add - Friday, July 30, 2021

add

add@jabber.ietf.org

Friday, July 30, 2021< ^ >

Benno Overeinder has set the subject to: IETF 110 - ADD

Room Configuration

Room Occupants

GMT+0
[01:36:31] tale leaves the room
[02:38:18] tale joins the room
[02:38:22] tale leaves the room
[14:20:56] tale joins the room
[14:29:17] tale leaves the room
[14:29:25] tale joins the room
[14:41:26] tale leaves the room
[14:42:07] tale joins the room
[14:42:15] tale leaves the room
[14:42:40] tale joins the room
[14:42:48] tale leaves the room
[15:58:28] tale joins the room
[18:31:33] Meetecho joins the room
[18:45:07] Alessandro Amirante_web_265 joins the room
[18:45:07] Patrick Tarpey_web_406 joins the room
[18:45:07] Hazel Smith_web_635 joins the room
[18:46:54] meetecho-alexamirante joins the room
[18:47:23] meetecho-alexamirante has set the subject to: IETF 111 - ADD
[18:47:57] Zaid AlBanna_web_171 joins the room
[18:48:55] Yoshiro Yoneya_web_178 joins the room
[18:49:18] Scott Hollenbeck_web_974 joins the room
[18:49:24] Yoshiro Yoneya joins the room
[18:51:18] David Lawrence_web_633 joins the room
[18:52:26] Dan Wing_web_206 joins the room
[18:52:30] Tim Wicinski_web_925 joins the room
[18:52:37] Ralf Weber_web_573 joins the room
[18:53:01] Jonathan Hammell_web_944 joins the room
[18:53:40] Ralf Weber_web_573 leaves the room
[18:54:09] Robert Story_web_991 joins the room
[18:54:15] Glenn Deen_web_509 joins the room
[18:54:21] Mark Andrews_web_965 joins the room
[18:54:31] Keith Bare joins the room
[18:54:32] Ralf Weber_web_904 joins the room
[18:55:16] Lucy Lynch_web_487 joins the room
[18:55:40] Peter van Dijk_web_120 joins the room
[18:55:55] Keith Bare_web_714 joins the room
[18:55:57] Ulrich Wisser_web_742 joins the room
[18:56:16] Ted Hardie_web_176 joins the room
[18:56:20] Daniel Gillmor_web_269 joins the room
[18:56:32] Ted Hardie_web_176 leaves the room
[18:56:44] dkg joins the room
[18:56:49] Scott Rose_web_809 joins the room
[18:57:16] Takahiro Nemoto_web_408 joins the room
[18:57:18] Alexander Mayrhofer_web_219 joins the room
[18:57:18] Robert Story_web_991 leaves the room
[18:57:21] Duane Wessels_web_436 joins the room
[18:57:22] Éric Vyncke_web_235 joins the room
[18:57:31] Benjamin Schwartz_web_615 joins the room
[18:57:32] Andrew Campling_web_328 joins the room
[18:57:37] Cullen Jennings_web_344 joins the room
[18:57:38] Jurgen Sonnenmoser_web_248 joins the room
[18:57:42] Daniel Migault_web_844 joins the room
[18:57:50] <dkg> which way does that incentive work?
[18:57:52] Nicklas Pousette_web_375 joins the room
[18:57:57] Tommy Pauly_web_802 joins the room
[18:57:57] Burt Kaliski_web_286 joins the room
[18:58:00] Jonathan Hammell_web_944 leaves the room
[18:58:08] Valery Smyslov_web_308 joins the room
[18:58:12] <Glenn Deen_web_509> @dkg your name being heaped with praise
[18:58:17] Robert Story_web_466 joins the room
[18:58:30] Francisco Arias_web_823 joins the room
[18:58:34] Jonathan Hammell_web_715 joins the room
[18:58:35] Geoff Huston_web_931 joins the room
[18:58:39] Brett Carr_web_235 joins the room
[18:58:40] Shumon Huque_web_704 joins the room
[18:58:47] David K_web_306 joins the room
[18:58:47] Gustavo Lozano_web_986 joins the room
[18:58:57] Florence D_web_838 joins the room
[18:59:04] Michael Breuer_web_151 joins the room
[18:59:08] Paul Wouters_web_172 joins the room
[18:59:13] tim costello_web_829 joins the room
[18:59:26] Joey Salazar_web_944 joins the room
[18:59:36] Andrew Campling_web_328 leaves the room
[18:59:39] Christopher Wood_web_279 joins the room
[18:59:40] Taiji Kimura_web_910 joins the room
[18:59:41] Sanjay Mishra_web_385 joins the room
[18:59:42] Chris Box_web_392 joins the room
[18:59:44] Barbara Stark_web_992 joins the room
[18:59:51] Chris Lemmons_web_303 joins the room
[18:59:53] Eric Kinnear_web_427 joins the room
[18:59:54] Andrew Campling_web_832 joins the room
[18:59:56] <Hazel Smith_web_635> So, this is my first IETF, so part of me thinks maybe I should volunteer, and part of me is concerned about screwing it up, heh
[18:59:58] Tommy Jensen_web_955 joins the room
[18:59:59] Andrew S_web_173 joins the room
[19:00:05] Alessandro Ghedini_web_919 joins the room
[19:00:13] Tommy Jensen_web_955 leaves the room
[19:00:15] Vittorio Bertola_web_533 joins the room
[19:00:16] Jeremiah Androscavage_web_123 joins the room
[19:00:18] Tommy Jensen_web_239 joins the room
[19:00:22] Suzanne Woolf_web_392 joins the room
[19:00:25] Rolf Sonneveld_web_943 joins the room
[19:00:30] <dkg> +1 to Hazel!
[19:00:32] Eric Orth_web_977 joins the room
[19:00:33] <Tim Wicinski_web_925> I can do minutes but I will have a gap at the top of the next hour
[19:00:35] Bernie Innocenti_web_513 joins the room
[19:00:39] Carlos Silva_web_921 joins the room
[19:00:41] PE_web_213 joins the room
[19:00:55] Kazunori Fujiwara_web_463 joins the room
[19:00:57] Wataru Ohgai_web_262 joins the room
[19:00:58] David Smith_web_380 joins the room
[19:01:05] <Hazel Smith_web_635> Sure, do I use the "Note taking" view?
[19:01:13] Peter Koch_web_843 joins the room
[19:01:14] <Tim Wicinski_web_925> https://codimd.ietf.org/notes-ietf-111-add?edit
[19:01:18] Shane Kerr_web_129 joins the room
[19:01:39] Meetecho Robot_web_789 joins the room
[19:01:48] Julien Maisonneuve_web_243 joins the room
[19:01:49] <Tim Wicinski_web_925> "the chairs bored the working group to tears" ?
[19:01:49] Tim April_web_483 joins the room
[19:01:51] James Gould_web_196 joins the room
[19:01:54] Jon Peterson_web_782 joins the room
[19:02:11] Jonathan Reed_web_689 joins the room
[19:02:28] Ray Bellis_web_261 joins the room
[19:02:31] Barbara Stark_web_992 leaves the room
[19:02:36] <Suzanne Woolf_web_392> The important part is that  "the chairs made people cry"
[19:02:53] Jim Reid_web_234 joins the room
[19:02:56] Barbara Stark_web_538 joins the room
[19:03:00] Hazel Smith_web_635 leaves the room
[19:03:04] Hazel Smith_web_124 joins the room
[19:03:22] Hazel Smith_web_124 leaves the room
[19:03:27] කෙසර රත්නායක_web_437 joins the room
[19:03:43] Meetecho Robot_web_789 leaves the room
[19:03:45] Hazel Smith_web_167 joins the room
[19:03:46] Eric Rescorla_web_988 joins the room
[19:03:47] Meetecho Robot_web_592 joins the room
[19:03:50] Alessandro Amirante_web_265 leaves the room
[19:03:59] Robert Story_web_466 leaves the room
[19:04:07] Robert Story_web_605 joins the room
[19:04:13] Erik Nygren_web_371 joins the room
[19:04:20] Stuart Cheshire_web_372 joins the room
[19:04:44] <Keith Bare> I love the DDR arrows :-).
[19:04:47] fightingnemo joins the room
[19:04:47] Chi-Jiun Su_web_809 joins the room
[19:04:57] Stephan Emile_web_112 joins the room
[19:05:02] <Peter van Dijk_web_120> they shall henceforth be know as the Designated arrows
[19:05:18] Lu Zhao_web_783 joins the room
[19:05:26] Jorge Cano_web_689 joins the room
[19:05:27] Wes Hardaker_web_785 joins the room
[19:05:37] ekr@jabber.org joins the room
[19:05:43] <Tommy Jensen_web_239> /furiously opens GitHub issue for Designated arrows
[19:06:14] Ralf Weber_web_904 leaves the room
[19:06:18] Ralf Weber_web_119 joins the room
[19:06:22] Eliot Lear_web_918 joins the room
[19:06:24] Puneet Sood_web_119 joins the room
[19:07:00] nygren joins the room
[19:07:06] Alissa Cooper_web_389 joins the room
[19:07:48] Christian Huitema_web_801 joins the room
[19:07:59] PuneetS joins the room
[19:08:40] Taiji Kimura_web_910 leaves the room
[19:08:56] Taiji Kimura_web_102 joins the room
[19:09:05] Richard Wilhelm_web_608 joins the room
[19:09:19] <Ray Bellis_web_261> many years ago I proposed `local.arpa` as a home for "network scoped" domain names.
[19:09:35] Rolf Sonneveld_web_943 leaves the room
[19:09:43] Rolf Sonneveld_web_729 joins the room
[19:09:54] <Ray Bellis_web_261> draft-bellis-dns-recursive-discovery-00
[19:12:48] Tomofumi Okubo_web_544 joins the room
[19:12:58] Jason Weil_web_861 joins the room
[19:14:21] <nygren> see also rfc 8880 for how ipv4only.arpa handles DNSSEC
[19:16:37] <Chris Box_web_392> Another applicable use case is a name learned via DNR, from which DDR can lead on to other designated access methods.
[19:16:45] <Geoff Huston_web_931> What PKI is used for "validation" of these certificates?
[19:16:59] <Geoff Huston_web_931> Same old WebPKI? (shudder!)
[19:17:11] <Ray Bellis_web_261> putting an intermediate sub-domain between `resolver` and `.arpa` would avoid the need for repeated requests to IANA for insecure delegations for `foo.arpa`.
[19:17:12] James Gould_web_196 leaves the room
[19:17:20] James Gould_web_455 joins the room
[19:17:57] Cullen Jennings_web_344 leaves the room
[19:18:51] <Daniel Migault_web_844> @ray resolver.zz ?
[19:18:54] <nygren> I do keep wondering it having a new LOCAL class and using that for resolver.arpa queries would be preferable as it reduces chances for leakage out.
[19:19:13] John Minor_web_164 joins the room
[19:19:18] <Peter van Dijk_web_120> nygren, it's a pity we can't distinguish lowercase 'in' from 'IN' for that
[19:19:18] <Jim Reid_web_234> @Daniel. You a abad man. A very bad man. :-)
[19:20:01] <Suzanne Woolf_web_392> @daniel it's too soon, man!
[19:20:21] <Vittorio Bertola_web_533> Wouldn't it be a client policy decision whether and to which extent trust that hint?
[19:20:32] <Daniel Migault_web_844> @jim @suzanne ;-)
[19:20:32] <Andrew Campling_web_832> Opportunistic seems especially useful, allows support for same-provider auto-upgrade, including from a private IP address + forwarder given that this is prevalent in many markets (possibly not so much in the US?)
[19:20:44] <Benjamin Schwartz_web_615> It's common in the US too
[19:20:58] <nygren> Did two-level TLDs get assigned to ISO only for class-IN?
[19:21:49] <Eric Orth_web_977> Aren't we now veering into the discussion that has dedicated time later in this session?
[19:22:15] <Chris Box_web_392> Yes, but we still have 2.5 minutes to go...
[19:22:23] <Christian Huitema_web_801> I wonder whether a practical port on WIndows could use the "private/public" categorization of networks
[19:23:06] <Eric Orth_web_977> Still seems counterproductive if that later discussion has prepared slides and such.  Maybe we should just end this discussion early for now and get to the later stuff sooner.
[19:23:23] <Paul Wouters_web_172> isnt this the discussion we had when we talked about the charter :P
[19:23:23] Jason Weil_web_861 leaves the room
[19:23:23] <Tommy Jensen_web_239> @christian: that's a good example of how "unverifiable hints at that point are as useful as the client implementation wants them to be, DDR is just declaring it isn't verifiable"
[19:23:27] Jason Weil_web_109 joins the room
[19:23:54] <Tommy Jensen_web_239> IOW, DDR no longer cares after verifying or not and client policy can take it from there
[19:24:18] <Tommy Jensen_web_239> exactly what Tommy just said, scope stops at "oh the record cannot be verified"
[19:24:51] John Minor_web_164 leaves the room
[19:24:58] <Paul Wouters_web_172> right and client policy means "use their own stuff irrespective of the network".  again, we talked about this at chartering time :)
[19:25:28] <Eliot Lear_web_918> This is related to the chat from last night about having at least some notion of the UX and intended experience.
[19:26:19] <Eric Rescorla_web_988> yeah, like what happened was that the chairs had taken me out of the queue so that when I tried to take myself out of the queue, it put me back in
[19:27:39] <tale > My apologies for contributing to the confusion
[19:28:15] Stuart Cheshire_web_372 leaves the room
[19:28:26] Stuart Cheshire_web_251 joins the room
[19:32:30] David Schinazi_web_565 joins the room
[19:32:37] Steve Dickson_web_796 joins the room
[19:33:28] <Tommy Pauly_web_802> No one is asking a CA to sign a private IP address
[19:34:05] <Daniel Migault_web_844> @tommy is that feasible ?
[19:34:17] Marco Schrieck_web_761 joins the room
[19:34:35] Jason Weil_web_109 leaves the room
[19:34:39] Jason Weil_web_159 joins the room
[19:34:41] <Eliot Lear_web_918> any router that doesn't get updated has flaws.  any router that DOES get updated has flaws ;-)
[19:34:52] <Tommy Pauly_web_802> @daniel I don't understand. DDR specifically says that private IP addresses don't use the cert validated authentication.
[19:34:52] <Eliot Lear_web_918> same with any other device
[19:35:12] <Tommy Jensen_web_239> minor note: DDR proceeds to explain that forwarding is permitted so long as the operator is aware of the implications, so a blind forwarder doesn't necessarily "break compliance"
[19:35:22] <Tommy Pauly_web_802> @tommy right
[19:35:31] <Tommy Jensen_web_239> But yes, agreed that DDR/DNR do not meet the scenario being described
[19:35:33] <Daniel Migault_web_844> @tommy P: ok I see.
[19:36:21] <Ray Bellis_web_261> in 2008 when I surveyed the DNS forwarders in home CPE (see RFC 5625) they were _mostly_ dumb (and broken) ALGs rather than being DNS aware.   Has that changed since?
[19:39:25] <Chris Box_web_392> In case it's not clear, in this scenario the CE router is advertising the upstream ISP's encrypted DNS service, via DHCP.
[19:41:14] <dkg> Ray: "ALG" == "application layer gateway" ?
[19:41:14] <Tommy Pauly_web_802> Right, but it could do that via IP address today as well
[19:41:21] PE_web_213 leaves the room
[19:41:29] <Ray Bellis_web_261> @dkg yes, essentially just a dumb UDP proxy
[19:41:43] <Glenn Deen_web_509> I guidance saying don't do this is also appropriate for docs
[19:41:49] <dkg> for DNS on 53 or for everything?
[19:41:53] Steve Dickson_web_796 leaves the room
[19:42:04] <Ray Bellis_web_261> @Chris that's a problem, because that means the CPE can't issue a DHCP lease with the right DNR settings if the WAN link is down
[19:42:34] <Chris Box_web_392> Ray yes there are lots of problems arising
[19:42:59] <Tommy Pauly_web_802> Scenario 3 is also the same as the mobile network case, where things can upgrade, and that's a big scenario
[19:43:01] <dkg> also, if the WAN link changes, there isn't a good way for the router to adjust the dhcp client's configurations until lease expiry, no?
[19:43:09] <Ray Bellis_web_261> @dkg exactly
[19:43:33] <Chris Box_web_392> @Tommy yes mobile is different; here we are considering home broadband
[19:43:33] Wataru Ohgai_web_262 leaves the room
[19:43:44] <Tommy Pauly_web_802> Yup
[19:43:54] <ekr@jabber.org> So it seems like the relevant case here is when it's the user's router
[19:43:59] <Ray Bellis_web_261> @dkg see RFC 5625 §5.1
[19:44:14] <ekr@jabber.org> because if it's the ISP's CPE, then don't do that
[19:44:41] <dkg> I guess ISP's CPE can be coordinated with many WAN link changes
[19:45:49] <Ray Bellis_web_261> oh, also see §5.3 - it was proposed that DHCP leases should be very short if the WAN link is down (e.g. on first power up)
[19:46:02] <Ray Bellis_web_261> s/proposed/suggested/
[19:46:17] <Chris Lemmons_web_303> I think there's a difference between "users should have control of X" and "users should do Y in order to control X".
[19:46:45] Marco Schrieck_web_761 leaves the room
[19:47:29] <dkg> can't users already reject the DNS suggestions from DHCP and RAs?  how do they have less control?
[19:47:55] <Ray Bellis_web_261> savvy users can, generally
[19:47:57] <Andrew Campling_web_832> Presumably Barbara and Chris could recommend a re-charter in order to support use case 3 if they thought that was important?
[19:48:11] <ekr@jabber.org> This queue had 2 tommys and 3 Eri[ck]s
[19:48:12] <Éric Vyncke_web_235> @dkg rhetorical question ;-)
[19:48:35] <Éric Vyncke_web_235> @ekr indeed ! worth a screen shot!
[19:48:41] <Eric Orth_web_977> I don't really have anything to contribute, but I'm tempted to join the queue for the names.
[19:48:47] <nygren> I was observing the same.  Although I guess [ÉE]ri[ck]s.
[19:48:59] <nygren> The other Tommy left the queue before I got a screenshot.
[19:49:04] <Tommy Jensen_web_239> @ekr wow, a full house!
[19:49:05] <ekr@jabber.org> @Nygren: this is the IETF, Latin-1 only :)
[19:49:07] Ralf Weber_web_119 leaves the room
[19:49:11] <dkg> not entirely rhetorical -- as a user, i do want to be in control, but i wonder what mechanisms of control we're talking about
[19:49:21] Robert Story_web_605 leaves the room
[19:49:39] Ralf Weber_web_480 joins the room
[19:49:44] <dkg> i think we're not being concrete about what "control" we're talking about, and that makes it hard to reason about the consequences.
[19:49:49] <Éric Vyncke_web_235> @dkg: I agree, some users want to keep control
[19:49:54] <Tommy Jensen_web_239> Thanks Barbara!
[19:49:55] <Benjamin Schwartz_web_615> Mozilla's handling of split horizon names is noteworthy: they fall back to the local resolver on NXDOMAIN.
[19:50:01] Robert Story_web_486 joins the room
[19:50:13] <ekr@jabber.org> It seems like the underlying problem is (a) you don't want to change the home router and (b) the actual resolver doesn't know what the home router's policy is
[19:50:16] <Benjamin Schwartz_web_615> That behavior would also work in this context.
[19:50:19] <ekr@jabber.org> I don't really see how that's possible to do together
[19:51:00] <ekr@jabber.org> At least in the blocking case. As @benmasc suggests, the split horizon local name case works ok with fall back
[19:51:02] Lu Zhao_web_783 leaves the room
[19:51:39] <Daniel Migault_web_844> though making local resolution longer than non local.
[19:51:48] <ekr@jabber.org> @Daniel: sure
[19:51:52] <Éric Vyncke_web_235> MAC policies are dead with RCM (see MADINAS BoF)
[19:51:58] <Glenn Deen_web_509> MAC radmonization breaks that
[19:52:07] <Benjamin Schwartz_web_615> As I will note, adult content filtering is a nonissue, because it requires an up-to-date blocklist, and adding resolver.arpa to that list is trivial.
[19:52:12] <Ray Bellis_web_261> yup, MAC-based controls don't with with MAC privacy
[19:52:15] <Vittorio Bertola_web_533> Parental controls are also the biggest concern for many non-technical stakeholders.
[19:52:35] <ekr@jabber.org> Tommy and I are basically similar
[19:52:59] <Tommy Jensen_web_239> Ben hit that on the head, which we'll discuss at the end of this session: if you do dynamic filtering, just filter resolver.arpa as well.
[19:53:04] <dkg> as does MAC spoofing, which "some high school students i know"™ were happy to use to work around filtering
[19:53:32] <Éric Vyncke_web_235> ;-)
[19:54:21] <Christopher Wood_web_279> +1 Tommy -- it might be useful to treat resolution and filtering as separable problems.
[19:55:42] <nygren> +1 on separating resolution and filtering, but ideally we'd be able to do both of them and have privacy+encryption and DNS at the same time.
[19:56:13] <dkg> nygren: you mean "and DNS filtering" ?
[19:56:30] <nygren> yes, and DNS filtering/policy.  sorry long week.  :)
[19:56:34] James Gould_web_455 leaves the room
[19:56:36] <Tommy Jensen_web_239> @nygren: I think we all agree on that being desirable, but that seems to require trade-offs when you add the "without upgrading CE/CPE as well" requirement
[19:57:19] <dkg> if we separate them as distinct services, then the privacy leakage that we try to stanch from the DNS ends up returning when the filtering queries happen :/
[19:57:23] <Tommy Pauly_web_802> Better to get this out soon so they'll be able to handle this, even in a long time
[19:57:39] Ralf Weber_web_480 leaves the room
[19:57:46] Ralf Weber_web_672 joins the room
[19:58:21] <ekr@jabber.org> I mean, this was the point of our canary domain proposal
[19:58:30] <ekr@jabber.org> precisely to make it as easy as possible to update
[19:58:38] <Shane Kerr_web_129> "I can be really quick. First, ..." :joy:
[19:58:48] <Christopher Wood_web_279> @dkg: depends on how filtering is done, I guess :)
[19:59:25] <dkg> Chris, right, just observing that it's unsafe to "separate" them without keeping an eye on the privacy concerns in their eventual combination
[19:59:59] <Tommy Jensen_web_239> Declaring out of scope != wishing the problem away.
[20:00:15] <Christopher Wood_web_279> @dkg :+1:
[20:00:38] <dkg> dates not in ISO-8601 format!  tsk tsk
[20:02:04] <Daniel Migault_web_844> it can be ready and wait for ddr.
[20:02:18] <ekr@jabber.org> +1 to benmasc
[20:02:36] Yuji Koyama_web_841 joins the room
[20:03:01] Christian Huitema_web_801 leaves the room
[20:03:24] Tomofumi Okubo_web_544 leaves the room
[20:06:20] <Barbara Stark_web_538> I just managed to read through the chat. I do think Ben's comment around the possibility of checking the local Do53 resolver if NXDOMAIN is returned is something that could be considered as a recommended best practice?
[20:07:05] <ekr@jabber.org> I would not be in favor of that. Obviously we do it, but I don't think this group should be recommending any client practices
[20:07:48] <Éric Vyncke_web_235> @ekr indeed this would probably be out of scope
[20:07:58] Julien Maisonneuve_web_243 leaves the room
[20:08:05] Julien Maisonneuve_web_442 joins the room
[20:08:10] <Benjamin Schwartz_web_615> I think a (partial) taxonomy of client behaviors, and discussion of what will happen in each, might be a decent balance point.
[20:08:19] <Barbara Stark_web_538> Which gives us such lovely inconsistency in behavior. :(
[20:08:24] Julien Maisonneuve_web_442 leaves the room
[20:08:28] Julien Maisonneuve_web_639 joins the room
[20:08:41] <ekr@jabber.org> @bemasc: I can get behind that
[20:08:57] <dkg> Barbara: isn't split horizon at its core about giving inconsistent behavior?
[20:09:00] Alec Muffett_web_101 joins the room
[20:09:55] <Glenn Deen_web_509> I will point out ADD has a informational document development as one of our outputs.  Clearly a fine line on client behavior, but we do have a doc slot in the charter
[20:11:03] <Paul Wouters_web_172> SHOULD REALLY ?
[20:11:15] <Barbara Stark_web_538> @dkg: That depends on how split horizon is done. If split horizon is (consistently) used with PvDs and locally advertised domain names or if it's done (consistently) as mentioned in the case of NXDOMAIN it doesn't necessarily have to lead to inconsistency.
[20:11:23] <Chris Box_web_392> @Paul: there must be an RFC for that
[20:12:27] Yoshiro Yoneya_web_178 leaves the room
[20:12:28] <Tommy Jensen_web_239> I've previously said that this problem (network _authoritatively_ expresses permitted behavior) is larger than DNS and should be discussed elsewhere
[20:12:33] Yoshiro Yoneya_web_993 joins the room
[20:12:45] <ekr@jabber.org> @Tommy: yeah, that seems like a good point
[20:12:52] <Tommy Jensen_web_239> If that is softening to "network expresses preference" then it makes sense here.
[20:13:03] <Éric Vyncke_web_235> @Tommy this was part of the initial goal of pvD
[20:13:16] <Tommy Jensen_web_239> Because no auth is really required (same level of security as DHCP/RA)
[20:14:04] <Tommy Jensen_web_239> But then the usefulness of the signal is possibly small? Need to re-read the doc.
[20:15:02] <ekr@jabber.org> Wow, I just lost a lot of Andrew. Was it just me?
[20:15:11] <Chris Box_web_392> yes
[20:15:15] <ekr@jabber.org> huh, weird
[20:15:53] <Andrew Campling_web_832> @EKR too fast? :-)
[20:16:02] <ekr@jabber.org> No, you just dropped out
[20:17:00] Phillip Hallam-Baker_web_511 joins the room
[20:18:29] Alec Muffett_web_101 leaves the room
[20:19:24] <Chris Box_web_392> I heard all of Eliot
[20:20:13] <Eliot Lear_web_918> but it's also ok for this to stay not adopted but be kept up to date until later.  adoption is just a tracking instrument
[20:21:17] Brett Carr_web_235 leaves the room
[20:22:54] <Tommy Pauly_web_802> Ekr, agreed
[20:23:20] <Tommy Pauly_web_802> Yeah, we should change that text
[20:24:47] <ekr@jabber.org> If we have forwarders with updated blocklists, we could encode the true resolver in binary with the blocklist. @dkg :)
[20:25:01] Alec Muffett_web_619 joins the room
[20:28:01] Erik Nygren_web_371 leaves the room
[20:28:05] Erik Nygren_web_214 joins the room
[20:30:00] Paul Wouters_web_172 leaves the room
[20:31:11] Alissa Cooper_web_389 leaves the room
[20:32:36] <Tommy Jensen_web_239> To be clear, even if not in DDR, I am committing to review/contribute.
[20:32:42] <Daniel Migault_web_844> I see this as a behaviour when the hints is not authenticated. So if DDR leaves client open to implement its policy, this should be another draft, so DDR can move out.
[20:33:03] <Tommy Jensen_web_239> @daniel 100% agree, that's a good summary of what I was trying to say.
[20:33:59] <Andrew Campling_web_832> Leave in DDR as MAY?
[20:34:54] <Tommy Jensen_web_239> @andrew if it's only a MAY in a doc that is otherwise stricter on auth requirements, it is unlikely to get the adoption throughout the 85% you want
[20:35:12] <Tommy Jensen_web_239> Hence the scenario deserves its own doc so it can make SHOULD/MUST demands of its own
[20:36:09] <Eric Orth_web_977> An attacker that could redirect the users could also intercept and change the DNS responses.
[20:36:33] <Eric Orth_web_977> That's why the only real vulnerability difference is persistent vs transient vulnerability.
[20:37:00] <Tommy Jensen_web_239> @eric PR#11 give sthe active attack up to 5 extra minutes of traffic without a requirement to be present on the wire
[20:38:15] <Eric Orth_web_977> Right.  It's limited the increase in vulnerability to 5 minutes.  That's a difference the client needs to be aware of in making it's policy.  Maybe some clients are fine with that as long as it's not a permanent vulnerability.  Other clients might think 5 minutes is too long.
[20:38:47] <Tommy Jensen_web_239> Agreed. Hence I think the mechanism is worth exploring but in a different scenario scope.
[20:39:21] <Christopher Wood_web_279> I wonder if someone should try to model and analyze these two scenarios with a bit more rigor.
[20:39:51] <Eliot Lear_web_918> So the practical attack here is where the CPE is 0wn3d?
[20:40:38] <Alec Muffett_web_619> Speaking from an incomplete understanding, but is ARP-cache poisoning a possible vector/replacement for "controlling the IP" in this model?
[20:41:00] <Glenn Deen_web_509> @Eliot - I suspect it could possibly be also be a pie device on network that gets comprised.
[20:41:18] <Daniel Migault_web_844> From what I understand, the security being provided is very slim and this is not what the client is expecting. I am incline to think this gives a false sense of security or will makes DDR not perceived as secure.
[20:42:05] <Andrew Campling_web_832> @Daniel So handle this separately?
[20:42:15] <Daniel Migault_web_844> So it probably deserve its own document.
[20:42:29] Phillip Hallam-Baker_web_511 leaves the room
[20:42:30] <Tommy Pauly_web_802> Yes, it should be a separate proposal
[20:42:31] <Daniel Migault_web_844> @andrew : yes.
[20:42:46] Marco Schrieck_web_116 joins the room
[20:42:59] <Andrew Campling_web_832> Show tunes time?
[20:43:10] <Tommy Jensen_web_239> @daniel exactly.
[20:43:30] Lucy Lynch_web_487 leaves the room
[20:45:50] <Tommy Jensen_web_239> so... did we get clear signal on separate draft for PR#11, or is that just my bias?
[20:45:57] Geoff Huston_web_931 leaves the room
[20:45:57] Patrick Tarpey_web_406 leaves the room
[20:46:00] <Tommy Jensen_web_239> Didn't follow all of the chat
[20:46:18] <Eric Orth_web_977> Seemed pretty clear consensus for separate draft to me.
[20:46:22] <Hazel Smith_web_167> Glad I could help! I think there was a thuird person who helped as I needed a typing break for the las 10 mins
[20:46:38] <Tommy Pauly_web_802> Yeah I agree it was fairly clear?
[20:46:40] <Vittorio Bertola_web_533> I think it's fine to have a separate draft as long as we keep DDR, DNR and the new draft coherent and they proceed together
[20:46:42] <Andrew Campling_web_832> Separate doc seems reasonable
[20:46:45] <Tommy Pauly_web_802> To let it be separate
[20:46:48] Marco Schrieck_web_116 leaves the room
[20:46:53] <Eric Orth_web_977> Everyone was either strongly "separate draft" or weakly, "yeah, whatever".
[20:46:53] <Tommy Jensen_web_239> Can we do one of those fancy calls?
[20:47:01] <Hazel Smith_web_167> I also think it sounds like a separate (but good!) thing :)
[20:47:17] Barbara Stark_web_538 leaves the room
[20:47:18] <Tommy Jensen_web_239> My virtual hand is itching for raising
[20:47:23] <Andrew Campling_web_832> Use the poll tool?
[20:48:09] Ray Bellis_web_261 leaves the room
[20:48:13] <Tommy Pauly_web_802> "Should PR 11 be pulled into a separate proposal?"
[20:48:17] <Hazel Smith_web_167> Yeah, I think doing the poll is good idea
[20:48:20] <Tommy Jensen_web_239> Reminder to the group: "do not raise hand" is a negative response, not a lack of response
[20:48:37] <Benjamin Schwartz_web_615> This is a pretty mysterious poll
[20:48:49] Stuart Cheshire_web_251 leaves the room
[20:48:52] <Hazel Smith_web_167> The time ran out before I could raise
[20:48:54] <Andrew Campling_web_832> Ask two questions?
[20:48:56] Stuart Cheshire_web_620 joins the room
[20:48:58] <Hazel Smith_web_167> As I was listenign to the back and forth
[20:49:01] <Hazel Smith_web_167> :/
[20:49:06] <Tommy Pauly_web_802> Just do one
[20:49:27] Peter van Dijk_web_120 leaves the room
[20:49:34] <Eliot Lear_web_918> +1 to ben's framing of the question
[20:49:36] <Éric Vyncke_web_235> Do like Tommy J wrote "do not raise hand" == against
[20:50:10] Gustavo Lozano_web_986 leaves the room
[20:50:27] Nigel Hickson_web_745 joins the room
[20:50:40] <Jim Reid_web_234> What's this VOTE stuff Glenn?
[20:50:47] Jason Weil_web_159 leaves the room
[20:50:51] Jason Weil_web_619 joins the room
[20:50:56] Eliot Lear_web_918 leaves the room
[20:51:02] <Tommy Jensen_web_239> Yes, thanks note takers!
[20:51:56] <Alec Muffett_web_619> The training video says it gets captured.
[20:52:01] Burt Kaliski_web_286 leaves the room
[20:52:02] <Glenn Deen_web_509> SHOULD PR11 BE PULLED TO A SEPARATE DOC - HOW TO ADDRESS THE FORWARDER SCENARIO ? (RAISE IF YOU AGREE) ( DON'T RAISE IF YOU DISAGREE)
[20:52:16] <Tommy Jensen_web_239> A poll _and_ done early?
[20:52:20] <Hazel Smith_web_167> I may have been wrong about thrid person, it said "Guest Parrini" when I looked closer, that may not be an actual person's name
[20:52:20] Jeremiah Androscavage_web_123 leaves the room
[20:52:20] <Glenn Deen_web_509> Raised: 29 Not raised 1
[20:52:20] Jonathan Hammell_web_715 leaves the room
[20:52:22] Eric Rescorla_web_988 leaves the room
[20:52:27] Jim Reid_web_234 leaves the room
[20:52:27] <Andrew Campling_web_832> Well chaired
[20:52:28] Jonathan Reed_web_689 leaves the room
[20:52:30] <David K_web_306> Thanks!
[20:52:31] Shane Kerr_web_129 leaves the room
[20:52:34] Wes Hardaker_web_785 leaves the room
[20:52:36] <Bernie Innocenti_web_513> thanks everyone
[20:52:37] Florence D_web_838 leaves the room
[20:52:38] Éric Vyncke_web_235 leaves the room
[20:52:39] Benjamin Schwartz_web_615 leaves the room
[20:52:41] Shumon Huque_web_704 leaves the room
[20:52:41] Dan Wing_web_206 leaves the room
[20:52:41] Richard Wilhelm_web_608 leaves the room
[20:52:41] Alexander Mayrhofer_web_219 leaves the room
[20:52:41] Francisco Arias_web_823 leaves the room
[20:52:41] Eric Orth_web_977 leaves the room
[20:52:41] Chris Lemmons_web_303 leaves the room
[20:52:41] Chi-Jiun Su_web_809 leaves the room
[20:52:42] Scott Hollenbeck_web_974 leaves the room
[20:52:42] Ralf Weber_web_672 leaves the room
[20:52:42] Jason Weil_web_619 leaves the room
[20:52:43] Vittorio Bertola_web_533 leaves the room
[20:52:43] Tommy Pauly_web_802 leaves the room
[20:52:43] <Tommy Jensen_web_239> Thanks everyone! Have a great weekend
[20:52:43] Chris Box_web_392 leaves the room
[20:52:43] Nicklas Pousette_web_375 leaves the room
[20:52:43] Andrew Campling_web_832 leaves the room
[20:52:43] <Bernie Innocenti_web_513> bye!
[20:52:43] කෙසර රත්නායක_web_437 leaves the room
[20:52:44] Ulrich Wisser_web_742 leaves the room
[20:52:44] <Hazel Smith_web_167> Take care y'all! :)
[20:52:45] Jon Peterson_web_782 leaves the room
[20:52:46] Carlos Silva_web_921 leaves the room
[20:52:47] Rolf Sonneveld_web_729 leaves the room
[20:52:47] Andrew S_web_173 leaves the room
[20:52:47] Nigel Hickson_web_745 leaves the room
[20:52:48] Keith Bare_web_714 leaves the room
[20:52:48] Tim April_web_483 leaves the room
[20:52:48] Peter Koch_web_843 leaves the room
[20:52:48] Christopher Wood_web_279 leaves the room
[20:52:53] Sanjay Mishra_web_385 leaves the room
[20:52:56] Bernie Innocenti_web_513 leaves the room
[20:52:57] Suzanne Woolf_web_392 leaves the room
[20:52:58] Scott Rose_web_809 leaves the room
[20:52:58] Keith Bare leaves the room
[20:52:59] Yoshiro Yoneya_web_993 leaves the room
[20:53:00] Jorge Cano_web_689 leaves the room
[20:53:05] Jurgen Sonnenmoser_web_248 leaves the room
[20:53:07] Taiji Kimura_web_102 leaves the room
[20:53:11] zyxbac leaves the room
[20:53:11] Matthew leaves the room
[20:53:11] cjsu leaves the room
[20:53:11] Vittorio Bertola leaves the room
[20:53:15] zyxbac joins the room
[20:53:15] Matthew joins the room
[20:53:15] cjsu joins the room
[20:53:15] Vittorio Bertola joins the room
[20:53:44] Erik Nygren_web_214 leaves the room
[20:53:49] Valery Smyslov_web_308 leaves the room
[20:53:50] tim costello_web_829 leaves the room
[20:53:58] Yoshiro Yoneya leaves the room
[20:54:07] Mark Andrews_web_965 leaves the room
[20:54:20] David K_web_306 leaves the room
[20:54:22] Daniel Migault_web_844 leaves the room
[20:54:34] Joey Salazar_web_944 leaves the room
[20:54:34] Duane Wessels_web_436 leaves the room
[20:54:35] Takahiro Nemoto_web_408 leaves the room
[20:56:27] Alessandro Ghedini_web_919 leaves the room
[20:56:42] Puneet Sood_web_119 leaves the room
[20:56:42] Tommy Jensen_web_239 leaves the room
[20:56:47] <Meetecho Robot_web_592> Will do!
[20:56:49] Glenn Deen_web_509 leaves the room
[20:56:49] Kazunori Fujiwara_web_463 leaves the room
[20:56:54] Zaid AlBanna_web_171 leaves the room
[20:56:54] David Lawrence_web_633 leaves the room
[20:56:54] Tim Wicinski_web_925 leaves the room
[20:56:54] Daniel Gillmor_web_269 leaves the room
[20:56:54] Michael Breuer_web_151 leaves the room
[20:56:54] Eric Kinnear_web_427 leaves the room
[20:56:54] David Smith_web_380 leaves the room
[20:56:54] Meetecho Robot_web_592 leaves the room
[20:56:54] Hazel Smith_web_167 leaves the room
[20:56:54] Stephan Emile_web_112 leaves the room
[20:56:54] David Schinazi_web_565 leaves the room
[20:56:54] Robert Story_web_486 leaves the room
[20:56:54] Yuji Koyama_web_841 leaves the room
[20:56:54] Julien Maisonneuve_web_639 leaves the room
[20:56:54] Alec Muffett_web_619 leaves the room
[20:56:54] Stuart Cheshire_web_620 leaves the room
[21:03:32] Meetecho leaves the room
[21:03:37] meetecho-alexamirante leaves the room
[21:05:05] tale leaves the room
[21:08:01] yone joins the room
[21:08:18] yone leaves the room
[21:23:53] fightingnemo leaves the room
[21:47:28] tale joins the room
[23:20:54] PuneetS leaves the room: Disconnected: BOSH client silent for over 60 seconds

Powered by ejabberd - robust, scalable and extensible XMPP server