IETF
weirds@jabber.ietf.org
Tuesday, 6 November 2012< ^ >
Dowon Kim has set the subject to: WEIRDS WG at IETF-85
Room Configuration

GMT+0
[00:00:29] <Andrew Sullivan> Klenisin at mic: arguing that it's a violation of chartering assumption
[00:00:36] joseph.yee joins the room
[00:01:07] <Andrew Sullivan> Pete Resnick: agree, it's appeal bait. If we're going to pursue this issue, it's not a WG discussion, it's a recharter discussion
[00:01:29] <ray.bellis> Murray needs beer...
[00:01:49] steve.sheng@jabber.org leaves the room
[00:01:52] resnick joins the room
[00:01:53] <Andrew Sullivan> Scott Hollenbeck now for security reqs
[00:01:58] <Andrew Sullivan> Side: background
[00:02:04] <Andrew Sullivan> was on mailing list
[00:04:41] <Andrew Sullivan> Authorization slide
[00:05:14] <Andrew Sullivan> Availability slide
[00:05:54] <Andrew Sullivan> Data Confidentiality
[00:06:22] <Andrew Sullivan> Data Integrity
[00:07:17] <Andrew Sullivan> Non-repudiation
[00:08:14] <Andrew Sullivan> Dave Crocker asked "of what"? No requirement still
[00:08:28] <Andrew Sullivan> Peter Koch: "signed whois": service exists
[00:08:38] <Andrew Sullivan> Is it a possible use case?
[00:08:44] <Andrew Sullivan> Hollenbeck says "maybe"
[00:08:53] <Andrew Sullivan> Open questions: authentication
[00:09:39] Lyman Chapin joins the room
[00:09:42] <Andrew Sullivan> require one, allow both?
[00:10:34] <Andrew Sullivan> also, server-server authentication?
[00:10:42] <Andrew Sullivan> Ed Lewis at mic
[00:10:55] <byron.ellacott> there's no s2s communication defined as yet, AFAICT?
[00:11:03] <Andrew Sullivan> had nothing in mind, but asking
[00:12:00] <Andrew Sullivan> Aturo Servin:
[00:12:07] <Andrew Sullivan> abuse contact is subject to policy
[00:12:43] <Andrew Sullivan> Andy Newton: server-server out of scope
[00:13:08] <Andrew Sullivan> anything that creates interop risk we should not do
[00:13:31] <Andrew Sullivan> higher level question: not all MUST do, but "if you do, MUST do this way" right?
[00:13:40] <Andrew Sullivan> Frederico Neves at mic
[00:14:03] <Andrew Sullivan> proxy servers: server-server, might be able to do with passing auth tokens and use referrals
[00:14:12] <Andrew Sullivan> John Levine is saying the same thing
[00:14:22] <Andrew Sullivan> "federated authentication"
[00:14:51] <Andrew Sullivan> Ray Bellis at mic
[00:15:23] <Andrew Sullivan> Client side SSL certs: not used that much?
[00:16:09] <Andrew Sullivan> Hollenbeck: non-existent re: "existing whois" and raw world of http clients and so on. Not so much client-side SSL cert
[00:16:15] <Andrew Sullivan> Ray agrees
[00:16:51] <Andrew Sullivan> Levine also agreeing at mic
[00:16:59] <Andrew Sullivan> add to checklist
[00:17:24] <Andrew Sullivan> Carlos [lacnic, I'll mess up his last name]
[00:17:44] <Andrew Sullivan> something specific to WEIRDS about DDoS?
[00:17:47] <Francisco Arias> Carlos Martinez
[00:17:49] <Andrew Sullivan> Hollenbeck: no
[00:17:55] <Andrew Sullivan> Thanks, I knew I had it wrong :)
[00:18:03] <ray.bellis> @Andrew I've used plenty of web-based services that required SSL client certs
[00:18:30] <Andrew Sullivan> yes, but you agreed with Scott that they were unusual
[00:18:45] <Andrew Sullivan> Open Question: Authorization
[00:18:55] <Andrew Sullivan> Allow client to determine whether origin is authorized to answer?
[00:19:07] <ray.bellis> unusual yes, not "non existent"
[00:19:11] <byron.ellacott> tightly related to bootstrap, as someone said on the list I believe
[00:19:32] <Andrew Sullivan> yes, that's all I meant. "non existent" in draft
[00:20:00] <Andrew Sullivan> Ed Lewis at mic defending idea of client determining server's authority to answer
[00:20:10] <Andrew Sullivan> analogy w/ DNSSEC
[00:20:40] <Andrew Sullivan> Feelings?
[00:20:44] <Andrew Sullivan> John Levine at mic
[00:20:50] <Andrew Sullivan> same question as "bootstrap" question
[00:20:55] <Andrew Sullivan> "from right server"?
[00:23:03] <Suz> Andrew Sullivan: there is a current problem in the existing whois that shows this, sometimes when a thin registry client queries a registrar that should no longer be auth for the data it answers anyway
[00:23:24] <Suz> Peter Koch: we need to watch this more broadly than root/tlds; there's hierarchy in DNS
[00:23:49] <SM> Isn't this about delegation?
[00:24:05] <Suz> Peter: question to murray: clarify re: solving non-repudiation with signatures, wouldn't this add significant complexity to the protocol?
[00:24:57] <Andrew Sullivan> Ed Lewis: anti-replay answer
[00:25:08] <Andrew Sullivan> Andy Newton: not sure who is authorizing
[00:25:18] <Andrew Sullivan> Jim Galvin: just say no
[00:25:26] <Andrew Sullivan> Open Questions: Data Confidentiality
[00:25:36] <Andrew Sullivan> Chairs ask for hum on Just Say No:
[00:25:59] <Andrew Sullivan> No, no hum
[00:26:09] <Andrew Sullivan> Data Confidentiality
[00:26:29] <Andrew Sullivan> do not redistribute or special access granted?
[00:26:30] <Andrew Sullivan> is needed?
[00:26:32] <byron.ellacott> can we re-use Just Say No for this one, too?
[00:26:59] <Andrew Sullivan> Peter Koch: protocol "must be capable"?
[00:27:32] <Andrew Sullivan> very fact of "must not redistribute" is itself possibly confidential
[00:27:44] <Andrew Sullivan> Dave Crocker: worrying about feature creep issue
[00:28:20] <Andrew Sullivan> be good to specify the minimal core set
[00:28:32] <Andrew Sullivan> are there examples where these things are used in Internet now?
[00:28:39] <Andrew Sullivan> if not, then not required
[00:28:44] <ray.bellis> all we need is a copyright notice capability on the entire response
[00:29:00] <Andrew Sullivan> tagging info is useful
[00:29:03] <SM> ray, we do not need a tag for that?:)
[00:29:14] <ray.bellis> indeed - just a "copyright:" field or similar
[00:29:15] <Andrew Sullivan> [chatter in hall kinda overwhelming my signal now. having a hard time hearing people]
[00:29:20] jpdionne leaves the room
[00:29:28] <Andrew Sullivan> not comfy with text as it stands
[00:29:40] <Andrew Sullivan> Peter Koch: need is reference to AUP for service
[00:29:54] <Andrew Sullivan> response to dcrocker: can't add this flag later
[00:30:20] <Andrew Sullivan> Levine (can't hear any of what he's saying)
[00:30:37] <Andrew Sullivan> I think he doesn't think it's useful
[00:30:38] <ray.bellis> Levine - makes analogy with legal disclaimers on emails
[00:30:40] <SM> mic: Is the EULA being replaced with a flag?
[00:30:52] <Andrew Sullivan> in line
[00:31:32] <Andrew Sullivan> Patrik Wallstrom. better to put in some agreement
[00:31:59] <Andrew Sullivan> klensin: ok to disappear.
[00:32:10] <Andrew Sullivan> but Levine's point correct
[00:32:11] <fneves> Perhaps only a single copyright disclaimer would be enough.
[00:32:51] <Andrew Sullivan> response to SM's question: no
[00:33:01] <SM> Thanks, Andrew
[00:33:11] <Andrew Sullivan> Carlos: not evert object subject to same policy
[00:33:14] <Andrew Sullivan> need to tag each object
[00:33:22] <Andrew Sullivan> Open: Data accuracy
[00:33:29] <Andrew Sullivan> not really a security requirement
[00:33:34] <ray.bellis> so give the authenticated users who got sensitive information a different copyright notice!
[00:33:46] <byron.ellacott> ray, +1 :-)
[00:34:05] <SM> A longer one:)
[00:34:10] <ray.bellis> indeed :)
[00:34:43] <SM> This WG will cause alcholism
[00:35:26] <Andrew Sullivan> What, we need more beer?
[00:35:27] <Andrew Sullivan> :)
[00:35:36] <Andrew Sullivan> Carlos: Redirects
[00:35:47] <Andrew Sullivan> Open issues
[00:35:52] <Andrew Sullivan> (we skipped forward)
[00:36:02] <Andrew Sullivan> Open issues on redirects (so far) slide
[00:36:16] <SM> For this working group, it is a requirement:)
[00:36:49] <Andrew Sullivan> input needed from "names camp"
[00:37:18] <Andrew Sullivan> redirects easy for numbers, dunno for names
[00:37:27] <Andrew Sullivan> is anything needed about loop detection?
[00:37:36] <ray.bellis> which names camp? Is this mostly for gTLD style thin registries?
[00:37:39] JimG leaves the room
[00:37:52] <Andrew Sullivan> @ray: ask at mic?
[00:37:59] <Andrew Sullivan> (sod it, you can get up yourself!)
[00:38:01] =JeffH leaves the room: Logged out
[00:38:05] <ray.bellis> I might
[00:38:06] <byron.ellacott> loop detection: clients are the only ones who can reliably do so, if they don't do it, then allow normal server rate limiting mechanisms to kick in, statelessly; trying to keep state about redirects adds more trouble than it solves
[00:38:10] <ray.bellis> it was semi-rhetorical
[00:38:28] <Andrew Sullivan> Slide: lookin for future direction
[00:38:31] <Andrew Sullivan> more feedback please
[00:38:37] <Andrew Sullivan> Ed Lewis: you have to protect yourself
[00:38:44] <SM> Byron, there is already a limit in HTTP. It may be too high for this work
[00:38:51] <Andrew Sullivan> John Levine
[00:39:05] <Andrew Sullivan> combining two issues that were separate
[00:39:12] <Andrew Sullivan> "bootstrapping problem"
[00:39:14] <byron.ellacott> sm, the HTTP limit is 5?
[00:39:15] <Andrew Sullivan> Carlos: no
[00:39:20] <Andrew Sullivan> interrelated
[00:39:22] <Andrew Sullivan> but not same
[00:39:23] <SM> Hmm, I need to go and read -bis
[00:39:35] <fneves> This is a question for the thin registries no?
[00:39:47] <SM> I thought it was higher
[00:39:55] <Andrew Sullivan> John: know how this works
[00:39:59] <Andrew Sullivan> Carlos: send text
[00:41:04] <Andrew Sullivan> Andy Newton: point is numbers issues: may ask an RIR about section, but was sent to another RIR
[00:41:15] ray.bellis leaves the room
[00:41:17] <Andrew Sullivan> meeting closing
[00:41:18] <byron.ellacott> sm, "too high" is a funny notion for me - if a client bounces around 15 times because of a server data fault, it's not a whole lot worse than bouncing around twice; a client could also track where it has been redirected to, if it wanted to short circuit a loop sooner
[00:41:20] <joseph.yee> regarding http redirect limit, I don't know if there was hard limit, the number '5' is most what SEO limits to
[00:41:25] Peter Koch leaves the room
[00:41:31] <Andrew Sullivan> please participate in list discussions and nail this down on list
[00:41:36] pawal@iis.se leaves the room
[00:41:37] Arturo Servin Ü leaves the room
[00:41:39] vincent.levigneron leaves the room
[00:41:42] Francisco Arias leaves the room
[00:41:43] <joseph.yee> so for http protocol, if there was a hard limit, it will be higher
[00:41:47] Suz leaves the room
[00:41:50] <SM> Byron, short answer is yes
[00:41:58] fneves leaves the room
[00:42:09] dseomn leaves the room
[00:42:20] danyork leaves the room
[00:42:23] <Andrew Sullivan> thanks all, meeting ends
[00:42:29] Dowon Kim leaves the room
[00:42:33] SM leaves the room
[00:42:33] yone leaves the room
[00:42:43] naptee leaves the room
[00:43:15] Andrew Sullivan leaves the room
[00:44:29] AK leaves the room
[00:45:24] JcK leaves the room
[00:45:31] john.levine leaves the room
[00:46:16] Guangqing Deng leaves the room
[00:48:01] AK joins the room
[00:48:07] Linlin Zhou leaves the room
[00:50:30] AK leaves the room
[00:50:37] AK joins the room
[00:53:49] joseph.yee leaves the room
[00:58:05] resnick leaves the room
[01:06:40] Benno Overeinder leaves the room
[01:20:41] byron.ellacott leaves the room
[01:53:46] JimG joins the room
[02:03:40] JimG leaves the room
[02:10:10] Lyman Chapin leaves the room
[02:13:02] Dowon Kim joins the room
[02:14:16] Dowon Kim leaves the room
[02:35:27] Benno Overeinder joins the room
[02:51:30] vincent.levigneron joins the room
[03:23:19] Benno Overeinder leaves the room
[03:26:17] Benno Overeinder joins the room
[03:53:19] Benno Overeinder leaves the room
[04:28:27] Benno Overeinder joins the room
[04:30:40] Benno Overeinder leaves the room
[06:22:49] JcK joins the room
[06:24:38] JcK leaves the room
[10:41:31] JimG joins the room
[10:52:10] JimG leaves the room
[11:10:04] AK leaves the room: Replaced by new connection
[11:10:05] AK joins the room
[11:56:44] AK leaves the room
[11:56:59] AK joins the room
[12:22:17] Peter Koch joins the room
[12:44:46] Arturo Servin Ü joins the room
[12:52:24] tony.l.hansen leaves the room
[12:58:23] Lyman Chapin joins the room
[13:11:32] Peter Koch leaves the room
[13:23:11] Lyman Chapin leaves the room
[13:25:31] vincent.levigneron leaves the room
[13:26:40] tony.l.hansen joins the room
[14:02:43] joseph.yee joins the room
[14:03:06] vincent.levigneron joins the room
[14:03:23] AK leaves the room
[14:03:31] AK joins the room
[14:05:17] tony.l.hansen leaves the room
[14:17:06] Arturo Servin Ü leaves the room
[14:39:31] vincent.levigneron leaves the room
[14:39:51] vincent.levigneron joins the room
[16:11:57] Peter Koch joins the room
[16:21:07] joseph.yee leaves the room
[17:53:35] Peter Koch leaves the room
[17:53:36] AK leaves the room
[18:00:00] vincent.levigneron leaves the room
[18:02:21] joseph.yee joins the room
[18:37:59] woolf joins the room
[19:09:45] woolf leaves the room
[19:18:05] Peter Koch joins the room
[19:30:36] Peter Koch leaves the room
[19:55:14] joseph.yee leaves the room
[20:12:53] Scott Hollenbeck joins the room
[20:13:16] Scott Hollenbeck leaves the room
[20:35:16] joseph.yee joins the room
[21:40:24] AK joins the room
[21:51:04] vincent.levigneron joins the room
[22:00:26] joseph.yee leaves the room
[22:13:02] Arturo Servin Ü joins the room
[22:58:43] joseph.yee joins the room
[23:16:31] Arturo Servin Ü leaves the room
[23:33:45] joseph.yee leaves the room
[23:55:24] joseph.yee joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!