IETF
trans
trans@jabber.ietf.org
Tuesday, November 11, 2014< ^ >
tomfitzhenry has set the subject to: https://tools.ietf.org/wg/trans/agenda
Room Configuration
Room Occupants

GMT+0
[00:01:56] ilari.liusvaara joins the room
[00:19:07] Dan York joins the room
[00:28:25] PaulWouters joins the room
[00:41:24] PaulWouters leaves the room
[00:48:49] PaulWouters joins the room
[00:52:06] Pau Boemio joins the room
[00:52:12] Pau Boemio leaves the room
[00:53:06] Pau Boemio joins the room
[00:53:29] Pau Boemio leaves the room
[00:54:03] Pau Boemio joins the room
[00:58:06] Dan York leaves the room
[01:04:57] Eran Messeri joins the room
[01:05:40] Eran Messeri leaves the room
[01:09:15] Lorenzo Miniero joins the room
[01:10:48] Eran Messeri joins the room
[01:13:24] <Pau Boemio> Hi Eran
[01:13:32] <Pau Boemio> still no video?
[01:13:46] <Pau Boemio> I'm from Meetecho...
[01:13:46] <Eran Messeri> Nope
[01:14:00] Rick Andrews joins the room
[01:15:03] Eran M. joins the room
[01:15:10] Melinda Shore joins the room
[01:15:33] Rick Andrews leaves the room
[01:15:54] <Eran Messeri> btw, trying to join from a different machine yields the same result, no video
[01:16:10] <Pau Boemio> that's definitely weird
[01:16:24] <Pau Boemio> maybe it's something related to your acccess network
[01:16:44] <linus> guess it's too late to fix this but for another meeting, it'd be great if we could have an etherpad reachable over https
[01:17:05] Rick Andrews joins the room
[01:17:15] <linus> i don't fancy loading js at all, but over http no way
[01:17:20] <Melinda Shore> We can do that
[01:17:47] Eran M. leaves the room
[01:17:59] Lorenzo Miniero leaves the room
[01:18:26] Eran M. joins the room
[01:18:37] <Eran Messeri> Melinda, I'm completely blind here, can't see neither the video feed nor my slides
[01:19:04] <Melinda Shore> What do you need to make it easier to run it blind?
[01:19:24] <Melinda Shore> Can you use your own slides locally and ask us to change slides here?
[01:19:24] <Eran Messeri> Tell me if someone is at the mic for a question or if the mic queue has died down so I can proceed
[01:19:54] Eran M. leaves the room
[01:20:07] Phill joins the room
[01:20:41] Dan York joins the room
[01:21:02] <linus> did sound just disappeared for others than me?
[01:21:15] <Melinda Shore> Paul is going to speak up.
[01:21:19] <Melinda Shore> Can you hear him now?
[01:21:22] <Eran Messeri> yes
[01:21:29] <linus> nope
[01:21:40] <Melinda Shore> Is anybody else on audio?
[01:22:22] linus has sound again
[01:22:35] <Melinda Shore> Eran is actually remote, on a different mike.
[01:22:44] Yoav Nir joins the room
[01:23:12] Stephen Farrell joins the room
[01:23:35] Kathleen Moriarty joins the room
[01:23:39] <Melinda Shore> I'll be your Jabber relay today
[01:24:39] <Dan York> Melinda - thank you.  I'm in another session but want to come over for the CT for DNSSEC session when it comes up late in your agenda.
[01:24:55] <Melinda Shore> I'll post when it comes up.
[01:25:09] Aaron Zauner joins the room
[01:25:12] <Dan York> thx... I'll be watching  the flow here.
[01:29:42] Karen O'Donoghue joins the room
[01:32:01] Kurt Andersen joins the room
[01:33:53] Karen O'Donoghue leaves the room
[01:34:25] Steve Kent joins the room
[01:34:43] Karen O'Donoghue joins the room
[01:43:10] Karen Seo joins the room
[01:43:34] <Melinda Shore> Currently on update from Ben Laurie
[01:43:59] <Stephen Farrell> cms.signerInfo will require profiling for that
[01:44:21] Kurt Andersen joins the room
[01:44:37] <Stephen Farrell> a new OID here can be added in IANA, I think those registries are now kosher there
[01:44:56] <Melinda Shore> Great - thanks.  
[01:45:21] <Stephen Farrell> Russ H. knows details - he used manage the registries personally
[01:45:27] <Steve Kent> comment from Steve Kent: since 2 of the 3 formats are aSN.1 why use TKLS
[01:46:04] <Stephen Farrell> audio wasn't clear there
[01:46:22] <Yoav Nir> someone said: "because ASN.1 sucks"
[01:46:25] <Melinda Shore> Phill volunteered that ASN.1 sucks, Paul Hoffman agreed.
[01:46:27] <Kathleen Moriarty> nothing official was said…
[01:46:33] <Stephen Farrell> @yoav: I'm shocked:-)
[01:46:34] <Steve Kent> If Google mandates client behavior for EV certs in Chrome, why does it not belong in 6962-bis?
[01:46:48] <Melinda Shore> Is that a comment for the floor?
[01:46:54] <Steve Kent> yes, it is.
[01:47:59] jeff.hodges@ecotroph.net joins the room
[01:48:39] <Yoav Nir> I wonder if it's ASN.1 that sucks or BER/DER
[01:48:41] metricamerica joins the room
[01:49:09] <Stephen Farrell> tedious last-generation encoding sucks
[01:51:14] <Steve Kent> but the authors of the doc are Google.
[01:51:24] Stephen Farrell agrees Paul is not google
[01:51:27] <Melinda Shore> Ryan Sleevi
[01:51:41] <Stephen Farrell> browser code is research?
[01:52:25] <Yoav Nir> No, it's the article mentioned in the slide that is research
[01:53:18] <Steve Kent> if there is no mandated TLS client behavior, note the implications for the attack analysis, i.e., we loose most of the arguments of what CT does wrt addressijng mis-issuance
[01:53:41] Steve Olshansky joins the room
[01:53:49] <Melinda Shore> Steve: do you want that relayed?
[01:54:22] <Steve Kent> yes. please assume that any comment I make here is intended for the floor, thanks
[01:54:28] <Melinda Shore> Will do.
[01:55:38] <Steve Kent> thanks.
[01:56:00] <Eran Messeri> Melinda: I support the last (mic) speaker, we should enumerate possible states rather than specify behaviour. The state is an indicator to the UI
[01:56:17] <Melinda Shore> Do you want that relayed?
[01:56:26] <Eran Messeri> yes please
[01:56:43] <Steve Kent> Web PKI is the ONLY context for the current spec, right?
[01:57:56] <Phill > Steve, only part of WebPKI is going to be relevant though - EV
[01:58:12] <Phill > So its not only WebPKI
[01:58:16] <Steve Kent> read the charter?
[01:58:23] <Stephen Farrell> the semantics of "ONLY" there escape me;-)
[01:59:59] <jeff.hodges@ecotroph.net> for an example of how to specify suggested UX in TLS context see section 12.1 of RFC6797
[02:00:35] satoru.kanno@jabber.org joins the room
[02:01:29] <Stephen Farrell> MIC: are we waking into a hard-fail lamppost there?
[02:01:36] Steve Olshansky leaves the room
[02:01:56] <Stephen Farrell> browsers don't hard-fail, so its hard to spec. failure cases without assuming that browsers do harf-fail
[02:02:31] Stephen Farrell doesn't mind much, but don't want WG to get bogged down
[02:02:51] <Phill > yes, steve it is a lamp post of the hard fail type
[02:03:56] <Stephen Farrell> sophistry is wonderful ain't it:-)
[02:04:07] <Phill > Maybe I should do that for TLSFeatue?
[02:04:22] <Phill > put in  a UI considerations section and use a should
[02:04:29] <linus> ryan sleevi on the mic now?
[02:04:34] <Eran Messeri> linus, yes
[02:04:35] <Phill > yes
[02:04:35] <linus> tnx
[02:04:42] <Stephen Farrell> @PHB: note that there are some folks who do not accept that should != SHOULD
[02:04:58] <Stephen Farrell> one can state that explicitly in a doc though
[02:06:21] <Steve Kent> then  we should, at a minimum, enumarate the local policy knows so that folks know what can be configured
[02:06:42] <Steve Kent> meant to say knobs, not knows
[02:06:45] <Steve Kent> if name redaction is omitted from 6962-bis, we're not addressing what we've been told is an important issue for CA
[02:06:49] <jeff.hodges@ecotroph.net> see also S 6.6.4 of RFC 6125
[02:08:01] <Stephen Farrell> @steveK: wrt Knobs, yeah that might be doable without 2119  sophistry, not sure how hard it'd be
[02:09:19] Steve Olshansky joins the room
[02:09:28] <Eran Messeri> MIC: Logging name-redacted certificates seems to be useful for deployment of RFC6962-bis for DV certs, I agree with Steve Kent's point about addressing an issue CAs have raised.
[02:09:43] <Steve Kent> SteveF: there seems to be an effort here to make 6962-bis be just a description of logging. if so, thgen we have no architecture for CT, just the description of a piece of a system that is largely undefined. if this a good thign?
[02:10:52] <Stephen Farrell> @steveK: well, I'd not be surprised if you and I didn't agree about that goodness:-) but yes, I do think some of your questions here are well worth asking even if there is >1 possibly good-enough answer
[02:11:35] <Stephen Farrell> inaudible
[02:11:48] <Phill > Stephen, that does not worry too much, I am the person they would likely be arguing wiv
[02:12:06] <Phill > but can make clear it is non-normative
[02:12:13] <Stephen Farrell> MIC: why "by next IETF"
[02:12:55] <Stephen Farrell> happy recording listening chairs:-)
[02:13:08] <Stephen Farrell> or "on list"
[02:15:29] <Melinda Shore> We're now talking about gossip protocols
[02:15:57] dan.timpson joins the room
[02:16:33] <Eran Messeri> Is this presentation available somewhere or can you forward it? no video feed here.
[02:16:36] <linus> dkg: thanks
[02:16:43] <linus> logging that ;)
[02:16:47] <Melinda Shore> The slides should have been uploaded
[02:17:22] <linus> floor: should we really do that? the fourth issue that is. specifying strategy?
[02:17:23] <Melinda Shore> http://www.ietf.org/proceedings/91/slides/slides-91-trans-7.pdf
[02:17:25] <Steve Kent> they were uploaded.
[02:18:21] <Melinda Shore> @dan, we're moving to logging for dnssec
[02:21:10] Karen joins the room
[02:25:16] <Dan York> Melinda... thanks.
[02:25:42] zhanna tsitkov joins the room
[02:27:31] zhanna tsitkov leaves the room
[02:30:31] Karen leaves the room
[02:30:52] zhanna tsitkov joins the room
[02:33:53] Eran Messeri leaves the room
[02:37:04] Yoav Nir leaves the room
[02:37:25] zhanna tsitkov leaves the room
[02:41:20] zhanna tsitkov joins the room
[02:48:24] Steve Kent leaves the room
[02:53:27] <linus> floor: publishers of binaries might have their build systems owned or signing keys compromised. helping them find out about that is helpful.
[02:53:40] <Melinda Shore> Ack
[02:55:07] <linus> it's not a question, but rather a response to huitema questioning why not to trust the publisher of binaries. if that is what he said.
[02:55:18] Ana He joins the room
[02:55:35] <Melinda Shore> I think Christian understood it as such.
[02:55:41] <linus> thanks
[02:58:23] <Stephen Farrell> PGP vs 509 should be a technical tweak or else the solution here ain't fit for purpose; that said this is an interesting if more researchy topic
[02:59:07] <Stephen Farrell> @PHB: Tor folks have found that signed-code is complex if you include reproducible builds
[02:59:22] <Stephen Farrell> worthwhile but not so easy
[03:01:23] <Stephen Farrell> +1 to ryan, though maybe with more emphasis from me on non-browser cases
[03:03:31] <Stephen Farrell> I note in passing and utterly irrelevantly that abandoned patent applications are even better:-)
[03:03:56] Dan York joins the room
[03:04:46] <Rick Andrews> I think Phill is referring to GlobalSign's CRLs
[03:08:51] zhanna tsitkov leaves the room
[03:09:41] <Stephen Farrell> MIC: what is the day 0 requirement for download with this?
[03:10:51] <Stephen Farrell> ack, makes sense now
[03:13:47] Steve Olshansky leaves the room
[03:16:19] Ana He leaves the room
[03:17:17] Dan York leaves the room
[03:18:20] Steve Olshansky joins the room
[03:21:11] <Stephen Farrell> what strange clocks those CAs use:-)
[03:22:27] Karen O'Donoghue leaves the room
[03:22:32] Phill leaves the room
[03:22:46] Stephen Farrell leaves the room
[03:22:47] Kurt Andersen leaves the room
[03:22:47] Kathleen Moriarty leaves the room
[03:23:17] satoru.kanno@jabber.org leaves the room
[03:23:47] metricamerica leaves the room
[03:23:51] Aaron Zauner leaves the room
[03:23:58] Rick Andrews leaves the room
[03:24:12] Karen Seo leaves the room
[03:27:50] PaulWouters leaves the room
[03:31:00] dan.timpson leaves the room
[03:33:31] Melinda Shore leaves the room
[03:34:01] Kathleen Moriarty joins the room
[03:35:05] satoru.kanno@jabber.org joins the room
[03:35:14] metricamerica joins the room
[03:35:18] metricamerica leaves the room
[03:35:28] Kathleen Moriarty leaves the room
[03:43:00] satoru.kanno@jabber.org leaves the room
[03:45:11] yz li joins the room
[03:45:53] yz li leaves the room
[03:46:23] jeff.hodges@ecotroph.net leaves the room
[03:51:17] Dan York leaves the room
[03:51:53] Pau Boemio leaves the room
[03:54:43] Steve Olshansky leaves the room
[03:55:07] Steve Olshansky joins the room
[03:55:14] Steve Olshansky leaves the room
[03:58:54] Meetecho joins the room
[04:08:34] linus leaves the room
[04:18:14] ilari.liusvaara leaves the room: offline
[04:21:37] Meetecho leaves the room
[05:07:00] Phill joins the room
[05:36:29] Phill leaves the room
[05:38:45] Phill joins the room
[05:39:54] Phill leaves the room
[06:12:48] Kurt Andersen leaves the room
[06:12:49] Kurt Andersen joins the room
[06:15:33] Kurt Andersen joins the room
[06:26:48] Kurt Andersen leaves the room
[06:43:53] Phill joins the room
[06:46:47] Phill leaves the room
[06:47:12] Phill joins the room
[06:50:33] Phill leaves the room
[07:08:42] Phill joins the room
[07:20:29] Phill leaves the room
[07:46:51] PaulWouters joins the room
[07:46:51] PaulWouters leaves the room
[09:49:43] Phill joins the room
[09:52:01] Phill leaves the room
[11:01:50] Kurt Andersen leaves the room
[11:04:11] Kurt Andersen joins the room
[11:19:55] Kurt Andersen leaves the room
[11:19:55] Kurt Andersen joins the room
[12:01:06] Kurt Andersen leaves the room
[12:01:31] Kurt Andersen joins the room
[13:46:33] Kurt Andersen leaves the room
[13:46:39] Kurt Andersen joins the room
[15:15:37] Kurt Andersen leaves the room
[15:19:57] Kurt Andersen joins the room
[17:43:24] Kurt Andersen leaves the room
[17:43:27] Kurt Andersen joins the room
[17:44:54] Kurt Andersen leaves the room
[17:45:00] Kurt Andersen joins the room
[18:59:03] Kurt Andersen joins the room
[19:23:25] Kurt Andersen leaves the room
[19:23:39] Kurt Andersen joins the room
[20:49:55] Kurt Andersen leaves the room
[20:50:06] Kurt Andersen joins the room
[20:53:55] Kurt Andersen leaves the room
[20:54:11] Kurt Andersen joins the room
[20:59:37] Kurt Andersen joins the room
[20:59:55] Kurt Andersen leaves the room
[21:01:50] Kurt Andersen joins the room
[21:13:25] Kurt Andersen leaves the room
[21:55:15] Kurt Andersen joins the room
[21:55:26] Kurt Andersen leaves the room
[22:11:26] Kurt Andersen leaves the room
[22:11:27] Kurt Andersen joins the room
[22:14:26] Kurt Andersen leaves the room
[23:09:03] Kurt Andersen joins the room
[23:15:50] Kurt Andersen joins the room
[23:23:26] Kurt Andersen leaves the room
[23:53:09] Kurt Andersen joins the room
[23:53:27] Kurt Andersen leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!