opes@conference.ietf.jabber.com - 2002/11/18

[09:11] %% logger has arrived.
[09:17] %% logger has arrived.
[09:24] %% logger has arrived.
[09:31] %% logger has arrived.
[09:36] %% jamal156 has arrived.
[09:37] %% jamal156 has left.
[10:37] %% bensons has arrived.
[10:58] %% bensons has left.
[10:59] %% mrose has arrived.
[11:02] %% mrose has left.
[11:15] %% mrose has arrived.
[11:15] <mrose> meeting begins
[11:17] %% andersa has arrived.
[11:18] <mrose> markus: discussing the IESG comments on the three I-Ds submitted to them
[11:20] <mrose> markus: IESG didn't like references to callout servers because of the transitive trust issues
[11:22] <mrose> markus: concern over "protocol agnostic" focus on drafts, given the wg's charter on http/rtp.
[11:23] <mrose> markus: concern over the scenarios document be tied closer to the threats draft
[11:24] <mrose> markus: goals to come up with modified drafts right after atlanta, have the wg review the revisions, and then resubmit to the IESG
[11:26] <mrose> mic: what are channels for? they introduce security issues...
[11:27] %% NedFreed has arrived.
[11:27] %% NedFreed has left.
[11:28] <mrose> markus: they deal with state, but obviously they aren't clearly (enough) described.
[11:28] %% gamze has arrived.
[11:28] %% NedFreed has arrived.
[11:29] <mrose> mic: how many OPES callout protocols are there and how do you pick one?
[11:29] <mrose> markus: there is one, but you can negotiate parameters when using it.
[11:31] <mrose> mic: more comments will be sent to mailing list/authors!
[11:33] <mrose> new topic: draft-ietf-opes-threats-00
[11:35] <mrose> srinivas: top-level taxonomy: in-band and out-of-band threats
[11:37] <mrose> srinivas: in-band threats: opes flow network level threats, and opes flow application level threats
[11:38] <gamze> this slides will be available later on right?
[11:39] <mrose> yes, they'll be on the ietf.org website
[11:41] <mrose> srinivas: is currently enumerating the threats discussed in his draft
[11:51] %% logger has arrived.
[11:51] <mrose> srinivas: still enumerating the threats, etc.
[11:52] %% andersa has left.
[11:57] <mrose> mic: there are other types of DOS besides overloading
[11:58] %% leslie has arrived.
[11:59] <mrose> hilarie: puzzled about the words "exposure of keys"
[12:01] <mrose> hilarie: the notion of "key manipulation" is puzzling -- why would an encrypted link have a generic threat in this area?
[12:04] <mrose> mic: let's not worry about key distribution there, other folks are working on it
[12:04] %% leslie has left.
[12:05] <mrose> markus: we must focus only on threats introduced by opes...
[12:06] <mrose> new topic: draft-ietf-opes-authorization
[12:06] %% leslie has arrived.
[12:06] <mrose> beck: two parts: requirements for opes policy architecture and opes service authorization
[12:13] <mrose> beck: enumerating the basic points
[12:13] <mrose> beck: asking for comments
[12:15] <mrose> brian: look for a common solution instead of trying to come up with a specific soluton
[12:15] <mrose> s/soluton/solution/
[12:16] <mrose> brian: sometimes you have to be able to state the obvious
[12:17] <mrose> mic: does the draft address the issue where the endpoints want to block a given service?
[12:17] <mrose> mic: does it matter if the intermediary is acting on behalf of the client or the origin server?
[12:19] <mrose> beck: not really, in the sense that the requirements are framed in terms of OPES endpoints.
[12:21] <mrose> new topic: ICAP
[12:21] %% NedFreed has left.
[12:22] %% mallman has arrived.
[12:24] <mrose> ICAP I-D is an individual submission to be published as an RFC documenting current practice
[12:24] %% mallman has left.
[12:26] <mrose> berzau: ICAP 1.0 available since summer 2001
[12:36] <mrose> berzau: various issues have arisen as a result of this deployment
[12:39] %% leslie has left.
[12:42] <mrose> berzau: summarizing: available in several applications, existing specs are clear/sufficiently detailed, provisioning has shown to be reliable and scalable
[12:43] %% gamze has left.
[12:47] <mrose> mic: will there be an IESG note?
[12:47] <mrose> chairs: yes, most likely.
[12:49] <mrose> new topic: what's next
[12:50] <mrose> markus: we need to work on the callout protocol - use an existing one, define a new one, etc.
[12:52] <mrose> markus: there are lots of relevant things out there, e.g., http, icap, soap, beep, etc., etc.
[12:57] <mrose> brian: i think you should include policy/authorization requirements document as a part of this
[12:59] %% NedFreed has arrived.
[13:00] <mrose> beck: presenting some ideas on the specification of rules/policies
[13:01] <mrose> beck: how much can we lear from similar IETF efforts (e.g., CPL)?
[13:01] %% ietfwatch has arrived.
[13:01] <ietfwatch> hey marshall
[13:02] <mrose> beck: in the past, the opes wg has looked at IRML (an individual I-D)
[13:02] <mrose> ietfwatch - yes?
[13:03] <ietfwatch> what room are you in now
[13:03] <mrose> salon IV
[13:03] <ietfwatch> enum?
[13:04] <ietfwatch> got it I want to introduce myself
[13:04] <mrose> ok, please goto private chat rather than conference mode for this...
[13:05] %% ietfwatch has left.
[13:06] <mrose> markus: meeting adjourned
[13:06] %% mrose has left.
[13:07] %% paul.knight has arrived.
[13:08] %% paul.knight has left.
[13:08] %% paul.knight has arrived.
[13:10] %% paul.knight has left.
[13:13] %% pgmillard has arrived.
[13:14] %% pgmillard has left.
[13:16] %% NedFreed has left.
[21:08] %% logger has arrived.
[21:44] %% logger has arrived.