IETF
MADINAS
madinas@jabber.ietf.org
Wednesday, November 10, 2021< ^ >
Room Configuration
Room Occupants

GMT+0
[11:25:16] Meetecho joins the room
[11:45:08] Jerome Henry_web_304 joins the room
[11:47:22] Mathieu Cunche_web_544 joins the room
[11:47:30] Paolo Saviano_web_771 joins the room
[11:48:13] <Mathieu Cunche_web_544> Hello all
[11:51:00] Éric Vyncke_web_982 joins the room
[11:52:06] Amelia Andersdotter_web_259 joins the room
[11:52:26] Bob Hinden_web_779 joins the room
[11:52:34] <Amelia Andersdotter_web_259> hey
[11:52:50] <Jerome Henry_web_304> hi
[11:53:34] Andrew Campling_web_790 joins the room
[11:53:51] <Amelia Andersdotter_web_259> i regret i didn't say "accueils et salutations" now
[11:54:46] Shuping Peng_web_662 joins the room
[11:55:13] <Mathieu Cunche_web_544> Is my audio working ?
[11:55:14] <Mathieu Cunche_web_544> Yes :)
[11:55:24] <Amelia Andersdotter_web_259> yes
[11:56:11] Valery Smyslov_web_299 joins the room
[11:56:31] Shuping Peng_web_662 leaves the room
[11:56:35] Shuping Peng_web_540 joins the room
[11:56:42] alexamirante joins the room
[11:56:43] Dave Thaler_web_837 joins the room
[11:57:10] Tim Twell_web_298 joins the room
[11:57:23] Luigi Iannone_web_945 joins the room
[11:57:32] John Preuß Mattsson_web_799 joins the room
[11:58:04] Jen Linkova_web_394 joins the room
[11:58:15] Kohei Isobe_web_252 joins the room
[11:58:16] <Bob Hinden_web_779> Good morning/day/afternoon/evening!
[11:58:21] Paolo Saviano_web_771 leaves the room
[11:58:25] Paolo Saviano_web_164 joins the room
[11:58:28] Mark McFadden_web_101 joins the room
[11:58:35] Alexandre Petrescu_web_111 joins the room
[11:58:40] Paolo Saviano_web_164 leaves the room
[11:58:41] Qin Wu_web_682 joins the room
[11:58:41] <Éric Vyncke_web_982> Good afternoon Bob
[11:58:43] Carlos Bernardos_web_296 joins the room
[11:59:05] David Oliver_web_278 joins the room
[11:59:09] Juan-Carlos Zúñiga_web_473 joins the room
[11:59:10] Tommy Pauly_web_871 joins the room
[11:59:16] Dan Harkins_web_591 joins the room
[11:59:38] Juliana Guerra_web_153 joins the room
[11:59:45] Paolo Saviano_web_326 joins the room
[11:59:53] Wei Pan_web_730 joins the room
[12:00:33] Michael B_web_884 joins the room
[12:00:35] Tommy Pauly_web_871 leaves the room
[12:01:00] Kelley Burgin_web_581 joins the room
[12:01:01] Paolo Volpato_web_697 joins the room
[12:01:03] Yoshifumi Atarashi_web_252 joins the room
[12:01:29] Paul Watrobski_web_493 joins the room
[12:01:31] Umberto Fattore_web_524 joins the room
[12:01:34] <Carlos Bernardos_web_296> hi everyone
[12:01:36] Philip Eardley_web_616 joins the room
[12:01:37] Timothy Winters_web_641 joins the room
[12:01:37] Rebecca Guthrie_web_844 joins the room
[12:01:37] Paul Watrobski_web_493 leaves the room
[12:01:40] Peter Yee_web_185 joins the room
[12:01:41] Paul Watrobski_web_357 joins the room
[12:01:46] Christopher Inacio_web_897 joins the room
[12:01:52] Shu-Fang Hsu_web_128 joins the room
[12:02:06] Steven Hartley_web_601 joins the room
[12:02:25] Michael Richardson_web_262 joins the room
[12:03:07] Robert Wilton_web_435 joins the room
[12:03:42] Stuart Card_web_772 joins the room
[12:03:57] <Robert Wilton_web_435> I can help with minutes
[12:04:12] Taiji Kimura_web_393 joins the room
[12:04:29] <Alexandre Petrescu_web_111> Minutes https://codimd.ietf.org/notes-ietf-112-madinas
[12:04:37] Bob Hinden_web_779 leaves the room
[12:04:38] Jean-Michel Combes_web_655 joins the room
[12:04:41] Bob Hinden_web_696 joins the room
[12:05:02] Stuart Cheshire_web_385 joins the room
[12:05:04] <Carlos Bernardos_web_296> Thanks a lot Robert!
[12:05:19] Glenn Parsons_web_631 joins the room
[12:05:47] Prapanch Ramamoorthy_web_460 joins the room
[12:05:48] Antoine Fressancourt_web_379 joins the room
[12:06:00] Taiji Kimura_web_393 leaves the room
[12:06:12] Rich Salz_web_227 joins the room
[12:06:29] Bob Hinden_web_696 leaves the room
[12:06:34] Stuart Cheshire_web_385 leaves the room
[12:06:51] Bob Hinden_web_853 joins the room
[12:06:58] Alessandro Amirante_web_425 joins the room
[12:08:20] Mohit Sethi_web_543 joins the room
[12:08:32] Bob Hinden_web_853 leaves the room
[12:08:34] Alessandro Amirante_web_425 leaves the room
[12:08:36] Bob Hinden_web_871 joins the room
[12:09:36] <Alexandre Petrescu_web_111> I suspect RCM and privacy are mainlyin a 802.11 wireless group not  802 overall (LAN) (?)  In LANs there are no privacy issues because the cables lead to the sources anyways.
[12:09:55] Mohamed Boucadair_web_313 joins the room
[12:10:35] <Éric Vyncke_web_982> But someone on a trunk or close to a server/peer can still snoop
[12:11:12] <Alexandre Petrescu_web_111> But snooping on a trunk would be a in-organisation issue, within a limited domain.
[12:11:32] Massimiliano Pala_web_435 joins the room
[12:11:34] Geir Egeland_web_285 joins the room
[12:11:49] <Éric Vyncke_web_982> Of course but this is still a problem
[12:12:40] <Alexandre Petrescu_web_111> Well yes, some of my colleagues did snoop the Ethernet at offices to see other colleagues' traffic.
[12:14:35] <Alexandre Petrescu_web_111> Iwonder whether 802.1X and 802.1AR are used on Wired.
[12:15:10] Mathieu Cunche_web_544 leaves the room
[12:15:14] Mathieu Cunche_web_579 joins the room
[12:15:50] Umberto Fattore_web_524 leaves the room
[12:15:54] Umberto Fattore_web_401 joins the room
[12:16:18] <Jen Linkova_web_394> Alexandre: "Iwonder whether 802.1X and 802.1AR are used on Wired." - wired 802.1x is widely used in enterprise environments.
[12:16:28] Shu-Fang Hsu_web_128 leaves the room
[12:16:35] Umberto Fattore_web_401 leaves the room
[12:16:39] Umberto Fattore_web_590 joins the room
[12:17:11] <Alexandre Petrescu_web_111> ah, error on me.
[12:17:14] Mathieu Cunche_web_579 leaves the room
[12:17:18] Mathieu Cunche_web_893 joins the room
[12:17:27] Mathieu Cunche_web_893 leaves the room
[12:17:31] Mathieu Cunche_web_848 joins the room
[12:17:52] <Dan Harkins_web_591> it's not a snooping problem. It's an identification problem. On a wired network there is only 1 port on which a wire is stuck into and that port can be identified. In 802.11 there are a multitude of devices connecting to a single SSID.
[12:18:16] Umberto Fattore_web_590 leaves the room
[12:18:20] Umberto Fattore_web_976 joins the room
[12:19:47] Umberto Fattore_web_976 leaves the room
[12:19:48] <Dan Harkins_web_591> lawful intercept is not an issue. The operator can satisfy any request from law enforcement with "we got nothing". That legal obligation has been satisfied.
[12:19:54] <Mohamed Boucadair_web_313> This is more data retention, than lawful intercept
[12:20:20] <Dan Harkins_web_591> I cannot be compelled to provide an identifier to aid law enforcement. Sorry.
[12:20:24] <Amelia Andersdotter_web_259> Also does it really happen? I mean, has there been a case where a public wifi provider has been asked to provide data records for a particular mac address?
[12:20:35] <Éric Vyncke_web_982> Actually privacy
[12:20:42] <Éric Vyncke_web_982> Amelia, perhaps in Universities ?
[12:20:45] <Steven Hartley_web_601> Tim, does the WBA have any recomendations yet? Doesn't sound like it.
[12:21:06] <Rich Salz_web_227> @Dan: are you really sure about that?
[12:21:11] <Carlos Bernardos_web_296> In universities I know this used to be the case in the time of P2P and illegal content sharing
[12:21:40] Mathieu Cunche_web_848 leaves the room
[12:21:44] Mathieu Cunche_web_124 joins the room
[12:21:47] Umberto Fattore_web_755 joins the room
[12:21:49] <Amelia Andersdotter_web_259> i was aware of ip address being used like that
[12:22:04] <Dan Harkins_web_591> @rich, well yes. There may be some countries in the world where I am compelled to identify myself but here, no. And I resent standards being developed to aid those countries at my expense.
[12:22:12] <Amelia Andersdotter_web_259> the entire data retention story started because of dynamic ip addresses
[12:22:14] Ole Trøan_web_411 joins the room
[12:22:53] <Dan Harkins_web_591> I just don't think there's a legal intercept problem. The service provider gives law enforcement everything it has, which is nothing. Legal obligation satisfied. End of story.
[12:22:57] Chen Li_web_968 joins the room
[12:22:58] <Mohamed Boucadair_web_313> There is a need to associate the IP address with a "user". that's the basic requirement from legal purposes.
[12:23:27] <Rich Salz_web_227> I share your feelings, @Dan, but maybe not as strong. I was just wondering about your assertion on compel.
[12:23:33] <Bob Hinden_web_871> The tussle here is device identification needs a stable identifier with a loss of privacy, if you want privacy you can’t have a stable identifier and loose device identification.  
[12:23:48] <Dan Harkins_web_591> (message to @dan... calm down)
[12:24:06] Lixia Zhang_web_237 joins the room
[12:24:08] <Mohamed Boucadair_web_313> @Amelia: Whether that IP address is static or dynamic does not matter much
[12:24:11] <Rich Salz_web_227> (I'm thinking of StingRays and other fake cellphone towers being legal)
[12:24:31] <Alexandre Petrescu_web_111> In systems people identification are hidden they quickly become systems outof law - see crypto currency.
[12:24:51] <Rich Salz_web_227> or cash.
[12:24:52] <Amelia Andersdotter_web_259> i don't understand how LEA would get the MAC address anyway
[12:25:05] <Mohamed Boucadair_web_313> Me either
[12:25:10] <Dan Harkins_web_591> @rich, well yes, but I'm being tricked in that case. I'm not being legally required to provide useful information to law enforcement, I'm being tricked into doing it.
[12:25:27] <Mathieu Cunche_web_124> @Bob: MAC address are exposed as part of the header, other identifiers could be hidden/encrypted/obfuscated
[12:25:38] <Amelia Andersdotter_web_259> other than if the network operator pre-shared with LEA the devices in their network and the IP addresses they broadcasted at a particular time to the wider internet
[12:25:44] Lixia Zhang_web_237 leaves the room
[12:26:12] Andrew S_web_122 joins the room
[12:26:16] Andrew S_web_122 leaves the room
[12:26:19] Andrew S_web_434 joins the room
[12:26:28] <Rich Salz_web_227> You the user is being tricked. Unclear if you the carrier can't be made to comply.  But I share your privacy interests here, so namaste.
[12:26:30] <Mohamed Boucadair_web_313> generally, there is done per request basis (e.g., when an abuse is detected)
[12:26:34] <Amelia Andersdotter_web_259> MAC spoofing is also simple enough that there would have been litigation on this
[12:26:37] Yoshiaki Kitaguchi_web_467 joins the room
[12:26:52] <Dan Harkins_web_591> namaste :-)
[12:27:11] <Éric Vyncke_web_982> Anyway, the issue is not so much about LEA but more about privacy 'against' any party
[12:27:29] <Alexandre Petrescu_web_111> 'LEA'?  'namaste'?
[12:27:40] <Éric Vyncke_web_982> Law Enforcement Agency
[12:27:47] <Amelia Andersdotter_web_259> @alexandre law enforcement agency. indian gratitude greeting.
[12:27:48] <Antoine Fressancourt_web_379> @Dan, in some countries, like eg France, you are considered an operator if you provide access to someone else. You are supposed to be able to give ID of someone using your network if told to do so by a judge, and law forces you to keep access logs for some time. Failure to comply leads to fines or jail.
[12:27:52] <Éric Vyncke_web_982> Namaste is Hindi for welcome
[12:27:56] <John Preuß Mattsson_web_799> @Rich stingrays would be illegal for most people. Not sure that the legality of stingray used by police have been tested in public courts. StingRays does not work in 5G, but your phone will likely happily connect to a fake 2G base station.
[12:28:15] Luis Contreras_web_976 joins the room
[12:28:35] <Dan Harkins_web_591> @antoine, and that log would contain random MACs. So the operator has satisfied the request.
[12:28:36] Joey Salazar_web_931 joins the room
[12:28:43] <Antoine Fressancourt_web_379> Nope
[12:28:52] <Amelia Andersdotter_web_259> @Éric I do think it matters if its LEA or not. LEA backs up requests with the violence monopoly applicable on the territory where the requestee is based. It's different if I ask your ISP or if the police asks your ISP.
[12:29:27] Umberto Fattore_web_755 leaves the room
[12:29:31] Umberto Fattore_web_871 joins the room
[12:29:41] <Antoine Fressancourt_web_379> @Dan people tried, and had problems
[12:29:48] <Amelia Andersdotter_web_259> Because of the gravity of that circumstance, claiming that something may be required to fulfill a legal obligation in that sense is a pretty big claim.
[12:30:21] <Rich Salz_web_227> ++
[12:30:34] <Mohamed Boucadair_web_313> +1 to what Amelia said.
[12:30:56] <Antoine Fressancourt_web_379> (Bear with me, dealing with such requests is very stressing)
[12:31:00] Umberto Fattore_web_871 leaves the room
[12:31:14] <Éric Vyncke_web_982> @Amelia: LEA matters indeed but the RCM is mostly generated to preserve privacy
[12:31:31] <Dan Harkins_web_591> a policeman's job is only easy in a police state.
[12:31:33] <Alexandre Petrescu_web_111> I whatAmelia said I dont parce'violence monopoly' - is it 'violent monopoly' or is it 'violence that monopoly [...]'?
[12:31:58] <Dan Harkins_web_591> @alexandre, it's a monopoly on violence. The state has that.
[12:32:17] Luther Smith_web_484 joins the room
[12:32:22] <Alexandre Petrescu_web_111> I would not call it 'monopoly' but 'publicly elected right to'.
[12:33:20] <Amelia Andersdotter_web_259> @Éric Of course. But my point ehre was that Tim Well says that LEA may request MAC addresses to identify users in the network. I wanted to bring into question whether this hypothetical situation actually occurs in practice (i.e. is it something that anyone, including at WBA, need to care about?). In my experience, which grantedly is somewhat limited, LEA has never went for MAC addresses.
[12:33:30] <Antoine Fressancourt_web_379> @Dan I tend to think your way, but I live in a country where I have to respect laws, even if I don't agree with them
[12:33:43] <Rich Salz_web_227> The common term is what Dan/Amelia said.  It *is* a monopoly because people using violence are known as criminals.
[12:33:49] <Amelia Andersdotter_web_259> So that seems to me a problem we (MADINAS, WBA, etc) do not need to solve.
[12:34:19] Lixia Zhang_web_927 joins the room
[12:35:00] Paolo Saviano_web_326 leaves the room
[12:35:04] Paolo Saviano_web_494 joins the room
[12:35:43] <Amelia Andersdotter_web_259> @Alexandre What Rich said. It's the exclusive right of a designated group to use violence without (necessarily) risking punishment. Normally the terms of this exclusive right ("monopoly") include tests on proportionality, necessity, etc.
[12:35:49] <Alexandre Petrescu_web_111> LEA looks for MAC addresses?  Where I live LEA goes for all data that can exist to analyze the tiniest detail that could provide correlation and solve cases.  That includes MAC addresses, but among many others.  It is also true that public discussion talks aboutmainly the 'IP' addresses of people.  Other times people also talk about having 'borned' ('borné, fr.) which means to have registered with L2 messages on a particular base station in a particular region.  But that is still very little information that is talked about.
[12:35:58] <Dan Harkins_web_591> the uniqueness guarantee on MAC addresses is lessened by reducing the "random portion" from 2^46 to 2^44.
[12:36:04] Chen Li_web_968 leaves the room
[12:36:11] <Carlos Bernardos_web_296> BTW, RFC 8947 and 8948 are relevant for what Glenn is presenting
[12:37:51] Tim Twell_web_298 leaves the room
[12:37:55] Tim Twell_web_578 joins the room
[12:38:26] <Jen Linkova_web_394> I've been told that there have been cases when LEAs asked for MACs..
[12:38:45] Tim Twell_web_578 leaves the room
[12:38:49] Tim Twell_web_541 joins the room
[12:38:49] <Alexandre Petrescu_web_111> Exclusive right is a monopoly?  But Coca Cola has exclusivity and that is not monopoly.  To me, associating the word 'monopoly' to government is akin to making revendications already.  In Europe, 'monopolies' are to be breaken apart where possible, but that is not gov't monopoly butindustry monopoly.  It is confusing to talk monopoly and expect the listener to not mix Commercial interest and State interest: they _are_ different.
[12:39:00] <Éric Vyncke_web_982> @Carlos do you know the authors of RFC 8947 ;-) (joke)
[12:39:11] Peter Koch_web_612 joins the room
[12:39:19] <Carlos Bernardos_web_296> @Éric I might ;)
[12:39:20] <Éric Vyncke_web_982> @Jen I would imagine with some FTTH with flat LAN
[12:39:28] <Rich Salz_web_227> Sorry, Alexandre, you're wrong in terms of the English language.
[12:39:32] Bob Moskowitz joins the room
[12:39:45] <Alexandre Petrescu_web_111> Certainly I am - I dont doubt that :-)
[12:40:05] <Amelia Andersdotter_web_259> @Alexandre Try selling something under the brand Coca-Cola. The exclusive right they have is to sell their products under their brand.
[12:40:06] <Rich Salz_web_227> "The state has a monopoly on violence" is a term of art in the English-speaking political milieu. :)
[12:40:09] <Dan Harkins_web_591> @aleandre, I'm not saying the government is a "monopoly", I'm saying it's claim to exclusive use of force is.
[12:40:14] Robert Moskowitz_web_806 joins the room
[12:40:44] <Alexandre Petrescu_web_111> Dan - state is not claiming to use force - it is given that power by the people.
[12:41:07] Tim Twell_web_541 leaves the room
[12:41:11] Tim Twell_web_891 joins the room
[12:41:41] <Amelia Andersdotter_web_259> @Alexandre the expression is the same in French: https://fr.wikipedia.org/wiki/Monopole_de_la_violence
[12:41:54] <Dan Harkins_web_591> of course it is. When the authorities show up saying "show me these records" and can compel the operator to comply it is most definitely claiming an exclusive use of force. I can't show up at the operator and demand records!
[12:42:03] Tim Twell_web_891 leaves the room
[12:42:07] Tim Twell_web_554 joins the room
[12:42:26] <John Preuß Mattsson_web_799> In Sweden the government has monopoly on selling alcohol. State monopoly is a commonly used term in economicshttps://en.wikipedia.org/wiki/State_monopoly
[12:42:41] <Alexandre Petrescu_web_111> thanks for the URL! relevant.
[12:42:46] Tim Twell_web_554 leaves the room
[12:42:50] Tim Twell_web_117 joins the room
[12:44:37] Mohit Sethi_web_543 leaves the room
[12:44:41] Mohit Sethi_web_385 joins the room
[12:44:46] <John Preuß Mattsson_web_799> https://de.wikipedia.org/wiki/Staatsmonopol
[12:44:50] <Bob Moskowitz> And we have to do that with Unmanned Aircraft Remote ID.
[12:45:15] <Dan Harkins_web_591> @michael, you're looking for a CID which IEEE will gladly sell you. That will give you an OUI under which you can assign MAC addresses. You will be required to run a SLAP policy on your network though.
[12:45:22] <Bob Moskowitz> See the Privacy section of draft-ietf-drip-rid.  Or rather the lack of privacy....
[12:45:29] <Alexandre Petrescu_web_111> Overall, could it be said that a form of 'monopoly' is something that the work here tries to overcome?
[12:45:54] <Andrew Campling_web_790> @Dan the "show me the records" enforcement unlikely to be violence (except possibly in very extreme circumstances).  In any case, the allocation of certain powers by a LEA in a democracy shouldn't be an issue for the IETF.  
[12:46:29] <Andrew Campling_web_790> *is unlikely
[12:46:53] <Éric Vyncke_web_982> Big thanks indeed Glenn & Tim
[12:47:53] mcr joins the room
[12:47:54] Timothy Winters_web_641 leaves the room
[12:47:58] Timothy Winters_web_954 joins the room
[12:48:18] <Mathieu Cunche_web_124> +1
[12:49:46] <Alexandre Petrescu_web_111> 802.11aq use RCM 'outof association' - does it mean OCB 'Outside the Context of a BSSID'- there is an RFC for IPv6-over-OCB and it does not talk RCM...
[12:50:01] Adam Wiethuechter_web_748 joins the room
[12:51:24] <Amelia Andersdotter_web_259> I did a privacy review for ipv6-over-ocb and i recall some discussion on generating ipv6 addresses w/o relying on underlying mac or so. but that mechanism already exists for a long time.
[12:51:25] <Dan Harkins_web_591> @alexandre, it means during scanning or any pre-association interactions with an AP
[12:51:49] <Bob Moskowitz> @dan, what about NAN?
[12:52:06] <Dan Harkins_web_591> a BSSID can exist pre-association, but the client has not established state on the AP bound to a MAC address.
[12:52:13] <Amelia Andersdotter_web_259> although most complicated bits of ipv6-over-ocb from privacy perspective were just cut from the draft
[12:52:28] <Dan Harkins_web_591> @bob, NAN is a WFA thing. I'm not sure.
[12:52:59] <mcr> It's because all the logs (and pcaps) are indexed by IP/Mac address.
[12:53:09] <Bob Moskowitz> And NAN is in the ASTM Remote ID standard and being used in EU, but use of BEACONs is gaining preference.  Less overhead.
[12:53:16] <Jen Linkova_web_394> Amelia: EUI-64-based addresses are kind of not recommended anymore, so most IPv6 addresses shoudn't have anything to do with MACs
[12:55:32] Marisol Palmero_web_756 joins the room
[12:55:53] Kazunori Fujiwara_web_303 joins the room
[12:56:08] <Steven Hartley_web_601> ya EUI-64 is not ideal, secure simple is definately prefered (all though it helped me find a bug yesterday when someone configured it incorrectly on a node)
[12:56:24] Jody Kolker_web_533 joins the room
[12:56:32] Jody Kolker_web_533 leaves the room
[12:56:36] Jody Kolker_web_411 joins the room
[12:56:46] Kazunori Fujiwara_web_303 leaves the room
[12:56:47] Taiji Kimura_web_870 joins the room
[12:56:51] <Alexandre Petrescu_web_111> "@alexandre, it means during scanning or any pre-association interactions with an AP", "a BSSID can exist pre-association, but the client has not established state on the AP bound to a MAC address." - Yes.  I thought these phrases mean OCB - Outside the Context of a BSS ID.  I thought that OCB is a right term.  However, OCB could not work with random MAC addresses (RCM), because in OCB  mode on still uses MAC addresses in the src and dst addresses of messages, despite not having a BSSID.  In that sense I wonder how 802.11aq works with changing MAC addresses.  Does it involve continuously exchanging IPv6 NS/NA messages to discover each other's MAC address?  Can I read 802.11aq?
[12:58:13] <Dan Harkins_web_591> the BSSID is the AP side of the conversation. APs don't randomize MACs. So there is still communication in the context of a BSSID that uses a random MAC (on the client).
[12:58:57] <Alexandre Petrescu_web_111> APs not randomizing its MAC address is not a privacy issue?
[12:59:02] John Preuß Mattsson_web_799 leaves the room
[12:59:19] <Dan Harkins_web_591> on whom?
[12:59:42] <Mathieu Cunche_web_124> Maybe when the AP is spawned by a smartphone.
[12:59:59] <mcr> Bob is asking the same question I asked in the previous presentation :-)
[13:00:10] <Steven Hartley_web_601> In most SW solutions (i.e. Android), RCM is used for both AP and STA.
[13:00:10] <Alexandre Petrescu_web_111> Privacy is a problem that can be solved bilaterally: I reveal my identity if my counterpart does too.  In that sense, if I had my id then it is strange that the AP does not.
[13:00:32] <Alexandre Petrescu_web_111> (if I hide my id)
[13:00:33] <Dan Harkins_web_591> but if it wants to simultaneously serve multiple clients then it must have a persistant MAC. It can be from the "local" address space-- i.e. random-- but it must be persistent.
[13:00:56] <Éric Vyncke_web_982> @Dan ++
[13:01:09] <Dan Harkins_web_591> and MAC address persistence has been identified as a privacy issue _on clients_. Not on APs.
[13:01:14] <Amelia Andersdotter_web_259> The soft/mobile AP use-cases concern cases where a smartphone is turned into an AP for instance.
[13:01:23] <Mohamed Boucadair_web_313> draft-ietf-drip-rid-13#section-8
[13:01:23] <Amelia Andersdotter_web_259> Then it's a personal device that is used as an AP
[13:01:55] <Amelia Andersdotter_web_259> @Dan not entirely true. the "soft AP" use-case is being raised.
[13:02:52] <Dan Harkins_web_591> a "soft AP" still has to have a persistent MAC address to serve clients. All of 802.11 would break if APs were to change MAC addresses while clients were associated.
[13:03:22] <mcr> _queue closed_ nice.
[13:04:05] <Bob Moskowitz> @Med, thanks for posting the ID information.
[13:04:23] <mcr> @Dan, Soft-AP is how MATTER onboards, and many many device specific ways.  I really don't know if it should RCM or not.
[13:04:28] <Éric Vyncke_web_982> @mcr a new feature indeed
[13:04:35] <Alexandre Petrescu_web_111> In DRIP "draft-ietf-drip-rid-13#section-8" I am not sure what is DET - an AP or not.  But I think it makes sense to think that the drone carries an AP and the human controller a Host. Or reversely.  But that AP on drone might be the case that its MAC address might have an issue.
[13:04:55] Jody Kolker_web_411 leaves the room
[13:05:22] Marisol Palmero_web_756 leaves the room
[13:05:51] <Bob Moskowitz> For most UA, they operate as an AP for the GCS to associate for Command and Control.  But this association is done before Operation (flight) starts.
[13:06:26] <Dan Harkins_web_591> @mcr, the issue isn't whether the MAC address is "random" (i.e. from the local address space) it's whether it's persistent and it has to be in order to maintain a conversation. The 802.11 state machine assumes fixed MAC addresses and if one side changes it's MAC address then the state is lost.
[13:06:58] Shuping Peng_web_540 leaves the room
[13:06:58] <mcr> @Dan, it matters if you'd like to put the MAC address in the IDevID :-)
[13:07:02] Shuping Peng_web_161 joins the room
[13:07:03] <Amelia Andersdotter_web_259> @dan there was this proposal in tgbi where you have internal and external mac addresses. the privacy issue for the soft AP is where a permanent mac is transferred in the clear over-the-air.
[13:07:28] <Alexandre Petrescu_web_111> DHCP?
[13:07:31] <Bob Moskowitz> DET is well defined in the draft.  It is the IETF's UA Remote ID.  In standard RID messaging it is only in the Basic ID Message.  The Location/Vector message does not contain it, so the MAC address is needed to make the link between Who and Where.
[13:07:49] <mcr> It matters if you need to identify which of hundreds of APs announcements you are hearing is the one that you want.  If the device RCMs across power cycles, then even if you make a list and go through them, your list might be endless.
[13:08:16] <Dan Harkins_web_591> @mcr, you might've missed my earlier comment but I think you want to buy a CID from IEEE, allocate addresses from the local address space under that OUI, and use a SLAP quadrant on the LAN you run.
[13:08:41] Ole Trøan_web_411 leaves the room
[13:08:45] Ole Trøan_web_426 joins the room
[13:08:54] <Dan Harkins_web_591> then you can have 2^24 (I think) addresses to stick into 2^24 certificates.
[13:09:01] <mcr> @Dan, that totally fails for new devices on which you might run DPP on.
[13:09:11] Luther Smith_web_484 leaves the room
[13:09:18] <Alexandre Petrescu_web_111> "DHCP?" - in relationship with the shown slide, I meant to ask whether 802.1x works with IPv6, or is it only working in an IPv4 setting.
[13:09:26] <mcr> @dan, that might work for some big enterprise, but I'm talking about having hundreds of devices from hundreds of manufacturers.
[13:09:34] <Dan Harkins_web_591> DPP doesn't require an IDevID!
[13:09:42] <Bob Moskowitz> Then you have all those unmanned aircraft sending BEACONs!  You would then need to upgrade your system to recognize those BEACONS with the Vendor IE and the specific Vendor OID to filter those potentially hundreds of BEACONs!
[13:09:46] Luther Smith_web_976 joins the room
[13:10:21] <Alexandre Petrescu_web_111> Sometimes one might want drones to make more noise than they do, so theydont get attacked by animals such as craven(?)
[13:10:33] <mcr> DPP connects a mac address to public key, "certified" in the QR code, right?
[13:10:34] <Dan Harkins_web_591> there can be hundreds of CIDs issued (I'm sure IEEE would love to sell those!) and each one of them will have 2^24 MACs to stick into their certificates.
[13:10:58] <Dan Harkins_web_591> @mcr, no MAC used. DPP doesn't care about MAC addresses.
[13:11:12] <Jen Linkova_web_394> Alexandre: 802.1x has really nothing to do with IP version.
[13:11:34] <Alexandre Petrescu_web_111> (craven, crow,flying bird attacking drones because they are not afraid of them)
[13:11:34] Luther Smith_web_976 leaves the room
[13:11:55] <Bob Moskowitz> Schipol has trained falcons to bring down UAs!
[13:12:14] John Preuß Mattsson_web_515 joins the room
[13:12:16] Luther Smith_web_296 joins the room
[13:12:47] <Bob Hinden_web_871> An issue (current slide) is that a host can't really know how trustworthy the network it is connected to is on.    
[13:12:55] <Bob Moskowitz> Or are they hawks and not actually falcons....
[13:13:03] <Alexandre Petrescu_web_111> "Alexandre: 802.1x has really nothing to do with IP version." - yes, but is 802.1x used in an IPv6-only network?
[13:13:34] <Jen Linkova_web_394> AlexandreL there is absolutely no reason why not. I happen to run such a network ;)
[13:13:52] <Bob Moskowitz> 1x was never IP version specific.
[13:14:40] Alexandre Petrescu_web_111 leaves the room
[13:14:44] Alexandre Petrescu_web_791 joins the room
[13:14:46] <Éric Vyncke_web_982> .1x is not even specific for IP ;-)
[13:14:59] <Jen Linkova_web_394> 802.1x is a way to authenticate a device connected to the network. The supplicant on that device uses EAPOL (so it's ethernet frames) for authentication, IP is not involved. After authentication is completed - the device can use whatever IP versions it supppts
[13:15:44] Timothy Winters_web_954 leaves the room
[13:15:59] <Alexandre Petrescu_web_791> 1x IP version independent: but only DHCP can enforce that access via MAC addresses.  The question is how to realize enforcement of 1x by using IPv6 SLAAC.   If one couldnt (which I am probably wrong to suppose to) then should the RCM problem still be tackled.
[13:16:01] <Bob Moskowitz> @Eric.  one could always use an EAP method that assigns the IP.
[13:16:31] <Éric Vyncke_web_982> @Bob: really? Just curious to leanr
[13:17:11] Behcet Sarikaya_web_853 joins the room
[13:17:38] <Rich Salz_web_227> left the queue.  agree with mcr.
[13:18:05] <Andrew Campling_web_790> +1 to enterprise being a full trust environment
[13:18:07] <Bob Moskowitz> 1x is a transport for EAP.  ANY EAP method.  Only some are commonly deployed but it is up to the client and AP EAP server (or proxy) to choose.  There are EAP methods that include the IP address assignment step.  Just not really used.
[13:18:27] <Alexandre Petrescu_web_791> "After authentication is completed - the device can use whatever IP versions it supppts" - if the authentication is failing would the Host be prevented from sending NAs?
[13:18:39] <Jen Linkova_web_394> Alexandre: I'm not sure I follow. What do you mean by "realize enforcement of 1x by using IPv6 SLAAC". Again, 802.1x assumes that the host receives some EAPOL frames from the switch and responds to them (w/o using IP). After authentication is completed - host can have static IPs, DHCP assigned IPs, SLAAC IPs etc - it doesn't matter. 802.1x doesn't care about IPs
[13:18:39] Phillip Hallam-Baker_web_713 joins the room
[13:18:43] <Rich Salz_web_227> Many people live in townhouses and apartments.
[13:18:47] Yiu Lee_web_332 joins the room
[13:19:12] BEHCET SARIKAYA joins the room
[13:19:44] <Alexandre Petrescu_web_791> Jen, an 802.1x unsucessfull authentication on Ethernet would prevent the Host to even form an IPv4 address,but would it prevent the Host from sending NAs on the link?
[13:19:54] <Jen Linkova_web_394> Alexandre: if 802.1x fails the host can not send anything (ex. 802.1x authentication frames). (well, switches do allow you to place a device to a dedicated quarantine VLAN but it's a different story.
[13:19:54] Yiu Lee_web_332 leaves the room
[13:19:58] Yiu Lee_web_486 joins the room
[13:20:19] Yiu Lee_web_486 leaves the room
[13:20:23] Yiu Lee_web_696 joins the room
[13:20:44] <Alexandre Petrescu_web_791> Jen, I suspect I might be wrong again.  I suspect it is not clear for me.
[13:20:46] Qin Wu_web_682 leaves the room
[13:20:53] <Bob Moskowitz> If 1x fails, the AP should then DISASSOCIATE with the STA.  The STA would then need to restart the whole association.
[13:21:23] <Bob Moskowitz> At least that is the way we designed back in the day.
[13:22:06] <David Oliver_web_278> Perhaps better to view all environments as "partial trust" or "no trust".  While an enterprise MIGHT BE theoretically trustworthy, internally they would want to deal with it as "untrustworthy" I think
[13:22:34] <Bob Moskowitz> Glenn can chime in.  He was one of the real 802.1 people that guided developing the 1x state machine.
[13:22:54] <mcr> But, @Bob, the point wasn't that they are all the same.  The point was if there are any places where there would be full trust, it would be some subset of enterprises.
[13:23:02] <Jen Linkova_web_394> +1 to what Bob is saying. Actually different segments in the same enterprise can have different "trust" levels
[13:23:23] <Éric Vyncke_web_982> @Jen @Bob indeed and on purpose
[13:23:26] <Alexandre Petrescu_web_791> I think, with my limited experience, which is veryoriented on IPv6, that I have not seen a wifi 1x deployment with IPv6 only.  Maybe I need to try that sometimes in the future.
[13:23:34] <David Oliver_web_278> What enterprise network engineer would want to say "I set up my network as full trust"?
[13:24:15] <Massimiliano Pala_web_435> Small consideration about nomenclature - what you call full trust environment seems to me to be the low-trust one instead where you NEED to know publicly identities of devices without establishing a trust relationship with it. Maybe the name is misleading? A No-Privacy environment could be a better name?
[13:25:00] <Mohamed Boucadair_web_313> Agree with Mathieu given that the broadcast environnement is not controlled.  I tend to reason more on env where the trust vs. usabilty balance/tension is more on the usability side.
[13:25:25] Roland Bless_web_600 joins the room
[13:25:34] <Mathieu Cunche_web_124> Another argument against the existence of "Full trust" is cross-device tracking : your own device may try to leverage all kind of identifiers (including MAC addr) to identify links
[13:25:47] <Jen Linkova_web_394> >I think, with my limited experience, which is veryoriented on IPv6, that I have not seen a wifi 1x deployment with IPv6 only.
I guess it's because there are not so many enterprise IPv6-only networks yet. It's not because of 802.1x. But if you need an example to prove they exist - I have one for you ;)
[13:26:12] <Mathieu Cunche_web_124> Cross-device tracking: https://en.wikipedia.org/wiki/Cross-device_tracking
[13:26:22] <mcr> @Alexandre, at the IETF meetings, we have "IETF-v6Only" network regularly, and you've been to those meetings.
[13:26:25] <Alexandre Petrescu_web_791> Jen, you got an example of 1x wifi deployment thas no IPv4 on it but has IPv6 on it?
[13:26:26] Alissa Cooper_web_951 joins the room
[13:26:29] Mathieu Cunche_web_124 leaves the room
[13:26:33] Mathieu Cunche_web_331 joins the room
[13:26:40] <mcr> also IETF-NAT64.
[13:26:57] <Alexandre Petrescu_web_791> if it's nat64 then it's not IPv6 only
[13:27:12] <Jen Linkova_web_394> Alexandre: Yes, I do. I'm still failing to understand why you think might not be possible
[13:27:26] <Jen Linkova_web_394> >if it's nat64 then it's not IPv6 only
[13:27:28] <Jen Linkova_web_394> no
[13:27:41] <Jen Linkova_web_394> I'd disagree. Devices do not have IPv4. So it's v6-only.
[13:28:07] <Alexandre Petrescu_web_791> "@Alexandre, at the IETF meetings, we have "IETF-v6Only" network regularly, and you've been to those meetings." - the reason I could not connect to these v6only networks was because of WiFi driver on windows.  The AP of Cisco _only_ accepted Macs to it.  Yes, it was an IPv6-only but it was Mac-only too.
[13:28:22] <Alexandre Petrescu_web_791> (Mac==Macintosh)
[13:28:52] <Bob Moskowitz> And Linux
[13:28:55] <Jen Linkova_web_394> I'd call it 'Windows-Free" rather then...Because Linux, Android and iPhones can connect
[13:28:56] Alissa Cooper_web_951 leaves the room
[13:29:00] Alissa Cooper_web_751 joins the room
[13:29:22] <Alexandre Petrescu_web_791> " Devices do not have IPv4. So it's v6-only." - we drive away, but let me then enhance my acronym: IPv6-only-and-end-to-end.
[13:30:19] <Alexandre Petrescu_web_791> "I'd call it 'Windows-Free" rather then...Because Linux, Android and iPhones can connect" - fair enough.  ButWindows is the onlyone among those who could actually turn off IPv4.  All the others cant.
[13:30:26] <Rich Salz_web_227> I do not understand why you are insisting it's not possible.  Jen said her home network does it, and the fact that you could not connect to IETF-v6only doesn't mean that it does not exist.
[13:30:33] <Bob Moskowitz> The whole IPv6-only "experiment" at the IETF was to learn how the IPv6 server deployment was progressing based on friendly user experiences.
[13:30:47] <Joey Salazar_web_931> had a network hiccup, did Jerome talk about the requirements section?
[13:30:50] <Jen Linkova_web_394> I said my *corporate* network has it ;)
[13:31:00] <Rich Salz_web_227> :)
[13:31:12] <Joey Salazar_web_931> particularly referring to req 8:
REQ8  Identify a secure mechanism for the device to notify the
         network prior to updating update the MAC address.
[13:31:33] Mathieu Cunche_web_331 leaves the room
[13:31:37] Mathieu Cunche_web_579 joins the room
[13:32:25] <Alexandre Petrescu_web_791> "I do not understand why you are insisting it's not possible. " - I am not.  I have a feeling, a supposition.  That feeling is about reliance on IPv4 when we try to design a RCM-related solution.  The only way to find out is to set upa testbed that exposes the RCM problem and eliminate IPv4 from it and see whether that RCM-related problem is still there.  If not, then we're fine.
[13:32:42] <Carlos Bernardos_web_296> I've just noted a typo on the cover of the slides. It should say "draft-zuniga-madinas-mac-address-randomization". Sorry about that
[13:33:46] <Rich Salz_web_227> I am positive that some of the devices connecting to IETF-IPv6only did RCM.  IETF people tend to do that kind of thing.
[13:34:07] <Jen Linkova_web_394> Alexandre: I might be missing smth, but I haven't noticed any IPv4 dependencies - or maybe I got distracted and missed the slide?? As I've said - 802.1x is IP-agnostic. The host is either authenticated and can send Ipv4, Ipv6, IPv10 - whatever. Or it's not and then nothing is allowed.
[13:34:30] <Alexandre Petrescu_web_791> "IETF-IPv6only did RCM. " - it's good to know, but was IPv4 turned off?
[13:34:30] <Jen Linkova_web_394> Rich: I guess my phone shall be doing this
[13:34:52] <Rich Salz_web_227> Alexandre: it's in the NAME.  IPv6only.  Sheesh.
[13:34:54] <Steven Hartley_web_601> Should we note just update to Android-12 since it is available? They have randomization for AP now by default since 11 I believe.
[13:35:34] <Steven Hartley_web_601> RCM is now a CDD requirement (Android compliance requirement)
[13:35:42] <Alexandre Petrescu_web_791> "Alexandre: it's in the NAME. IPv6only. Sheesh." - Sheesh?  I can call  myself Rich and I wont be Rich for that matter.  If the AP was a linux then IPv4 was not turned off.  Turning off IPv4 means to extract the IPv4 stack out of it.
[13:35:45] Phillip Hallam-Baker_web_713 leaves the room
[13:36:17] Mathieu Cunche_web_579 leaves the room
[13:36:21] Mathieu Cunche_web_464 joins the room
[13:36:41] <Rich Salz_web_227> So now you do not trust that the IETF NOCC folks did what they were claiming.  Got it.
[13:37:00] <Alexandre Petrescu_web_791> "So now you do not trust that the IETF NOCC folks did what they were claiming. Got it." - I trust NOCC people.
[13:37:19] Mathieu Cunche_web_464 leaves the room
[13:37:23] Mathieu Cunche_web_966 joins the room
[13:37:39] <Rich Salz_web_227> So you trust the NOCC people. But you don't think ietf-v6only was, in fact, only IPv6 ?
[13:37:49] <Jen Linkova_web_394> Alexandre: there was no DHCP, no end-to-end IPv4 connectivity, hosts do not send IPv4 traffic ex. for unanswered DHCP discovers. So I'm not sure what kind of IPv4 dependencies you think there were.
[13:37:53] Mathieu Cunche_web_966 leaves the room
[13:37:57] Mathieu Cunche_web_708 joins the room
[13:38:22] <Alexandre Petrescu_web_791> "So you trust the NOCC people. But you don't think ietf-v6only was, in fact, only IPv6 ?" - yes.  Being IPv6 only means to extract IPv4 stack out of it.  Windows can do that.  NAT64 is nont IPv6-only, it is IPv6 with some IPv4.  It's in the name.
[13:38:58] <Dave Thaler_web_837> Comment on draft-zuniga-madinas-mac-address-randomization: the rows in that table are not well defined in the draft.  Please add text explaining each row (you may be able to figure it out from text in the doc, but better to be explicit)
[13:39:22] <Jen Linkova_web_394> Alexandre: Ok, it's past midnight, I need coffee - but you've lost me here. what does NAT64 have to do with RCM and 802.1x?
[13:39:32] <Bob Moskowitz> Perhaps these tables should now be moved to the github?
[13:40:05] <Rich Salz_web_227> We stopped tawlking about NAT64.  We're talking about ietf-v6only.
[13:40:28] <Rich Salz_web_227> You admit to not having any experience with it. But you don't believe that the IETF NOCC did what it claimed to be doing.
[13:40:28] <Alexandre Petrescu_web_791> " So I'm not sure what kind of IPv4 dependencies you think there were." - we diverge and I would not like to be the one to carry the fault.  Thefocus is on RCM-related problem.  The IPv4 dependencies you ask could also be the DHCP discovers you mention, or simply many other aspects like 127.0.0.1.  Not sure how these could impact RCM-related problem, and only in practice could I find.
[13:40:50] Lixia Zhang_web_927 leaves the room
[13:40:51] <Jen Linkova_web_394> OK, I'm lost and confused and sleepy and probably not making any sense, so I'll shut up ;)
[13:41:00] <Rich Salz_web_227> It's not you, @Jen.
[13:41:02] <BEHCET SARIKAYA> Github idea is great!
[13:41:05] <Rich Salz_web_227> I mean not just you.
[13:41:07] Alissa Cooper_web_751 leaves the room
[13:41:16] <Alexandre Petrescu_web_791> Sorry, Jen, Rich.  You are right.
[13:42:46] <Rich Salz_web_227> It's very rare that someone admits being wrong at the IETF.  Thank you for that.
[13:44:30] Yoshiaki Kitaguchi_web_467 leaves the room
[13:44:40] <Carlos Bernardos_web_296> Very good feedback @mcr @dave @bob
[13:44:44] Alissa Cooper_web_467 joins the room
[13:44:59] Roland Bless_web_600 leaves the room
[13:45:10] Alissa Cooper_web_467 leaves the room
[13:45:14] Alissa Cooper_web_582 joins the room
[13:46:59] <David Oliver_web_278> Thanks to all here for both the presentations and comments.  This activity complements similar efforts going on in IP address privacy etc.
[13:47:05] <Alexandre Petrescu_web_791> thanks, bye
[13:47:05] BEHCET SARIKAYA leaves the room
[13:47:08] Dan Harkins_web_591 leaves the room
[13:47:11] David Oliver_web_278 leaves the room
[13:47:12] Christopher Inacio_web_897 leaves the room
[13:47:12] <Dave Thaler_web_837> The reason I wouldn't object to a historical snapshot in the doc, with a pointer to the latest, is that we do that for new IANA registry contents for example
[13:47:13] Geir Egeland_web_285 leaves the room
[13:47:13] <Mathieu Cunche_web_708> Bye
[13:47:14] Steven Hartley_web_601 leaves the room
[13:47:14] Peter Yee_web_185 leaves the room
[13:47:16] <Éric Vyncke_web_982> Thank you all
[13:47:16] <Bob Hinden_web_871> bye
[13:47:20] Paul Watrobski_web_357 leaves the room
[13:47:22] Kohei Isobe_web_252 leaves the room
[13:47:22] Prapanch Ramamoorthy_web_460 leaves the room
[13:47:25] <Massimiliano Pala_web_435> Thank you! Great presentations and lots of work ahead!
[13:47:27] Bob Hinden_web_871 leaves the room
[13:47:29] Tim Twell_web_117 leaves the room
[13:47:35] Andrew Campling_web_790 leaves the room
[13:47:35] Juliana Guerra_web_153 leaves the room
[13:47:37] <Bob Moskowitz> bye
[13:47:38] Bob Moskowitz leaves the room
[13:47:42] Alissa Cooper_web_582 leaves the room
[13:47:48] Paolo Volpato_web_697 leaves the room
[13:47:49] Robert Moskowitz_web_806 leaves the room
[13:47:49] Amelia Andersdotter_web_259 leaves the room
[13:47:51] Rich Salz_web_227 leaves the room
[13:47:51] Jen Linkova_web_394 leaves the room
[13:47:51] Luigi Iannone_web_945 leaves the room
[13:47:52] Yiu Lee_web_696 leaves the room
[13:47:52] <Éric Vyncke_web_982> Github could give the impression of being alive while it is not though (my only concern)
[13:47:53] Yoshifumi Atarashi_web_252 leaves the room
[13:47:56] Stuart Card_web_772 leaves the room
[13:47:56] Behcet Sarikaya_web_853 leaves the room
[13:47:57] Jean-Michel Combes_web_655 leaves the room
[13:47:57] Ole Trøan_web_426 leaves the room
[13:47:59] Jerome Henry_web_304 leaves the room
[13:48:01] Antoine Fressancourt_web_379 leaves the room
[13:48:06] Taiji Kimura_web_870 leaves the room
[13:48:07] Carlos Bernardos_web_296 leaves the room
[13:48:08] Michael B_web_884 leaves the room
[13:48:12] Mohit Sethi_web_385 leaves the room
[13:48:15] Wei Pan_web_730 leaves the room
[13:48:16] Mohamed Boucadair_web_313 leaves the room
[13:48:19] Luther Smith_web_296 leaves the room
[13:48:24] Adam Wiethuechter_web_748 leaves the room
[13:48:53] Joey Salazar_web_931 leaves the room
[13:48:54] Juan-Carlos Zúñiga_web_473 leaves the room
[13:49:06] Éric Vyncke_web_982 leaves the room
[13:49:09] Rebecca Guthrie_web_844 leaves the room
[13:49:15] <Dave Thaler_web_837> So I'd be fine with any of:
a) snapshot in document saying it may be out of date
b) snapshot in doc with pointer to latest
c) no snapshot in doc, just a pointer to latest
[13:49:34] Mathieu Cunche_web_708 leaves the room
[13:49:34] <Dave Thaler_web_837> we have examples of all three of those in other contexts
[13:49:47] Kelley Burgin_web_581 leaves the room
[13:50:20] Valery Smyslov_web_299 leaves the room
[13:50:49] Oliver Borchert_web_142 joins the room
[13:50:57] John Preuß Mattsson_web_515 leaves the room
[13:51:41] Peter Koch_web_612 leaves the room
[13:51:46] Dave Thaler_web_837 leaves the room
[13:51:46] Mark McFadden_web_101 leaves the room
[13:51:46] Philip Eardley_web_616 leaves the room
[13:51:46] Michael Richardson_web_262 leaves the room
[13:51:46] Robert Wilton_web_435 leaves the room
[13:51:46] Massimiliano Pala_web_435 leaves the room
[13:51:46] Andrew S_web_434 leaves the room
[13:51:46] Luis Contreras_web_976 leaves the room
[13:51:46] Glenn Parsons_web_631 leaves the room
[13:51:46] Paolo Saviano_web_494 leaves the room
[13:51:46] Shuping Peng_web_161 leaves the room
[13:51:46] Oliver Borchert_web_142 leaves the room
[13:51:46] Alexandre Petrescu_web_791 leaves the room
[13:57:57] Meetecho leaves the room
[14:02:52] alexamirante leaves the room
[14:27:25] mcr leaves the room