[01:19:29] chi.jiun.su leaves the room
[01:30:46] chi.jiun.su joins the room
[01:53:42] chi.jiun.su leaves the room
[10:31:11] jmagallanes joins the room
[10:32:51] Meetecho joins the room
[10:34:00] avezza joins the room
[10:43:38] mcr joins the room
[10:47:21] RjS joins the room
[10:49:05] amontville joins the room
[10:50:01] Francesca Palombini joins the room
[10:50:01] Robert Sparks joins the room
[10:50:01] Samuel Weiler joins the room
[10:50:01] Tirumaleswar Reddy.K joins the room
[10:50:01] Yuichi Takita joins the room
[10:50:01] Andrew McConachie joins the room
[10:50:01] Nancy Cam-Winget joins the room
[10:50:01] Kirsty P joins the room
[10:50:01] Kohei Isobe joins the room
[10:50:01] Steffen Klassert joins the room
[10:50:01] Michael Jenkins joins the room
[10:50:01] Lorenzo Miniero joins the room
[10:50:01] Carsten Bormann joins the room
[10:50:09] Niket Agrawal joins the room
[10:50:23] Robert Moskowitz joins the room
[10:50:37] Paolo Saviano joins the room
[10:51:04] Jim Schaad joins the room
[10:51:19] Ted Hardie joins the room
[10:51:32] Adam Montville joins the room
[10:51:40] Martin Schanzenbach joins the room
[10:51:55] Robert Moskowitz leaves the room
[10:52:09] Cullen Jennings joins the room
[10:52:15] Kathleen Moriarty joins the room
[10:52:22] Jeffrey Yasskin joins the room
[10:52:24] Francesca Palombini leaves the room
[10:52:32] Mike Ounsworth joins the room
[10:52:34] Scott Fluhrer joins the room
[10:52:41] Paolo Saviano leaves the room
[10:52:46] Deb Cooley joins the room
[10:52:56] Patrick McManus joins the room
[10:52:58] Francesca Palombini joins the room
[10:53:25] Patrick McManus leaves the room
[10:54:25] Hendrik Brockhaus joins the room
[10:54:32] Aleksi Peltonen joins the room
[10:55:00] Wei Pan joins the room
[10:55:17] Dominique Lazanski joins the room
[10:55:19] Francesca Palombini leaves the room
[10:55:27] Mike Ounsworth leaves the room
[10:55:33] Mike Ounsworth joins the room
[10:55:35] Seth Blank joins the room
[10:55:35] Benjamin Schwartz joins the room
[10:55:36] Ash Wilson joins the room
[10:55:44] Dan Harkins joins the room
[10:55:47] Michael Richardson joins the room
[10:55:59] Ash Wilson_522 joins the room
[10:56:06] alex-meetecho joins the room
[10:56:23] Richard Barnes joins the room
[10:56:29] Roman Danyliw joins the room
[10:56:30] Scott Hollenbeck joins the room
[10:56:43] Valery Smyslov joins the room
[10:56:43] Mike Ounsworth leaves the room
[10:56:50] Mike Ounsworth joins the room
[10:57:14] Francesca Palombini joins the room
[10:57:16] Martin Thomson joins the room
[10:57:28] Robin Wilton joins the room
[10:57:29] Mike Ounsworth leaves the room
[10:57:37] Mike Ounsworth joins the room
[10:57:39] <Deb Cooley> that's way better
[10:57:46] Christopher Brown joins the room
[10:57:46] Roland Jesske joins the room
[10:57:51] Mark Baushke joins the room
[10:57:52] Zaid AlBanna joins the room
[10:57:55] Carrick joins the room
[10:57:56] Mark McFadden joins the room
[10:58:09] Takahiro Nemoto joins the room
[10:58:19] Alissa Cooper joins the room
[10:58:20] cw-ietf joins the room
[10:58:24] Christopher Inacio joins the room
[10:58:34] <Deb Cooley> yay!
[10:58:38] Niket Agrawal leaves the room
[10:58:41] Chi-Jiun Su joins the room
[10:58:45] Dave Thaler joins the room
[10:58:48] wilma joins the room
[10:58:52] Ben Campbell joins the room
[10:58:53] sftcd joins the room
[10:58:54] tim costello joins the room
[10:59:11] Guy Fedorkow joins the room
[10:59:12] Yumi Sakemi joins the room
[10:59:13] Stephen Farrell joins the room
[10:59:14] Mike Jones joins the room
[10:59:15] Jean-Michel Combes joins the room
[10:59:21] Jie Yang joins the room
[10:59:27] Ivaylo Petrov joins the room
[10:59:28] Warren Kumari joins the room
[10:59:28] francesca joins the room
[10:59:28] Ben Campbell leaves the room
[10:59:33] <francesca> Thanks! :)
[10:59:34] Todd Herr joins the room
[10:59:43] Sean Turner joins the room
[10:59:48] Patrick McManus joins the room
[10:59:54] James Adair joins the room
[10:59:56] Adam Roach joins the room
[11:00:18] Tero Kivinen joins the room
[11:00:22] Ben Campbell joins the room
[11:00:25] Mohit Sethi joins the room
[11:00:27] Dan York joins the room
[11:00:30] Greg Schumacher joins the room
[11:00:31] Brendan Moran joins the room
[11:00:33] Ira McDonald joins the room
[11:00:38] Jonathan Hammell joins the room
[11:00:45] Marco Tiloca joins the room
[11:00:53] Eric Rescorla joins the room
[11:00:55] Benjamin Kaduk joins the room
[11:00:56] Yaron Sheffer joins the room
[11:00:57] Henk Birkholz joins the room
[11:01:10] Tadahiko Ito joins the room
[11:01:12] marco.tiloca joins the room
[11:01:15] Mark Nottingham joins the room
[11:01:31] Wes Hardaker joins the room
[11:01:31] <Dan York> Notes at: https://codimd.ietf.org/notes-ietf-108-secdispatch?both
[11:01:33] Ivaylo Petrov leaves the room
[11:01:34] Carrick leaves the room
[11:01:34] Carrick joins the room
[11:01:44] kaduk@jabber.org/barnowl joins the room
[11:01:47] Ivaylo Petrov joins the room
[11:01:48] Bill Munyan joins the room
[11:01:55] Michael StJohns joins the room
[11:01:55] Spencer Dawkins joins the room
[11:02:04] Brian Campbell joins the room
[11:02:05] cabo joins the room
[11:02:15] Jonathan Hoyland joins the room
[11:02:18] Spencer Dawkins leaves the room
[11:02:18] Andrew Campling joins the room
[11:02:27] Karen O'Donoghue joins the room
[11:02:30] James Galvin joins the room
[11:02:38] Stefan Santesson joins the room
[11:02:43] <mcr> apparently, two meetecho screens share a common audio channel, so I can not mute them one at a time.
[11:02:56] Rich Salz joins the room
[11:02:58] Satoru Kanno joins the room
[11:03:04] Matthew Miller joins the room
[11:03:07] Daniel Migault joins the room
[11:03:16] <sftcd> @mcr: I muted one on the meetecho slider (bottom right) seems to work
[11:03:19] <Meetecho> mcr: not sure what the issue is?
[11:03:21] Justin Richer joins the room
[11:03:28] <Henk Birkholz> mcr: screens -&gt; sessions?
[11:03:39] Niket Agrawal joins the room
[11:03:53] <alex-meetecho> mcr: I do that all the time and it works
[11:03:57] Susan Symington joins the room
[11:04:00] Francisco Arias joins the room
[11:04:03] Joseph Hall joins the room
[11:04:03] andrew_campling joins the room
[11:04:07] Yoav Nir joins the room
[11:04:08] adam joins the room
[11:04:11] <Meetecho> In in 2 sessions myself (the whole team is, to cover all sessions)
[11:04:12] <Sean Turner> Awesome
[11:04:14] <Justin Richer> hahahaa ....
[11:04:21] Christopher Wood joins the room
[11:04:21] m&m joins the room
[11:04:21] <Warren Kumari> cute :-P
[11:04:21] <Rich Salz> Awesome.  Who did the music?
[11:04:23] <Justin Richer> 30 seconds is such a long time for this
[11:04:33] <Martin Thomson> Alissa is providing flavour
[11:04:33] <mcr> I'm in two meetecho. They come out in the same chrome audio channel.
[11:04:39] <mcr> Yes, I can use the mute at the bottom!
[11:04:49] Laurence Lundblade joins the room
[11:04:57] <Alissa Cooper> goooooood morning. or evening or afternoon.
[11:05:05] Wes Hardaker x2 joins the room
[11:05:05] <Justin Richer> Also candidate: the timer music from "Countdown" is also 30 seconds
[11:05:07] <Henk Birkholz> jingle has to be a normative MUST now, I'm afraid.
[11:05:10] David Waltermire joins the room
[11:05:17] Christian Amsüss joins the room
[11:05:18] Christopher Inacio leaves the room
[11:05:18] Christopher Inacio joins the room
[11:05:24] <Robin Wilton> +1 to Justin's suggestion.
[11:05:36] <Henk Birkholz> thx, Alissa!
[11:05:43] Burt Kaliski joins the room
[11:05:43] Bill Silverajan joins the room
[11:05:45] <alex-meetecho> mcr: ah ok, so you were not talking about the audio mute button of the  Meetecho UI. got it
[11:06:06] Carl Mehner joins the room
[11:06:24] Brendan Moran leaves the room
[11:06:30] Brendan Moran joins the room
[11:06:30] <kaduk@jabber.org/barnowl> No trigger warning for autoexec.bat? ;)
[11:06:39] Daisuke Ajitomi joins the room
[11:06:44] Ben Campbell leaves the room
[11:06:48] Ben Campbell joins the room
[11:07:00] Harald Alvestrand joins the room
[11:07:14] <Alissa Cooper> ok I have countdown queued up
[11:07:17] <Kathleen Moriarty> IS there VROOOM in this?
[11:07:34] <Henk Birkholz> ben: should be a config.sys flag
[11:07:36] <Christopher Inacio> there should be
[11:08:02] Chris Wendt joins the room
[11:08:08] <Sean Turner> I went for the press your luck no whammies clip
[11:08:14] ko-isobe joins the room
[11:08:29] Chris Inacio joins the room
[11:08:45] <Michael StJohns> https://datatracker.ietf.org/meeting/108/materials/slides-108-secdispatch-idevid-and-trust-anchor-provisioning-considerations
[11:09:02] Dragana Damjanovic joins the room
[11:09:31] Yuichi Takita leaves the room
[11:09:34] Yuichi Takita joins the room
[11:09:40] Bernie Hoeneisen joins the room
[11:09:47] Brian Campbell leaves the room
[11:10:03] <Justin Richer> Now I want cheetoes and it's like 7 am here :woman-shrugging:
[11:10:03] bhoeneis joins the room
[11:10:09] Kart Prab joins the room
[11:10:10] Brian Campbell joins the room
[11:10:20] Mark Baushke_ joins the room
[11:10:21] <Brendan Moran> I can't even buy cheetoes here and now I want them too...
[11:10:24] <Robin Wilton> They are the ideal fridge lock, though.
[11:10:29] <Ted Hardie> That cheeto?  No thanks.  Imagine all the people who've shifted that cheeto left to right.
[11:10:29] Mike StJohns joins the room
[11:10:34] <Robin Wilton> Discretionary access control ftw
[11:10:45] Simon Romano joins the room
[11:10:56] Mike Boyle joins the room
[11:10:59] Rich Salz leaves the room
[11:11:06] Carl Mehner leaves the room
[11:11:08] Rich Salz joins the room
[11:11:12] Carl Mehner joins the room
[11:11:42] <kaduk@jabber.org/barnowl> But Ted, COVID-19 is largely not communicated by surface contamination
[11:12:34] Daniel Gillmor joins the room
[11:12:37] William Barker joins the room
[11:12:45] Leif Johansson joins the room
[11:12:46] ekr@jabber.org joins the room
[11:12:46] <Henk Birkholz> "While the virus does break down and become weaker as time goes on, studies have found traces of SARS Covid-2 after four hours on copper, 24 hours on cardboard, and two to three days on stainless steel and plastic." What about cheeto surface? That seems relevant now
[11:12:50] Victor Vasiliev joins the room
[11:12:53] tale joins the room
[11:13:03] <Ted Hardie> @kaduk schmutz is a different threat model, though.
[11:13:21] <Brendan Moran> @Henk, Those studies, evidently, used a much higher viral loading than is plausible.
[11:13:23] 木村 大和 joins the room
[11:13:34] <Warren Kumari> I've actually seen an intentional "lock" like that -- its a glass "test-tube" with a piece of paper with a SN. It's designed for firedoors which shouldn't be opened, but need to exist for fire marshal purposes -- in an emergency you force the door, it breaks the glass/ rips the paper. Bariscaly a tamper evident seal...
[11:13:41] <Rich Salz> I am worried about national-scale attackers who might try to weaken the key such as by licking all the  cheeto's
[11:13:43] <Yoav Nir> @Henk: More research needed
[11:13:57] <adam> ...in which Ted proposes a new flavor: "Flaming Schmutz Cheetoes"
[11:13:59] Jean-Michel Combes leaves the room
[11:14:04] <francesca> ekr don't forget to request audio as well
[11:14:05] Jean-Michel Combes joins the room
[11:14:11] <Yoav Nir> https://xkcd.com/2268/
[11:14:19] <Justin Richer> @Rich nobody accounts for a nationalized distributed cheeto licking attack. That's why we're here, though!
[11:14:22] <Kathleen Moriarty> Figuring out where this should go - keep feedback coming to get the right people
[11:14:25] <Ted Hardie> @adam Like New Orleans style dirty rice, only much, much worse.
[11:14:28] Jay Daley joins the room
[11:14:29] <Dave Thaler> please pass the VOOM on to the next turtle
[11:14:34] <Jonathan Hoyland> This sounds like "don't ask how the sausage is made".
[11:15:24] Jean-Michel Combes leaves the room
[11:15:25] Jean-Michel Combes joins the room
[11:15:26] <Yoav Nir> @Jonathan: would you send the Jabber room content to the people who use RFCs?
[11:15:28] Greg Schumacher leaves the room
[11:15:37] Greg Schumacher joins the room
[11:15:50] <Justin Richer> @Yoav what happens in Jabber...
[11:16:01] Jean-Michel Combes leaves the room
[11:16:05] <Dan Harkins> @Warren that's like the old spycraft where you subtly placed a hair across the door, if it was opened while you were out the hair would be gone
[11:16:10] <Yoav Nir> What happens in jabber is stored forever in the datatracker
[11:16:18] Jean-Michel Combes joins the room
[11:16:18] Kart Prab leaves the room
[11:16:28] <Jonathan Hoyland> @Yoav What happens in Jabber is public, so if they wanted to know ...
[11:16:35] Jean-Michel Combes leaves the room
[11:16:40] Jean-Michel Combes joins the room
[11:17:08] Kart Prab joins the room
[11:17:15] Jean-Michel Combes leaves the room
[11:17:23] Simon Hicks joins the room
[11:17:34] Jean-Michel Combes joins the room
[11:17:57] <Dave Thaler> would the NDAs prevent saying what color it is?
[11:17:58] <Mohit Sethi> But reference model should be based on some reality. In its current form, I am concerned that it isn't.
[11:18:45] <Rich Salz> Do we have any indication that manufacturers will go along with this?
[11:18:53] <Justin Richer> NIST 800-63 is up for revision right now and we are soliciting feedback!
[11:19:05] Kart Prab leaves the room
[11:19:36] <Yoav Nir> @Rich: Even if we get them in the room, I don't think they'll ever be allowed to say whether they actually use it.
[11:19:45] <Justin Richer> https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
[11:19:50] <Yoav Nir> (or follow the advice)
[11:20:17] Shumon Huque joins the room
[11:20:23] Stefans joins the room
[11:20:51] Tirumaleswar Reddy.K leaves the room
[11:20:51] <Mohit Sethi> My dispatch recommendation is to have this draft around and see if we can get enough people from supply chain involved. I am fine if this document is around for a while and undergoes many updates in the hopes of getting close to reality.
[11:20:54] Tirumaleswar Reddy.K joins the room
[11:21:24] <Robin Wilton> IoT devices are "not Internet visible"?
[11:21:24] <francesca> thanks Mohit
[11:21:32] <Richard Barnes> CABF = ca/browser forum
[11:21:50] <Richard Barnes> @Robin - the stuff this draft about is not internet visible
[11:21:58] <Mohit Sethi> +1 Eric is right that this is not 'Internet' per say
[11:22:09] <Jonathan Hoyland> +1 Ekr
[11:22:30] Quynh Dang joins the room
[11:22:55] <Robin Wilton> @Richard Thanks - wanted to check if the comment was about the devices or "their policies".
[11:22:57] <ekr@jabber.org> See https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.0-1.pdf S 6.1.1
[11:23:10] <Richard Barnes> One of the things about other orgs is that they can be made more NDA-friendly
[11:23:16] <ekr@jabber.org> and 6.2
[11:23:18] <Mark Baushke> Security of supply chain seems to be related to making assertions about pre-existence of advanced persistent threats.
[11:23:21] <Richard Barnes> See, e.g., FIDO
[11:23:23] Jean-Michel Combes leaves the room
[11:23:27] Gert Grammel joins the room
[11:23:34] Jean-Michel Combes joins the room
[11:24:22] <ekr@jabber.org> Well, its worth noting that this is *not* the only supply chain security issue. I mean this seems to assume that the firmware and the hardware are represented.
[11:24:30] <ekr@jabber.org> are as represented and are secure
[11:24:39] <Richard Barnes> @Mark - This is not the Internet Supply Chain Security Task Force
[11:24:50] Christopher Inacio leaves the room
[11:24:50] Christopher Inacio joins the room
[11:25:02] Christopher Inacio leaves the room
[11:25:07] Christopher Inacio joins the room
[11:25:43] <Mark Baushke> @Richard - I know, I am trying to understand where this building block meets manufacturing of network using hardware
[11:25:52] <Ira McDonald> TCG contributed the entirety of IETF NEA drafts 10 years ago
[11:26:10] Jean-Michel Combes leaves the room
[11:26:16] Jean-Michel Combes joins the room
[11:26:53] <Rich Salz> But if you want to do a root generation ceremony, for example, the HSM folks won't tell you unless you sign an NDA.
[11:27:01] Burt Kaliski leaves the room
[11:27:25] Wei Wang joins the room
[11:27:48] secdispatch joins the room
[11:28:36] <Henk Birkholz> to be fair, it is the creation process that is obfuscated, not the output of it
[11:28:44] Hernâni Marques joins the room
[11:28:45] <Leif Johansson> naw
[11:28:50] <Leif Johansson> it was all said
[11:28:51] <Henk Birkholz> but that is a threshold
[11:29:18] Niket Agrawal leaves the room
[11:29:39] <Kathleen Moriarty> Personal thoughts - maybe more time or OASIS makes sense (PKCS#11 &amp; KMIP are in that body) IETF does have all of the other PKCS documents
[11:29:41] <mcr> oops. People always call me "Richard" by mistake.
[11:29:48] <francesca> not me :)
[11:29:48] Wei Wang leaves the room
[11:29:55] <kaduk@jabber.org/barnowl> Richard is talking right now, Michael.
[11:30:13] kivinen joins the room
[11:30:32] <Martin Thomson> BOF seems like the bar for taking this further.
[11:30:35] Burt Kaliski joins the room
[11:30:38] Hendrik Brockhaus leaves the room
[11:30:42] <Jonathan Hoyland> +1 MT
[11:31:11] <Henk Birkholz> +1 BBoF
[11:31:13] <Rich Salz> Armed with only a draft, mcr storms the supply chain seeking NDA content.  Good luck in your mission, Don Quixote
[11:31:14] <Seth Blank> +1 to a BoF and seeing if the right people show up
[11:31:18] Monika Ermert joins the room
[11:31:21] Burt Kaliski leaves the room
[11:31:28] Burt Kaliski joins the room
[11:31:34] Niket Agrawal joins the room
[11:31:39] Burt Kaliski leaves the room
[11:31:39] Burt Kaliski joins the room
[11:31:56] <Leif Johansson> certification schemes are typcially not in scope for the IETF... but they are sometimes the logical extension. I guess we should know how the stuff we produce sometimes jacks into certification schemes...
[11:32:17] <mcr> Interesting that you think it justifies a BOF.  Yes, let's start with a BarBOF.
[11:32:35] Shumon Huque_ joins the room
[11:33:05] <Rich Salz> Brendan is wearing a rock/paper/scissors/lizard/spock shirt, right?
[11:33:22] <Henk Birkholz> hosting the URL or the MUF File?
[11:33:53] <mcr> I wore my 9-layer shirt. But, I think that it couldn't be seen.
[11:34:08] Niket Agrawal leaves the room
[11:34:09] <Leif Johansson> for instance would pkix have been better or worse off working with ca/b forum on webpki?
[11:34:18] Mark Baushke leaves the room
[11:34:19] Wei Wang joins the room
[11:34:22] Mark Baushke joins the room
[11:34:33] <Robin Wilton> +1 Leif; a certification scheme might not be the bottom turtle, but it's probably as low a turtle as one can reach without running into the NDA barrier.
[11:35:00] Frederico Neves joins the room
[11:35:11] Umberto Fattore joins the room
[11:35:35] <Robin Wilton> (And accredited assessors in a certification scheme might be allowed to look behind the curtain and say "yes, things are as they should be".
[11:35:38] <Rich Salz> @Leif, it would have been worse because CAB is ruled by a few rather than community.  Community involvement has its cost, but is worth it.
[11:35:40] <Adam Roach> Rich Salz: https://www.nerdkungfu.com/big-bang-rock-paper-scissors-lizard-spock-t-shirt/
[11:35:40] <sftcd> @leif: pkix (for it's last decadeish) would have been way better to be grounded in reality, I'm not sure cab forum's evolving versions of reality would have helped that much
[11:35:47] Tirumaleswar Reddy.K leaves the room
[11:35:50] Tirumaleswar Reddy.K joins the room
[11:35:54] <sftcd> +1 to rich about cab forum
[11:36:11] <Justin Richer> These acronyms have made for a really weird mental image
[11:36:12] <Michael StJohns> Theres a joke here about a muddy suit
[11:36:26] <Rich Salz> (And Ryan is already rewriting 5280 to meet his taste:)
[11:36:26] <mcr> I actually originally searched the CAB documents for guidelines on PKI depth, and appropriate safety measures for private keys.  I didn't find a lot, but maybe I didn't look in the right places.
[11:36:34] Wei Wang leaves the room
[11:36:36] Wei Wang joins the room
[11:36:52] Ben Campbell leaves the room
[11:36:55] Ben Campbell joins the room
[11:36:58] <Robin Wilton> [standard disclaimer: my comments are made in a personal capacity and should not be taken to represent ISOC]
[11:37:01] <Martin Thomson> So is the attack one where the device claims an incorrect MUD URL?  How does this ensure that the device consumed the SUIT+MUD file?
[11:37:08] <Jonathan Hoyland> If you could add another S you could have MUD + EAT + SUIT + S = MESS :P
[11:37:27] <Deb Cooley> @mcr I don't think the CABF really addresses how a relying party stores its private key
[11:37:36] <mcr> @Deb, that's what I learnt.
[11:37:37] <sftcd> anyone know how much MUD is in real use? I like the theory for enterprise networks but dunno if it's being used there (or anywhere)
[11:37:44] Tirumaleswar Reddy.K leaves the room
[11:37:45] Tirumaleswar Reddy.K joins the room
[11:37:49] <Dave Thaler> @Jonathan: S = Secure url transport?
[11:37:56] <kaduk@jabber.org/barnowl> MT: the RATS can provide assurance that that the device consumed the
file
[11:37:57] Ben Campbell leaves the room
[11:37:58] <mcr> I wound up at an ISO document on doing audits.  Like financial audits.
[11:38:02] <Kathleen Moriarty> People are exploring it and the idea is well received
[11:38:03] Kazunori Fujiwara joins the room
[11:38:07] <Kathleen Moriarty> MUD
[11:38:12] <Martin Thomson> Why would I trust rodents?
[11:38:17] <Deb Cooley> @mcr did you look at Global Platform?  It is my understanding that the recent work happening there is IOT focused.
[11:38:18] Ben Campbell joins the room
[11:38:36] Hernâni Marques leaves the room
[11:38:39] <mcr> no, I'll look.
[11:38:45] <sftcd> @kathleen: yeah it does seem to make some sense for enterprises but even there a lot of ducks need to line up
[11:39:08] <kaduk@jabber.org/barnowl> Hmm, some of this follow-up on the IDevID talk might be nice to have
in the minutes
[11:39:24] <mcr> so, while this work is inspired by IoT, I think that increasingly there are many non-IoT uses of trust anchors.
[11:39:27] <Henk Birkholz> sftcd: MUD use https://mailarchive.ietf.org/arch/msg/mud/42RksCKGLw4b2REnxyIna8re_c8
[11:39:29] <Jonathan Hoyland> Giving more authority to the Firmware company raises "Right to Repair" arguments again.
[11:39:29] <Deb Cooley> @kaduk some of us don't think that fast.  LOL
[11:39:36] Joseph Salowey joins the room
[11:39:37] <Kathleen Moriarty> Yes, it reduces resource requirements if the manufacturer can push this out.  It could also be added as an extension to a CoSWID
[11:39:51] Jay Daley leaves the room
[11:39:55] <RjS> @kaduk: insert a link to the web served jabber archive
[11:40:01] <Leif Johansson> @rich @sftcd my point is that working with ca/b forum might have improved both them and pkix
[11:40:12] Sean Turner leaves the room
[11:40:21] <mcr> @Johnathan, you are totally right. I argue for trusted transfer of ownership, and both Brendan and my draft make the feelings of the firmware company more obvious.
[11:40:26] <ekr@jabber.org> SUIT sgtm
[11:40:32] Wei Wang leaves the room
[11:40:36] Wei Wang joins the room
[11:40:41] Sean Turner joins the room
[11:40:47] Wei Wang leaves the room
[11:40:47] Wei Wang joins the room
[11:40:50] <Martin Thomson> SUIT seems like a good fit.
[11:40:59] <Leif Johansson> for instance the IETF might have pushed more community involvement in ca/b
[11:41:29] Wei Wang leaves the room
[11:41:30] Jaime Jimenez joins the room
[11:41:40] <Deb Cooley> @leif restricting PKIX to web would have been tough.
[11:42:07] Mark Baushke leaves the room
[11:42:10] Mark Baushke joins the room
[11:42:29] Mark Baushke leaves the room
[11:42:30] wilma leaves the room
[11:42:35] Mark Baushke joins the room
[11:42:38] Jonathan Lennox joins the room
[11:43:00] <Leif Johansson> of course.. but just because you can't cover all bases doesn't mean you shouldn't do what you can
[11:43:03] <sftcd> @leif: not sure about that alternate history, cab forum used to be owned by CAs and is now by browsers
[11:43:15] <Justin Richer> RATS in MUDdy SUITS...
[11:43:26] <Leif Johansson> I guess I'm arguing that the IETF shouldn't be afraid of doing work that is adjacent to certification schemes
[11:43:46] Umberto Fattore leaves the room
[11:43:52] <Justin Richer> @leif enabling certification schemes ought to be in scope, in my opinion
[11:43:53] <Leif Johansson> @sftcd yeah it becomes increasingly hypothetical
[11:44:04] <Leif Johansson> @justin yes
[11:44:25] Hernâni Marques joins the room
[11:44:36] <Leif Johansson> and thats kinda what I think @mcr was going for
[11:44:50] <David Waltermire> MIC: (as SUIT chair) From a workload perspective SUIT is working on a single (manifest) draft at this point. Our other drafts are in the publication workflow.
[11:44:52] kaduk@jabber.org/barnowl wonders how much of the audience is enlightened by "the DHC model"
[11:45:00] Hernâni Marques leaves the room
[11:45:16] Hernâni Marques joins the room
[11:45:19] <Nancy Cam-Winget> I agree with Dave's assessment, as described SUIT is more appropriate than RATS
[11:45:30] Hernâni Marques leaves the room
[11:45:30] Hernâni Marques joins the room
[11:45:44] Chris Wendt leaves the room
[11:45:45] Chris Wendt joins the room
[11:45:48] Hernâni Marques leaves the room
[11:45:48] Hernâni Marques joins the room
[11:45:49] <francesca> ack Nancy
[11:46:26] Hernâni Marques leaves the room
[11:46:26] Hernâni Marques joins the room
[11:46:42] Hernâni Marques leaves the room
[11:46:43] Murugiah Souppaya joins the room
[11:46:54] <sftcd> not a dispatch issue but I hope this work enables a way to handle putting openwrt on a router and equivalent for other devices (while being worried nobody will care about that)
[11:46:57] Hernâni Marques joins the room
[11:47:29] Dan Harkins leaves the room
[11:47:46] Dan Harkins joins the room
[11:48:07] <Mohit Sethi> +1 stephen: similar to cyanogenmod on android
[11:48:13] <Brendan Moran> @rich: (rock paper scissors lizard spock) Yes, I am! Good spotting!
[11:48:17] Jie Yang leaves the room
[11:48:17] Wei Pan leaves the room
[11:48:22] <francesca> FYI I am going to add a link to the jabber log to the minutes, as there is a lot of good discussion happening on the side
[11:48:23] <Jonathan Hoyland> @sftcd Me too, it plays into the right to repair stuff too
[11:48:31] Laurence Lundblade leaves the room
[11:48:32] David Waltermire leaves the room
[11:48:35] David Waltermire joins the room
[11:48:36] Swapneel Sheth joins the room
[11:48:37] Diego Lopez joins the room
[11:48:53] <Rich Salz> @Brendan: my son has the same shirt :)
[11:48:53] <sftcd> so is anyone active in rats/suit working from that POV? (I'm not active on those)
[11:49:02] <Dan York> GNS slides: https://www.ietf.org/proceedings/108/slides/slides-108-secdispatch-the-gnu-name-system-00
[11:49:04] <Dave Thaler> "the DHC model" is just what I summarized... protocol WG sets rules and does review, but codepoints are specified in other WGs specific to what it's used for
[11:49:05] <francesca> but just a reminder that not all presenters manage to present and follow the jabber at the same time, so feel free to jump at the mic if you want to make sure they see your comments irl
[11:49:06] <mcr> sftcd, I'm not sure I understand your point, but I'm intringued.
[11:49:19] Hernâni Marques leaves the room
[11:49:19] Hernâni Marques joins the room
[11:49:49] Hernâni Marques leaves the room
[11:49:49] Hernâni Marques joins the room
[11:49:58] <mcr> (about openwrt code)
[11:50:05] Hernâni Marques leaves the room
[11:50:09] Hernâni Marques joins the room
[11:50:12] <sftcd> @mcr: if device assertions are all nicely signed by manufs, but I want to install an open source OS/busybox/whatever then what will break? I hope nothing, but hard to do that *and* check sigs etc as described just before
[11:50:30] Wei Wang joins the room
[11:50:43] Sam Weiler joins the room
[11:50:45] Hernâni Marques leaves the room
[11:51:14] Michael Palage joins the room
[11:51:15] <Ted Hardie> Given that one has the property of global uniqueness and the other does not, the fact the user is not expected to know which is used is startlingly.  And phising seems like the instant response.
[11:52:06] <kaduk@jabber.org/barnowl> How the user('s software) determines a GNS entrypoint seems to be
highly relevant for how easy phishing is
[11:53:23] <Benjamin Schwartz> (This does not meet the definition of Private Information Retrieval.)
[11:53:56] <Brendan Moran> @sftcd: The important question is who holds the update key. Everything else boils down to that, in this model.
[11:53:58] <secdispatch> It's PIR except no protection against confirmation attacks. Real PIR would always be O(n) and thus cannot be done for a name system.
[11:53:58] <kaduk@jabber.org/barnowl> It looks like it, yes, but please keep the dispatch question in mind
at the mic
[11:54:30] <ekr@jabber.org> > It's PIR except no protection against confirmation attacks. Real PIR would always be O(n) and thus cannot be done for a name system.
[11:54:40] <Jonathan Hoyland> This sounds very much like ENS (the Ethereum naming service).
[11:54:51] <kaduk@jabber.org/barnowl> Christian, please use a different jabber nick than "secdispatch"; that
seems highly confusing.
[11:55:05] <Scott Fluhrer> IIRC,  there was some fairly efficient PIR schemes known.  Whether they are efficient enough is something I'm not sure of
[11:55:10] <Rich Salz> I think the dispatch answer was made in his opening sentence: we want to document what we currently do.
[11:55:14] <ekr@jabber.org> Well, no protection against confirmation attacks isn't PIR
[11:55:29] <ekr@jabber.org> And you can in fact do much better than this, even against enumeration attacks
[11:55:31] <Brendan Moran> @sftcd if your mfg provides a way to provision an update key into your device, you're golden.
[11:55:46] <sftcd> @brendan: wrt suit/rats, I'd be happy if someone active there was considering "installing OS instead" a first class problem to be solved and not forgotten, HOWTO is for another day
[11:55:50] <Kathleen Moriarty> @Rich, are you suggesting OPSAWG
[11:56:06] <Jonathan Hoyland> @ekr There are some games you can play to reduce the it to almost sublinear. https://eprint.iacr.org/2019/1075.pdf
[11:56:10] Justin Richer leaves the room
[11:56:19] Shumon Huque leaves the room
[11:56:20] <Rich Salz> I'm suggesting there seems no place for this in IETF
[11:56:22] Shumon Huque joins the room
[11:56:29] <Brendan Moran> @sftcd it's broadly been called "out of scope" because it comes down to a key-provisioning problem.
[11:56:47] <sftcd> yeah that's what I was worried about
[11:56:51] Hernâni Marques joins the room
[11:56:51] Yoshiro Yoneya joins the room
[11:57:00] Sean Turner leaves the room
[11:57:06] Yoshiro Yoneya leaves the room
[11:57:08] <Kathleen Moriarty> @Rich, thanks.  There are some protocols that are just documenting what is in use somewhere.
[11:57:10] Sean Turner joins the room
[11:57:14] Yoshiro Yoneya joins the room
[11:57:17] <ekr@jabber.org> And given that there are a large number of well known names which i would want to know about (e.g., facebook.com) this isn't even close to PIR
[11:57:23] <Rich Salz> @Kathleen: such as?
[11:57:26] <ekr@jabber.org> And has some real obvious attacks
[11:57:42] <Brendan Moran> So, SUIT opted out of key provisioning schemes. I mean, I'm happy to provide some recommendataions, but I'm not sure it fits the current drafts.
[11:57:58] <Kathleen Moriarty> SCEP
[11:58:18] Mark Baushke leaves the room
[11:58:20] Mark Baushke joins the room
[11:58:24] William Barker leaves the room
[11:58:25] <Jonathan Hoyland> How does GNS handle domain squatting. Who owns the master keys?
[11:58:28] <Kathleen Moriarty> There are a bunch of others processed while I was an AD, out of OPSAWG
[11:58:28] <Warren Kumari> @ erk: I believe that you can have "www.facebook.com" in the DNS *and* in the GNS... this will not confuse users *at all*...
[11:58:31] William Barker joins the room
[11:58:37] William Barker leaves the room
[11:58:37] <ekr@jabber.org> @warren: yes
[11:58:38] <Benjamin Schwartz> Brendan: I think this is more about "bypass" than "provisioning".
[11:58:40] <sftcd> @brendan: not sure key provisioning is the way to think about it - openwrt are not a manuf that runs key servers for example
[11:58:44] <secdispatch> ekr: don't get hung up on the term, we know it is the wrong term, but it gives people a first (approximate, incomplete) idea of what the crypto does.
[11:58:57] <ekr@jabber.org> Christian: please change your handle here
[11:58:59] <Rich Salz> I think SCEP was different.  (And all Simon Joseffson's crypto work).
[11:59:03] <Warren Kumari> @Jonathan: And copyright and offensive names... Zookos triangle springs to mind....
[11:59:13] <Mohit Sethi> so zone owners in dns will directly map to zone owners in gns?
[11:59:20] <secdispatch> No.
[11:59:21] <Rich Salz> AH but wait he just said looking to improve/revise the protocol, so I withdraw most of my concern.
[11:59:23] <Brendan Moran> @sftcd, should we take this to gather.town, or somewhere else so it doesn't distract from the current discussion?
[11:59:33] <ekr@jabber.org> Well, having a cryptographic protocol which makes misleading security claims is not a good start
[11:59:47] <sftcd> gather.meh ;-) but sure it's not related to gnunet
[11:59:58] Mark Baushke leaves the room
[12:00:00] Mark Baushke joins the room
[12:00:03] <adam> I'm struggling to figure out whether this is intended to mirror the contents of the DNS, or compete with it. The draft says "GNS provides a privacy-enhancing alternative to the Domain Name System (DNS)."
[12:00:06] <secdispatch> We don't make missleading claims, the slides are just very, very high-level. If you read the papers, we have always been clear about the guessing attack.
[12:00:06] <Jonathan Hoyland> Have to go to another meeting, but I don't think I like this.
[12:00:13] Roland Jesske leaves the room
[12:00:19] <Seth Blank> I also don't understand how updates work. this feels like it all breaks apart at PKEY updates. Or am I missing something?
[12:00:22] Jonathan Hoyland leaves the room
[12:00:30] <Daniel Gillmor> secdispatch: who are you?  it would be great to have a nick that reflects who you are.
[12:00:34] Leif Johansson leaves the room
[12:00:47] Leif Johansson joins the room
[12:01:04] <secdispatch> Sorry, DKG, using a stupid client where I can't set my nick. I'm Christian, co-author on the draft.
[12:01:06] <kaduk@jabber.org/barnowl> secdispatch (grothoff@jabber.hot-chilli.net/converse.js-85609662)
[12:01:20] <ekr@jabber.org> You say its a guessing attack, but this is a low cardinality space.
[12:01:27] <Rich Salz> I think BoF and then a new WG
[12:01:37] <secdispatch> Public keys are not a low-cardinality space.
[12:01:43] <secdispatch> And GNS public keys are not public.
[12:01:44] <kaduk@jabber.org/barnowl> I mean, your jabber client seems to be doing a great job at
illustrating firsthand the confusion that results when there are
naming collisions
[12:01:45] <ekr@jabber.org> The *names* are
[12:01:56] <Warren Kumari> @Wes: +lots, many laots
[12:01:57] <Christopher Wood> 'GNS public keys are not public.' ?
[12:02:06] <secdispatch> labels can be 63 characters, so that's enough for a strong passphrase.
[12:02:17] <secdispatch> Yes, public keys are never exposed in the protocol and can be used as shared secrets.
[12:02:17] <Harald Alvestrand> for experiments, there is absolutely no reason for a TLD.
[12:02:21] Susan Symington leaves the room
[12:02:30] <ekr@jabber.org> This just ignores the reality that people use simple names most of the time
[12:02:40] Jay Daley joins the room
[12:02:42] <Samuel Weiler> hta++
[12:03:23] <Daniel Gillmor> the
[12:03:29] Susan Symington joins the room
[12:03:34] <Daniel Gillmor> the *point* of the DNS is so that people can use low-entropy labels
[12:03:37] <sftcd> Yeah, I think helping them to experiment is fine for those who wanna, and they can come back when they have more work done/traction/experimental deployment (if that happens)
[12:03:51] <Daniel Gillmor> if we're going to use high-entropy labels, we might as well just use network addresses or public keys.
[12:04:00] <kaduk@jabber.org/barnowl> [I'll also note for the audience here that the technology proposed in
the current draft seems to inherently be not-crypto-agile, which is in
contravention to BCP 201.]
[12:04:58] <sftcd> @ben: there's an interesting question about BCP201 - if wireguard turned up here would we try re-design it for agility when it's designed differently? I hope not
[12:05:06] <secdispatch> The draft documents what we have done (hence informational), but if a good/better standard evolves from it (standards track), that's also a great result for us.
[12:05:26] <Daniel Gillmor> i've spent a lot of time talking to donenfeld about his plans for wireguard, and how to handle crypto agility
[12:05:36] <Martin Thomson> if wireguard came here looking to do v2, I don't see why changes would be unwelcome, but documenting v1 is better suited to not-the-IETF
[12:05:40] Michael Richardson leaves the room
[12:05:52] <Rich Salz> +Martin
[12:06:04] <Daniel Gillmor> his basic response is "if the crypto choices are bad, we'll make wireguard2 and tell people to deploy it on a different port"
[12:06:09] <kaduk@jabber.org/barnowl> sftcd: the risk of setting yourself up for an extremely large and
long-running fire drill if something goes wrong seems like a long-tail
risk that is a bad idea to ignore
[12:06:13] <Yoav Nir> It's fine as a private submission for an informational draft
[12:06:18] John Border joins the room
[12:06:24] <Martin Thomson> dkg: that is not unreasonable
[12:06:35] <Daniel Gillmor> i have to say that this answer doesn't seem to have *more* problems than we're having with our fancier in-band crypto agility
[12:06:40] <Martin Thomson> the downgrade attack scenario is a little shaky
[12:06:41] <Daniel Gillmor> MT: agreed
[12:06:47] <Daniel Gillmor> (on both counts)
[12:07:07] <kaduk@jabber.org/barnowl> And IIUC a wireguard2 on a separate port is significantly less bad
than a GNS2 with a fully different naming/key hierarchy from scratch
[12:07:09] <sftcd> right, crypto agility can be done en-mass as per wireguard (an approach I'm liking better as time goes on)
[12:07:35] <secdispatch> You will have inconsistent results in DNS from SCION anyway.
[12:07:35] <sftcd> but that's a BCP201 aside - I've no opinion on GNS' current crypto
[12:07:45] <Daniel Gillmor> kaduk: yes, nameservice crypto is harder to do like this
[12:07:58] <Daniel Gillmor> (as we discussed in DNSOP yesterday, iirc)
[12:08:23] Dave Thaler leaves the room
[12:08:25] <sftcd> did they actually ask DINRG if they'd be happy to see work on GNS there?
[12:08:33] <sftcd> that could make sense
[12:08:42] Dave Thaler joins the room
[12:08:43] <secdispatch> We want to know who is interested (if DIRNG wants it?), and/or we could have a WG around MEDUP setup for this, or go ISE, depending on what IETF/ADs think best.
[12:09:07] <secdispatch> We presented at DINRG, but they didn't seem to be eager to adopt.
[12:09:12] <sftcd> ah
[12:09:21] <francesca> DINRG people here who want to come to the mic?
[12:09:23] <Yoav Nir> It's interesting that they mix "totally decentralized" with "we'll tell everyone to re-deploy"
[12:09:35] <secdispatch> Some people on MEDUP were interested, but they are not a WG (yet?).
[12:10:15] John Border leaves the room
[12:10:15] John Border joins the room
[12:10:48] Ira McDonald leaves the room
[12:10:56] Ira McDonald joins the room
[12:10:56] <Daniel Gillmor> and draft-trammell-rains-protocol
[12:11:24] <secdispatch> GNS doesn't define the root, we leave it to each user. Handbreak does define a new root.
[12:11:42] <ekr@jabber.org> I am starting think we should just define alt-namespace.arpa and make things in it FCFS
[12:11:46] <ekr@jabber.org> and then go home
[12:11:46] <Christian Amsüss> To be fair, they *asked* to get a small namespace as .gnu -- and were told to just conflict.
[12:12:04] Steve Olshansky joins the room
[12:12:07] <secdispatch> ekr: that was rejected after 1000+ e-mails on dnsop. See RFC 8244.
[12:12:20] Mark Baushke leaves the room
[12:12:22] Mark Baushke joins the room
[12:12:22] <Sean Turner> +1 to BenS
[12:12:30] Mark Baushke leaves the room
[12:12:38] Mark Baushke joins the room
[12:12:38] <secdispatch> Exactly. dnsop told us to not use .gnu, so we are now not.
[12:12:43] Göran Selander joins the room
[12:12:43] <kaduk@jabber.org/barnowl> > chain up to the DNS root through a name you control
Note that the "name you control" does not actually have to be a tld!
[12:12:45] John Border leaves the room
[12:12:49] <ekr@jabber.org> No, I'm not saying .gnu
[12:12:51] <Harald Alvestrand> gnu.org is a perfectly reasonable zone to experiment in.
[12:12:57] <ekr@jabber.org> I'm saying something under a non-tld
[12:12:59] <tale> Well, no, that's not quite the right characterization of the situation.
[12:13:03] <Ted Hardie> Not in the ICANN world, as I understand it.  They would have to have registration agreements that would likely make the GNS model of "mostly the same" highly problematic.
[12:13:06] <tale> dnsop is not authorized to grant .gnu.
[12:13:36] <secdispatch> tale: see .local and .onion.
[12:13:42] <Alissa Cooper> why does the hook need to be a tld?
[12:13:43] <Harald Alvestrand> you can probably get g.nu if you pay enough.
[12:14:01] <sftcd> fwiw, I also don't understand why a 2LD isn't good enough for experimenting
[12:14:03] <Christian Amsüss> … or .home …
[12:14:04] <tale> I am not going to re-litigate the special use names situation.
[12:14:13] <secdispatch> Alissa: it doesn't need to be. We now allow any user to grab any domain name and delegate that to GNS.
[12:14:25] <Harald Alvestrand> ICANN's process for getting a new TLD is not likely to get rolling again before 2022 or so.
[12:14:39] <francesca> nope not possible (Secdispatch does not adopt drafts)
[12:14:58] <sftcd> (I guess if GNS and similar cause ICANN to not mint more TLDs for a while, we should thank them:-)
[12:15:01] <Mohit Sethi> next version of the dns camel -&gt; the gns camel
[12:15:10] <Roman Danyliw> Secdispatch will not do drafts
[12:15:17] <Samuel Weiler> LOL at Mohit
[12:15:22] <Martin Thomson> so the person using the nick "secdispatch" is a proponent of this draft.  That's a little misleading.
[12:15:40] <secdispatch> Yes, sorry. Don't know how to change, first time user of this.
[12:15:49] <Samuel Weiler> they explained it as a tech failure...
[12:16:27] Ibrahim Seremet joins the room
[12:16:44] <Daniel Gillmor> ah, naming confusion.  if only there were a protocol to resolve this…
[12:17:03] <kaduk@jabber.org/barnowl> Christian Grothoff does not seem to be registered for IETF 108
(https://registration.ietf.org/108/participants/remote/).  An IETF
registration would allow participation via meetecho, which does use
this same chat and provides a usable display name.
[12:17:23] Ben Campbell leaves the room
[12:17:24] <secdispatch> I'm on meetecho indirectly via Martin (same physical room).
[12:17:26] Ben Campbell joins the room
[12:18:02] Daisuke Ajitomi leaves the room
[12:18:10] <secdispatch> True, hyperlocal root is an analogy, not exactly what we do.
[12:18:15] Ben Campbell leaves the room
[12:18:15] Ben Campbell joins the room
[12:18:21] Daisuke Ajitomi joins the room
[12:19:13] gnas@xmpp.jp joins the room
[12:19:42] <ekr@jabber.org> Going back to what Ben said there are like a ziillion of alt-name protocols.
[12:19:54] Sean Turner leaves the room
[12:20:07] <ekr@jabber.org> What makes this the one we should be engaging with
[12:20:09] Sean Turner joins the room
[12:20:14] Leif Johansson leaves the room
[12:20:22] Daisuke Ajitomi leaves the room
[12:20:26] <kaduk@jabber.org/barnowl> There seems to be a several second delay after unmuting, possibly
scaling with the number of people receiving the stream
[12:20:30] <sftcd> medup is mail
[12:20:46] <Warren Kumari> It is clearly aimed at mapping foo.bar.baz -&gt; an internet resource like a web server or an ssh host. If it were designed to map #bob*smith to identify a user that would be differnt...
[12:20:50] <secdispatch> feedback and evolve
[12:21:16] <secdispatch> In fact, document is already evolving based on feedback we got so far.
[12:21:38] <sftcd> @christian: why can't you experiment for a couple of years below a 2LD?
[12:21:50] <secdispatch> 2LD?
[12:21:56] <sftcd> second level domain
[12:22:04] <Harald Alvestrand> like g.nu
[12:22:15] Ben Campbell leaves the room
[12:22:17] Ben Campbell joins the room
[12:22:21] <Yoav Nir> The chairs grant BOFs?  I thought that was the ADs
[12:22:24] Wei Wang leaves the room
[12:22:29] <Rich Salz> +1 to the mailing list!
[12:22:34] <ekr@jabber.org> Richard has made himself an honorary AD
[12:22:43] Ben Campbell leaves the room
[12:22:49] <sftcd> richard ran away screaming from AD-land:-)
[12:22:51] <secdispatch> Users can deploy GNS for experiments under a 2LD or whatever they choose right now.
[12:22:52] <Adam Roach> Yoav -- the chairs summarize the WG's consensus, which serves as input to the ADs.
[12:23:15] <Dan York> On a separate note, I'd just like to thank Carrick Bartle who is taking excellent notes on this session over at https://codimd.ietf.org/notes-ietf-108-secdispatch
[12:23:16] Ben Campbell joins the room
[12:23:30] <sftcd> @christian: ok so a 2LD can work, then why not build some experience with one and use that to mature your stuff?
[12:23:31] <Yoav Nir> @Adam I know the process :-)  Just responding to what Richard said
[12:23:43] <Daniel Gillmor> i don't understand why medup is correct -- it seems out of scope
[12:23:49] <secdispatch> sftcd:because we were quite clearly told to just conflict.
[12:23:50] <Mohit Sethi> IRTF is a better place
[12:23:56] <Joseph Hall> already been there, Ben?
[12:24:12] <sftcd> so I neither recall nor understand "told to just conflict"
[12:24:36] <sftcd> and even if you were told that, if there's a more sensible option, then taking the sensible route seems better
[12:24:44] <Alissa Cooper> Melinda will send email to the list
[12:25:04] <secdispatch> Usability experiments show conflicting is more usable.
[12:25:15] <Brendan Moran> @sftcd: I'm in gather.town if you want to talk about installation rights after secdispatch.
[12:25:35] cw-ietf leaves the room
[12:25:46] <sftcd> @brendan: sorry the moments between meetings are taken with local matters;-) drop me mail?
[12:25:52] <Alissa Cooper> the minutes aren't super helpful. https://www.ietf.org/proceedings/104/minutes/minutes-104-dinrg-00
[12:25:55] <Michael StJohns> Um... is dispatch to an RG one of the possible outcomes for this?
[12:26:11] John Border joins the room
[12:26:13] <Warren Kumari> @Christian: Wait. When/who told you told to "just conflict"?
[12:26:19] <sftcd> fwiw I also don't get "Usability experiments show conflicting is more usable"
[12:26:20] <Michael StJohns> I reviewed the chair slides and that'
[12:26:26] <Yoav Nir> SecDispatch dispatching to X does not mean that X has to accept it.
[12:26:28] Aleksi Peltonen leaves the room
[12:26:28] Aleksi Peltonen joins the room
[12:26:30] <Michael StJohns> s not one of the 5 choices
[12:26:46] Aleksi Peltonen leaves the room
[12:26:47] Aleksi Peltonen joins the room
[12:26:55] <ekr@jabber.org> Well, that seems like perhaps a defect in the charter
[12:27:09] Aleksi Peltonen leaves the room
[12:27:09] Aleksi Peltonen joins the room
[12:27:12] <Christian Amsüss> sftcd, warren: my (watching-from-afar participant) understanding of the "you don't get .gnu nor .gnu.arpa" outcome was that gnunet should just place itself in the system resolver at the place where it usually defers to dns resolution
[12:27:16] <Michael StJohns> The IRTF and IETF are notionally different organizations..
[12:27:23] tale leaves the room
[12:27:25] tale joins the room
[12:27:27] <secdispatch> Warren: I presented at AFNIC, about how we could use GNS to conflict/take over .fr, and they said sure, show it works. That's what we then did our usability experiments with.
[12:27:39] <Yoav Nir> "take it to CAB/F or W3C or IEEE" should be a valid outcome, and we can't tell them what to do either
[12:27:43] 木村 大和 leaves the room
[12:27:54] <ekr@jabber.org> Yeah this isn't an exhaustive list
[12:27:55] 木村 大和 joins the room
[12:27:58] <kaduk@jabber.org/barnowl> The charter says "options for handling new work include" but not "only
include"
[12:28:04] <ekr@jabber.org> (What kaduk said)
[12:28:11] <Michael StJohns> That's also not on the list... unless you consider "IETF should not work on this topic"
[12:28:20] <sftcd> if I were a proponent of GNS, I'd go work under a 2LD and produce evidence that it's useful
[12:28:31] Phillip Hallam-Baker joins the room
[12:28:36] <sftcd> I would not myself try butt heads with the real world DNS
[12:28:55] <secdispatch> sftcd: to produce evidence that it is useful, you also need to address uability, and a 2LD confuses users.
[12:29:01] <Benjamin Schwartz> I think a full BoF would also have to include several other active alt-name groups who are interested in forming a consensus protocol
[12:29:14] Diego Lopez leaves the room
[12:29:16] <Warren Kumari> One person/group talking about their part of the namespace doesn't reflect all -- if I said "you can rob the bank of England" that doesn't mean you are actually allowed to do it...
[12:29:27] <secdispatch> Note that none of the other systems (ENS, namecoin, handbrake) ever used a 2LD
[12:29:29] <Martin Thomson> software can elide the 2LD
[12:29:30] <sftcd> @christian: I suspect you don't have actual users to confuse, and won't get 'em if you think you need a TLD
[12:29:34] <Daniel Gillmor> @secdispatch: can GNUNET clients mask the trailing 2LD?
[12:29:38] Swapneel Sheth leaves the room
[12:29:41] <ekr@jabber.org> secdispatch: people don't seem particularly confused by foo.github.io
[12:29:43] <Daniel Gillmor> (or, what MT said)
[12:29:52] <Martin Thomson> dkg: like minds :)
[12:29:56] <Daniel Gillmor> just make sure you register it in the public suffix list
[12:30:07] <secdispatch> DKG: software could of course do anything.
[12:30:08] <Yoav Nir> Sing!
[12:30:08] <Brendan Moran> @sftcd, or if you're available *now*
[12:30:10] tim costello leaves the room
[12:30:11] <Adam Roach> dkg / mt: How is that substantively different than "just conflict"?
[12:30:15] John Border leaves the room
[12:30:16] Victor Vasiliev leaves the room
[12:30:18] Michael StJohns leaves the room
[12:30:20] Murugiah Souppaya leaves the room
[12:30:22] Christopher Brown leaves the room
[12:30:23] <Jay Daley> great plug for gather.town !
[12:30:24] Dan Harkins leaves the room
[12:30:25] Stephen Farrell leaves the room
[12:30:25] <Christian Amsüss> sftcd: i'm not defending the overlay over dns an the resulting discussion, i'm just saying they tried that and got told to do otherwise
[12:30:27] <Adam Roach> It seems to be a very "if a tree falls in the forest" approach.
[12:30:28] Mark McFadden leaves the room
[12:30:31] <Benjamin Schwartz> Presumably only GNS-aware software would skip the suffix
[12:30:31] Todd Herr leaves the room
[12:30:33] sftcd leaves the room
[12:30:37] <Yoav Nir> Sing along with https://www.youtube.com/watch?v=cGVdCGxh1IY
[12:30:38] Robert Sparks leaves the room
[12:30:38] Adam Montville leaves the room
[12:30:39] Mark Nottingham leaves the room
[12:30:39] Robin Wilton leaves the room
[12:30:41] <Daniel Gillmor> Adam: when eliding the 2LD, you can show a graphical indicator
[12:30:41] Valery Smyslov leaves the room
[12:30:41] amontville leaves the room
[12:30:42] Jonathan Hammell leaves the room
[12:30:43] <ekr@jabber.org> Given that this is going to require client software anyway
[12:30:45] Chi-Jiun Su leaves the room
[12:30:48] <ekr@jabber.org> client software changes
[12:30:54] Joseph Hall leaves the room
[12:31:01] <Martin Thomson> abr: you can do a lot of things, but conflicts is very much part of the user experience already
[12:31:02] <ekr@jabber.org> And in the context of browsers, the URL being displayed is increasingly low priority
[12:31:04] kivinen leaves the room
[12:31:10] Brian Campbell leaves the room
[12:31:10] Brian Campbell joins the room
[12:31:13] <Daniel Gillmor> ekr :white_frowning_face:
[12:31:13] <secdispatch> ekr: we hook libc NSS, so no client software changes are needed for some uses.
[12:31:17] Samuel Weiler leaves the room
[12:31:19] Yaron Sheffer leaves the room
[12:31:19] Kirsty P leaves the room
[12:31:20] James Adair leaves the room
[12:31:21] 木村 大和 leaves the room
[12:31:21] Ira McDonald leaves the room
[12:31:23] Ben Campbell leaves the room
[12:31:24] Bill Munyan leaves the room
[12:31:27] Patrick McManus leaves the room
[12:31:27] Christopher Wood leaves the room
[12:31:28] Richard Barnes leaves the room
[12:31:28] Martin Schanzenbach leaves the room
[12:31:28] Andrew McConachie leaves the room
[12:31:28] Jeffrey Yasskin leaves the room
[12:31:29] Shumon Huque_ leaves the room
[12:31:29] Jaime Jimenez leaves the room
[12:31:29] Mike Boyle leaves the room
[12:31:30] Dan York leaves the room
[12:31:30] Jim Schaad leaves the room
[12:31:30] Roman Danyliw leaves the room
[12:31:30] Martin Thomson leaves the room
[12:31:30] Shumon Huque leaves the room
[12:31:30] Alissa Cooper leaves the room
[12:31:30] Yoshiro Yoneya leaves the room
[12:31:31] Cullen Jennings leaves the room
[12:31:31] Benjamin Kaduk leaves the room
[12:31:31] Guy Fedorkow leaves the room
[12:31:31] Ivaylo Petrov leaves the room
[12:31:31] Aleksi Peltonen leaves the room
[12:31:31] Jay Daley leaves the room
[12:31:32] Francisco Arias leaves the room
[12:31:33] Andrew Campling leaves the room
[12:31:33] Deb Cooley leaves the room
[12:31:33] Dominique Lazanski leaves the room
[12:31:33] Brian Campbell leaves the room
[12:31:34] Mohit Sethi leaves the room
[12:31:34] Eric Rescorla leaves the room
[12:31:34] Kazunori Fujiwara leaves the room
[12:31:34] Steve Olshansky leaves the room
[12:31:35] Bernie Hoeneisen leaves the room
[12:31:35] Dragana Damjanovic leaves the room
[12:31:36] Dave Thaler leaves the room
[12:31:36] Scott Fluhrer leaves the room
[12:31:36] Carsten Bormann leaves the room
[12:31:37] Scott Hollenbeck leaves the room
[12:31:37] Wes Hardaker leaves the room
[12:31:37] Matthew Miller leaves the room
[12:31:37] <Quynh Dang> see all later!
[12:31:39] Bill Silverajan leaves the room
[12:31:39] andrew_campling leaves the room
[12:31:39] Nancy Cam-Winget leaves the room
[12:31:40] <Benjamin Schwartz> secdispatch: That's the problem.  Users need to know which namespace they're looking at.
[12:31:40] Jonathan Lennox leaves the room
[12:31:41] Tero Kivinen leaves the room
[12:31:42] Göran Selander leaves the room
[12:31:43] Mike Jones leaves the room
[12:31:44] Ted Hardie leaves the room
[12:31:46] David Waltermire leaves the room
[12:31:47] Greg Schumacher leaves the room
[12:31:48] Brendan Moran leaves the room
[12:31:49] Christopher Inacio leaves the room
[12:31:49] Quynh Dang leaves the room
[12:31:50] Michael Jenkins leaves the room
[12:31:50] Yuichi Takita leaves the room
[12:31:50] Tadahiko Ito leaves the room
[12:31:50] Francesca Palombini leaves the room
[12:31:51] James Galvin leaves the room
[12:31:54] Phillip Hallam-Baker leaves the room
[12:31:55] Gert Grammel leaves the room
[12:31:59] Yoav Nir leaves the room
[12:32:00] Joseph Salowey leaves the room
[12:32:06] Carl Mehner leaves the room
[12:32:07] <secdispatch> Benjamin: that's why we aske for a special-use TLD, but that was rejected by IETF.
[12:32:12] Marco Tiloca leaves the room
[12:32:13] Seth Blank leaves the room
[12:32:21] Ash Wilson_522 leaves the room
[12:32:46] Henk Birkholz leaves the room
[12:32:53] Adam Roach leaves the room
[12:32:53] Karen O'Donoghue leaves the room
[12:32:53] Warren Kumari leaves the room
[12:32:53] Mark Baushke leaves the room
[12:32:53] Yumi Sakemi leaves the room
[12:32:53] Sean Turner leaves the room
[12:32:53] Christian Amsüss leaves the room
[12:32:53] Jean-Michel Combes leaves the room
[12:32:53] Hernâni Marques leaves the room
[12:32:53] Harald Alvestrand leaves the room
[12:32:53] Ibrahim Seremet leaves the room
[12:32:53] Frederico Neves leaves the room
[12:32:53] Satoru Kanno leaves the room
[12:32:53] Chris Wendt leaves the room
[12:32:53] Daniel Migault leaves the room
[12:32:53] Michael Palage leaves the room
[12:32:53] Susan Symington leaves the room
[12:32:53] Simon Romano leaves the room
[12:32:53] Takahiro Nemoto leaves the room
[12:32:53] Lorenzo Miniero leaves the room
[12:32:53] Benjamin Schwartz leaves the room
[12:32:53] Kohei Isobe leaves the room
[12:32:53] Zaid AlBanna leaves the room
[12:32:53] Daniel Gillmor leaves the room
[12:32:53] Steffen Klassert leaves the room
[12:32:53] Carrick leaves the room
[12:32:53] Monika Ermert leaves the room
[12:32:53] Stefan Santesson leaves the room
[12:32:53] Tirumaleswar Reddy.K leaves the room
[12:32:53] Rich Salz leaves the room
[12:32:53] Kathleen Moriarty leaves the room
[12:32:53] tale leaves the room
[12:32:53] Mike Ounsworth leaves the room
[12:32:53] Burt Kaliski leaves the room
[12:32:53] Simon Hicks leaves the room
[12:32:55] marco.tiloca leaves the room
[12:33:03] gnas@xmpp.jp leaves the room
[12:33:29] Chris Inacio leaves the room: Disconnected: Replaced by new connection
[12:33:29] Chris Inacio joins the room
[12:34:33] c.amsuess joins the room
[12:34:50] Ivaylo Petrov joins the room
[12:34:56] ekr@jabber.org leaves the room
[12:35:17] secdispatch leaves the room: Disconnected: BOSH client silent for over 60 seconds
[12:35:55] Ivaylo Petrov leaves the room
[12:37:21] Meetecho leaves the room
[12:47:51] kaduk@jabber.org/barnowl leaves the room
[12:50:26] adam leaves the room
[12:50:45] avezza leaves the room
[12:52:05] Ivaylo Petrov joins the room
[12:52:35] francesca leaves the room
[12:53:10] Ivaylo Petrov leaves the room
[12:56:00] alex-meetecho leaves the room
[12:56:19] Sam Weiler leaves the room
[12:57:33] Chris Inacio leaves the room: Disconnected: Replaced by new connection
[12:58:30] m&m leaves the room
[12:59:35] ipetrov joins the room
[13:00:37] RjS leaves the room
[13:00:39] marco.tiloca joins the room
[13:00:51] ipetrov leaves the room
[13:01:06] Stefans leaves the room
[13:01:08] ipetrov joins the room
[13:06:17] Sam Weiler joins the room
[13:20:28] Ivaylo Petrov joins the room
[13:21:34] Ivaylo Petrov leaves the room
[13:22:08] Ivaylo Petrov joins the room
[13:23:18] Ivaylo Petrov leaves the room
[13:54:20] mcr leaves the room
[13:54:24] Sam Weiler leaves the room
[13:55:33] Sam Weiler joins the room
[14:02:41] marco.tiloca leaves the room
[14:05:17] Wes Hardaker x2 leaves the room
[14:07:32] ipetrov leaves the room: offline
[14:08:56] Sam Weiler leaves the room
[14:11:16] chi.jiun.su joins the room
[15:40:29] chi.jiun.su leaves the room
[15:45:32] ko-isobe leaves the room
[16:14:30] cabo leaves the room
[16:27:41] cabo joins the room
[16:46:27] jmagallanes leaves the room
[18:37:32] cabo leaves the room
[18:39:55] cabo joins the room
[18:52:02] cabo leaves the room
[19:03:52] Mike StJohns joins the room
[19:04:02] Mike StJohns leaves the room
[19:20:30] cabo joins the room
[19:43:34] cabo leaves the room
[19:54:03] Mike StJohns leaves the room
[20:00:31] Mike StJohns joins the room
[20:54:53] cabo joins the room
[21:01:22] cabo joins the room
[21:01:38] cabo leaves the room
[21:02:01] cabo leaves the room
[21:13:50] Ash Wilson joins the room
[21:24:36] Mark Baushke joins the room
[21:35:32] Mark Baushke leaves the room: Disconnected: Received SIGTERM
[21:35:32] Ash Wilson leaves the room: Disconnected: Received SIGTERM
[21:37:28] Ash Wilson joins the room
[21:48:29] Mark Baushke joins the room