- Wednesday, November 12, 2014

dprive@jabber.ietf.org

Wednesday, November 12, 2014< ^ >

Dan York has set the subject to: DPRIVE at IETF91

Room Configuration

Room Occupants

GMT+0
[00:00:09] Michael Kaczmarek leaves the room
[00:01:18] <bortzmeyer> DTLS is implemented in free library OpenSSL, no?
[00:01:18] Michael Kaczmarek joins the room
[00:02:08] <EKR> DTLS is in both OpenSSL and NSS
[00:02:11] <EKR> And GnuTLS, I believe
[00:02:18] <Andrew Sullivan> He _did_ say documented.
[00:02:19] <Melinda Shore> His argument is that since he feels it's insufficiently well documented it's not really a free, public implementation
[00:02:31] <EKR> I'm not planning to engage with that
[00:02:35] <Andrew Sullivan> OpenSSL's documentation is not exactly a model of clarity
[00:02:36] <bortzmeyer> Encrypt-then-Mac no longer a draft: http://www.rfc-editor.org/rfc/rfc7366.txt
[00:02:53] <EKR> bortzmeyer: also you could use AEAD (GCM)
[00:03:11] <EKR> which already works in 1.2
[00:04:16] Kathleen Moriarty joins the room
[00:04:36] Catherine Dibble joins the room
[00:04:57] EKR leaves the room
[00:05:29] <Dan York> EKR at mic
[00:06:08] Peter Koch joins the room
[00:06:26] <Hosnieh R.> he talks so fast... :-)
[00:06:57] <Andrew Sullivan> he's famous for it
[00:07:08] <Andrew Sullivan> This isn't even especially fast for him
[00:07:28] <Hosnieh R.> :O
[00:07:28] ebersman joins the room
[00:07:41] <Dan York> Wes Hardaker at mic
[00:07:44] EKR joins the room
[00:07:51] <Hosnieh R.> I have a hard time to follow him ...
[00:07:58] <Andrew Sullivan> (That's not to say it's ok for remote participants.  I too have struggled with it.  But I think he knows, and can't go slower.)
[00:09:01] <sftcd x> ekr's a bit easier remote actually:-)
[00:09:17] <Andrew Sullivan> dear me!
[00:09:19] <Dan York> :-)
[00:09:22] <Andrew Sullivan> I should stop coming to meetings
[00:09:49] <Hosnieh R.> :) well. remote experience is not so good
[00:09:59] <Dan York> Ted Hardie at mic
[00:10:18] <sftcd x> better than I'd expected actually, but then I do have a nice bottle of wine
[00:10:35] Dave Crocker leaves the room
[00:10:44] Suzanne joins the room
[00:10:44] Suzanne leaves the room
[00:10:49] <Dan York> Hosnieh R.: No, it's not as great... we keep trying on making it better.  Getting Meetecho across all sessions was one of those steps.
[00:11:09] <Dan York> sftcd x: Ha!  Bottles of wine would be nice...
[00:11:15] <EKR> That was slower
[00:11:26] <Hosnieh R.> Dan: Thanks.
[00:11:51] <Meetecho> Hosnieh R.: did you have issues with Meetecho?
[00:11:54] <Hosnieh R.> sftcd: well.. I don't think i feel like eating anything at 2 AM...
[00:12:26] <Hosnieh R.> Yes, the audio is not loud and I have a difficulty to hear it
[00:12:42] <Dan York> John Heidemann speaking
[00:12:43] zwicky leaves the room
[00:12:43] <Hosnieh R.> my computer speaker level is already to maximum
[00:12:44] <Dan York> Slides: http://www.ietf.org/proceedings/91/slides/slides-91-dprive-5.pdf
[00:13:12] Mankin, Allison leaves the room
[00:13:21] <Hosnieh R.> There is also problem with slide that sometimes it blur the end of slides (blinking slide)
[00:13:24] <Meetecho> ok working on that
[00:13:34] <Hosnieh R.> I can send you screen shot if it helps
[00:13:35] <Meetecho> please notify us next time there are issues with audio
[00:14:05] <Hosnieh R.> ok
[00:14:07] tjw.ietf leaves the room
[00:14:26] EKR leaves the room
[00:14:39] <sftcd x> @meetecho: do you have a different ticket system/email?
[00:15:41] <Meetecho> you can notify us through the regular NOC ticketing system
[00:15:49] <Meetecho> otherwise a mail to ietf-team@meetecho.com works
[00:15:56] <sftcd x> ta
[00:16:01] <Meetecho> we also try to be in all jabber rooms so mentioning us will get our attention
[00:16:03] <sftcd x> and btw, I think its working v. well
[00:16:24] <Meetecho> tnx :)
[00:17:07] <safa almalki> btw,.. the SFC meetecho session earlier this morning  was not working.
[00:17:41] <Meetecho> I'm not aware of any issues there, we'll check the recordings
[00:17:42] <safa almalki> only audio worked.. no slides.
[00:18:01] <Meetecho> ok let us know in case you get issues in future sessions
[00:18:08] <safa almalki> for sure.
[00:18:10] <safa almalki> thanks.
[00:18:34] <Hosnieh R.> @meetecho: I have problem with slides. it is disappear and appears again
[00:19:10] <Hosnieh R.> really hurt eyes.. make my eyes tired... I guess if I continue looking at monitor... I will fall asleep..
[00:19:20] Lorenzo Miniero joins the room
[00:20:09] <Meetecho> this may be a bandwidth issue: if it keeps on not working as expected, please also try the Webinar mode, which just shows slides and an audio feed and so is lighter: http://conf.meetecho.com/video?s=coral-5&r=dprive&c=8891063
[00:20:40] Mankin, Allison joins the room
[00:20:48] <Meetecho> we're monitoring all the feeds and they look fine on our side
[00:20:50] <Hosnieh R.> You mean internet issue with IETF? because my bandwidth is 50 MB
[00:21:00] Lorenzo Miniero leaves the room
[00:21:21] <Meetecho> bw or packet loss: flickery video may indicate a lot of retransmissions
[00:22:21] Mankin, Allison leaves the room: Replaced by new connection
[00:22:22] Mankin, Allison joins the room
[00:22:31] <Dan York> PHB at mic
[00:22:42] <Hosnieh R.> who is PHB?
[00:22:50] Hugo Kobayashi leaves the room
[00:22:54] <dblacka> Phillip Hallam-Baker
[00:23:03] <Hosnieh R.> thx
[00:23:06] <Dan York> Phill    Hallam-Baker
[00:23:41] Michael Kaczmarek leaves the room
[00:23:52] hta joins the room
[00:23:53] Frederico A C Neves joins the room
[00:24:10] <Dan York> Hosnieh R.: Thanks for asking.  Phillip is at the mic a lot and so I do find myself abbreviating his name.
[00:24:38] Frederico A C Neves leaves the room: Replaced by new connection
[00:24:48] <Hosnieh R.> :-) thx. I also should learn the abreviations :-)
[00:24:53] Frederico A C Neves joins the room
[00:25:06] Hugo Kobayashi joins the room
[00:25:16] <Hosnieh R.> I also wanted to ask about EKR
[00:25:29] <Dan York> Sara Dickinson is speaking
[00:25:40] <Dan York> Same slides - http://www.ietf.org/proceedings/91/slides/slides-91-dprive-5.pdf - but now at slide 22
[00:25:43] <Andrew Sullivan> ekr is Eric Rescorla
[00:25:44] Michael Kaczmarek joins the room
[00:25:58] <Hosnieh R.> thx
[00:26:21] <Dan York> Hosnieh R.: Ha! I was just about to mention EKR.  Yes, as Andrew mentioned, he is Eric Rescorla ... very active in security-related sessions... and common at the mic.
[00:26:32] <Wes H> and PHB and EKR are the two most common initials you'll see around here, in fact.  So now you have 90% knowledge!
[00:26:51] <Dan York> Slide 23
[00:26:58] <Hosnieh R.> (Y)
[00:27:00] <Dan York> 24
[00:27:06] Michael Kaczmarek leaves the room
[00:27:21] Michael Kaczmarek joins the room
[00:27:43] Phill joins the room
[00:28:10] <Dan York> Wes H: 'Tis true... we don't have as many initials as we used to.  I still use MCR for Michael Richardson from time to time
[00:28:30] <Phill > So they are using stock TLS but to solve the resulting performance issues they are relying on an untried, untested, researchy  version of TCP
[00:28:49] <Dan York> ... we don't have any MANY PEOPLE using initials as we used to...   (presumably the number of initials are still the same)
[00:28:55] <sftcd x> anyone know why unbound had TLS for 2 years?
[00:29:01] <sftcd x> I didn't know
[00:29:16] <Olafur> Dnssec-trigger
[00:29:30] <sftcd x> ok, more words are needed :-)
[00:29:38] <sftcd x> or I can go search I guess:-)
[00:29:43] <Dan York> live demo time!
[00:29:53] <sftcd x> a demo at 1st wg meeting? cool/bravo
[00:29:57] <Dan York> running code... in the room.
[00:30:08] <bortzmeyer> Phill : you're talking about Fast Open ? It is old and widely deployed
[00:30:13] <Olafur> Dnssec-trigger tries to connect to good dns resovler over any protocol and port that might get around bad network firewall/proxie
[00:30:24] <Phill > Is it in Windows and OSX?
[00:30:25] James Gould leaves the room
[00:30:33] <sftcd x> @olafur: ta
[00:30:44] <Dan York> Phill : the demo?
[00:30:49] Mankin, Allison leaves the room
[00:30:52] <Phill > How far back do I have to go with Windows to get support?
[00:31:29] <bortzmeyer> Phill : how long did it take before IPv4 and TCP were on Windows and MacOS ? :-)
[00:32:04] <Phill > It was 1995, before Linux was viable for mere mortals
[00:32:58] EKR joins the room
[00:33:19] tjw.ietf joins the room
[00:33:38] Josh Kuo (DeepDive) joins the room
[00:33:38] <Phill > Google refuses to check OCSP status because they are worried about latency. So why would they consider using TCP for DNS?
[00:34:05] secret joins the room
[00:34:56] <bortzmeyer> Phill : Google Public DNS resolver send DNS requests with TCP (for instance when you reply with SLIP packets) and handle it well
[00:35:27] ebersman leaves the room
[00:35:35] <Dan York> Ralf Weber at mic
[00:36:43] zwicky joins the room
[00:37:06] <Phill > Anyone think I need to justify my performance issues?
[00:37:14] <Dan York> Wes Hardaker at mic
[00:37:46] <Peter Koch> simply add dane to the game
[00:37:52] fdupont leaves the room
[00:38:14] <Dan York> Andrew Sullivan at mic
[00:38:21] Josh Kuo (DeepDive) leaves the room
[00:38:26] <Phill > Peter, not sure if you can claim DANE works here.
[00:38:32] <Phill > There is a bootstrap issue
[00:38:33] Francis Dupont joins the room
[00:38:46] Josh Kuo (DeepDive) joins the room
[00:38:50] <EKR> I'm still in httpbis, but I think it's worth mentioning that TLS 1.3 will have significantly better RTT behavior.
[00:39:06] <EKR> And of course if you use DTLS 1.3
[00:39:56] <tjw.ietf> Dan Wing has a DTLS draft in dnsop.
[00:40:13] Mankin, Allison joins the room
[00:40:34] <Dan York> Paul Hoffman speaking
[00:40:50] <Dan York> EKR ... was that for relay?
[00:41:10] <Andrew Sullivan> @Phill: I do, yes, but I confess I don't understand the issues as well there
[00:41:18] <Andrew Sullivan> (re perf things)
[00:41:18] Jim Galvin leaves the room
[00:41:39] Mankin, Allison leaves the room
[00:42:25] <Wes H> the issue is there is no signalling about whether you can expect security or not; dane/smtp gives you that security because in the response that includes a TLSA record it means you can expect security from the remote SMTP server and you should stop the connection if the server says "I don't do security".
[00:42:45] <bortzmeyer> Wes H: there is still the posisbility of pinning
[00:42:48] <Wes H> there is no easy equivelent from a resolver that doesn't have a public place to look up it's DNS connection info.
[00:42:50] <Dan York> Slides: http://www.ietf.org/proceedings/91/slides/slides-91-dprive-0.pdf
[00:43:08] <Dan York> He's on slide 4
[00:43:09] <Wes H> pinning is great if you're willing to take a leap of faith, I agree.
[00:43:45] <bortzmeyer> Wes H: today, we have zero protection. TOFU would be better than the current state.
[00:43:53] <Wes H> (in most places pinning is good including TLS, SSH, etc)
[00:44:06] <Phill > Andrew, The additional overhead for PrivateDNS is a minor amount of symmetric key crypto. I don't expect the overhead would be more than 10% and that would require the server to be CPU bound rather than network bound which is not very likely.
[00:44:09] <Dan York> I have to step out for a moment.  Suzanne will be watching for relay requests.
[00:44:19] Josh Kuo (DeepDive) leaves the room
[00:44:57] EKR leaves the room
[00:45:57] sftcd x likes hacks like that:-)
[00:45:59] Ralf Weber leaves the room
[00:46:34] EKR joins the room
[00:47:48] <Andrew Sullivan> I won't go to the mic on this, but I wonder what happens when someone tries to do one of these embedded-IPv4 addresses in a NAT64/DNS64 network.  War of the nasty hacks!
[00:47:57] cheshire leaves the room
[00:48:56] <sftcd x> the barely-wrap as a fallback could be good for someone who'd prefer privacy over a bit of latency though
[00:49:23] James Gould joins the room
[00:49:42] <Dan York> Allison Mankin at mic
[00:49:46] shollenbeck leaves the room
[00:49:57] EKR leaves the room
[00:50:11] <Francis Dupont> ALPN is in openssl 1.0.2beta3 (not in 1.0.1j i.e. the last stable)
[00:50:24] cheshire joins the room
[00:50:30] <Dan York> Ted Hardie at mic
[00:50:40] <hta> if a client uses alpn and the server doesn't understand it, will the connection fail?
[00:52:00] <Hosnieh R.> I guess the assumption on most of current proposed approach is we plan to change DNS protocol to consider privacy
[00:52:00] <bortzmeyer> The standard that Ted Hardie just talked about (DNS URI) http://www.rfc-editor.org/rfc/rfc4501.txt
[00:52:23] Brian Haberman joins the room
[00:52:44] <Dan York> Daniel Gilmore at the mic
[00:53:10] <Dan York> (and... he often goes by dkg as he does in this chat room)
[00:53:47] <Hosnieh R.> Dan: thanks :) I am learning abbreivations
[00:54:09] <Dan York> Stuart Cheshire at mic
[00:54:48] safa almalki leaves the room
[00:54:53] <Dan York> PHB at mic
[00:55:13] <Francis Dupont> About ALPN not understood, IMHO the TLS negociation and so connection will simply fail.
[00:55:18] Phill leaves the room
[00:55:25] metricamerica leaves the room
[00:55:41] metricamerica joins the room
[00:56:58] cheshire leaves the room
[00:57:21] <Dan York> Brian Haberman at mic
[00:57:39] <sftcd x> +1 to brian:-)
[00:58:22] EKR joins the room
[00:58:27] Olafur leaves the room
[00:58:38] <Dan York> ?? at mic?
[00:58:45] <Dan York> (PHB was at mic before)
[00:58:47] shuss leaves the room
[00:58:54] secret leaves the room
[00:59:12] Ted.h leaves the room
[00:59:13] metricamerica leaves the room
[00:59:16] Jakob Schlyter leaves the room
[00:59:30] dblacka leaves the room
[00:59:38] <Dan York> ?? at mic
[00:59:45] <Brian Haberman> Christian Huitema
[00:59:45] <Francis Dupont> Christian Huitema
[00:59:49] metricamerica joins the room
[01:00:02] metricamerica leaves the room
[01:00:04] Peter Koch leaves the room
[01:00:04] shuss joins the room
[01:00:09] <Dan York> Ah, of course!  Thanks
[01:00:09] EKR leaves the room
[01:00:15] jlatour leaves the room
[01:00:21] <Dan York> And... we're done.
[01:00:25] Dan York leaves the room
[01:00:27] Brian Haberman leaves the room
[01:00:27] Hugo Kobayashi leaves the room
[01:00:27] Melinda Shore leaves the room
[01:00:33] Suzanne leaves the room
[01:00:34] <Hosnieh R.> thanks
[01:00:38] tjw.ietf leaves the room
[01:00:41] Jan Vcelak leaves the room
[01:00:49] Michael Kaczmarek leaves the room
[01:00:49] Joe Hall leaves the room
[01:00:52] shuss leaves the room
[01:00:53] Frederico A C Neves leaves the room
[01:00:58] Francis Dupont leaves the room: Computer went to sleep
[01:01:03] Kathleen Moriarty leaves the room
[01:01:05] Hosnieh R. leaves the room
[01:01:27] Andrew Sullivan leaves the room
[01:01:31] hta leaves the room
[01:01:37] shoji leaves the room
[01:01:41] sftcd x leaves the room
[01:01:53] john.levine leaves the room
[01:04:42] Catherine Dibble leaves the room
[01:06:43] James Gould leaves the room
[01:09:33] Ralf Weber joins the room
[01:12:37] Ralf Weber leaves the room
[01:12:41] Ralf Weber joins the room
[01:13:45] keith_nm leaves the room
[01:16:54] Josh Kuo (DeepDive) joins the room
[01:17:36] zwicky leaves the room
[01:17:36] dkg leaves the room
[01:17:36] yone leaves the room
[01:17:38] Ted.h joins the room
[01:17:39] Ted.h leaves the room
[01:18:31] bortzmeyer leaves the room: Replaced by new connection
[01:18:32] bortzmeyer joins the room
[01:19:12] Meetecho leaves the room
[01:19:18] Wes H leaves the room: Replaced by new connection
[01:19:18] hardaker joins the room
[01:21:49] Josh Kuo (DeepDive) leaves the room
[01:22:05] jlatour joins the room
[01:24:06] dblacka joins the room
[01:24:34] hta joins the room
[01:24:34] cheshire joins the room
[01:25:32] doug.otis joins the room
[01:25:33] Phill joins the room
[01:25:35] Phill leaves the room
[01:25:47] doug.otis leaves the room
[01:25:49] doug.otis joins the room
[01:25:51] keith_nm joins the room
[01:26:26] doug.otis leaves the room
[01:27:55] cheshire leaves the room
[01:29:22] Olafur joins the room
[01:29:45] cheshire joins the room
[01:30:38] Andrew Sullivan joins the room
[01:30:41] Andrew Sullivan leaves the room
[01:30:57] hta leaves the room
[01:31:35] James Gould joins the room
[01:35:13] keith_nm leaves the room
[01:37:09] Jim Galvin joins the room
[01:38:53] Ralf Weber leaves the room
[01:39:07] EKR joins the room
[01:41:01] dkg joins the room
[01:44:53] EKR leaves the room
[01:46:32] dkg leaves the room
[01:56:02] James Gould leaves the room
[01:58:25] cheshire leaves the room
[02:00:08] cheshire joins the room
[02:07:26] Frederico A C Neves joins the room
[02:07:34] Frederico A C Neves leaves the room
[02:19:22] hardaker leaves the room
[02:19:31] hardaker joins the room
[02:36:34] jlatour leaves the room: Replaced by new connection
[02:36:34] jlatour joins the room
[02:39:55] Jim Galvin leaves the room
[02:40:18] James Gould joins the room
[02:52:44] James Gould leaves the room
[02:54:45] ilari.liusvaara leaves the room: offline
[03:18:26] Olafur leaves the room
[03:21:01] dblacka leaves the room
[03:21:33] Melinda Shore joins the room
[03:21:47] jlatour leaves the room
[03:22:43] cheshire leaves the room
[03:34:19] Melinda Shore leaves the room
[03:45:01] bortzmeyer leaves the room
[03:48:42] jlatour joins the room
[04:07:08] hardaker leaves the room
[04:19:29] jlatour leaves the room
[04:19:32] jlatour joins the room
[04:21:56] jlatour leaves the room
[04:22:38] Olafur joins the room
[04:23:16] Olafur joins the room
[04:23:26] Olafur leaves the room
[04:29:56] Olafur leaves the room
[05:46:13] Mankin, Allison joins the room
[05:50:04] Mankin, Allison leaves the room
[07:18:54] bortzmeyer joins the room
[07:45:49] bortzmeyer leaves the room: Replaced by new connection
[07:45:50] bortzmeyer joins the room
[08:06:55] cheshire joins the room
[08:19:19] bortzmeyer leaves the room
[08:32:25] bortzmeyer joins the room
[09:02:40] bortzmeyer leaves the room
[09:06:38] Jim Galvin joins the room
[09:36:30] Jim Galvin leaves the room
[09:42:05] Olafur joins the room
[09:44:29] Olafur leaves the room
[11:49:43] bortzmeyer joins the room
[12:15:04] bortzmeyer leaves the room
[14:10:00] bortzmeyer joins the room
[16:12:09] Jim Galvin joins the room
[16:12:10] Jim Galvin leaves the room
[16:24:25] Olafur joins the room
[17:36:03] Olafur leaves the room
[17:43:13] Olafur joins the room
[17:56:07] bortzmeyer leaves the room
[17:59:03] Olafur leaves the room
[17:59:42] jlatour joins the room
[18:04:03] hardaker joins the room
[18:18:40] dblacka joins the room
[18:24:49] jlatour leaves the room
[18:27:15] Joe Hall joins the room
[18:30:39] Joe Hall leaves the room: Replaced by new connection
[18:30:40] Joe Hall joins the room
[18:38:13] cheshire leaves the room
[18:40:01] hardaker leaves the room: Replaced by new connection
[18:40:01] hardaker joins the room
[18:58:23] cheshire joins the room
[18:59:13] Kathleen Moriarty joins the room
[19:04:06] hardaker leaves the room: Replaced by new connection
[19:04:06] hardaker joins the room
[19:10:52] Kathleen Moriarty leaves the room
[19:16:25] hardaker leaves the room
[19:16:45] hardaker joins the room
[19:50:22] hardaker leaves the room
[19:50:24] hardaker joins the room
[20:09:58] Joe Hall leaves the room
[20:50:13] Olafur joins the room
[21:03:05] Olafur leaves the room
[21:17:23] dblacka leaves the room
[21:17:33] Olafur joins the room
[21:28:09] Peter Koch joins the room
[21:28:35] Olafur leaves the room
[21:30:59] cheshire leaves the room
[21:53:04] hardaker leaves the room
[22:08:27] Peter Koch leaves the room
[22:54:08] Olafur joins the room
[22:57:23] hardaker joins the room
[23:02:30] dblacka joins the room
[23:03:44] cheshire joins the room
[23:03:54] jlatour joins the room
[23:04:03] Mankin, Allison joins the room
[23:16:11] Peter Koch joins the room
[23:18:44] Peter Koch leaves the room
[23:24:53] tjw.ietf joins the room
[23:53:19] dblacka leaves the room
[23:53:24] dblacka joins the room