)
[16:10:15] --- Joseph (jishac) has become available
[16:13:57] <warlord> Hmm, I just lost ARP to the default router...
[16:16:16] <tlyu> the dhcp servers can't agree on which address to give my machine. i just gave up and configured an alias.
[16:18:47] --- hartmans has left: Disconnected
[16:21:41] --- hartmans has become available
[16:25:34] --- leg has left
[16:26:41] <hartmans> And now we are on to Nico's channel bindings presentation
[16:30:21] --- javier has become available
[16:31:14] <tytso> This isn't really the traditional use of channel bindings....
[16:32:34] --- lha has left: Lost connection
[16:32:55] <hartmans> So, I'm somewhat confused; from the draft it didn't sound like he was treating this as just a GSSAPI thing
[16:33:58] <hartmans> Ted, no, but channel bindings are not traditionally used.
[16:34:08] <perry> sam: hehehe
[16:34:48] <hartmans> I've been working with Nico on this for a few months. He's convinced me that this is the best solution to the RDDP problem without completely rrearchitecting their protocol
[16:34:48] --- tlyu has left: Lost connection
[16:35:22] <tytso> OK, this is actually pretty close to the original intent. For a while I thought he wanted to put local user/uid information into the channel bindings....
[16:35:32] --- tlyu has become available
[16:35:56] --- jis has become available
[16:38:55] <kenh> the eteral struggle, it seems.
[16:39:05] <hartmans> Jeff, We're discussing draft-ietf-nfsv4-channel-bindings
[16:40:24] <jis> thanks
[16:40:59] <hartmans> This can be viewed as a solution to the EAP tunneling problem from multiple IETFs ago.
[16:42:20] --- Joseph (jishac) has left: Disconnected
[16:42:32] <hartmans> nico: We can do bindings to sshv2, tls, but what we really want is ipsec
[16:43:00] <hartmans> Nico: What the hell is an ipsec channel.
[16:43:25] <hartmans> And here we get to the part that all the ipsec people will disagree with;)
[16:43:47] --- Joseph (jishac) has become available
[16:44:25] <hartmans> nico: Several slides with details. Not all worked out; asking for help from ipsec community
[16:45:14] <hartmans> nico: If you nock down the straw man, you've achieved one of my goals; you are paying attention.
[16:45:14] <hartmans> nico: Avoid changing transports.
[16:45:29] <hartmans> Actually my latency is too high to really do this.
[16:45:50] --- javier has left
[16:46:01] <tytso> Is he assuming peer-to-peer ipsec only?
[16:46:06] --- javier has become available
[16:46:29] <hartmans> Ted, his definition of channel bindings require both ends know what is going on.
[16:46:42] <tytso> So yes.
[16:46:54] <hartmans> So perhaps not peer to peer, but you are cooperating with who ever is doing the encryption
[16:47:56] <tytso> So either peer-to-peer, or other non-standard setups involving massive abstraction violations.
[16:52:39] --- jm has left: Disconnected
[16:52:39] <kenh> "Kerberos mumbo-jumbo". Gotta love it :-)
[16:53:37] <hartmans> Note this is not Kerberos specific; NFS also wants SPKM and LIPKI
[16:59:45] <hartmans> I don't understand why Nico didn't just say yes to ekr's assertion.
[16:59:50] <hartmans> As I believe it is true.
[17:00:31] <hartmans> OTOH, I think that claiming channel bindings is more complex than cert matching is misleading.
[17:01:31] <tlyu> several adhoc networks called "Hercules" on channel 11
[17:01:50] <perry> sigh
[17:01:53] --- ohm has left: Disconnected
[17:02:58] <hartmans> So, Ted, I guess he really does mean p2p
[17:04:04] <tytso> I'm not convinced that peer-to-peer ipsec will ever be a reality, because of the user-level vs. host-level authentication abstraction layer mismatch.
[17:04:38] <hartmans> This is all about fixing that problem
[17:04:57] --- perry has left
[17:05:08] <hartmans> Or rather this is about allowing me to use ipsec NICs for user level applications
[17:05:43] <hartmans> Wait, how does secure DNs fix this?
[17:08:43] <tytso> I don't see how the channel bindings help fix the ipsec user-level authentication problem. You're using kerberos to solve user auth, not ipsec.
[17:09:59] --- ohm has become available
[17:10:06] --- mlshore has left: Disconnected
[17:10:11] --- Bill has become available
[17:13:09] --- Joseph (jishac) has left
[17:13:47] --- perry has become available
[17:14:32] --- jrey has become available
[17:17:44] --- jrey has left
[17:26:30] <hartmans> jaltman is going to creates more flames than Nico
[17:26:54] <hartmans> I think this will be jaltman vs ekr
[17:27:01] <kenh> But we're almost out of time.
[17:27:09] <perry> humor is all in timing.
[17:27:34] --- javier has left: Disconnected
[17:27:57] --- raeburn has left
[17:28:15] --- Gordon58 has left: Disconnected
[17:28:34] --- kenh has left
[17:30:42] --- hartmans has left: Disconnected
[17:32:00] --- warlord has left: Logged out
[17:32:00] --- warlord has become available
[17:32:00] --- warlord has left: Logged out
[17:32:05] --- jis has left
[17:32:14] --- perry has left: Disconnected
[17:32:34] --- tytso has left
[17:33:29] --- tlyu has left: Logged out
[17:36:21] --- ohm has left: Disconnected
[17:42:25] --- Bill has left: Replaced by new connection
[17:42:25] --- Bill has become available
[17:42:43] --- Bill has left
[20:48:41] --- warlord has become available
[20:48:52] --- warlord has left
[20:53:38] --- tlyu has become available
[20:53:47] --- tlyu has left
[21:03:14] --- Joseph (jishac) has become available
[21:03:32] --- Joseph (jishac) has left
[21:24:32] --- tytso has become available
[21:25:05] --- tytso has left