[00:02:44] Stefan Santesson joins the room
[00:53:07] jimsch joins the room
[00:55:13] Pete McCann joins the room
[00:56:47] <Stefan Santesson> I'm here supported by some strong coffee, Audio seems working
[00:57:37] <Stefan Santesson> Havent seen it
[00:58:09] David Cooper joins the room
[00:58:11] <Stefan Santesson> MIKE NOW: I have not received the slied
[00:58:17] <Stefan Santesson> slides
[00:58:54] <Stefan Santesson> David, did you send the 2560bis slides?
[00:59:53] <Stefan Santesson> They are perfect :)
[01:01:01] Melinda joins the room
[01:01:08] polk.tim joins the room
[01:01:44] <David Cooper> Stefan: I thought I sent you and Tim the slides last week (or the week before), but I just sent you another copy.
[01:02:12] Phillip joins the room
[01:03:35] <Stefan Santesson> send it to Steve
[01:03:44] <polk.tim> I just sent them to Steve.
[01:03:52] <Stefan Santesson> Great!
[01:04:09] <Stefan Santesson> On jabber though
[01:05:42] Phillip leaves the room
[01:06:08] spturner joins the room
[01:06:30] <spturner> audio good?
[01:06:34] <Stefan Santesson> Yes
[01:06:39] <spturner> great
[01:06:44] <Pete McCann> But we can't hear the comments from the peanut gallery.
[01:06:51] <Melinda> That's a feature
[01:08:05] PHB joins the room
[01:08:39] <spturner> thanks Melinda ;)
[01:09:04] <spturner> Yeah in this room there's only one mic.  We'll end up roaming it around the room.
[01:09:10] <spturner> Tim's on that mic now.
[01:10:10] <Stefan Santesson> Tim, keep some distance to the mike
[01:10:29] <Stefan Santesson> distorted sound
[01:11:27] <spturner> better?
[01:11:42] <Stefan Santesson> this is better
[01:11:46] <spturner> ack
[01:11:49] sftcd joins the room
[01:12:07] =JeffH joins the room
[01:12:20] <Stefan Santesson> not hate, I can live with it
[01:12:33] semery joins the room
[01:13:43] <Stefan Santesson> yes
[01:13:53] <spturner> I think we all just want it done
[01:13:58] <=JeffH> Stephen --- may I get agenda slot at end of this session to mention status of -tls-server-id-check I-D ?
[01:14:06] <=JeffH> (pls) :)
[01:14:30] <Stefan Santesson> relay to Steve some, he is not on jabber
[01:15:25] <=JeffH> yes, he's looking at the chat log
[01:15:30] <=JeffH> :)
[01:15:36] <Stefan Santesson> Great .. sorry steve
[01:15:38] <=JeffH> I meant "steve" 
[01:15:42] <=JeffH> in any case :)
[01:19:16] <Pete McCann> Have these slides been uploaded to meeting materials?
[01:19:44] <David Cooper> No, not yet.
[01:20:34] <Stefan Santesson> uploading now
[01:22:53] <Stefan Santesson> http://www.ietf.org/proceedings/79/slides/pkix-3.pdf
[01:23:03] <Pete McCann> got em, thanks.
[01:27:56] <David Cooper> The other issue is that there is no good error response for the server in the case of an unrecognized critical extension in a request.
[01:28:42] <polk.tim> I wondered about that!
[01:32:47] <Stefan Santesson> I lean towards that this is an unnecceesary update
[01:32:53] <PHB> mic I don't much care where it happens, but it should happen
[01:34:23] <PHB> _1 on tim's comment
[01:34:27] <PHB> +1 that is
[01:34:34] <Stefan Santesson> +1 as well
[01:35:50] <Stefan Santesson> Would you help doing it Jim?
[01:36:08] <jimsch> I am more than willing to do that - I should have it posted before the start of next week
[01:36:27] <Stefan Santesson> Then I have nothing against including it in the effort
[01:48:36] <Stefan Santesson> Shouldn't it be ARIN (-FOO)?
[01:49:15] <Stefan Santesson> Mike that question pls
[01:49:54] <Stefan Santesson> Meant "Mic"
[01:53:13] <Stefan Santesson> Just seems inconvenient to provide multipple paths to FOO resources
[01:54:14] <jimsch> But he says that the ARIN->FOO path is invalid
[01:55:16] <Stefan Santesson> That is not how I heard it
[01:55:50] <jimsch> That is what I was trying to get him to say yes or no and he said it was true.  Otherwise there is no reason to issue the FOO certificate.
[01:56:19] <PHB> I think this shows why not to build a system this way
[01:57:01] <PHB> It would be much simpler if we simply had a PKI that identified the NICs and they produced a signed XML file every 24 hours listing all their allocations.
[01:57:33] <jimsch> I am supprised because it means that you don't care about the acutal address in the EE certificate when doing path validation  just do and just do an intersection of the resources as you do the path build.  It says that if a certificate has a resoruce in it that is not a subset of its parent it is an invalid certificate
[01:57:42] <PHB> Then folk who are processing the information could write their management logic according to their requirements and this would not need to be mangled into PKIX logic
[01:58:39] <Stefan Santesson> second  this "That is what I was trying to get him to say yes or no and he said it was true.  Otherwise there is no reason to issue the FOO certificate."
[01:58:40] <PHB> This is like watching someone showing their chess playing program written in PERL using regular expressions
[01:59:15] <Stefan Santesson> If the ARIN - BAR actually constrains BAR from FOO then I also do not see the reason to reissue the FOO certificate
[01:59:54] <jimsch> His validation rule is that of FOO has a resource in it's certificate that is not in ARIN-BAR then the FOO certificate fails validation
[02:05:38] polk.tim leaves the room
[02:05:55] Pete McCann leaves the room
[02:06:25] PHB leaves the room
[02:07:30] sftcd leaves the room
[02:08:38] David Cooper leaves the room
[02:15:13] semery leaves the room
[02:18:10] Melinda leaves the room
[02:23:43] =JeffH leaves the room
[02:24:49] =JeffH joins the room
[02:24:55] =JeffH leaves the room
[02:27:32] jimsch leaves the room
[02:48:36] spturner leaves the room
[02:49:33] jimsch1 joins the room
[02:49:57] jimsch1 leaves the room
[02:50:57] weiber joins the room
[04:26:42] weiber leaves the room: offline
[07:50:16] Stefan Santesson leaves the room