[15:07:20] jennifergichure joins the room [15:10:29] jennifergichure leaves the room [15:59:22] ggm joins the room [15:59:52] jennifergichure joins the room [16:02:21] Abhay Roy joins the room [16:02:51] sm joins the room [16:06:35] jpc joins the room [16:07:42] Frederico Neves joins the room [16:08:09] Shane Amante joins the room [16:08:13] Shane Amante leaves the room [16:08:21] David Cooper joins the room [16:08:21] Shane Amante joins the room [16:08:36] Randy Bush joins the room [16:08:46] weiler joins the room [16:09:06] Warren Kumari joins the room [16:09:13] mlepinski joins the room [16:09:34] benno joins the room [16:10:11] who are the scribes? [16:10:28] cw-ietf joins the room [16:10:42] WesG joins the room [16:10:56] lellel joins the room [16:11:10] I beleive Randy is one [16:11:14] sam, you are in the room. [16:11:19] no i am jabberer [16:11:28] buckeyeskeeve joins the room [16:11:51] yes, randy, I am. I didn't see who volunteered for taking minutes. [16:11:58] so I asked here. [16:12:20] rgonzalez joins the room [16:13:22] bkuerbis joins the room [16:13:24] but, as you are in physical room, i am just saying i will not act as jabber relay for you [16:13:34] that's different. :-) [16:13:53] foobar joins the room [16:15:56] aalain joins the room [16:17:27] terrywang joins the room [16:18:37] Kotikalapudi Sriram is presenting his and Terry Manderson's wotk on Use Cases. [16:19:00] the audio streaming seems hosed. I get nothing [16:19:16] ndg joins the room [16:19:27] imiho, what he is actually presenting is validation algorithm details of pradosh's draft, not what we used to mean by use cases. [16:19:27] agree [16:19:31] it's down [16:21:43] Melinda joins the room [16:22:24] Geoff Huston joins the room [16:22:30] doug.mtview@gmail.com joins the room [16:25:03] As we have no audio, here are some of my initil notes: [16:25:03] ----+++++ Use cases for {Prefix, Origin} Validation. * Goals * Enumerate the situations for {p, o} validation * Do not make final recommendations on any RPKI interpretation at this point * We have included some comments on plausible RPKI recoomendations * Taxonomy * Use cases * (All options, convering ROA, no covering ROA,) * Use case 5 (example) * Covering ROA prefix not found. * Update has {240.1.1.0/24, Origin = AS65551} * Could be a hijack, could be a partil deployment. * Comment (Randy): This isn't really a use cases doc, this is what Predosh's doc was supposed to say. * C (Rudiger): Some of this is getting more confusing than it should be. What we actiually need is a definition of a ROA. [16:25:48] thanks, warren [16:27:53] weiyinxing joins the room [16:27:53] weiyinxing leaves the room: offline [16:27:53] weiyinxing joins the room [16:27:53] weiyinxing leaves the room: offline [16:29:55] ggm is about to present draft-ietf-sidr-roa-validation-05.txt [16:30:29] Karen O'Donoghue joins the room [16:31:55] * C: What I felt when I read in, e.g. section 7 is that is repeats things in other sections. * C: Randy - Actually, Predosh's doc covers all of this, and allows me to express in policy what I want, once agin, this is redundant. * C: Sam Wilder: The draft seems to have what we are looking for, this doc doesn't. ----+++++ draft-ietf-sidr-roa-validation * Purpose * Not a "how to implement" * Statement of what it means when you generate a ROA * *may* be applied in BGP * (Description of changes) [16:32:47] benno leaves the room [16:32:56] benno joins the room [16:32:58] WG last call equested [16:33:26] is audio fixed yet? [16:33:43] [ General note: I type really badly, appoligies if I am not capturing all of what people were saying ] [16:33:45] now steve kent on the CP [16:33:48] draft-ietf-sidr-cp-08.txt [16:36:09] Karen O'Donoghue leaves the room [16:37:05] weiyinxing joins the room [16:37:28] Karen O'Donoghue joins the room [16:37:55] roque joins the room [16:37:58] lea.roberts joins the room [16:43:17] ----+++++ RPKI Certificate Policy Status Update (Stephen Kent) * Review of replaceing "might", will, etc with MUST, SHOULD, MAY. * Normative words were not int his because it was not going to be an IETF doc. * Address other feeedback from Geoff Hustin. * The word "unuque" is probably not appropriate here. * Doc appears to preclude LIRs from distributing AS numbers, this seems inapprobpote. * It would begreat if the LIRs would respond to this. * (Geoff): This is currently happening in the real world. * (Steve): We want the folks actually doing this to state this. * Publication of certification information * Is a CA responsiable for publishing ALL certs, CRLs and RPKI signed objects, or can it be selective? * For this to be useful, the user needs all of the signed objects, so what signed thingies would the CA not want to publish? * Rudiger: What if I use this internally? * Rob: Yes, I agree, if this is internal, I could see why your would not want to publish. But, please be consitant, if the manifest says it should exist, it should. [16:45:43] { Are folks in the room finding this useful? Am I managing to capture what folks are saying? ] [16:46:00] you missed me and ruediger. :-) [16:46:04] anyone has notified the noc about the audio? [16:46:29] yes [16:46:39] on a number of public and backdoor channels [16:49:35] the information is very useful [16:50:44] Francisco Arias joins the room [16:51:26] Y'all talk to fast. Feel free to insert your somments here. [16:52:23] * Geoff: The maifest is an artifact of the publishing, not the signing. * Time of frequency of publication * Does not specify a CA's action regarding publication of expired and revoked caerts * CAs don't generally publish certs after the have expired. Only in non-repudiuation context does it make sense to publish expired / revoked certs. * Combined or sperarate * Do sections 3.2, 3.3 need to be separate? * There are some subtle differnces, unless people feel strongly, yes. * Section 3.4: * Does not have details of 3.2, should it refer to it? * 4.5.2: Relying party key and cert usage * How does a local TA management interact with the text" [Quote] * The RP is still responsiable for checking the status of the cert * Certificate modification * Why is the augmentation of a subjects INR treated differntly to reduction? * Adding resources does not require revocation. [17:04:04] audio stream in a minute. the hotel AV folk moved the mixer after 08:00 and neglected to bring the streaming server (a laptop) with it. [17:04:34] audio is back [17:14:40] Francisco Arias leaves the room [17:19:32] jpc leaves the room [17:22:07] Francisco Arias joins the room [17:22:22] benno leaves the room [17:22:31] benno joins the room [17:22:58] * Recap [ Showing what is signed, and the sig ] * Changed docso it is no longer possiable for a signed to specify that to sign. * Feedback, editing * List of corrections, clarifications form Steve. * Not much from other.s * Looking for co-authors. * Rudiger: I wasn't for this beomming a WG item, neverthless, can having predefined attribites be done without going into the use cases? * A: Yes, I think it can. * SKent: The decision for this is that you should only be able to sign stuff that can be varified, otherwise users will beleive whatever is signed. * A: As you can observe from the exmaple, we have passed that a bit, for example, we have the country and netname. Curretnly this is happening in the ROA draft -- currently I am signing stuff that is not in the cert (like who can announce). We can discuss this more. * C: Rudiger: I think that you really need to understnad the use case. I would see this as an opprotunity for resource holders to make whatever assertions they want, like putting in strings that ask folks to blackhole stuff. Without understanding the use case, I cannot fully evaluate this. [17:24:01] Francisco Arias leaves the room [17:25:52] slduan joins the room [17:28:26] Frederico Neves leaves the room [17:29:40] rgonzalez leaves the room [17:32:56] foobar leaves the room [17:35:29] ----+++++ draft-ietf-sidr-roa-format Matt Lepinski * These wnt through LC after last meeting. All address other than one * When the arch doc describes relationship between ROA and EE certs, it warns "please make before break". * Comment suggested that similar text be added to ROA-Format * Tried to write text. * Feedback was that the text was inapproproate. * Trying to get concensus as to if there should be text, or if we should jsut skip it. * C: Russ Hously: I think we should have non-normative text here, like in Security Considerations. * C: Rob Austein: I mostly agree, but, I care about that it should be easily seen! * C: Geoff: This is more a syntax doc, I am not sure if this should be here. This should be in another doc, like in the arch doc / validation doc. * Matt: I don't have a string feeling, Geoff and Rob said different things, so I still don't know what to do :-) * Sma Weiler: I thing that the text that you had was very gentle, I don't see what would be wrong with including it. * [ Strawman text ] [17:36:28] lea.roberts leaves the room [17:38:06] terrywang leaves the room [17:41:36] slduan leaves the room: Disconnected. [17:42:15] buckeyeskeeve leaves the room [17:44:25] terrywang joins the room [17:44:30] Frederico Neves joins the room [17:44:50] Frederico Neves leaves the room [17:53:32] foobar joins the room [17:55:02] benno leaves the room [17:55:10] benno joins the room [17:58:10] jpc joins the room [17:59:21] sftcd joins the room [18:08:29] weiler leaves the room [18:18:32] foobar leaves the room [18:18:39] Warren Kumari leaves the room [18:18:56] Karen O'Donoghue leaves the room [18:19:40] roque leaves the room [18:19:43] sftcd leaves the room [18:22:09] doug.mtview@gmail.com leaves the room [18:22:16] doug.mtview@gmail.com joins the room [18:24:34] Warren Kumari joins the room [18:24:37] lellel leaves the room [18:24:57] David Cooper leaves the room [18:25:34] Warren Kumari leaves the room [18:27:42] Warren Kumari joins the room [18:29:46] bkuerbis leaves the room [18:30:15] aalain leaves the room [18:30:36] mlepinski leaves the room [18:32:04] cw-ietf leaves the room [18:32:54] benno leaves the room [18:35:21] doug.mtview@gmail.com leaves the room [18:36:03] Shane Amante leaves the room [18:39:19] benno joins the room [18:39:39] Melinda leaves the room [18:39:52] Geoff Huston leaves the room [18:39:53] benno leaves the room [18:40:00] ggm leaves the room [18:41:05] Randy Bush leaves the room [18:41:38] Warren Kumari leaves the room [18:42:06] sm leaves the room [18:43:53] terrywang leaves the room [18:44:17] weiyinxing leaves the room: offline [18:46:09] ndg leaves the room [18:47:09] jennifergichure leaves the room [18:51:39] WesG leaves the room [18:52:57] Warren Kumari joins the room [18:54:47] Abhay Roy leaves the room: Disconnected. [18:57:45] Melinda joins the room [19:00:53] Warren Kumari leaves the room [19:03:05] Melinda leaves the room [19:15:41] Karen O'Donoghue joins the room [19:23:09] jpc leaves the room [19:26:54] jpc joins the room [19:57:48] doug.mtview@gmail.com joins the room [20:05:26] benno joins the room [20:05:29] doug.mtview@gmail.com leaves the room [20:06:55] Warren Kumari joins the room [20:07:40] ggm joins the room [20:08:36] Randy Bush joins the room [20:08:43] Randy Bush leaves the room [20:11:13] Geoff Huston joins the room [20:31:02] benno leaves the room [20:35:18] Abhay Roy joins the room [20:41:38] Abhay Roy leaves the room [20:49:19] Karen O'Donoghue leaves the room [21:02:30] Karen O'Donoghue joins the room [21:21:36] ggm leaves the room [21:22:19] ggm joins the room [21:34:05] jpc leaves the room: offline [21:41:14] Karen O'Donoghue leaves the room [21:56:15] Karen O'Donoghue joins the room [22:09:42] Geoff Huston leaves the room [22:10:20] Warren Kumari leaves the room [22:10:48] ggm leaves the room [22:12:35] Karen O'Donoghue leaves the room [22:24:52] ggm joins the room [22:28:27] Geoff Huston joins the room [23:01:24] Geoff Huston leaves the room [23:03:58] ggm leaves the room