[15:30:28] --- ggm has joined
[16:14:44] --- ted_s has joined
[16:18:10] --- Louie-IETF has joined
[16:18:30] --- dumdidum has joined
[16:20:47] --- vaf has joined
[16:22:13] <vaf> same steve kent prezo as at apricot
[16:22:26] --- Louie-IETF has left
[16:22:31] <vaf> useful if you haven't already seen it
[16:22:52] <ted_s> what was the outcome / receptiveness at apricot?
[16:23:00] <ted_s> operators that is
[16:23:15] <vaf> i don't recall hearing a lot of feedback. but that is typical at apricot (or so i am told... it was my first)
[16:23:54] <ggm> it is typical at apricot.
[16:23:59] --- jis has joined
[16:24:02] <ggm> but I would call the lukewarm interest significant
[16:24:45] <ted_s> lukewarm = significant?
[16:25:01] <vaf> i believe there was interest at apricot.
[16:25:49] --- LouBerger has joined
[16:26:34] --- LouBerger has left
[16:27:04] <ggm> its apricot. people aren't demonstrative.
[16:34:05] --- dmm has joined
[16:35:01] <dmm> re:reception of steve's talk at apricot -- not much reaction (even as adjusted for geography)
[16:36:58] <vaf> do you think that was because people don't understand the issue? or because of the chicken-and-egg problem in getting routing system authentication deployed? or because of something else?
[16:39:12] <dmm> a few reasons (IMO, of course): (i). People don't understand security (and as Ryan is fond of pointing out, if its not on fire you're not looking at it), and (ii). Geography
[16:39:14] <ted_s> does anyone know there are any high level diagrams / descriptions of the infrastructure that would be required to support an approach like this?
[16:40:04] <ted_s> RIRs treeing out to SPs requires some sort of comms to auth and validate sooner or later. correct?
[16:40:14] <ggm> correct
[16:40:28] <dmm> ted: yes
[16:40:37] <ggm> its possible its protocol free (or free protocol) eg rsync/http to get certs/crls.
[16:40:45] <ggm> many PKIX people like ldap. personally, I hateit
[16:41:37] --- vaf has left
[16:41:41] <ted_s> i'm not so concerned about the protocol or mech. used to do it as much as i am the OPEX and infrastructure (servers, etc) necessary to support
[16:41:45] <ggm> apnic's current cert store is ftp://ftp.apnic.net/pub/test-certs. its 9mb excluding revoked certs (but including the CRL)-thats all the top level assignments
[16:41:50] --- vaf has joined
[16:41:54] <ggm> (from our region)
[16:42:08] <ggm> I'd call that pretty low opex
[16:42:13] <ted_s> so would i
[16:42:16] <ted_s> agree
[16:42:33] <ggm> 5x for all RIR, then 10x for customers downstreams. I'd still call it pretty low opex, shared or distributed
[16:42:54] --- raeburn has joined
[16:49:54] --- mantakos has joined
[17:05:43] --- raeburn has left: Disconnected
[17:08:45] --- jis has left
[17:09:31] --- dmm has left
[17:13:34] <ggm> to capture here. good comment from sandy on possible problems if you are coming up with offline state and no local cache of certs, other corner cases
[17:14:10] --- mantakos has left
[17:15:55] --- vaf has left: Replaced by new connection
[17:17:39] --- ted_s has left
[17:19:02] --- ggm has left
[17:23:28] --- mantakos has joined
[17:30:51] --- dumdidum has left
[17:34:09] --- mantakos has left: Replaced by new connection
[17:40:57] --- onakayu has joined
[17:42:19] --- onakayu has left