[06:41:57] Aleksi Suhonen joins the room [06:55:50] martin joins the room [06:55:50] Aleksi Suhonen leaves the room [06:57:42] Daniel Åman joins the room [07:01:49] jariarkko joins the room [07:02:20] jlcjohn joins the room [07:04:19] zaheduzzaman joins the room [07:04:43] anyone else on audio? I'm just hearing the right channel, and lots of generated noise. could be just me, but the other rooms seem fine. [07:05:36] i dont hear anything atall [07:06:50] getting audio after reconnect [07:06:55] Einar Lönn joins the room [07:07:09] Lars joins the room [07:07:33] Ole Troan joins the room [07:07:47] I am remote. [07:07:50] me too [07:08:04] jinmei joins the room [07:08:22] zaheduzzaman: are you getting both stereo channels? I'm just getting right... [07:08:33] just right [07:08:34] is anyone remote NOT on the audio? because if you all are, i can scribe less :-) [07:08:38] Aleksi Suhonen joins the room [07:08:58] I have sent mail to mtd@ietf.org [07:09:06] yeah just right chan and with some noise [07:09:19] same here [07:09:43] lars: take it easy, at least I don't need much scribing (audio is fine) [07:09:44] bhoeneis joins the room [07:09:53] (except for the lack of left channel) [07:10:00] Ralph Droms joins the room [07:10:01] i reported it to the noc [07:10:13] (they have a jabber room at noc@jabber.ietf.org) [07:10:30] marc showing slide 2 [07:11:19] kawashimam joins the room [07:11:22] JYS3108090FC73CB24 joins the room [07:11:50] slides: http://www3.ietf.org/proceedings/75/agenda/mif.pdf [07:12:46] Desire joins the room [07:12:49] mrw@jabber.postel.org joins the room [07:13:15] JYS3108090FC73CB24 leaves the room [07:14:00] tsavo_work@jabber.org/Meebo joins the room [07:14:12] shouldn't mif be "backwards compatible" with a single interface scenario [07:14:40] and a mif host may have different number of interfaces at different times [07:14:47] ShirleyHuang joins the room [07:15:17] Which presentation is it please? [07:15:29] the PS presentation (from the proceedings page) [07:15:30] slides: http://www3.ietf.org/proceedings/75/agenda/mif.pdf [07:16:01] thanks [07:16:12] danwing joins the room [07:16:40] ASHIDA joins the room [07:16:48] so its not about multiple interfaces, its about multiple network domain [07:16:59] ? [07:18:22] who is talking? [07:19:25] georg tsirtis (sp?) i think [07:19:33] gabriel montenegro before that [07:20:50] can you pls tell them to pronounce their name before they take the mic [07:22:06] S736548CEF7F67 joins the room [07:22:26] hongyu@jabber.org joins the room [07:29:08] comment: I think it is crucial what is visible to IP. Some L2 schemes hide everything from IP, and I don't think that is a topic for MIF. However, it is possible that even if you see one virtual interface from IP perspective, IP sees multiple routers/prefixes that represent different domains. This would reveal some of the substructure of the virtual interface. [07:29:57] Will Ivancic joins the room [07:29:58] "a mif host is a host connected to multiple domains"? [07:30:01] by one way or nother [07:33:22] IMO: it should handle the case of one domain as well, since if a mif host is connected to a different number of domains at different times, so there will probably be a time when it's connected to just one [07:34:05] also, there will possibly be times when none of its interfaces work. should there be some special pre-defined error handling for that case? [07:34:38] tachibana@jabber.org joins the room [07:35:49] tachibana@jabber.org leaves the room [07:37:16] florin coras joins the room [07:39:01] two different DNS servers may even have the same address [07:39:51] (if you're connected to two different providers who give you the same NAT prefix and both of their default routers and name servers are 192.168.1.1) [07:40:27] tachibana@jabber.org joins the room [07:41:40] aleksi: true [07:43:09] lars, is it too early to talk about possible solutions to identifying different admin domains? [07:44:21] nordmark joins the room [07:45:57] florin coras leaves the room [07:46:09] Aleksi, we aren't chartered to specify solutions yet, but I don't think it is too early for people to start thinking and talking about solutions. [07:48:29] IMO: by default each "autoconfig blob" should be treated as a separate domain in "MIF host mode" (otherwise the host is in "normal host mode"), and maybe we should specify some new attribute to autoconfig methods (such as dhcpv4/v6 and icmpv6 ra) to identify admin domain, to enable combining two or more into one? [07:49:24] these new options should be purely optional [07:49:48] HeikkiMahkonen joins the room [07:50:39] It may be that in different network interfaces same "administrator" provides different information. We've seen same network operator serve different IP address for FQDN in network access 1 and different IP address in network access 2 [07:50:40] ~40 for, saw nobody contra [07:51:16] tsavo_work@jabber.org/Meebo: yes, the admin has that choice [07:51:50] so the comment about configuration blobs instead of administrative domains sounded good for me [07:51:56] the admin has the choice to call two different subnets separate admin domains [07:52:19] like "dmz", "visitor wlan", "engineering", ... [07:52:20] that just what I asked - what is adminstrative domain really:) (I'm Teemu Savolainen btw) [07:52:33] juampe.cerezo@gmail.com joins the room [07:52:47] but yeah, i agree [07:52:52] hi teemu! :) [07:53:01] juampe.cerezo@gmail.com leaves the room [07:53:11] jpc joins the room [07:53:17] hi:) [07:53:45] florin coras joins the room [07:56:09] sureshk joins the room [07:58:49] Ralph Droms leaves the room: Replaced by new connection [07:58:49] Ralph Droms joins the room [08:00:31] mrw@jabber.postel.org leaves the room [08:01:02] Ralph Droms leaves the room: Replaced by new connection [08:01:02] Ralph Droms joins the room [08:04:40] shamus joins the room [08:07:18] many stacks have that feature, but there are not user tools [08:07:29] jinmei leaves the room [08:07:32] jinmei joins the room [08:14:26] Ralph Droms leaves the room: Replaced by new connection [08:14:27] Ralph Droms joins the room [08:22:39] Lars: i agree that the application should be given the choice, but there should be a default for applications who don't care or who don't know [08:22:59] which, unfortunately, is most of the apps [08:23:46] (also, providing the app with the possibility of the choice will probably end up with a big and ugly API, but that's beside the point) [08:25:14] florin coras leaves the room [08:27:21] Daniel Åman leaves the room [08:30:43] jmgm joins the room [08:32:04] S736548CEF7F67 leaves the room [08:34:51] Lars leaves the room: Replaced by new connection [08:34:54] Lars joins the room [08:37:25] HeikkiMahkonen leaves the room [08:38:23] Brian Haberman joins the room [08:39:39] Brian Haberman leaves the room [08:43:00] the mobile interface, vpn interface and any other tunnel interfaces are still interfaces, even tho they are built over others [08:43:48] jinmei leaves the room [08:43:56] Will Ivancic leaves the room: Computer went to sleep [08:44:12] jinmei joins the room [08:44:29] Lars leaves the room: Replaced by new connection [08:44:32] Lars joins the room [08:46:53] an important note: the same application may at the same time be a provider and a consumer of this MIF host stuff, example: a VPN or Teredo daemon [08:49:00] rudiger volk speaking [08:53:52] jinmei leaves the room: Replaced by new connection [08:53:54] Aleksi: agree, same for DSMIP6 - which may use multiple-CoA and provide IPv4/IPv6 HoAs for MIF [08:55:53] "must not(?!?) prevent leakage"? [08:56:40] surely a typo? [08:56:47] hmm, looks like a typo ;) [08:58:15] my general feeling on this slide: s/must/SHOULD/ [08:59:05] bhoeneis leaves the room [08:59:28] IMHO the MIF should provide a solution that is at least somewhat comfortable for corporate VPN administrators [09:00:00] tony joins the room [09:00:08] yes [09:00:32] but it should be a bit more flexible than what this slide let's me believe [09:00:50] lets [09:01:18] Ralph Droms leaves the room: Replaced by new connection [09:01:19] Ralph Droms joins the room [09:01:29] so it should not be possible for anyone from unmanaged WLAN to inject data that overrides policies received over VPN (e.g. to point host use unamanged networks DNS servers instead of corporate's for sessions intented to be used over VPN) [09:05:35] Ralph Droms leaves the room [09:06:51] Ralph Droms joins the room [09:07:40] simon joins the room [09:08:11] Petri Jokela joins the room [09:08:47] margaret, (hello, are you here?) I'm writing a draft on an alternate address selection algorithm that also tries to take MIF issues into account as well as possible. I sent an early version of it to the MIF mailing list a bit over a month ago. Would this be a good time to ask if anyone present in the Large Stage has read it and would be willing to do lunch after the session, because I'm new at writing drafts and need feedback? [09:09:12] the pre-draft is available at: http://www.axu.tm/2009/draft-axu-addr-sel-00.html [09:09:59] jmgm leaves the room [09:10:28] Jan Melen joins the room [09:12:37] jinmei joins the room [09:15:23] trusting DNSSEC might create new potential security leaks/issues: if you find a hostname that is sort of confidential, but the public name service seems to have better DNSSEC coverage, you may end up asking confidential questions in public [09:15:47] hongyu@jabber.org leaves the room [09:16:42] shamus leaves the room [09:17:13] zaheduzzaman leaves the room [09:17:19] and conversely: suppose some resolver code has a buffer overflow bug that can be triggered by asking for a specific crafted name (yes, far fetched, but there may be easier and more probable cases too) the host may be tricked to ask for that name on an "internal" name server by something it received from "the outside" [09:18:33] Using pre-defined policy works in the corporate VPN + public access case where you have clearly two distinct administrative domains but how about in the general case where you have multiple almost equal interfaces? [09:20:33] that was a comment relating to how to select the interface from which you do the DNS queries [09:25:57] in the windows current practices document it says to try first DNS servers of the preferred interface [09:26:27] kawashimam leaves the room [09:26:28] tony leaves the room [09:26:36] martin leaves the room [09:27:44] Lars leaves the room [09:28:01] Jan Melen leaves the room [09:28:20] Einar Lönn leaves the room [09:28:52] ShirleyHuang leaves the room [09:29:14] tsavo_work@jabber.org/Meebo leaves the room [09:29:40] Ralph Droms leaves the room: Replaced by new connection [09:29:41] Ralph Droms joins the room [09:29:55] Petri Jokela leaves the room [09:30:34] sureshk leaves the room [09:33:55] Ole Troan leaves the room [09:34:43] jpc leaves the room [09:39:00] jinmei leaves the room [09:39:39] danwing leaves the room [09:39:49] danwing joins the room [09:40:12] danwing leaves the room [09:44:49] tachibana@jabber.org leaves the room [09:51:31] jariarkko leaves the room [10:01:29] Ralph Droms leaves the room [10:03:09] nordmark leaves the room [10:04:20] ShirleyHuang joins the room [10:16:44] Ole Troan joins the room [10:21:23] Ole Troan leaves the room [10:22:51] Ole Troan joins the room [10:37:37] simon leaves the room [10:39:40] Aleksi Suhonen leaves the room [10:42:58] ASHIDA leaves the room [10:46:47] jlcjohn leaves the room [10:53:55] nordmark joins the room [11:00:29] jinmei joins the room [11:00:41] Desire leaves the room [11:00:57] jinmei leaves the room [11:12:32] Ole Troan leaves the room [11:40:47] nordmark leaves the room [12:00:08] ShirleyHuang leaves the room [12:28:31] Will Ivancic joins the room [12:34:44] YGHONG-X300 joins the room [12:36:56] YGHONG-X300 leaves the room [13:00:55] Will Ivancic leaves the room: Computer went to sleep [13:42:31] jinmei joins the room [13:42:58] jinmei leaves the room [15:13:52] Will Ivancic joins the room [16:18:11] Will Ivancic leaves the room: Computer went to sleep [16:54:01] ASHIDA joins the room [16:55:02] ASHIDA leaves the room