stir - Monday, July 20, 2015

stir

stir@jabber.ietf.org

Monday, July 20, 2015< ^ >

Dan York 2 has set the subject to: STIR at IETF92

Room Configuration

Room Occupants

GMT+0
[12:53:58] DanYork joins the room
[13:08:26] DanYork leaves the room
[13:10:21] DanYork joins the room
[13:14:00] mahoney@nostrum.com joins the room
[13:17:23] resnick joins the room
[13:17:32] mahoney@nostrum.com leaves the room
[13:17:56] resnick will be jabber channeling. If you need something said at the microphone, please prefix it with “Mic:”
[13:18:03] Meetecho joins the room
[13:18:28] eburger joins the room
[13:18:38] mahoney@nostrum.com joins the room
[13:18:40] <eburger> Is Meetecho up? I’m getting a “DB error”
[13:19:19] <Meetecho> eburger: looking into that
[13:19:37] <eburger> thanks
[13:22:39] Sean Turner joins the room
[13:23:13] resnick will be jabber channeling. If you need something said at the microphone, please prefix it with “Mic:”
[13:24:56] cw-ietf joins the room
[13:27:54] <eburger> Is there really no way to get audio without Flash?
[13:28:44] <Meetecho> the mp3 stream should be up now
[13:29:15] <eburger> Got it (MP3) now. Listening to Martin now.
[13:30:39] Paul Kyzivat joins the room
[13:31:21] <Paul Kyzivat> Are others having trouble with meetecho? I get "DB error" when trying to connect to it.
[13:31:32] <eburger> yup
[13:31:48] <Meetecho> yes, we're tring to solve this, sorry about that
[13:31:50] <eburger> My ‘solution’:
[13:31:51] <eburger> Audio from:
http://ietf93streaming.dnsalias.net/ietf/ietf938.m3u
Slides from:
http://conf.meetecho.com/video/?s=karlin3&r=stir&c=8893039
And Jabber in:
xmpp:stir@jabber.ietf.org
[13:33:17] P M joins the room
[13:33:17] Paolo Saviano joins the room
[13:33:18] Paolo Saviano leaves the room
[13:33:28] Lorenzo Miniero joins the room
[13:33:49] Lorenzo Miniero leaves the room
[13:33:54] P M leaves the room
[13:34:30] P M joins the room
[13:35:32] Paolo Saviano joins the room
[13:35:33] P M leaves the room
[13:37:14] P M joins the room
[13:37:21] Andrew Gallant joins the room
[13:37:32] Paul Kyzivat_2215 joins the room
[13:37:43] Lorenzo Miniero joins the room
[13:38:00] <Meetecho> Meetecho should be back up
[13:38:07] <Meetecho> sorry, annoying server side issues
[13:39:21] Eric Burger joins the room
[13:39:57] <Paul Kyzivat_2215> yes. working now.
[13:40:14] Lorenzo Miniero leaves the room
[13:41:10] Natalie McNamer joins the room
[13:41:34] <Eric Burger> Who is calling? :-)
[13:41:43] eburger leaves the room
[13:45:18] <resnick> It should be a requirement that Identity-Extension header is itself signed, yes?
[13:52:59] <Eric Burger> If we sign enough headers, haven't we replicated S/MIME, but in headers instead of the body?
[13:53:13] Eric Burger leaves the room
[13:53:37] Eric Burger joins the room
[13:54:22] <resnick> Sure, but going this direction for the same reason that DKIM did AFAICT: You want entities that deal at the SIP message level to be able to do this.
[13:55:09] Thomas Stach joins the room
[13:55:42] <Eric Burger> Jon convinced me that Name is highly likely to be signed by someone other than who signs for the Number.
[13:55:47] <Eric Burger> :-))
[13:57:01] <resnick> (BTW: I’m on a crappy client such that I don’t see names, so if you would prefix with “Name - Mic:” if you want to be channeled, it would be much appreciated.)
[13:57:31] <Eric Burger> Eric - Mic: the difference is what we know versus a non-IETF implementor
[13:57:53] <Eric Burger> I'm sure the people who wrote the PATRIOT Act had no idea it would be used to spy on Americans, for example.
[13:58:13] <Eric Burger> Yes, the draft has a sentence about the service can be in the SIP UA.
[13:58:20] <Eric Burger> It then has paragraphs on a separate service.
[13:58:44] <Eric Burger> If you did not listen to this discussion (and who does), what would you think if you were an implementor?
[13:59:13] <resnick> In queue.
[14:00:00] ben joins the room
[14:00:21] <Eric Burger> I think we should explicitly describe the three major deployment models: In the SIP UAC, By the service provider (P-CSCF/SBC) or Enterprise (IP PBX), and a third-party service bureau (as Henning *just* said).
[14:00:27] Steve Olshansky joins the room
[14:00:52] Robin Wilton joins the room
[14:01:22] <Eric Burger> Yes, we agree (do the on the wire) specification.
[14:02:11] <Robin Wilton> @eric thanks - didn't mean to second-guess the meaning behind your comments, but happy to help if there are technical terms that need disambiguation...
[14:02:37] eburger joins the room
[14:02:54] <Robin Wilton> You're right that deployers need to have a clear mental model of how the "specifiers" are using particular terms
[14:03:34] <Eric Burger> thanks
[14:03:39] eburger leaves the room
[14:03:46] eburger joins the room
[14:03:49] <Robin Wilton> (and that in areas like this, "normal"-looking words may have very particular usages)
[14:03:55] eburger leaves the room
[14:10:05] <Eric Burger> If Skype delegates to you, Skype is on the hook. What's the problem?
[14:11:14] <Paul Kyzivat_2215> mic: for UAS to be able to authenticate, the cert and TNAuthList must be accessible to any UAS. Any plan to require that?
[14:12:35] <resnick> Who said that?
[14:12:51] <Paul Kyzivat_2215> It was me (Paul Kyzivat)
[14:13:18] <Robin Wilton> (Pete says his jabber client is too crappy to identify you, Paul, but it has been done ;^)
[14:13:41] Jonathan Lennox joins the room
[14:14:07] <resnick> I now know that e3h0... is eric and v3ub... is Paul. ;-)
[14:14:30] ben leaves the room
[14:14:56] <Eric Burger> Eric - mic: Even if we agree to the presentation today, and I will be the first to say that I may have *totally* misunderstood the Certs draft, but if someone with just half a clue can totally misunderstand the draft (and I don't think I did), then someone with a quarter clue will be totally lost.
[14:15:34] <Eric Burger> And, I agree with others, I still do not see the merits of knowing whether or not someone is authorized to sign for a number.
[14:15:49] <Eric Burger> :-)
[14:16:03] <Robin Wilton> hmmmm
[14:16:33] <Eric Burger> Eric - mic:Just because it was wrong before does not mean we have to keep doing the wrong thing.
[14:16:43] <Eric Burger> Sometimes we learn as we do.
[14:17:27] Steve Olshansky leaves the room
[14:18:06] <Eric Burger> Not having the number in the cert is 100% in 'compliance' with the STIR charter.
[14:18:10] ben joins the room
[14:18:37] <resnick> You don’t need that mic’ed, do you Eric?
[14:18:39] <Eric Burger> AT&T verifies the calling party is authorized to use a particular number. Done.
[14:18:52] <resnick> Is Martin in the room here?
[14:18:56] <Eric Burger> Take a hum to see if others on the chat want to do it.
[14:19:03] <resnick> :-b
[14:19:12] <Robin Wilton> @eric for clarity… do what?
[14:19:27] <Eric Burger> Have Pete channel my comment at the mic
[14:19:52] <Eric Burger> I suppose I do want to be channeled. I do not want to let the statement "The charter says we MUST have a cert mechanism to carry TNs". That is factually incorrect.
[14:19:54] <resnick> Wilco.
[14:20:22] <Eric Burger> ^let the statement^let the statement go unchallenged.
[14:20:34] <Paul Kyzivat_2215> mic: if I get a cert not from ATT, but from acme-telco.net signing a number, if I can't get evidence that it is entitiled to sign for the number, then why would I trust it?
[14:20:36] <resnick> Before I do Eric: Nobody is saying that the cert has to carry the TN AFAICT. Who did?
[14:21:21] <Eric Burger> The alternative in the draft is you poll at a transaction rate of 100,000 tps for a typical U.S. busy hour to ask someone else if the cert covers the TN.
[14:21:34] <Eric Burger> Not a realistic model.
[14:22:00] <Eric Burger> So it is not the issue of carrying the TN, but that anyone cares about the TN at all.
[14:22:11] <Eric Burger> (TN in the or covered by the cert. Of course, the whole point is validating the TN)
[14:24:11] <Eric Burger> That *someone* makes an attestation.
[14:24:24] <Eric Burger> On the list we go!
[14:24:35] <Paul Kyzivat_2215> Note that you mixed my comment with eric's.
[14:24:53] <Eric Burger> I was wondering where the Acme Telco came from :p:p
[14:24:54] <resnick> Shoot, sorry.
[14:25:34] <resnick> I made the room aware.
[14:25:49] <Eric Burger> (not for channeling) Did Jon just say that no one cares about the work group?
[14:26:14] <Paul Kyzivat_2215> mic: if the usage model becomes one of recipients trusting certain signers, then users will be forced to get their numbers from a widely trusted provider.
[14:27:08] <resnick> Paul, can that wait until after this slide?
[14:27:10] <Robin Wilton> @paul I agree: this seems to me to introduce the whole PKI "trust anchor" problem to a new domain and a *very* large number of devices (there are many more phones than PCs)
[14:27:47] <Paul Kyzivat_2215> My comment applied to prior discussion, but just fit in where it makes sense.
[14:28:17] <resnick> ack. Yelp if I don’t notice a good place.
[14:28:38] <Paul Kyzivat_2215> maybe when done with this slide.
[14:28:48] <resnick> ack
[14:29:25] Steve Olshansky joins the room
[14:31:41] <Eric Burger> If you did a good job, how come so many people are questioning what you were doing? I don't think we are ALL idiots...
[14:31:43] Sean Turner leaves the room
[14:31:57] <Eric Burger> Pete - don't bother.
[14:32:01] DanYork leaves the room
[14:32:10] <resnick> Ahem. Yeah. Can we turn down the tone in here a bit?
[14:33:07] <Eric Burger> :D
[14:33:43] <Eric Burger> [you = Jon; job = job specifying what the draft says]
[14:33:51] <Eric Burger> (just for the record)
[14:34:13] <resnick> Yeah, I think we got that.
[14:35:42] <Eric Burger> Eric - mic: since today all carriers know who is responsible for all numbers (globally), any reason not to just go with a whitelist?
[14:36:10] <resnick> That’s on the TNQuery open questions slide?
[14:36:31] <Eric Burger> I.e., no need to overload OCSP, just use the existing number assignment / distribution mechanisms.
[14:36:41] <Eric Burger> (no it's a new thought)
[14:37:04] <Eric Burger> (I know, take it to the list with text, but I'm interested to hear the moans or claps in the room)
[14:37:10] <resnick> I’ll let Folks finish this discussion then.
[14:37:17] <Eric Burger> good idea.
[14:40:54] <Eric Burger> Pete - makes sense to hold the thought until just after "Future Work: Subscriptions"
[14:42:13] <Eric Burger> OK - thanks, good to hear the moans.
[14:53:11] Thomas Stach leaves the room
[14:55:19] <Eric Burger> Thanks, Pete. I'm clearly a bad influence.
[14:56:14] <resnick> ;-)
[14:56:53] <Jonathan Lennox> I heard that as an "Anasni think". Presumably to prevent number spidering.
[14:56:59] <Jonathan Lennox> *Anansi
[14:57:48] Natalie McNamer leaves the room
[14:58:57] Jonathan Lennox leaves the room
[14:59:08] <Eric Burger> https://en.wikipedia.org/wiki/Anansi
[15:00:57] Steve Olshansky leaves the room
[15:01:24] <Eric Burger> And then we are back to the entity issuing the cert attesting they are authorized to issue the cert.
[15:01:42] <Eric Burger> In the real world, that is good enough because as Martin says, they can be punished.
[15:02:11] <Eric Burger> It also highlights why no one will care whether or not someone is allowed to sign for a particular TN, or block of TNs. Punishment is good enough.
[15:02:31] <Eric Burger> (Pete - you can channel, but not the Anansi reference)
[15:03:29] <Eric Burger> And then the Mafia goes to jail. Bad for a day, but then the problem gets fixed for at least 10 years.
[15:03:43] <Eric Burger> (10 years when they are in jail)
[15:05:27] Robin Wilton leaves the room
[15:07:01] mahoney@nostrum.com leaves the room
[15:07:03] mahoney@nostrum.com joins the room
[15:08:33] <resnick> Starting from where?
[15:08:46] <resnick> (Sorry, I was trying to follow the discussion.)
[15:09:08] Robin Wilton joins the room
[15:10:12] <Eric Burger> It's still relevant. [11:01
[15:10:13] <Eric Burger> ]
[15:10:17] <Eric Burger> if you have time stamps?
[15:10:21] <resnick> yep
[15:15:00] <Eric Burger> From Eric: do state the preamble that this is back to the question of whether it is important at all whether it is necessary to validate it is OK to validate the cert over the TN. You can follow the trust chain to know the signature appears real. After that, you can whack the bad guy if they are lying (i.e., a robocaller)
[15:15:48] <Eric Burger> thanks
[15:19:22] <resnick> Damn. Sorry. I can get back up. :-(
[15:19:58] ben leaves the room
[15:21:37] <Eric Burger> you did good!
[15:21:49] <resnick> Line cut. Time to go.
[15:22:03] <Eric Burger> Bye! Thanks Pete.
[15:22:11] resnick leaves the room
[15:22:14] mahoney@nostrum.com leaves the room
[15:22:25] P M leaves the room
[15:22:27] Eric Burger leaves the room
[15:22:30] cw-ietf leaves the room
[15:22:31] Andrew Gallant leaves the room
[15:22:44] Meetecho leaves the room
[15:23:18] Paul Kyzivat_2215 leaves the room
[15:26:32] Robin Wilton leaves the room
[15:38:59] ben joins the room
[15:39:56] ben leaves the room
[15:40:26] Jonathan Lennox joins the room
[15:40:36] Jonathan Lennox leaves the room
[15:40:44] Steve Olshansky joins the room
[15:43:09] resnick joins the room
[15:51:52] Steve Olshansky leaves the room
[16:05:13] Sean Turner joins the room
[16:06:19] Sean Turner leaves the room
[16:40:54] resnick leaves the room
[17:48:34] vijay.gurbani joins the room
[17:48:41] vijay.gurbani leaves the room
[18:03:21] resnick joins the room
[19:35:31] resnick leaves the room
[19:35:31] resnick joins the room