[02:08:50] Dave Nelson joins the room
[02:09:02] Dave Nelson leaves the room
[07:48:30] Dave Nelson joins the room
[08:03:12] davemitton joins the room
[08:03:51] <Dave Nelson> Mornin', Dave.
[08:05:06] <davemitton> good morning... I presume you are not here?
[08:05:29] <Dave Nelson> Right, I'm at home.  -- its 4 AM!
[08:06:18] <davemitton> Then you might need some strong coffee
[08:06:39] <Dave Nelson> Are you going to be teh Jabber scribe?
[08:07:08] alan.dekok joins the room
[08:07:22] <Dave Nelson> Hi, Alan.
[08:07:38] <alan.dekok> Hi.   Weather here is wet and cool.
[08:07:58] <Dave Nelson> Weather here is dark.  :-)
[08:08:12] <alan.dekok> :)
[08:08:34] <davemitton> bernard is starting
[08:08:56] <davemitton> agenda bashing
[08:09:41] <davemitton> dave? are you getting audio?
[08:10:04] <Dave Nelson> Yes.  Ask Bernard to speak mor directly into the mic.
[08:11:29] venaas joins the room
[08:12:03] <Dave Nelson> Audio seems to be dropping out periodically.  Maybe the server is over-loaded?
[08:12:24] <davemitton> Glen is updating on his Extended Attrs draft
[08:14:38] <davemitton> Moving on to Design Guidelines
[08:15:35] Dan York joins the room
[08:15:43] Dan York leaves the room
[08:16:38] <Dave Nelson> Streaming audio feed seems to be buffered about 2 minutes behind the Jabber feed. :-(
[08:17:06] <davemitton> Alan is asking for comments on Design Guidelines,  draft 5 next
[08:18:04] <davemitton> Dave, I noticed last meeting that some times the audio would drop out and start over.   It may be a Windows media player thing, where its playing buffered instead of real-time.
[08:18:34] <Dave Nelson> Ah.  Is there a better player app to use?
[08:20:51] <davemitton> don't know, sigh... I forgot what I did, but if I detected a start over, I would either hit forward or restart the player. sorry
[08:22:07] <davemitton> Hannes (Dime) is commenting on some issues of extended attributes
[08:23:43] john.zhao joins the room
[08:23:50] <davemitton> Now Alan is discussing RADIUS over TCP
[08:27:00] <davemitton> slide 3, might need to define UDP packet counts for mibs
[08:28:25] Ralph Droms joins the room
[08:29:45] <davemitton> avi commented that some items here are not TCP specific and should be mentioned in the Design guidelines
[08:30:42] <davemitton> bernard discussing issues with tcp and malformed packets
[08:31:11] <davemitton> if packet is malformed, you have a stream sync issue,  Alan suggests break connection
[08:31:42] <Ralph Droms> ok, thanks...
[08:31:43] <davemitton> if packet has bad authenticator or secret, then probably want to disconnect, could be DOS attack
[08:36:10] <davemitton> slide 5, issues with dropped connections and potential duplicate requests
[08:38:27] <davemitton> given the problems, tcp is useful for frag reassembly, UDP doesn't always work
[08:39:27] <davemitton> bernard suggesting asking Transport area for advisor
[08:40:58] <davemitton> eap-tls causes frag issues
[08:42:42] <davemitton> Alan starting Status Server
[08:48:27] <davemitton> questions/comments?  Bernard at mike
[08:48:58] john.zhao leaves the room: Disconnected.
[08:49:39] <davemitton> possible use of seperate UDP source port to disambiguate response being explored
[08:49:45] john.zhao joins the room
[08:50:09] <davemitton> Is audio working?
[08:51:08] <Dave Nelson> Yes, but with consistent drop outs. Re-starting the WMP helps.
[08:56:58] <davemitton> discussion of semantics and recovery mechanisms
[08:58:13] <davemitton> glen suggests using COA mech to allow server to send I'm up message
[09:00:43] <davemitton> Alan agrees this might work, and he'll look into it
[09:00:58] <davemitton> Alan starting DTLS
[09:03:30] <davemitton> doc needs mandatory cyphers
[09:04:19] <davemitton> issue with shared secrets for cypher, same or different
[09:06:13] <davemitton> alan to add more discussion of this,  stephan mentions RadSec impact
[09:07:58] <davemitton> noted that the Radius MD5 inside of DTLS is not useful, unless a no-encrypt cypher was negotiated
[09:08:42] <davemitton> perhaps require encryption
[09:09:33] <davemitton> Bernard: the motivation was to move past MD5 so require encryption and mutual auth is good
[09:09:57] <davemitton> done
[09:10:25] <davemitton> Bernard to do Crypto agility
[09:11:53] behcet.sarikaya joins the room
[09:12:09] <davemitton> slide 3
[09:12:25] <davemitton> slide 4
[09:13:05] <davemitton> questions/comments?
[09:13:32] <davemitton> Dan asked if he has an item?
[09:13:58] <davemitton> Can we move the LC date back a week?  Bernard willing to keep open for comments
[09:15:00] <Dave Nelson> I loaded them to the Meeting Materials web site.
[09:15:44] <davemitton> Dave your slides are fine, we are missing Glens and Stephans RadSec
[09:15:58] <davemitton> RadSedc up
[09:15:58] <Dave Nelson> Glens slides, that is.
[09:16:04] <davemitton> ayup
[09:16:24] <Dave Nelson> I haven't seen the RADsec slides, though.
[09:16:31] <davemitton> draft-ietf-radext-radsec-00
[09:16:40] behcet.sarikaya leaves the room
[09:16:47] <davemitton> ayup - he's projecting them directly
[09:17:42] <davemitton> some testing, UDP frag problems,  TCP fixed that
[09:18:27] <davemitton> deployed on OpenWRT and another vendor for testing
[09:18:52] <davemitton> added ability to test roaming path
[09:19:03] <davemitton> being used in eduroam
[09:19:41] <davemitton> draft needs some editorial rewording,  would like comments
[09:20:06] <davemitton> actual example of two interoperable implementations
[09:20:50] <Dave Nelson> So, just to clarify -- I've uploaded Glen's slides on RADIUS Confidentiality to the Meeting Materials web site.  We'll need to get the RADsec slides for teh proceedings.
[09:20:57] <davemitton> yes
[09:22:28] <davemitton> stephan looking for 1st LC
[09:23:56] <davemitton> starting Glen's data confid
[09:25:32] <davemitton> new approach uses TLVs inside of attributes which allows optional components
[09:26:30] andrewfuller joins the room
[09:26:42] <davemitton> multiple TLVs inside an attributes are allowed, but not named 
[09:28:54] behcet.sarikaya joins the room
[09:29:55] <davemitton> the encrypted data can be an extended attribute group
[09:30:50] <davemitton> any set of attrs or the whole message can be encrypted
[09:30:58] <davemitton> last slide/ comments?
[09:31:13] <davemitton> Bernard asking for reading and comments to the list
[09:31:50] <davemitton> Bernard on Radius for IEEE 802, status then attributes
[09:32:06] behcet.sarikaya leaves the room
[09:33:19] behcet.sarikaya joins the room
[09:34:43] <davemitton> Dan commenting that WG agreement date doesn't allow for IESG review and final release to IEEE, looking at March
[09:36:06] <davemitton> in 802 attributes, slide 3
[09:38:36] <davemitton> discussion of exposure of MAC addresses
[09:39:07] <davemitton> slide 5
[09:41:35] <davemitton> slide 8
[09:41:46] <Dave Nelson> What is Access Level?
[09:42:01] <davemitton> It comes from new 802 work...
[09:42:12] <Dave Nelson> Is that some form of access control?
[09:42:26] <Dave Nelson> Does anyone there know the details?
[09:42:40] <davemitton> levels defined in 1x-Rev
[09:42:52] <davemitton> state list after after authentication
[09:43:00] <davemitton> can you hear?
[09:43:51] <Dave Nelson> Yep.
[09:44:28] <davemitton> joe concurs, but it's still under discussion
[09:46:39] <davemitton> Joe says .1x-rev has announcment capability
[09:48:30] <davemitton> questions?
[09:49:02] <davemitton> relook at EAP layer list
[09:49:33] <davemitton> Alper suggesting 3gpp2, others
[09:49:57] <davemitton> IPv6 next
[09:50:06] <davemitton> slides just sent
[09:51:41] mark.jones joins the room
[09:52:08] <davemitton> IPv6 Diameter/Radius Prefix Authorization
[09:52:56] mark.jones leaves the room
[09:53:11] Ralph Droms leaves the room
[09:53:12] behcet.sarikaya leaves the room
[09:54:12] <davemitton> RFC 4818 defines IPv6-Delegated-Prefix attr, missing lifetime and Certificate
[09:54:50] <davemitton> AAA client may have to deal with a large number of prefixes
[09:56:48] Ralph Droms joins the room
[10:00:12] <davemitton> Hannes: sounds like you may need a Dime application which will require a seperate application
[10:00:25] <davemitton> Glen (Avi) questioning need for application
[10:01:26] <davemitton> Hannes: explaining issues...
[10:02:55] <davemitton> Bernard asking for clarifications
[10:04:03] <davemitton> ?does the RADIUS server help the NAS form the RA
[10:04:47] <davemitton> Avi mentioning that this might be better integrated into Mobile-IP drafts  
[10:05:55] <davemitton> Avi pointed out that Diameter applications come with more overhead
[10:06:37] <davemitton> Glen concerned about what parties being authenticated and authorized... if no users....
[10:08:04] <davemitton> Ralph: check if Nemo draft active, ask to clarification about prefix
[10:09:14] <davemitton> Prefixes are for link between MN to NAS
[10:10:00] <davemitton> Bernard bringing up RFC 3162,  non-delegated prefixes
[10:10:57] <davemitton> Ralph agrees, 3162 is relevant reference
[10:12:44] <davemitton> Avi questions why we need more,  Bernard these may be distinct values
[10:13:10] <davemitton> If shorter,  what happens if expires
[10:14:18] <davemitton> Ralph: may be local policies that may want to announce via RADIUS
[10:15:12] Ralph Droms leaves the room
[10:15:57] <davemitton> Bernard indicates that you could send COA messages to change the lifetimes for each user
[10:16:35] <davemitton> starting DHCPv6 presentation
[10:17:59] Ralph Droms joins the room
[10:20:10] <davemitton> DHCP request to Rad server for DNS list
[10:21:40] <davemitton> WG item? DHCP group?
[10:23:43] behcet.sarikaya joins the room
[10:24:24] <Ralph Droms> yes.  question is whether this should be a radext WG work item or dhc WG.
[10:27:42] <davemitton> current questions about the deployment slide;  whats' in the AAA request?  what user and credentials are being authenticated?
[10:29:46] <davemitton> bernard - you're right this diagram doesn't make sense
[10:30:30] john.zhao leaves the room: Computer went to sleep
[10:32:28] venaas leaves the room
[10:32:41] andrewfuller leaves the room
[10:33:18] <davemitton> Glen suggests that we revise 3162 instead of creating a new document
[10:33:31] <davemitton> ..if all we need is one more attribute....
[10:34:36] <davemitton> Bernard suggests that we may want to take this up in the WG with inputs
[10:35:48] <davemitton> room hum passes
[10:36:03] <davemitton> another should address
[10:36:13] <davemitton> should not gets nothing
[10:37:26] <davemitton> Hum: Revision 3162  (vs new document)
[10:38:38] behcet.sarikaya leaves the room
[10:38:38] <davemitton> Revision passes
[10:39:26] <davemitton> adjorning
[10:39:37] <Dave Nelson> Thanks for scribing.
[10:39:39] <davemitton> Glen volunteered
[10:39:47] <Dave Nelson> The audio was a bit sketchy at times...
[10:39:48] <davemitton> for revision
[10:39:58] <davemitton> yeah, I know that...
[10:40:01] <davemitton> feeling
[10:40:13] Ralph Droms leaves the room
[10:40:54] Dave Nelson leaves the room
[10:42:55] davemitton leaves the room
[10:48:18] Ralph Droms joins the room
[10:49:41] Ralph Droms leaves the room
[11:02:48] john.zhao joins the room
[11:05:14] alan.dekok leaves the room
[11:33:00] john.zhao leaves the room: Replaced by new connection.
[11:33:01] john.zhao joins the room
[11:45:57] john.zhao leaves the room: Computer went to sleep
[11:50:46] john.zhao joins the room
[11:57:49] john.zhao leaves the room: Replaced by new connection.
[11:58:01] john.zhao joins the room
[12:01:46] john.zhao leaves the room