IETF
sidr
sidr@jabber.ietf.org
Monday, November 10, 2014< ^ >
Dan York has set the subject to: SIDR at IETF 90
Room Configuration
Room Occupants

GMT+0
[18:24:04] dseomn joins the room
[18:29:58] dseomn leaves the room
[18:30:41] david joins the room
[18:32:48] david leaves the room
[18:33:02] dseomn joins the room
[18:40:06] mikemlb joins the room
[18:40:12] Sean Turner joins the room
[18:50:46] jayb@jabber.org joins the room
[18:55:45] slm joins the room
[18:56:40] dseomn leaves the room
[18:58:49] Steve Kent joins the room
[18:59:05] Wes George joins the room
[18:59:10] Michael Baer joins the room
[18:59:16] Tony Tauber joins the room
[18:59:27] Steve Kent leaves the room
[19:00:08] Dan York joins the room
[19:00:26] Tony Tauber leaves the room
[19:00:53] Tony Tauber joins the room
[19:01:18] Steve Kent joins the room
[19:02:11] akatlas joins the room
[19:02:54] Tony Tauber leaves the room
[19:03:15] Carlos Martinez joins the room
[19:03:25] <Carlos Martinez> hello all
[19:03:31] <Carlos Martinez> i'll be your jabber scribe today
[19:03:34] <Carlos Martinez> now agenda bashing
[19:03:41] <Carlos Martinez> now wg draft status
[19:03:44] Tony Tauber joins the room
[19:05:16] Tony Tauber leaves the room
[19:05:50] <Carlos Martinez> 24 RFCs, 1 since last meeting
[19:05:56] <Carlos Martinez> 1 draft in RFC ed queue
[19:06:05] <Carlos Martinez> 1 in IESG processing
[19:06:09] <Dan York> Thank you Carlos...   I'm not remote but monitoring from another room.
[19:06:22] <Carlos Martinez> you're welcome Dan :D
[19:06:45] Michael Baer leaves the room
[19:06:46] <Carlos Martinez> Sandy reminds us that on Fr there will be a joing meeting with IDR
[19:07:07] <Carlos Martinez> Now on to Matt Lepinski
[19:07:14] <Carlos Martinez> BGPsec protocol
[19:07:38] <Carlos Martinez> draft-sidr-bgpsec-protocol
[19:07:54] <Carlos Martinez> - essentially done waiting for idr comments
[19:07:55] Simon Romano joins the room
[19:08:01] Michael Baer joins the room
[19:08:07] <Carlos Martinez> - revision -10
[19:08:26] <Carlos Martinez> OV now cmopletely deocupled
[19:08:37] <Carlos Martinez> normative changes to the validation alg
[19:08:59] <Carlos Martinez> wes george on the mic
[19:09:15] <Carlos Martinez> how to deal with potential race conditions
[19:09:51] <Carlos Martinez> agreement on the need of operational guidance
[19:09:56] <Carlos Martinez> but not on this draft
[19:10:04] Rob Austein joins the room
[19:10:20] <Carlos Martinez> sandy, there is an ops bgpsec document
[19:10:39] <Carlos Martinez> now on to slide 3
[19:10:48] <Carlos Martinez> ups, back to -2
[19:10:54] Michael Baer leaves the room
[19:11:03] <Carlos Martinez> reference to as-migration added
[19:11:24] <Carlos Martinez> now to slide 3
[19:11:25] Michael Baer joins the room
[19:11:27] <Carlos Martinez> open issues
[19:11:38] <Carlos Martinez> editorial in nature
[19:11:44] <Carlos Martinez> text cleanup needed
[19:11:52] russ joins the room
[19:11:58] <Carlos Martinez> bgspsec_path sufficiently described ?
[19:13:27] <Carlos Martinez> open question whether the existing text is enough to describe the expected behavior
[19:13:37] <Carlos Martinez> now on to slide -4
[19:13:42] <Carlos Martinez> next steps
[19:13:46] <Carlos Martinez> joint idr meeting
[19:13:55] <Carlos Martinez> editiorial revisions coming in the next two weeks
[19:14:08] <Carlos Martinez> hoping for -11 version to go on through wglc
[19:14:31] <slm> even more than is bgpsec-path well described - it is whether the text is clear about where and when you extract the as-path from the bgspec-path
[19:14:32] <Carlos Martinez> unless feedback from idr needs some going back
[19:14:54] <Carlos Martinez> sriam on the mic
[19:15:08] <Carlos Martinez> editioral comments where sent, matt will include them in -11
[19:15:39] <Carlos Martinez> slm, do you want me to go relay that to the mic ?
[19:16:36] jpc joins the room
[19:17:17] <Carlos Martinez> siram, when you describe negotiation process, and there are two algorithms,
[19:17:26] <Carlos Martinez> matt, we don't agree on algorithms, we agree to do bgpsec
[19:17:59] <Carlos Martinez> if one is capable of alg1 and the other end of alg1 and alg2
[19:18:16] <slm> carlos: no, i was saying what I thought the coments in the room meant
[19:18:32] <Carlos Martinez> ok
[19:19:24] <Carlos Martinez> siram still on the mic, comments that text should more carefully describe how to process bgp messages signed with an algorithm not supported by the processing router
[19:19:33] <Carlos Martinez> thanks for the clarification @slm
[19:20:06] Simon Romano leaves the room
[19:20:13] <Carlos Martinez> matt, it is expected that algs will be supported for quite some time, in order to give peers the time to switch algs
[19:20:45] <Carlos Martinez> now rob austein on the mic
[19:20:51] Simon Romano joins the room
[19:21:00] <Carlos Martinez> there is no alg negotiation here
[19:21:16] <Carlos Martinez> not understanding an alg is equivalent to unsigned
[19:21:19] <Carlos Martinez> agreed long ago
[19:21:37] <Sean Turner> +1 to what Rob said
[19:21:45] <Carlos Martinez> matt, good discussion to take to the list
[19:21:54] Simon Romano leaves the room
[19:22:08] <Carlos Martinez> matt, thanks for your comments sriam
[19:22:21] <Carlos Martinez> that's the end of matt's presentation
[19:22:32] <Carlos Martinez> now on to john curran's Considerations on RPKI overclaiming
[19:22:58] <Carlos Martinez> slide 1
[19:23:04] <Carlos Martinez> CA operations
[19:23:33] <Carlos Martinez> need to shrink certificates, sometimes (transfers)
[19:24:26] <Carlos Martinez> issues arirse if the CAs are not coordinated with the subordinated CAs
[19:24:28] <Carlos Martinez> next slide
[19:24:35] <Carlos Martinez> Overclaiming Certificates
[19:25:00] <Carlos Martinez> 3779 and 6487 define a validation process that would make an overclaiming cert invalid
[19:26:08] <Carlos Martinez> routes may be declared invalid
[19:26:10] <Carlos Martinez> next slide
[19:26:18] <Carlos Martinez> How common are overclaiming certs ?
[19:26:33] <Carlos Martinez> ietf 90 reports suggest this is still uncommon
[19:27:42] <Carlos Martinez> next slide
[19:27:44] <Carlos Martinez> Risks
[19:28:10] <Carlos Martinez> overclaiming close to the root could create invalidated roas for a big portion of the internet
[19:28:35] <Carlos Martinez> while on partial deployment this might just mean going from valid to unknown
[19:28:40] <Carlos Martinez> but in the future may go to invalid
[19:28:40] <Steve Kent> yes RPKI is supposed to be make before break. also see te detailed descriptiob of how to effect a transfer in the TAO draft
[19:29:05] <Carlos Martinez> this risks could impact confidence in the system
[19:29:35] <Carlos Martinez> next slide
[19:29:38] <Carlos Martinez> Next steps ?
[19:29:53] <Carlos Martinez> evaluate current ca operational procedures for managing transfers in rpki
[19:30:14] <Carlos Martinez> develop a standard procedure for cert managment during resource transfer
[19:30:26] <Carlos Martinez> review the need to alter the rpki validation process along the lines of the validation process
[19:30:30] <Steve Kent> confidence also may be impacted by a lack of a mechanism to deal with revocation errors/attacks, but nobody seems to want to address thah topic
[19:31:21] <Carlos Martinez> current validation algorithm is punitive
[19:31:37] <Carlos Martinez> other resources get penalized other than the ones being overclaimed
[19:32:15] <Carlos Martinez> we are doubling down on fragility if we keep different resources on the same cert
[19:32:21] <Carlos Martinez> rudiger volk on the mic
[19:32:39] <Carlos Martinez> make before break, sure, absolutely required
[19:32:52] <Carlos Martinez> we better design this so we can fully rely on it
[19:33:08] Michael Baer leaves the room
[19:33:48] <Carlos Martinez> do i have an actual reference about how the transfers ca procedures are ?
[19:33:52] Mike Baer joins the room
[19:34:17] <Carlos Martinez> how can we discuss this if rirs won't contribute this info to the weg
[19:34:21] <Carlos Martinez> *wg
[19:34:47] <Carlos Martinez> john, it is not just the rirs, but downstreams isps as well
[19:35:02] <Carlos Martinez> wes george on the mic
[19:35:52] <Carlos Martinez> useful to identify places where we need to be prescriptive where things can break
[19:36:14] <Carlos Martinez> there has to be consistency among the rirs,
[19:36:24] <Carlos Martinez> important to identify places
[19:36:35] <Carlos Martinez> sandy murphy on the mic, speaking as wg member
[19:37:09] <Carlos Martinez> actions pllaned vs actions not planed for ahead of time
[19:37:29] <Carlos Martinez> different solutions might apply to those cases
[19:38:05] <Carlos Martinez> ** please send your comments for the mic if you need me to go there
[19:38:13] <Carlos Martinez> still sandy murphy
[19:38:26] <Carlos Martinez> struck by the possibility of an rir overclaiming
[19:38:47] <Carlos Martinez> that'd only happen if you're parent shrinks
[19:39:10] <Carlos Martinez> john, right now that wouldn't happen, but could if there was a single root,
[19:39:13] paul joins the room
[19:39:24] <Carlos Martinez> sandy, i'd appreciate if there could be more discussion on the topic
[19:39:55] <Carlos Martinez> john, there are foreseen and unforeseen cases of overclaiming
[19:40:48] <Carlos Martinez> the admin unforeseen is the case worth more analysis
[19:41:23] <Carlos Martinez> hard to mitigate
[19:41:46] <Carlos Martinez> sandy, i disagree with the court case, but i agree that there are examples
[19:42:03] <Carlos Martinez> however my question remains, do we need a single solution to cover both ? can't we address them separately ?
[19:42:38] <Carlos Martinez> john, we can chose to press ahead with the current alg, just don't be surprised with the outcomes
[19:42:44] <Carlos Martinez> tim bruijnzeels on the mic
[19:43:16] <Carlos Martinez> at the end of the day, there are moving parts of the system, things can break
[19:43:26] <Carlos Martinez> validation-reconsidered address some of them
[19:44:02] <Carlos Martinez> asked to the list specifically what is wrong about validation-reconsidered ? what is wrong about accepting remainding resources
[19:44:15] <Carlos Martinez> the response was that would lead to sloppy ca's
[19:45:03] <Carlos Martinez> however, if you allow validation-reconsidered you increase resiliency but you open the possibility of the root punching holes in the certs
[19:45:30] <Carlos Martinez> you would be able to punch a hole for a /24 surgically, effectively removing it, not a good thing to have in my opinion
[19:45:41] <Carlos Martinez> but you would increase resiliency
[19:45:46] <Carlos Martinez> (name lost) now on the mic
[19:46:00] <Carlos Martinez> jeff ??
[19:46:12] <akatlas> Jeff Haas
[19:46:19] <Carlos Martinez> tks!
[19:46:22] John Scudder joins the room
[19:46:44] <Carlos Martinez> sandy, i was asking for a description of the circumstances, because i think it would be impossible
[19:47:15] <Carlos Martinez> i think it is not possible for an rir to have an overclaiming cert
[19:47:20] <Carlos Martinez> john, it is possible for an isp
[19:47:54] <Carlos Martinez> not today for an rir
[19:48:01] <Carlos Martinez> rob austein on the mic
[19:48:07] <Carlos Martinez> design of the up - down protocol
[19:48:26] <Carlos Martinez> tried to work the implications of resource changes
[19:48:33] <Carlos Martinez> when you have a shrink you have to revoke
[19:48:50] <Carlos Martinez> let say we have a 3 level deep tree
[19:49:47] <Carlos Martinez> // rob describes an example of resource shrink
[19:50:17] <Carlos Martinez> the design assumption we had is that there is an out of band comm between the parties before the actual shrinks occur
[19:50:36] <Carlos Martinez> the multi level scenario is scary, pushes me to the validation reconsidered d
[19:51:05] <Carlos Martinez> sandy coming to the mic
[19:51:31] JoeHallCDT joins the room
[19:51:43] <Carlos Martinez> // another examle, alice bob and carol
[19:51:50] <Carlos Martinez> alice going to shrink bob's
[19:53:10] John Scudder leaves the room
[19:53:24] <Carlos Martinez> comments on ripe's database model of authority
[19:53:34] <Carlos Martinez> rob on the mic
[19:53:48] <Carlos Martinez> confused about sandy
[19:53:53] <Carlos Martinez> sandy's example
[19:54:14] <Carlos Martinez> sandy again
[19:54:42] <Carlos Martinez> issues with obtaining keys and proof of posession of said keys
[19:54:52] <Carlos Martinez> john
[19:55:03] <Carlos Martinez> there could be mitigation steps to apply to this scenario
[19:55:49] <Carlos Martinez> chris, differences between planed vs unplanned
[19:55:52] <Carlos Martinez> tim b. at thie mic
[19:56:09] <Carlos Martinez> there are foreseen circumstances where resources are reclaimed
[19:56:37] <Carlos Martinez> you ask your parent regularly what your resources are
[19:56:41] <Carlos Martinez> fairly frequently
[19:57:14] <Carlos Martinez> end of the mic line
[19:57:15] John Scudder joins the room
[19:57:27] <Carlos Martinez> now on to Tim B.'s RRDP protocol
[19:57:39] <Carlos Martinez> slide 1
[19:57:44] <Carlos Martinez> rsync discussions
[19:58:02] <Carlos Martinez> sorry, that is slide 2
[19:58:26] <Carlos Martinez> rsync discussions have happened repeatedly on the wg
[19:58:29] <Carlos Martinez> slide 3
[19:58:35] <Carlos Martinez> concept - the notification file
[19:58:46] <Carlos Martinez> pub serers publish a notification file with several fields
[19:58:54] <Carlos Martinez> small and cheap to fetch
[19:59:14] <Carlos Martinez> RPs fetch NF and can make different decisions
[19:59:19] <Carlos Martinez> slide 4
[19:59:26] <Carlos Martinez> Snapshot File
[19:59:38] <Carlos Martinez> a SF contains all objects in the repository at some point in time
[19:59:46] <Carlos Martinez> unique and immutable for a given session
[19:59:57] <Carlos Martinez> can be aggresively cached by cdns
[20:00:14] <Carlos Martinez> format based on pub proto draft
[20:00:28] <Carlos Martinez> slide 5
[20:00:30] <Carlos Martinez> delta file
[20:00:46] <Carlos Martinez> delta file contains all objects added or reomeved at some unique point in time
[20:00:59] <Carlos Martinez> slide 6
[20:01:02] Samuel Weiler joins the room
[20:01:05] <Carlos Martinez> how does an RP learn about this
[20:01:15] <Carlos Martinez> sharon goldberg on the mic
[20:01:22] <Carlos Martinez> is it the entire repository ?
[20:01:29] <Carlos Martinez> we'll get to that (tim)
[20:01:33] <Carlos Martinez> slide 6,
[20:01:39] <Carlos Martinez> SIA pointnter with the niew OIED
[20:01:51] <Carlos Martinez> *OID
[20:02:25] <Carlos Martinez> slide 7
[20:02:30] <Carlos Martinez> typical dialogue
[20:02:39] <Carlos Martinez> RP has no data
[20:03:10] <Carlos Martinez> slide 8
[20:03:13] <Carlos Martinez> typical dialogue
[20:03:17] <Carlos Martinez> Server has updates
[20:03:17] <Steve Kent> ask Tim to speak up
[20:03:28] <Carlos Martinez> // done,
[20:03:38] <Steve Kent> thanks
[20:03:40] <Carlos Martinez> slide 9
[20:03:46] <Carlos Martinez> server has no updates
[20:03:58] <Carlos Martinez> slide 10
[20:04:02] <Carlos Martinez> Path discovery
[20:07:18] <Carlos Martinez> potential way forward to separate validation from fetching
[20:07:20] <Carlos Martinez> slide 11
[20:07:22] <Carlos Martinez> next steps
[20:07:29] <Carlos Martinez> proof of concept works
[20:07:41] <Carlos Martinez> implement production grade code in pub servar and rp software
[20:07:59] <Carlos Martinez> add pointers to a real prod repository so that we can do real world measurements
[20:08:02] <Carlos Martinez> update draft
[20:09:02] <Carlos Martinez> open the mic line
[20:09:04] <Carlos Martinez> wes george
[20:09:11] <Carlos Martinez> given the problem with rsync
[20:09:24] <Carlos Martinez> why don't you think we could do this now ?
[20:09:32] <Carlos Martinez> tim, just being careful
[20:09:58] <Carlos Martinez> rob austein
[20:10:41] <Carlos Martinez> general semantics similar to zone transfers
[20:10:52] <Carlos Martinez> conceptually similar, details different
[20:11:01] <Carlos Martinez> just a new application of understood technology
[20:11:03] <Carlos Martinez> wes george
[20:11:10] <Carlos Martinez> clarifying,
[20:11:24] <Carlos Martinez> this would be a dramatic improvement on what we have today
[20:11:39] <Carlos Martinez> matt,
[20:11:44] <Carlos Martinez> i like this approach
[20:11:49] <Carlos Martinez> where is this document ?
[20:11:56] <Carlos Martinez> tim, the document is outdated
[20:12:09] <Carlos Martinez> is there, never asked for wg adoption
[20:12:32] <Carlos Martinez> matt, this is imporant work, just want to make sure the doc is there
[20:12:36] <Carlos Martinez> tim, the doc needs updating
[20:12:53] <Carlos Martinez> andy newton
[20:13:04] <Carlos Martinez> why don't we just ask for wg adoption of this work ?
[20:13:24] <Carlos Martinez> question about the notification file
[20:13:50] <Rob Austein> Current schema work in progress: http://subvert-rpki.hactrn.net/branches/tk705/schemas/relaxng/rrdp.rnc
[20:14:00] Meetecho joins the room
[20:14:58] <Carlos Martinez> there are some outstanding issues with handling deltas (size, etc.)
[20:15:13] <Carlos Martinez> tim, still work needed on optimization
[20:15:22] <Carlos Martinez> rob austein
[20:15:26] <Carlos Martinez> quick answer for andy
[20:15:47] <Carlos Martinez> expiring deltas interesting question
[20:16:03] <slm> this might be the draft:
[20:16:04] <Carlos Martinez> doing it the dns way would be my first institinct
[20:16:04] <slm> https://tools.ietf.org/html/draft-tbruijnzeels-sidr-delta-protocol-02
[20:16:43] <Carlos Martinez> wes george
[20:17:18] <Carlos Martinez> perhaps the way to deal with deltas, identify inflection point where it becomes cheaper to fetch the whole snapshot
[20:17:29] <Carlos Martinez> tim,
[20:17:42] <Carlos Martinez> we can keep stats, how often people ask for deltas
[20:17:48] <Carlos Martinez> terry manderson
[20:17:51] <Carlos Martinez> good work
[20:18:12] <Carlos Martinez> has there been any security reviews on the publisehd files ?
[20:18:15] <Carlos Martinez> tim, not yet
[20:18:32] <Carlos Martinez> we have object security
[20:18:37] <Carlos Martinez> rob
[20:18:52] <Carlos Martinez> what are the added benefits of adding new security measures
[20:18:54] <Carlos Martinez> tim
[20:19:15] <Carlos Martinez> notification file fetch over https, contains hashes of other objects
[20:19:26] <Carlos Martinez> tim, no clear solution for that yet
[20:19:35] <Carlos Martinez> terry
[20:19:51] <Carlos Martinez> consider main in the middle attacks
[20:20:00] John Scudder leaves the room
[20:20:11] <Carlos Martinez> notification file has no cms protection
[20:20:30] <Carlos Martinez> jeff haas
[20:20:51] <Carlos Martinez> the notification file needs some integrity check
[20:21:08] <Carlos Martinez> i would strongly suggest that we look at mechanism that do not interfere with cdn caching
[20:21:11] <Carlos Martinez> rob austein
[20:21:22] <Carlos Martinez> about terry, i don't think https helps here
[20:21:47] <Carlos Martinez> we would probably need to go deep into actual threats and what we want to do
[20:22:38] <Carlos Martinez> tim, ok to think about this, but no need to solve just now
[20:22:41] <Carlos Martinez> andy newton at the mic
[20:22:48] <Carlos Martinez> i agree with terry about https
[20:23:06] <Carlos Martinez> need to encrypt
[20:23:25] <Carlos Martinez> matt l. on the mic
[20:23:54] <Carlos Martinez> if anyone is putting anything on a distributed repository and is concerned about the world knowing about it, then we have a problem
[20:24:10] <Carlos Martinez> this is a database that is intended to be public, no privacy issues
[20:24:16] <Carlos Martinez> sandy
[20:24:27] <Carlos Martinez> ghostbusters record, previous discussion
[20:24:37] <Carlos Martinez> andy newton
[20:24:51] <Carlos Martinez> ghostbusters would not pass review
[20:24:53] <Carlos Martinez> sandy,
[20:25:02] <Carlos Martinez> vcard profile would not allow anything elese
[20:25:27] <Carlos Martinez> alia atlas on the mic
[20:26:01] <Carlos Martinez> chris morrow
[20:26:11] <Carlos Martinez> there is a lot of wording dealing with caching
[20:27:23] <Carlos Martinez> tim,
[20:27:34] <Carlos Martinez> not seeing a lot of issues right now, with the current size we can make it work
[20:27:52] <Carlos Martinez> on caching, i think it's important that the semantics of the protocol allow it, doesn't mean you have to do it
[20:27:56] <Carlos Martinez> wes hardaker on the mic
[20:28:07] <Carlos Martinez> it's not our job to describe the best way to do caching
[20:28:12] <Carlos Martinez> there are files that cannot be cached
[20:28:35] <Carlos Martinez> rob austein
[20:28:39] <Carlos Martinez> on the caching thing
[20:28:57] <Carlos Martinez> if we fail to communicate that is a critical design factor
[20:29:08] <Carlos Martinez> rsync hard to provide caching
[20:30:28] <Carlos Martinez> now on to Sharon Goldber's
[20:30:40] <Carlos Martinez> Proposal for signaling consent for whacked rpki objects
[20:30:50] <Carlos Martinez> // slides should now be available
[20:31:03] <Carlos Martinez> proposal similar to suspenders
[20:31:10] <Carlos Martinez> no i-d
[20:31:32] <Carlos Martinez> if people find this interesting, can do i-d together
[20:31:38] <Carlos Martinez> three changes
[20:31:42] <Carlos Martinez> - manifest format
[20:31:47] <Carlos Martinez> - new files
[20:31:56] <Carlos Martinez> slide: structure of the RPKI
[20:32:40] <Carlos Martinez> slide: how relying parties sync to the RPKI
[20:33:27] <Carlos Martinez> slide: rpki authorities can unilaterally whack roas
[20:34:21] <Carlos Martinez> next slide
[20:34:26] <Carlos Martinez> (same title)
[20:35:06] <Carlos Martinez> slide: ip prefix takedowns by whacking roas ?
[20:36:01] <Carlos Martinez> we think something should be done here
[20:36:42] <Carlos Martinez> george michaelson
[20:36:47] <Carlos Martinez> unfortunate sentence
[20:37:05] <Carlos Martinez> (about apnic, cut off by projector)
[20:38:06] John Scudder joins the room
[20:38:28] <John Scudder> // Carlos stepping out, your guest Jabber scribe here.
[20:38:49] <John Scudder> // I'm not gonna try to transcribe as carefully as Carlos has been, but can relay comments to the mic.
[20:39:31] <John Scudder> George defending the honor of APNIC
[20:40:01] <John Scudder> General concurrence that APNIC is not evil.
[20:41:17] <Carlos Martinez> // Carlos back
[20:41:30] <Carlos Martinez> introducing .dead objects
[20:42:42] <Carlos Martinez> .dead object convey //consent// in revokation
[20:43:51] <Carlos Martinez> whenever you need to revoke something, you need a .dead file signaling consent
[20:44:12] <Carlos Martinez> daniel rovachevsky on the mic
[20:44:18] <Carlos Martinez> *andrei sorry
[20:44:40] <Carlos Martinez> terry manderson
[20:45:10] <Carlos Martinez> when an affected party would consent to be revoked ?
[20:45:25] <Carlos Martinez> sharon
[20:45:33] <Carlos Martinez> that is what we designed for
[20:45:46] <Carlos Martinez> that that does not mean is the right thing to do
[20:46:04] <Carlos Martinez> sharon going back to the example
[20:46:57] <Carlos Martinez> wes hardaker
[20:47:10] serrhini mohammed joins the room
[20:47:12] <Carlos Martinez> if you have alarms go off, do you have mechanisms to deal with it
[20:47:21] <Carlos Martinez> // looong mic line
[20:47:26] <Carlos Martinez> // coming up
[20:47:52] <Carlos Martinez> sharon,
[20:48:00] <Carlos Martinez> you get 'suspicious' certifactes
[20:48:22] <Carlos Martinez> wes
[20:48:31] <Carlos Martinez> do you expect routers to make decisions based on this ?
[20:48:38] <Carlos Martinez> or is this aimed at humans ?
[20:48:44] <Carlos Martinez> sharon,
[20:48:51] <Carlos Martinez> don't have an answer for that question
[20:49:08] <Carlos Martinez> if you see something suspicious, we could just keep previous state
[20:49:17] <Carlos Martinez> matt lepinski
[20:49:25] <Carlos Martinez> this is a great paper, on your last question
[20:49:38] <Carlos Martinez> the right answer would be to fall back to the previous known-good state
[20:50:10] <Carlos Martinez> there are really good ideas in this papers, there is a problem here to be solved
[20:50:40] <Carlos Martinez> we are providing a way for ripe to signal the world that they are complying with a court order
[20:50:47] <Carlos Martinez> the rest of the world can decide what to do
[20:50:56] <Carlos Martinez> jeff haas
[20:51:08] <Carlos Martinez> is the dead object a mandatory feature ?
[20:51:24] JoeHallCDT leaves the room
[20:52:06] <Carlos Martinez> could this be manipulated into tricking rps on using previous, stale state ?
[20:52:50] <Carlos Martinez> tim B., on the mic
[20:53:04] <Carlos Martinez> sadly consent is sometimes optional
[20:53:23] <Carlos Martinez> is not all about court attacks
[20:53:50] <Carlos Martinez> this is putting a lot of the burden of proof on us
[20:54:07] <Carlos Martinez> the actual court order was to freeze and not to revoke
[20:54:50] <Carlos Martinez> sharon,
[20:54:55] <Carlos Martinez> mechanism can be flexible
[20:55:04] <Carlos Martinez> john scudder
[20:55:28] Meetecho leaves the room
[20:55:39] <Carlos Martinez> how can a new participant fall back to previous state ?
[20:55:40] <Carlos Martinez> sharon,
[20:55:45] <Carlos Martinez> no you can't
[20:55:54] <Samuel Weiler> Sharon: please speak up.
[20:56:07] <Carlos Martinez> // done
[20:56:19] <Carlos Martinez> slide 13
[20:56:30] <Carlos Martinez> alarms between syncs
[20:57:46] Meetecho joins the room
[20:57:53] <Carlos Martinez> slide 15
[20:58:01] <Carlos Martinez> catching alarms between syncs
[20:59:11] <Carlos Martinez> slide 16
[20:59:30] <Carlos Martinez> hash chaining for changelog authenticity proof
[21:00:06] <Carlos Martinez> slide 17
[21:00:08] raju dugyala joins the room
[21:00:22] jpc joins the room
[21:00:45] jpc leaves the room
[21:01:29] Simon Romano joins the room
[21:01:41] <Carlos Martinez> doug ??
[21:01:45] <Carlos Martinez> on the mic
[21:01:59] <Rob Austein> doug montgomery nist
[21:02:16] <Carlos Martinez> you have thousand of alarms
[21:02:19] <Carlos Martinez> // tks rob
[21:02:37] raju dugyala leaves the room
[21:03:56] <Carlos Martinez> jeff haas
[21:04:09] <Carlos Martinez> useful to know that something happened
[21:04:20] <Carlos Martinez> however most users only care about last consistent state
[21:04:34] <Carlos Martinez> consider cases when failures happen
[21:04:45] <Carlos Martinez> rudiger volk
[21:05:37] <Carlos Martinez> if i'm a rp, how can i determine who is guilty of revoking and prove it to others ?
[21:05:43] <Carlos Martinez> doug montgomery again
[21:05:51] <Carlos Martinez> tailored to rare events
[21:06:55] <Carlos Martinez> commenting about cleanup of address space
[21:07:26] <Carlos Martinez> doug
[21:07:42] <Carlos Martinez> andrei again
[21:10:22] <Carlos Martinez> doug montgomery again
[21:10:44] <Carlos Martinez> there are some forced revokation of resources people could agree are reasonable
[21:12:02] <Carlos Martinez> sharon, this puts the burden of proof on the revoker
[21:12:37] <Carlos Martinez> chris morrow
[21:13:08] <Carlos Martinez> tim b.,
[21:13:27] <Carlos Martinez> about consent, there are reasons why we take those resources
[21:13:54] <Carlos Martinez> how does this scale ?
[21:15:08] <Carlos Martinez> matt lepinski
[21:15:56] <Carlos Martinez> preventing child porn or movie uploading was never a design goal
[21:16:11] <Carlos Martinez> we shouldn't be helping people use the rpki for this
[21:16:19] <Carlos Martinez> rudiger volk
[21:16:41] <Carlos Martinez> we are getting transparency here
[21:19:39] <Carlos Martinez> slide 19
[21:19:51] <Carlos Martinez> inconsistent views of the rpki
[21:20:23] <Carlos Martinez> slide 21
[21:21:15] Dan York leaves the room
[21:22:12] <Carlos Martinez> slide 24
[21:22:21] <Carlos Martinez> comparing with suspenders
[21:23:41] <Carlos Martinez> slide 25
[21:24:15] John Scudder leaves the room
[21:25:02] <Carlos Martinez> slide 27
[21:25:12] <Carlos Martinez> end of slide deck
[21:25:15] <Carlos Martinez> wes george
[21:26:25] <Carlos Martinez> liabilities around the additional knobs that are being created
[21:26:47] <Carlos Martinez> sandy murphy
[21:27:11] <Carlos Martinez> matt's suggestion, on original design goals
[21:27:17] <Carlos Martinez> enforce allocation structure
[21:28:07] <Carlos Martinez> rirs can revoke resources, but have no enforcement tools
[21:28:43] <Carlos Martinez> rpki would make that possible, but, in society in general, when there is enforcement structure, this could be also used in ways society believe are not good
[21:29:02] Simon Romano leaves the room
[21:29:05] <Carlos Martinez> the person who has the allocation in your proposal has the power to say they don't agree
[21:29:29] <Carlos Martinez> maybe isps can hold the keys, then power then swing all back
[21:29:43] <Carlos Martinez> the decision on where authority lies is not a technical one
[21:30:07] <Carlos Martinez> wes hardaker
[21:30:15] <Carlos Martinez> thanks for bringing this to the group
[21:32:13] <Carlos Martinez> discussion on requirements on holding keys
[21:32:48] <Carlos Martinez> david mandelberg
[21:32:54] akatlas leaves the room
[21:33:14] <Carlos Martinez> dead object outside the rpki
[21:33:18] <Carlos Martinez> doug montgomery
[21:34:01] Wes George leaves the room
[21:34:20] <Carlos Martinez> that is it for today
[21:34:25] Rob Austein leaves the room
[21:34:26] <Carlos Martinez> thank you all
[21:34:26] Sean Turner leaves the room
[21:34:33] Carlos Martinez leaves the room
[21:34:44] Steve Kent leaves the room
[21:36:01] paul leaves the room
[21:36:25] Meetecho leaves the room
[21:38:20] slm leaves the room
[21:38:20] Mike Baer leaves the room
[21:38:40] serrhini mohammed leaves the room
[21:44:45] russ leaves the room
[21:46:24] Carlos Martinez joins the room
[21:47:06] jayb@jabber.org leaves the room: offline
[21:47:28] Samuel Weiler leaves the room
[21:48:07] Carlos Martinez leaves the room
[21:54:15] Carlos Martinez joins the room
[22:00:47] Carlos Martinez leaves the room
[22:00:55] Carlos Martinez joins the room
[22:05:20] Carlos Martinez leaves the room
[22:09:22] Carlos Martinez joins the room
[22:14:22] Carlos Martinez leaves the room
[22:16:20] Carlos Martinez joins the room
[22:18:22] Carlos Martinez leaves the room
[22:19:55] Carlos Martinez joins the room
[22:25:52] Carlos Martinez leaves the room
[22:26:59] Carlos Martinez joins the room
[22:28:48] Carlos Martinez leaves the room
[22:31:31] Carlos Martinez joins the room
[22:33:18] John Scudder joins the room
[22:33:19] Carlos Martinez leaves the room
[22:33:25] Carlos Martinez joins the room
[22:35:31] Sean Turner joins the room
[22:35:35] Sean Turner leaves the room
[22:45:12] Carlos Martinez leaves the room
[22:46:45] John Scudder leaves the room
[22:47:04] mikemlb leaves the room
[22:51:53] jpc leaves the room
[23:06:32] Dan York joins the room
[23:06:46] Dan York leaves the room
[23:06:57] John Scudder joins the room
[23:09:15] John Scudder leaves the room
[23:17:00] slm joins the room
[23:22:02] Rob Austein joins the room
[23:45:05] slm leaves the room: Replaced by new connection
[23:45:05] slm joins the room
[23:48:58] Rob Austein leaves the room
[23:52:31] slm leaves the room: Replaced by new connection
[23:52:32] slm joins the room
[23:55:43] slm leaves the room
[23:55:51] slm joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!