[12:36:00] --- asonalker has joined
[12:52:27] --- iljitsch has joined
[12:54:56] --- rloomans has joined
[13:10:27] --- shinta has joined
[13:12:57] --- yone has joined
[13:16:31] --- rloomans has left
[13:18:04] --- shinta has left
[13:18:08] --- yone has left
[13:19:30] --- bew has joined
[13:20:00] --- ben@www.links.org has joined
[13:20:57] --- stefans has joined
[13:22:56] --- cat has joined
[13:28:24] --- Jelte has joined
[13:29:57] --- bew has left
[13:30:03] --- Jelte has left: Logged out
[13:30:46] --- Jelte has joined
[13:33:19] --- smb has joined
[13:34:41] --- jeffa has joined
[13:39:56] --- touch has joined
[13:41:41] --- rloomans has joined
[13:45:07] --- bewo has joined
[13:46:29] --- bewo has left
[13:47:18] --- wgriffin has joined
[13:49:17] <touch> Is there a jabber scribe for this meeting?
[13:50:44] <jeffa> ... ? there doesn't seem to be one
[13:50:50] --- kazuya has joined
[13:51:37] <Jelte> if there is, he or she is not doing very well
[13:51:42] <jeffa> if you have any questions (remotely) let us know
[13:51:56] --- kazuya has left
[13:52:29] <cat> "Let's toast to the asynchronous deployment of IPV6"
[13:54:44] <smb> that's for Thursday night....
[13:55:38] <cat> It's the case for the -vast- number of places, really.
[13:55:39] <iljitsch> I disagree with what Steve is saying here. With web certificates you don't have to go to the registrar to get one, why would that be necessary here with routing??
[13:56:03] <cat> iljitsch - in order to have a verifiable chain of "trust"
[13:56:50] <iljitsch> why would this have to be different for routing than it is for domains?
[13:57:07] --- nov has joined
[13:57:10] <ben@www.links.org> it isn't, if you don't want your upstream to certify he allocated to you
[13:57:35] <ben@www.links.org> if you do, then you need a cert from him (or someone authorised to issue one)
[13:58:09] <ben@www.links.org> smb: just emailed you comments on your MD5 draft
[13:58:20] <touch> Wondering what item you're on ...
[13:58:22] <cat> ... but if you want the relationships and implications associated with having 'legitimate' space, then you have to have the chain.
[13:58:35] <smb> ben: yes, I already replied...
[13:58:46] <Jelte> wasn't there a rule that the address space in your certificate must be a subset of the certificate signers cert?
[13:58:49] <ben@www.links.org> yikes :-)
[13:59:03] <iljitsch> I would rather have a choice of several organizations that verify whether certain people are authorized to use certain addresses. We may not need this capability in practice if ICANN/IANA/RIRs do their work right but that's not something I'm willing to assume.
[13:59:06] <ben@www.links.org> yes, there is (I'm told, I haven't read the docs)
[13:59:17] --- wgriffin has left
[13:59:35] <Jelte> so wouldnt that enforce the relationship?
[13:59:53] <iljitsch> j.jansen: ?
[14:00:40] <Jelte> (13:56:50) iljitsch: why would this have to be different for routing than it is for domains? (13:57:10) ben@www.links.org: it isn't, if you don't want your upstream to certify he allocated to you
[14:00:40] --- miaofy has joined
[14:00:54] <jeffa> (slide: "Basic Model" from Certificate Repository Structure draft)
[14:01:45] --- weiler has joined
[14:01:46] <cat> jelte - domains are a very flat space when compared to IP space.
[14:02:39] <iljitsch> What I'm worried about is the bureaucratic nature of ICANN and the LIRs. I don't care much about following the chain all the way to the end, if some organization that I know works well says it's good I'm willing to trust that if that means I won't have to wait 8 months for a policy change if something goes wrong.
[14:02:41] <Jelte> yes, but web certs are not based on the dns hierarchy
[14:03:40] <Jelte> i think iljitsch question was why is that the case here, but i might be mistaken
[14:04:44] <iljitsch> RIRs do strange things, such as http://www.bgpexpert.com/article.php?id=80 or the fact that today, it looks like 173 million IPv4 addresses were given out last year while on jan 1st this was 165. This is simply not good bookkeeping.
[14:05:29] --- nov has left
[14:06:44] --- RussMundy has joined
[14:07:55] --- kazuya has joined
[14:09:59] <cat> jelte - these certs are about whether you have the delegated right to use the IP space, which is different from the aim of a web cert.
[14:10:11] --- kazuya has left
[14:10:33] <iljitsch> and what is the aim of a web cert?
[14:11:27] --- nov has joined
[14:12:01] <cat> Iljitsch - that the site you're connecting to matches to the certificate that you're being presented.
[14:13:16] --- ben@www.links.org has left: Disconnected
[14:14:18] <iljitsch> apart from what's obvious I don't see why there would have to be a difference between web and addresses/ASes.
[14:14:51] <cat> Humour me - what are you considering the obvious differences.
[14:15:03] <iljitsch> bgp vs http...
[14:15:51] <cat> "defined protocols"
[14:15:59] --- SuzanneW has joined
[14:16:28] --- mjo has joined
[14:17:11] <iljitsch> the rooting of dns names is identical to that of address space, so there is no inherent difference between the two so if for domains it's useful to separate the authentication hierarchy from the allocation hierarchy, then why not for addresses?
[14:19:11] <cat> Do you mean from an administrative or a functional perspective?
[14:19:53] <weiler> what portions of tonight's pkix mtg are the relevant ones?
[14:20:31] <weiler> 2nd hour, it looks like?
[14:22:20] --- ben@www.links.org has joined
[14:22:43] --- touch has left
[14:30:17] <cat> We're on draft-bonica-tcp-auth-04.txt ?
[14:31:31] --- touch has joined
[14:32:07] <iljitsch> I think so, yes
[14:32:09] <jeffa> yes
[14:32:40] --- weiler has left
[14:33:41] --- weiler has joined
[14:39:16] --- Jelte has left: Replaced by new connection
[14:40:31] --- touch has left
[14:47:06] --- Jelte has joined
[14:53:20] --- jeffa has left
[14:53:42] --- SuzanneW has left
[14:53:55] --- ggm has joined
[14:54:23] --- cat has left: Logged out
[14:55:03] <Jelte> (offtopic) do we have an smtp server for the local network here?
[14:55:15] <Jelte> can't seem to find it on the ietf66 site
[15:02:05] --- iljitsch has left
[15:02:10] --- smb has left: Logged out
[15:02:11] --- Jelte has left
[15:02:15] --- miaofy has left
[15:02:18] --- nov has left
[15:02:24] --- weiler has left
[15:02:30] --- mjo has left
[15:03:01] --- RussMundy has left: Logged out
[15:03:22] --- ggm has left
[15:11:16] --- asonalker has left
[15:20:57] --- stefans has left
[15:21:40] --- iljitsch has joined
[15:21:41] <iljitsch> test
[15:22:19] --- iljitsch has left
[15:32:14] --- rloomans has left
[15:33:30] --- rloomans has joined
[15:38:26] --- rloomans has left
[15:38:35] --- rloomans has joined
[16:09:04] --- stefans has joined
[16:32:41] --- stefans has left
[16:49:12] --- rloomans has left
[16:49:34] --- rloomans has joined
[16:59:42] --- miaofy has joined
[17:01:08] --- miaofy has left
[17:02:36] --- rloomans has left
[17:02:47] --- rloomans has joined
[17:09:13] --- ben@www.links.org has left: Disconnected
[17:33:23] --- rloomans has left
[18:10:13] --- rloomans has joined
[19:00:30] --- LOGGING STARTED
[19:11:17] --- rloomans has joined
[20:40:02] --- rloomans has left
[22:57:31] --- rloomans has joined
[22:58:09] --- rloomans has left