IETF
add
add@jabber.ietf.org
Monday, November 8, 2021< ^ >
meetecho-alexamirante has set the subject to: IETF 111 - ADD
Room Configuration
Room Occupants

GMT+0
[06:20:37] Glen joins the room
[06:20:41] Glen leaves the room
[15:30:49] Yoshiro Yoneya joins the room
[15:45:03] Kazunori Fujiwara_web_454 joins the room
[15:45:03] abdullahalshoaili_web_793 joins the room
[15:45:03] Erik Nordmark_web_167 joins the room
[15:45:03] Paolo Saviano_web_768 joins the room
[15:45:03] Francois Ortolan_web_144 joins the room
[15:45:03] Vasilis_web_326 joins the room
[15:45:03] Peter van Dijk_web_403 joins the room
[15:45:03] Yoshiro Yoneya_web_231 joins the room
[15:45:03] Kohei Isobe_web_532 joins the room
[15:45:03] Jonathan Morton_web_826 joins the room
[15:45:52] Gustavo Lozano_web_630 joins the room
[15:46:36] Tim Wicinski_web_211 joins the room
[15:47:05] Stephen Farrell_web_649 joins the room
[15:47:08] Jonathan Morton_web_826 leaves the room
[15:47:10] Ted Hardie_web_944 joins the room
[15:47:15] Neil Cook_web_345 joins the room
[15:47:47] sftcd joins the room
[15:48:54] Glenn Deen_web_160 joins the room
[15:52:12] Vasilis_web_326 leaves the room
[15:52:16] Vasilis_web_157 joins the room
[15:52:40] Chen Li_web_424 joins the room
[15:52:49] Erik Nordmark_web_167 leaves the room
[15:52:53] Erik Nordmark_web_381 joins the room
[15:53:04] Dan Wing_web_563 joins the room
[15:53:27] Haywood Gelman_web_987 joins the room
[15:53:43] Tommy Pauly_web_142 joins the room
[15:53:55] Scott Hollenbeck_web_561 joins the room
[15:54:19] Simon Hicks_web_684 joins the room
[15:54:53] Tommy Jensen_web_216 joins the room
[15:55:13] Joey Salazar_web_382 joins the room
[15:55:16] Tommy Jensen_web_216 leaves the room
[15:55:20] Tommy Jensen_web_205 joins the room
[15:55:23] Chi-Jiun Su_web_981 joins the room
[15:55:30] Emiliano Spinella_web_508 joins the room
[15:55:52] Éric Vyncke_web_566 joins the room
[15:56:08] Gustavo Lozano_web_630 leaves the room
[15:56:12] Gustavo Lozano_web_896 joins the room
[15:56:17] Meetecho joins the room
[15:56:25] Ray Bellis_web_263 joins the room
[15:56:31] Mohamed Boucadair_web_530 joins the room
[15:56:31] Barbara Stark_web_716 joins the room
[15:56:35] Jurgen Sonnenmoser_web_441 joins the room
[15:56:42] Erik Nordmark_web_381 leaves the room
[15:56:59] Ray Bellis_web_263 leaves the room
[15:57:03] Ray Bellis_web_735 joins the room
[15:57:03] <Éric Vyncke_web_566> /topic IETF 112 - ADD
[15:57:24] Gustavo Lozano_web_896 leaves the room
[15:57:28] Zaid AlBanna_web_251 joins the room
[15:57:38] Mark Andrews_web_471 joins the room
[15:57:48] Tim Wicinski_web_211 leaves the room
[15:57:53] Eric Rosenberg_web_690 joins the room
[15:57:58] Chris Lemmons_web_800 joins the room
[15:58:02] Robin Wilton_web_784 joins the room
[15:58:02] <Tommy Pauly_web_142> IETF 112: The Return of IETF 111
[15:58:08] Tim Wicinski_web_136 joins the room
[15:58:11] Shinta Sato_web_615 joins the room
[15:58:19] Ulrich Wisser_web_842 joins the room
[15:58:20] Watson Ladd_web_381 joins the room
[15:58:22] Shumon Huque_web_251 joins the room
[15:58:26] Christopher Wood_web_823 joins the room
[15:58:37] Vinny_web_156 joins the room
[15:58:38] Eric Orth_web_881 joins the room
[15:58:38] Petr Špaček_web_479 joins the room
[15:58:41] Chris Box_web_645 joins the room
[15:58:44] Steve Olshansky_web_209 joins the room
[15:58:52] Eric Rosenberg_web_690 leaves the room
[15:58:56] Mark McFadden_web_331 joins the room
[15:58:57] Martin Thomson_web_855 joins the room
[15:59:01] Gustavo Lozano_web_364 joins the room
[15:59:06] Peter Koch_web_453 joins the room
[15:59:09] Tim Wicinski_web_136 leaves the room
[15:59:12] Nalini Elkins_web_268 joins the room
[15:59:13] Tim Wicinski_web_543 joins the room
[15:59:16] <Éric Vyncke_web_566> ;-)
[15:59:18] Paul Wouters_web_445 joins the room
[15:59:24] Andrew Campling_web_162 joins the room
[15:59:24] Erik Kline_web_850 joins the room
[15:59:26] Meetecho has set the subject to: IETF 112 - ADD
[15:59:26] Avri Doria_web_346 joins the room
[15:59:35] Wes Hardaker_web_380 joins the room
[15:59:42] Erik Kline_web_850 leaves the room
[15:59:43] Duane Wessels_web_281 joins the room
[15:59:44] Bill Fenner_web_834 joins the room
[15:59:46] Erik Kline_web_685 joins the room
[15:59:47] mackermann@bcbsm.com_web_909 joins the room
[15:59:48] David Blacka_web_287 joins the room
[15:59:49] Erik Kline_web_685 leaves the room
[15:59:50] Dan McArdle_web_489 joins the room
[15:59:51] Erik Nordmark_web_546 joins the room
[15:59:52] <Éric Vyncke_web_566> Notes at https://notes.ietf.org/notes-ietf-112-add
[15:59:53] Erik Kline_web_455 joins the room
[15:59:57] Brett Carr_web_351 joins the room
[15:59:59] Benjamin Schwartz_web_653 joins the room
[16:00:00] Eric Kinnear_web_910 joins the room
[16:00:03] <Chris Lemmons_web_800> We hear you.
[16:00:06] Tirumaleswar Reddy.K_web_180 joins the room
[16:00:07] Jonathan Reed_web_512 joins the room
[16:00:13] James Gould_web_562 joins the room
[16:00:16] Taiji Kimura_web_264 joins the room
[16:00:20] Jiri Novotny_web_316 joins the room
[16:00:22] David Smith_web_108 joins the room
[16:00:24] Paul Wouters_web_445 leaves the room
[16:00:24] Michael Hollyman_web_509 joins the room
[16:00:37] Tim Wicinski_web_543 leaves the room
[16:00:40] Andrew S_web_333 joins the room
[16:00:47] Tim Wicinski_web_856 joins the room
[16:00:52] Scott Rose_web_862 joins the room
[16:00:52] Gustavo Lozano_web_364 leaves the room
[16:00:53] <Watson Ladd_web_381> scribe or notetaker?
[16:00:56] Gustavo Lozano_web_493 joins the room
[16:00:56] Robin Wilton_web_784 leaves the room
[16:01:00] Robin Wilton_web_304 joins the room
[16:01:03] Ralf Weber_web_480 joins the room
[16:01:06] David Goldstein_web_410 joins the room
[16:01:06] Peter Feil_web_452 joins the room
[16:01:08] Jonathan Hoyland_web_507 joins the room
[16:01:11] Spencer Dawkins_web_807 joins the room
[16:01:13] Harald Alvestrand_web_617 joins the room
[16:01:15] Lixia Zhang_web_746 joins the room
[16:01:15] Michael Breuer_web_284 joins the room
[16:01:21] <Watson Ladd_web_381> i can do it
[16:01:21] Robin Wilton_web_304 leaves the room
[16:01:24] Ching-Heng Ku_web_340 joins the room
[16:01:25] Robin Wilton_web_916 joins the room
[16:01:31] Timothy Carlin_web_658 joins the room
[16:01:31] Doug Montgomery_web_930 joins the room
[16:01:32] Zaid AlBanna_web_251 leaves the room
[16:01:38] <Barbara Stark_web_716> I can help. But I do find a little more detail on who spoke, so positions can be found in recording
[16:01:50] <Martin Thomson_web_855> Watson, happy to help out
[16:01:55] Nicklas Pousette_web_694 joins the room
[16:02:04] <Éric Vyncke_web_566> Thank you Watson & Barbara & Martin
[16:02:15] Subir Das_web_639 joins the room
[16:02:19] Eric Rescorla_web_297 joins the room
[16:02:28] Kris Shrishak_web_187 joins the room
[16:02:39] Michael B_web_929 joins the room
[16:02:47] Robert Story_web_539 joins the room
[16:02:50] Patrick Tarpey_web_809 joins the room
[16:02:54] Erik Nygren_web_228 joins the room
[16:02:56] Michael B_web_929 leaves the room
[16:03:00] Michael B_web_212 joins the room
[16:03:02] James Galvin_web_417 joins the room
[16:03:02] Zaid AlBanna_web_600 joins the room
[16:03:10] Patrick Tarpey_web_809 leaves the room
[16:03:14] Patrick Tarpey_web_549 joins the room
[16:03:21] Jim Reid_web_993 joins the room
[16:03:36] Mike Bishop_web_916 joins the room
[16:03:49] Vittorio Bertola_web_185 joins the room
[16:03:54] Michael Breuer_web_284 leaves the room
[16:03:58] Michael Breuer_web_550 joins the room
[16:04:01] Benno Overeinder_web_366 joins the room
[16:04:05] Jim Reid_web_993 leaves the room
[16:04:09] Francisco Arias_web_534 joins the room
[16:04:14] Jiankang Yao_web_639 joins the room
[16:04:15] Jim Reid_web_608 joins the room
[16:04:21] Zaid AlBanna_web_600 leaves the room
[16:04:25] Zaid AlBanna_web_220 joins the room
[16:04:33] Chris Seal_web_601 joins the room
[16:04:35] Linda Dunbar_web_541 joins the room
[16:05:05] Craig Pearce_web_332 joins the room
[16:05:14] Peter Lowe_web_308 joins the room
[16:05:28] Jonathan Reed_web_512 leaves the room
[16:05:29] Michael Breuer_web_550 leaves the room
[16:05:30] Puneet Sood_web_595 joins the room
[16:05:31] David Schinazi_web_208 joins the room
[16:05:32] Jonathan Reed_web_281 joins the room
[16:05:32] Xavier de Foy_web_896 joins the room
[16:05:33] Michael Breuer_web_212 joins the room
[16:05:43] Stuart Card_web_230 joins the room
[16:05:55] <Martin Thomson_web_855> Éric without the accent is much, much easier to type.
[16:05:57] Michael Breuer_web_212 leaves the room
[16:05:59] Sara Dickinson_web_185 joins the room
[16:06:01] Michael Breuer_web_569 joins the room
[16:06:04] Erik Nygren_web_228 leaves the room
[16:06:08] Erik Nygren_web_301 joins the room
[16:06:12] <Éric Vyncke_web_566> ;-)
[16:06:50] Ulrich Wisser_web_842 leaves the room
[16:06:58] <Martin Thomson_web_855> I do wish that the Windows emoji panel supported better searching.  LaTeX sequences would be a nice addition.
[16:07:17] Zaid AlBanna_web_220 leaves the room
[16:07:42] Antoin Verschuren_web_721 joins the room
[16:07:47] John Todd_web_507 joins the room
[16:08:06] <Martin Thomson_web_855> has that SVCB + DNS draft been adopted anywhere?
[16:08:14] <Benjamin Schwartz_web_653> Yes
[16:08:30] Michael Breuer_web_569 leaves the room
[16:08:31] <Jim Reid_web_608> Martin, support for xml would be nice too. -)
[16:08:34] Michael Breuer_web_409 joins the room
[16:08:35] <Martin Thomson_web_855> Excellent.  Last I looked it was an individual submission.
[16:08:51] <Benjamin Schwartz_web_653> https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns
[16:08:51] <Martin Thomson_web_855> Jim: &#xa0; ?
[16:09:15] <Martin Thomson_web_855> Oh, dear.  Meetecho swallows XML character sequences....
[16:09:20] Michael Breuer_web_409 leaves the room
[16:09:23] Michael Breuer_web_669 joins the room
[16:09:44] Michael Breuer_web_669 leaves the room
[16:09:48] Michael Breuer_web_882 joins the room
[16:09:59] Bob Hinden_web_672 joins the room
[16:10:32] <Martin Thomson_web_855> &#128169 ;
[16:10:41] <Glenn Deen_web_160> @Martin,  ADD adopted the  SVCB+DNS draft
[16:10:47] Bob Hinden_web_672 leaves the room
[16:10:51] Bob Hinden_web_757 joins the room
[16:10:55] Jim Reid_web_608 leaves the room
[16:10:59] Jim Reid_web_458 joins the room
[16:11:01] <Martin Thomson_web_855> seems eminently sensible
[16:11:02] Zaid AlBanna_web_795 joins the room
[16:11:33] Bob Hinden_web_757 leaves the room
[16:11:36] Lixia Zhang_web_746 leaves the room
[16:11:43] Bob Hinden_web_980 joins the room
[16:11:46] <Martin Thomson_web_855> Having &amp;#<digits> render as character sequences seems like a problem.
[16:11:51] <Eric Rescorla_web_297> This seems correct
[16:11:52] Ulrich Wisser_web_102 joins the room
[16:12:12] Jim Reid_web_458 leaves the room
[16:12:13] <Erik Nygren_web_301> (will come back later if needed)
[16:13:16] Jim Reid_web_210 joins the room
[16:13:29] Immaculate Nabwire_web_813 joins the room
[16:14:00] Martin Wu_web_339 joins the room
[16:14:42] <Martin Thomson_web_855> to be clear, this is not a win: it's just not worse than what we previously had (that is, it's a low bar to clear)
[16:14:49] <Erik Nygren_web_301> Some of the challenges and approaches from this may apply here:  https://github.com/w3c/openscreenprotocol/issues/275#issuecomment-954279084
[16:15:57] <Eric Rescorla_web_297> I actually wanted to talk about SNI
[16:16:33] Markus de Brün_web_695 joins the room
[16:17:03] Tim April_web_807 joins the room
[16:17:27] <Martin Thomson_web_855> Host: [2001:4860::8888]:443 (seems OK)
[16:18:04] Éric Vyncke_web_566 leaves the room
[16:18:08] Éric Vyncke_web_242 joins the room
[16:18:16] Paul Wouters_web_275 joins the room
[16:18:23] Sanjay Mishra_web_250 joins the room
[16:18:41] <Mike Bishop_web_916> dns.google is simply an entry in the alias chain, albeit an aestheticly pleasing one.
[16:19:30] Paul Wouters_web_275 leaves the room
[16:20:11] <Erik Nygren_web_301> But I believe the SVCB draft specifies that the SAN/SNI/origin is from the original name, not the TargetName?  (Or is this just for the HTTPS RR?)
[16:21:10] <Mike Bishop_web_916> Right, but in this case, the original name is _dns.resolver.arpa, which clearly doesn't work.  (No one owns it.)
[16:21:13] Ulrich Wisser_web_102 leaves the room
[16:21:34] <Martin Thomson_web_855> the original name here is really 8.8.8.8 (or the v6 equivalent)
[16:21:48] Tianji Jiang_web_513 joins the room
[16:21:49] Chris Lemmons_web_800 leaves the room
[16:21:53] Chris Lemmons_web_369 joins the room
[16:22:00] <Mike Bishop_web_916> Logically 8.8.8.8 is what you started with; you connected to it and asked it to describe itself.  Its description was an alias record.
[16:22:03] <Martin Thomson_web_855> this is the string that you feed into the URI, this is the string that you authenticate via the certificate.
[16:22:14] <Erik Nygren_web_301> right.  I'm leaning towards whether the SVCB record (and SNI) should include a key fingerprint (which could be self-signed).  Some of this depends on the security properties we're trying to obtain.
[16:22:22] Ulrich Wisser_web_388 joins the room
[16:22:26] <Watson Ladd_web_381> but then you learned dns.google is a service you can use instead
[16:22:27] <Erik Kline_web_455> (yeah, there needs to be an extra :4860: in those IPv6 addresses :-) )
[16:22:38] <Martin Thomson_web_855> Erik: why would you trust DNS more than your configuration mechanism?
[16:22:45] <Martin Thomson_web_855> (That was Erik N)
[16:22:52] <Martin Thomson_web_855> Too many Eri[ck]s
[16:23:08] Michael B_web_212 leaves the room
[16:23:11] <Erik Kline_web_455> (US Recommended Daily Allowance)
[16:23:23] <Erik Nygren_web_301> I think that would be too many [EÉ]ri[ck]s
[16:23:41] Scott Rose_web_862 leaves the room
[16:23:41] Ulrich Wisser_web_388 leaves the room
[16:23:45] Ulrich Wisser_web_790 joins the room
[16:23:49] Kohei Isobe_web_532 leaves the room
[16:23:51] <Éric Vyncke_web_242> Or rather [EÉ]ri[ck]s*
[16:24:06] <Éric Vyncke_web_242> when there is only one
[16:24:45] <Joey Salazar_web_382> [EÉ]ri[ck](s)*
[16:24:47] <Erik Kline_web_455> you might trust DNS more if certs are involved.  the only thing that protects the configuration mechanism is RA guard (or SeND, but...)
[16:25:04] <Erik Nygren_web_301> Some of this goes to the question of what is the security model.  It's for the _dns.resolver.arpa case and a private address where it may be better than purely opportunistic, but then it is a question of when it ends.  IP-based certificates are also enough of a mess that we might need to think some about what properties they provide.
[16:25:28] <Martin Thomson_web_855> What ekr is saying is right.  I'm OK with dohpath varying.  But the authority that we tell the server needs to match what was configured.
[16:26:21] Subir Das_web_639 leaves the room
[16:27:28] <Tommy Jensen_web_205> So essentially the ask is to add security considerations such that servers SHOULD NOT offer different behavior as a security boundary that branches based on unauthenticated configuration (dohpath, hostname discovered over DDR).
[16:27:41] <Tommy Jensen_web_205> I'm not fine with that :)
[16:27:43] <Martin Thomson_web_855> We are find with that.
[16:27:57] <Martin Thomson_web_855> Tommy J: you should ask about this.
[16:28:11] Richard Wilhelm_web_815 joins the room
[16:28:16] <Tommy Jensen_web_205> ack
[16:28:52] Eric Rescorla_web_297 leaves the room
[16:28:56] Eric Rescorla_web_711 joins the room
[16:29:31] <Martin Thomson_web_855> The attack does not require that the other authority is in the certificate.  Which makes the attack much better.
[16:30:20] <Martin Thomson_web_855> The client shouldn't accept the response....
[16:30:42] Yoshiro Yoneya_web_231 leaves the room
[16:30:46] Yoshiro Yoneya_web_229 joins the room
[16:31:08] Sara Dickinson_web_185 leaves the room
[16:31:24] Monika Ermert_web_873 joins the room
[16:32:44] Paul Wouters_web_637 joins the room
[16:32:45] <Martin Thomson_web_855> Erik N: recall that this server is answering DNS queries on udp port 53.
[16:32:45] Korry Luke_web_675 joins the room
[16:33:18] <Eric Orth_web_881> I was initially of the opinion that the authority should be "dns.google" because that would be easier in the network stacks I deal with.  It's a bit more difficult to convince the stack to not open the connection to 8.8.8.8 if the URL is "8.8.8.8".  But the security concerns around changing between flavors or other stuff hosted at the same IP has convinced me to change sides, so now I'm on team authority 8.8.8.8.
[16:34:08] <Eric Rescorla_web_711> @Chairs: this is the most important thing we are doing, so can we please drain the queue as required
[16:34:21] Jason Weil_web_635 joins the room
[16:34:46] <Eric Rescorla_web_711> Note: we could just invent new-SNI-that-uses-IP
[16:34:49] <Eric Rescorla_web_711> Or some other TLS thingy
[16:34:50] <Erik Nygren_web_301> Although not for the  _dns.example.net case.
[16:36:38] <Erik Nygren_web_301> @ekr: some of that is in the discussion at https://github.com/w3c/openscreenprotocol/issues/275SNI could have other NameTypes specified (rfc6066 section 3) to cover IP addresses, but would require a bunch of library and API updates, but may be time to do it.  Sleevi suggests that draft-ietf-uta-rfc6125bis would be a good place to look at this.
[16:36:49] <Watson Ladd_web_381> Not branching on name or path could be a problem.
[16:36:50] <Martin Thomson_web_855> why do you want a name Tommy?
[16:37:04] <Eric Rescorla_web_711> Erik: couldn't you also just have a TLS flag that was like "I know I don't have an SNI and I mean it"
[16:37:16] <Martin Thomson_web_855> This is not a reasonable requirement for an HTTP server (I'm sure the same is less true for a DoT server)
[16:37:25] Timothy Carlin_web_658 leaves the room
[16:37:33] <Eric Rescorla_web_711> Yeah, this would forbid any CDN
[16:38:24] <Martin Thomson_web_855> not going to happen Ben, but something along those lines might be necessary if people want to virtually host this
[16:38:47] <Martin Thomson_web_855> "this server has many IP addresses"
[16:38:48] Erik Nordmark_web_546 leaves the room
[16:38:55] Erik Nordmark_web_203 joins the room
[16:39:27] <Tommy Jensen_web_205> @martin for the same reason TommyP is highlighting here on the slide: I'm not thrilled about connecting to one IP address using another IP address as the host. Also, once authenticated, I could use that name to then re-do DDR by name to discover DoT/DoQ, etc.
[16:39:59] Xavier de Foy_web_896 leaves the room
[16:40:03] Xavier de Foy_web_809 joins the room
[16:40:10] <Erik Nygren_web_301> With no SNI, 8.8.8.8 and 1.1.1.1 just give a hostname as the SAN (dns.google and cloudflare-dns.com)
[16:40:12] <Tirumaleswar Reddy.K_web_180> For example, if the IP address being
   validated is 2001:db8::1, the SNI HostName field should contain "1.0.
   0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa"
[16:40:22] <Martin Thomson_web_855> yeah, I get that this is awkward because you are feeding your stack a different IP address; think of it as a network-based attacker
[16:40:26] <Benjamin Schwartz_web_653> @Tiru: I think that's a possible solution but I don't think the ACME RFC is sufficient to standardize it for general use.
[16:40:34] <Tirumaleswar Reddy.K_web_180> https://datatracker.ietf.org/doc/html/rfc8738
[16:40:40] <Watson Ladd_web_381> can that go through DCV?
[16:40:55] <Watson Ladd_web_381> there are CA/B issues here
[16:41:07] <Martin Thomson_web_855> Isn't DNS special enough that giving these servers their own IP is justified?
[16:42:18] James Gould_web_562 leaves the room
[16:42:58] Chi-Jiun Su_web_981 leaves the room
[16:43:02] Chi-Jiun Su_web_777 joins the room
[16:43:06] <Martin Thomson_web_855> I know that we could end up with a different IP, but this is likely to be the same IP in a great many cases.
[16:43:24] <Erik Kline_web_455> (lots of echo from Dan, I think)
[16:44:29] Nicklas Pousette_web_694 leaves the room
[16:44:30] <Martin Thomson_web_855> The draft seemed like it was good, except for the references to the other unadopted draft.
[16:44:33] Nicklas Pousette_web_909 joins the room
[16:44:36] <Erik Nygren_web_301> rfc8738 is talking about how IPs go through DCV, so is showing a way to represent the IP being validated in the SNI.  (So SNI could be in the ip6?.arpa format while the SAN is the IPv[46] address)
[16:44:53] <Mohamed Boucadair_web_530> @Martin: Do you mean the ref to the deploy I-D?
[16:45:02] Ulrich Wisser_web_790 leaves the room
[16:45:06] Ulrich Wisser_web_466 joins the room
[16:45:10] <Martin Thomson_web_855> Mohamed: yes, I don't think we need that.
[16:45:39] <Mohamed Boucadair_web_530> That's informative as the initial content of the deployment I-D was part of the DNR.
[16:45:50] Ulrich Wisser_web_466 leaves the room
[16:46:21] <Mohamed Boucadair_web_530> We can remove it if this is what the WG want but our initial intent was to have a reference for the forwarder case
[16:46:45] Erik Nordmark_web_203 leaves the room
[16:47:51] Burt Kaliski_web_862 joins the room
[16:47:55] Guillermo Cicileo_web_318 joins the room
[16:48:28] <Paul Wouters_web_637> wouldnt this be Experimental, not Informational ?
[16:48:50] <Éric Vyncke_web_242> It itches when "private IP address" is used as it has little meaning in the IPv6 world...
[16:48:53] <Martin Thomson_web_855> it's informational: it's saying "you might like to consider this policy, which has these consequences"
[16:49:01] Petr Špaček_web_479 leaves the room
[16:49:04] <Martin Thomson_web_855> informational seems fine
[16:49:05] Petr Špaček_web_898 joins the room
[16:49:16] <Martin Thomson_web_855> and there are LOTS of people in this state
[16:50:02] Erik Nordmark_web_542 joins the room
[16:51:40] <Chris Box_web_645> Note the top bullet is talking about malware filtering on the legacy forwarder (not malware filtering that is upstream).
[16:52:01] <Martin Thomson_web_855> the intermediary might just tweak the TTL right down if it is doing time of day stuff, but Neil's point is right on
[16:52:21] Ulrich Wisser_web_255 joins the room
[16:54:00] Alissa Cooper_web_947 joins the room
[16:54:18] Jason Weil_web_635 leaves the room
[16:54:22] Jason Weil_web_773 joins the room
[16:56:48] Ulrich Wisser_web_255 leaves the room
[16:57:07] <Erik Nygren_web_301> +1 to Éric on "private IP address" being very IPv4-centric, even if it is probably the vast-majority use-case for local forwarding recursives in small networks.
[16:57:44] Sanjay Mishra_web_250 leaves the room
[16:58:02] <Martin Thomson_web_855> recall: a legacy forwarder is indistinguishable from an on-path attacker
[16:58:28] <Chris Box_web_645> Is Ben's audio breaking up for everyone? Typically associated with lower bitrate video.
[16:58:36] <Martin Thomson_web_855> I'm getting some breaking up
[16:58:53] Shumon Huque_web_251 leaves the room
[16:58:56] <Eric Orth_web_881> Little bit of breakup for me, but generally still understandable.
[16:58:56] <Neil Cook_web_345> yes breaking up for me
[16:59:05] <Peter van Dijk_web_403> yes, Ben has been breaking up all session for me, but mostly able to follow
[16:59:29] Peter Lowe_web_308 leaves the room
[16:59:36] <Andrew Campling_web_162> If I recall, isn't dealing with forwarders and private IP addresses fundamental to addressing the 85% not covered by DDR?
[16:59:39] <Chris Seal_web_601> Haven't noticed Ben breaking up
[16:59:43] Ted Hardie_web_944 leaves the room
[17:00:32] <Neil Cook_web_345> Indeed without this, DDR is only addressing a small portion of internet subscribers today
[17:00:35] <Andrew Campling_web_162> (Ben's dropping out occasionally for me too, doesn't seem to have a great amount of bandwidth on his connection vs others)
[17:01:49] <Vittorio Bertola_web_185> I think this mechanism would anyway sunset naturally as CPEs have a replacement lifecycle. It's just too long to wait for before upgrading all these home users to encrypted DNS.
[17:01:54] <Watson Ladd_web_381> yay harm reduction model
[17:02:15] Guillermo Cicileo_web_318 leaves the room
[17:02:40] Gustavo Lozano_web_493 leaves the room
[17:02:44] Gustavo Lozano_web_928 joins the room
[17:03:10] Daniel Migault_web_136 joins the room
[17:03:57] <Barbara Stark_web_716> I'm unconvinced it would make it through WGLC because I've not seen enough discussion of it to lead me to believe it has sufficient interest from potential implementers.
[17:04:08] <Chris Box_web_645> Thanks Ray
[17:04:12] Ulrich Wisser_web_511 joins the room
[17:04:26] <Martin Thomson_web_855> Barbara: thanks, that's good information
[17:04:44] <Chris Seal_web_601> @Ray, which rfc was it that you were refered to please
[17:04:52] Vasilis_web_157 leaves the room
[17:04:55] <Barbara Stark_web_716> I'd love to be proven wrong.
[17:04:56] <Jason Weil_web_773> Interestingly enough, even on new routers including some of our own, the IPv4 DNS address is private, whereas the IPv6 DNS address is public meaning the IPv6 IP DNS server would get upgraded to an encrypted server whereas the IPv4 address would not. This probable needs some analysis to look for edge cases.
[17:05:40] <Chris Box_web_645> https://datatracker.ietf.org/doc/html/rfc5625
[17:05:45] Gustavo Lozano_web_928 leaves the room
[17:05:49] Gustavo Lozano_web_683 joins the room
[17:05:50] <Éric Vyncke_web_242> @Jason to be expected indeed... the reliance of private address seems dangerous to me
[17:05:54] Ulrich Wisser_web_511 leaves the room
[17:06:12] <Chris Seal_web_601> Thanks Chris
[17:06:14] <Mohamed Boucadair_web_530> @Ray: I guess your comment is more related to the add-deployment I-D than the DNR I-D.
[17:06:22] <Barbara Stark_web_716> @Jason: I'm not following? If your router's public IPv6 is taken from a delegated prefix, then it won't get upgraded because it's not possible for that to be in the certificate.
[17:06:44] Geoff Huston_web_608 joins the room
[17:06:48] <Watson Ladd_web_381> was this one that needs an adoption call?
[17:07:15] Erik Kline_web_455 leaves the room
[17:07:19] Erik Kline_web_625 joins the room
[17:08:00] <Benjamin Schwartz_web_653> @Watson which draft?
[17:08:02] <Ray Bellis_web_735> @Mohamed it's definitely pertinent to DNR, since you can't put those options into your DHCP leases if you didn't learn them from the upstream yet.
[17:08:25] <Ray Bellis_web_735> (unless they're statically configured by the CPE admin)
[17:08:42] <Watson Ladd_web_381> draft-schwartz-add-ddr-forwarders i guess it was adopted, not sure if any actions were agreed I should write down
[17:09:21] <Benjamin Schwartz_web_653> @Watson: I don't think there has been a call for adopt for it yet.  I would like to have a call for adoption soon.
[17:09:22] <Mohamed Boucadair_web_530> @Ray, that depends on the actual deployment. I guess you have home networks in mind
[17:10:08] Martin Wu_web_339 leaves the room
[17:10:26] <Eric Orth_web_881> @Ben: Any reason we didn't have a call for adoption today on it and have it in the "adoption consideration" part of this session?
[17:10:36] Erik Nordmark_web_542 leaves the room
[17:10:40] Erik Nordmark_web_309 joins the room
[17:10:41] Dan Wing_web_563 leaves the room
[17:10:45] Dan Wing_web_429 joins the room
[17:10:59] <Benjamin Schwartz_web_653> @Eric As a 00, it seemed like we should get more input from the WG before the call for adoption.  Based on the discussion, I think we're now ready.
[17:11:01] <Tommy Jensen_web_205> Taking this lull to say congrats to Ben and others on getting the last draft to its current state. It has come a long way through some pretty harsh feedback, some of the harshest being my own.
[17:11:06] <Jason Weil_web_773> @barbara we should chat offline on this one.
[17:11:10] <Benjamin Schwartz_web_653> (Oops, not a 00, but a new draft.)
[17:11:15] <Vinny_web_156> I am unsure how the Forwarder solution could ever be done securely.  Is the whole reliance of scope purely on same-subnet forwarding?
[17:11:20] <Tommy Jensen_web_205> @ben it's new, but not really.
[17:12:06] Peter Feil_web_452 leaves the room
[17:12:27] <Martin Thomson_web_855> the ascii art is too wide though
[17:12:29] Matthew Gillmore_web_921 joins the room
[17:12:37] <Eric Orth_web_881> So we think we now have consensus to ask for consensus to adopt, but we didn't have that consensus before today, so we aren't yet ready to ask for that consensus now that we have consensus.  IETF is fun.
[17:13:33] David Guzman_web_411 joins the room
[17:16:03] Gustavo Lozano_web_683 leaves the room
[17:16:06] Gustavo Lozano_web_182 joins the room
[17:16:42] Matthew Gillmore_web_921 leaves the room
[17:17:19] Chi-Jiun Su_web_777 leaves the room
[17:17:23] Chi-Jiun Su_web_308 joins the room
[17:20:28] <Ray Bellis_web_735> I've heard colleagues express regret over adding support for DNS views for split DNS in BIND way back when...
[17:21:03] Patrick Tarpey_web_549 leaves the room
[17:21:07] Patrick Tarpey_web_390 joins the room
[17:22:04] <Watson Ladd_web_381> I feel like the answer is "don't do that"
[17:22:53] <Daniel Migault_web_136> In which place the work should be done if not ADD ?
[17:23:03] <Paul Wouters_web_637> authorizing split dns view seems DNSOP
[17:23:40] Peter Lowe_web_797 joins the room
[17:23:55] <Daniel Migault_web_136> @Paul I am fine with that too.
[17:24:02] <Ray Bellis_web_735> I don't know any DNS person who thinks split DNS was / is a good idea at the protocol level.
[17:24:03] <Martin Thomson_web_855> Why does this need a discovery mechanism as opposed to a configuration one?
[17:24:09] <Tommy Pauly_web_142> Yeah DNSOP makes sense
[17:24:15] <Tommy Pauly_web_142> I think it's more configuration than discovery
[17:24:16] <Watson Ladd_web_381> if it
[17:24:19] <Tommy Jensen_web_205> +1 to DNSOP. It's not that the draft doesn't address a real problem (it does), but we don't have the full breadth as Tommy said.
[17:24:26] <Peter van Dijk_web_403> dnsop is full, please hold :)
[17:24:29] <Jonathan Reed_web_281> dnsop feels like it's just going to be a dumping ground for the things that add and dprive declare out of scope.
[17:24:31] <Paul Wouters_web_637> @martin: there is no trust relationship for configuration/provisioning
[17:24:32] <Watson Ladd_web_381> sorry, hit enter too soon. if it's a bad idea why do people do it
[17:24:41] <Tommy Jensen_web_205> @martin I assume because the client and local network have no pre-existing relationship for there to be configuration.
[17:25:02] <Tommy Jensen_web_205> Or are you talking per-name config, rather than per-network?
[17:25:02] <Martin Thomson_web_855> Paul/Tommy: that says "it's an attack" doesn't it?
[17:25:17] Peter Lowe_web_797 leaves the room
[17:25:22] <Erik Kline_web_625> PVDs already generally require keeping DNS lookups per-PVD (separate cache state, separate source address and routes possibly)
[17:25:34] <Martin Thomson_web_855> Tommy: we have no-proxy lists in browsers, which aren't that long.
[17:25:38] <Martin Thomson_web_855> Same might work here.
[17:26:00] <Martin Thomson_web_855> *.example.com is split and served from dns.example.com is a short bit of config.
[17:26:02] Gustavo Lozano_web_182 leaves the room
[17:26:06] Gustavo Lozano_web_822 joins the room
[17:26:54] <Tommy Jensen_web_205> Windows has a similar concept, so long as the names are known in advance. IIUC, this is about the network dynamically informing clients that a given name is split for this network which would make prior configuration impossible. Perhaps I'm missing something.
[17:26:57] <Vinny_web_156> NXDomain approach is undesireable for a number of reasons.  
1) Leaking enterprise private names to public DNS servers.  
2) Latency of NXDomain responses impact the resolutions.
[17:27:21] Francois Ortolan_web_144 leaves the room
[17:27:25] Francois Ortolan_web_245 joins the room
[17:27:26] <Watson Ladd_web_381> if you don't want to leak the names, don't use a public resolver. and then the entire problem goes away
[17:27:27] <Martin Thomson_web_855> Vinny: yes, the fallback is pretty gross.  we have this with our DoH setup
[17:28:50] <Benjamin Schwartz_web_653> @Vinny: Any solution that covers the "hard case" is also sufficient to skip the NXDOMAIN fallback.
[17:28:59] <Martin Thomson_web_855> "we need something, this is something, therefore we need this" is a logical fallacy
[17:29:21] <Paul Wouters_web_637> i am far more concerned leaking DNS to random local network I joined, than my trusted public dns resource I already trust
[17:29:28] <Watson Ladd_web_381> Encryption has nothing to do with choice of resolvers.
[17:29:31] Subir Das_web_398 joins the room
[17:29:32] <Tommy Pauly_web_142> +1 Paul
[17:29:45] <Tommy Pauly_web_142> VPNs can have authority to own the name
[17:29:48] <Daniel Migault_web_136> even if we come with a clear statement  do not do that. This is still a solution to me.
[17:29:56] <Tommy Pauly_web_142> A network needs to have a lot of authority in order to get priority here
[17:30:03] <Tommy Pauly_web_142> Fine to do, but it's a high bar to reach
[17:30:10] <Andrew Campling_web_162> @MT Fair, but so is "this is messy so do nothing", even thought it's in common use
[17:30:31] <Martin Thomson_web_855> I think that we need something, but I'm not seeing enough here that is concrete enough to act on
[17:30:38] <Eric Rescorla_web_711> As Paul Wouters says. Moreover, I'm just not too bothered if split horizon has increased latency
[17:30:39] <Watson Ladd_web_381> Isn't the way it works now using a resolver on the network? i'm not sure why this breaks from DoH
[17:30:49] <Martin Thomson_web_855> I'd like to see some exploration of different options.
[17:31:02] Erik Nordmark_web_309 leaves the room
[17:31:06] Erik Nordmark_web_294 joins the room
[17:31:15] <Eric Rescorla_web_711> @Watson: yes, the way it works is you first do DoH and then fallback to regular configured Do53 on NXDOMAIN
[17:31:25] Francisco Arias_web_534 leaves the room
[17:31:34] <Benjamin Schwartz_web_653> I think the closest connection is actually to DPRIVE
[17:31:37] Monika Ermert_web_873 leaves the room
[17:31:41] Monika Ermert_web_589 joins the room
[17:31:42] <Tommy Pauly_web_142> It's a problem that's good to work on, but this isn't the right solution space yet.
[17:31:48] <Tommy Pauly_web_142> Yeah, DPRIVE would make sense
[17:31:49] <Andrew Campling_web_162> Good point on it fitting the ADD charter and also on talking to the other chairs
[17:31:52] <Benjamin Schwartz_web_653> This is essentially a variation on the ADoT mechanism.
[17:32:15] <Watson Ladd_web_381> @EKR: I'm saying configure the client to connect to the in horizon resoolver
[17:32:25] <Eric Rescorla_web_711> @Watson: right.
[17:32:36] Jason Weil_web_773 leaves the room
[17:32:57] <Watson Ladd_web_381> Wes: hydras no?
[17:33:02] <Paul Wouters_web_637> He who controls the DNS, conrols the Universe  -- Fremen saying
[17:33:03] <Andrew Campling_web_162> Let's not forget Ekr's conversion to DNSSEC :-)
[17:33:04] <Watson Ladd_web_381> we're chopping off one head
[17:33:18] Ted Hardie_web_340 joins the room
[17:33:37] <Eric Rescorla_web_711> @Wouters: the RRSIGs MUST flow
[17:35:16] Yoshiro Yoneya_web_229 leaves the room
[17:35:20] Yoshiro Yoneya_web_767 joins the room
[17:35:41] <Vinny_web_156> @Paul & @Tommy - Enterprises care about the opposite.  They are worried about their private DNS leaking publicly not that your 'privacy' is preserved on their networks.
[17:35:45] Gustavo Lozano_web_822 leaves the room
[17:35:49] Gustavo Lozano_web_126 joins the room
[17:36:27] <Paul Wouters_web_637> good point.
[17:37:05] <Paul Wouters_web_637> but if they care that much, they should provision their clients
[17:37:10] <Eric Rescorla_web_711> Right.
[17:37:14] <Tommy Jensen_web_205> In the enterprise case, it seems like if there are known networks where secret names are used, endpoint configuration of per-namespace behavior is the correct answer. In the non-enterprise use case... I want to learn more (as this doc obviously started from an enterprise POV).
[17:37:16] <Eric Orth_web_881> But the clients/devices that control where they send DoH generally have the goal of preserving the privacy of the user/admin that controls that device.
[17:38:17] Kris Shrishak_web_187 leaves the room
[17:38:22] <Paul Wouters_web_637> phones are getting some pretty decent containerized app security on them. like partially managed by enterprise features.
[17:38:51] <Paul Wouters_web_637> Just convince @tommy to have to some per-app support doe DoH overrides? :)
[17:38:59] Mark McFadden_web_331 leaves the room
[17:39:24] Markus de Brün_web_695 leaves the room
[17:39:44] Ching-Heng Ku_web_340 leaves the room
[17:40:33] <Brett Carr_web_351> It feels like this would be useful to adopt, something to look back at in the future so we document some of the reasons we did things :)
[17:41:16] <Éric Vyncke_web_242> @Brett: the issue is that this I-D does not fit the ADD charter :-(
[17:42:05] Korry Luke_web_675 leaves the room
[17:42:13] <Erik Nygren_web_301> The case Barbara mentions earlier (local but public IPv6 address of a forwarder in a home network) seems like a good one for exploring authentication in the DDR space, as supporting it may encourage us to look at some other approaches.  Putting that home network public IPv6 address onto the cert for the ISP isn't going to fly (especially not with it in SNI) since that is now potentially millions of IPs.  But it would be nice if there was a way to use DDR there --- although maybe that's where DNR should get used instead?  But if there's a reasonable way to do DDR that way perhaps it could cover the private IPv4 case as well (and perhaps some other cases.)
[17:42:32] <Martin Thomson_web_855> Useful input.  Time to put it to bed.
[17:43:47] <Tommy Jensen_web_205> @erik I do think DNR is the eventual story for local routers (why do any RTTs when you're already getting DHCP/RA anyway?) even though that will take awhile.
[17:44:16] <Watson Ladd_web_381> @Erik: why not 1 cert per IP? although that could go quite badly with CT
[17:44:27] Subir Das_web_398 leaves the room
[17:45:19] <Martin Thomson_web_855> Example of something that might be bad: the ACME section.
[17:45:57] Gustavo Lozano_web_126 leaves the room
[17:46:01] Gustavo Lozano_web_556 joins the room
[17:46:09] Jiankang Yao_web_639 leaves the room
[17:46:20] <Mohamed Boucadair_web_530> @Martin: that's an example. the text says "can be used" not recommends
[17:47:13] <Benjamin Schwartz_web_653> (I think mobile devices connected directly to the cell network are the most common way people connect to the internet.)
[17:47:31] <Erik Nygren_web_301> Having a carrier get certs for IPs on behalf of your subscribers and then maybe sharing them with a third party that operates an encrypted DNS service for the carrier seems like asking for trouble...    But generally, we desperately need a better trust model for TLS for local home networks that doesn't rely on PKIX and the global CAs (outside the scope of this WG), as people hack horrible things into it.
[17:47:40] Immaculate Nabwire_web_813 leaves the room
[17:48:53] Geoff Huston_web_608 leaves the room
[17:48:54] <Vittorio Bertola_web_185> DNSOP already asked multiple times to stop pushing new content to it due to the backlog. Let's not pretend that anything dumped onto DNSOP will go anywhere...
[17:48:56] <Watson Ladd_web_381> maybe the router should just advertise the upstream dns in dhcp directly
[17:48:57] <Bob Hinden_web_980> Bye
[17:49:00] Tim Wicinski_web_856 leaves the room
[17:49:00] Dan McArdle_web_489 leaves the room
[17:49:01] <Chris Lemmons_web_369> Thanks!
[17:49:02] abdullahalshoaili_web_793 leaves the room
[17:49:02] Michael Hollyman_web_509 leaves the room
[17:49:02] Avri Doria_web_346 leaves the room
[17:49:03] Andrew S_web_333 leaves the room
[17:49:03] Chi-Jiun Su_web_308 leaves the room
[17:49:03] Mark Andrews_web_471 leaves the room
[17:49:03] Erik Kline_web_625 leaves the room
[17:49:04] <Daniel Migault_web_136> bye!
[17:49:04] David Blacka_web_287 leaves the room
[17:49:04] <Andrew Campling_web_162> Thnks Glenn
[17:49:05] Robert Story_web_539 leaves the room
[17:49:06] Chris Lemmons_web_369 leaves the room
[17:49:06] <Éric Vyncke_web_242> Thank you all
[17:49:06] Gustavo Lozano_web_556 leaves the room
[17:49:07] Steve Olshansky_web_209 leaves the room
[17:49:08] Tommy Pauly_web_142 leaves the room
[17:49:08] sftcd leaves the room
[17:49:08] Harald Alvestrand_web_617 leaves the room
[17:49:08] Ralf Weber_web_480 leaves the room
[17:49:09] Christopher Wood_web_823 leaves the room
[17:49:09] Benjamin Schwartz_web_653 leaves the room
[17:49:10] Richard Wilhelm_web_815 leaves the room
[17:49:11] Barbara Stark_web_716 leaves the room
[17:49:12] Bob Hinden_web_980 leaves the room
[17:49:13] Éric Vyncke_web_242 leaves the room
[17:49:14] <Chris Box_web_645> Bye everyone
[17:49:15] Tommy Jensen_web_205 leaves the room
[17:49:19] Chris Box_web_645 leaves the room
[17:49:20] Andrew Campling_web_162 leaves the room
[17:49:23] Doug Montgomery_web_930 leaves the room
[17:49:24] Vittorio Bertola_web_185 leaves the room
[17:49:27] Eric Rescorla_web_711 leaves the room
[17:49:28] Brett Carr_web_351 leaves the room
[17:49:31] Xavier de Foy_web_809 leaves the room
[17:49:31] Chen Li_web_424 leaves the room
[17:49:32] Peter Koch_web_453 leaves the room
[17:49:33] Wes Hardaker_web_380 leaves the room
[17:49:33] Mike Bishop_web_916 leaves the room
[17:49:35] mackermann@bcbsm.com_web_909 leaves the room
[17:49:38] Patrick Tarpey_web_390 leaves the room
[17:49:39] Nicklas Pousette_web_909 leaves the room
[17:49:40] Nalini Elkins_web_268 leaves the room
[17:49:41] Jonathan Reed_web_281 leaves the room
[17:49:41] Francois Ortolan_web_245 leaves the room
[17:49:43] Nicklas Pousette_web_511 joins the room
[17:49:43] John Todd_web_507 leaves the room
[17:49:43] Vinny_web_156 leaves the room
[17:49:44] Linda Dunbar_web_541 leaves the room
[17:49:44] Puneet Sood_web_595 leaves the room
[17:49:45] Eric Orth_web_881 leaves the room
[17:49:45] Mohamed Boucadair_web_530 leaves the room
[17:49:46] Stephen Farrell_web_649 leaves the room
[17:49:46] Peter van Dijk_web_403 leaves the room
[17:49:47] Ray Bellis_web_735 leaves the room
[17:49:47] Watson Ladd_web_381 leaves the room
[17:49:47] Scott Hollenbeck_web_561 leaves the room
[17:49:48] Tim April_web_807 leaves the room
[17:49:48] Jim Reid_web_210 leaves the room
[17:49:48] Ted Hardie_web_340 leaves the room
[17:49:49] Kazunori Fujiwara_web_454 leaves the room
[17:49:50] Erik Nordmark_web_294 leaves the room
[17:49:50] Jiri Novotny_web_316 leaves the room
[17:49:50] Craig Pearce_web_332 leaves the room
[17:49:52] Paul Wouters_web_637 leaves the room
[17:49:53] Duane Wessels_web_281 leaves the room
[17:49:56] Bill Fenner_web_834 leaves the room
[17:49:57] David Guzman_web_411 leaves the room
[17:50:01] James Galvin_web_417 leaves the room
[17:50:01] Simon Hicks_web_684 leaves the room
[17:50:10] Joey Salazar_web_382 leaves the room
[17:50:12] Neil Cook_web_345 leaves the room
[17:50:14] Erik Nygren_web_301 leaves the room
[17:50:31] Nicklas Pousette_web_511 leaves the room
[17:50:35] Zaid AlBanna_web_795 leaves the room
[17:50:38] David Goldstein_web_410 leaves the room
[17:50:52] Martin Thomson_web_855 leaves the room
[17:50:53] Immaculate Nabwire_web_653 joins the room
[17:50:58] Dan Wing_web_429 leaves the room
[17:51:13] Tirumaleswar Reddy.K_web_180 leaves the room
[17:51:36] Vinny_web_872 joins the room
[17:51:49] Immaculate Nabwire_web_653 leaves the room
[17:51:53] Immaculate Nabwire_web_443 joins the room
[17:52:24] Vinny_web_872 leaves the room
[17:52:40] Immaculate Nabwire_web_443 leaves the room
[17:52:54] Glenn Deen_web_160 leaves the room
[17:53:08] Immaculate Nabwire_web_130 joins the room
[17:53:50] Chris Seal_web_601 leaves the room
[17:53:59] Immaculate Nabwire_web_130 leaves the room
[17:54:05] Yoshiro Yoneya_web_767 leaves the room
[17:54:07] Haywood Gelman_web_987 leaves the room
[17:55:01] Emiliano Spinella_web_508 leaves the room
[17:55:38] Petr Špaček_web_898 leaves the room
[17:56:10] Daniel Migault_web_136 leaves the room
[17:56:14] Daniel Migault_web_384 joins the room
[17:56:19] Taiji Kimura_web_264 leaves the room
[17:56:58] Spencer Dawkins_web_807 leaves the room
[17:57:01] Daniel Migault_web_384 leaves the room
[17:57:31] Michael Breuer_web_882 leaves the room
[17:57:37] Tianji Jiang_web_513 leaves the room
[17:57:45] Yoshiro Yoneya leaves the room
[17:57:48] Shinta Sato_web_615 leaves the room
[17:58:51] Markus de Brün_web_311 joins the room
[17:59:08] Suzanne Woolf_web_645 joins the room
[17:59:19] Burt Kaliski_web_862 leaves the room
[17:59:33] Benno Overeinder_web_366 leaves the room
[17:59:41] Meetecho leaves the room
[18:00:19] Tirumaleswar Reddy.K_web_285 joins the room
[18:01:34] Robin Wilton_web_916 leaves the room
[18:01:38] Robin Wilton_web_288 joins the room
[18:01:50] Monika Ermert_web_589 leaves the room
[18:02:02] Monika Ermert_web_252 joins the room
[18:02:40] Markus de Brün_web_311 leaves the room
[18:02:42] Monika Ermert_web_252 leaves the room
[18:02:57] Suzanne Woolf_web_645 leaves the room
[18:03:54] Antoin Verschuren_web_721 leaves the room
[18:04:44] Alissa Cooper_web_947 leaves the room
[18:04:46] Eric Kinnear_web_910 leaves the room
[18:04:46] Kris Shrishak_web_747 joins the room
[18:05:24] Kris Shrishak_web_747 leaves the room
[18:06:38] Robin Wilton_web_288 leaves the room
[18:06:42] Robin Wilton_web_868 joins the room
[18:07:59] Paolo Saviano_web_768 leaves the room
[18:08:00] Jurgen Sonnenmoser_web_441 leaves the room
[18:08:00] David Smith_web_108 leaves the room
[18:08:00] Jonathan Hoyland_web_507 leaves the room
[18:08:00] Tirumaleswar Reddy.K_web_285 leaves the room
[18:08:00] David Schinazi_web_208 leaves the room
[18:08:00] Robin Wilton_web_868 leaves the room
[18:08:00] Stuart Card_web_230 leaves the room