IETF
stir
stir@jabber.ietf.org
Thursday, April 7, 2016< ^ >
Dan York 2 has set the subject to: STIR at IETF92
Room Configuration
Room Occupants

GMT+0
[19:14:45] Meetecho joins the room
[19:17:13] Jean Mahoney joins the room
[19:17:43] Hala Mowafy joins the room
[19:19:55] Jonathan Lennox joins the room
[19:19:58] ken carlberg joins the room
[19:22:04] Eric Burger joins the room
[19:22:15] Julia Kieserman joins the room
[19:22:17] Hala Mowafy leaves the room
[19:22:52] DanYork joins the room
[19:23:23] <DanYork> hello
[19:23:30] DanYork has set the subject to: STIR at IETF95
[19:24:16] <DanYork> Do we have anyone remote?
[19:24:20] Alissa Cooper joins the room
[19:24:51] Sean Turner joins the room
[19:25:26] <DanYork> Slides are at https://www.ietf.org/proceedings/95/slides/slides-95-stir-5.pdf
[19:25:30] <Jonathan Lennox> We have people downstairs monitoring, but I'm not listening or watching the MeetEcho.
[19:26:22] <DanYork> Okay... I'll relay as much as I can
[19:26:40] <DanYork> Slide 3 - The Two Approaches
[19:27:00] <Eric Burger> Dan - Yes, I'm remote (in Bs As, but at PIR Board Meeting (Kathy says Hi)) and Julia is in Washington.
[19:27:22] <DanYork> Jon Peterson is speaking about the two different approaches
[19:27:29] <DanYork> Eric Burger: Hello back!
[19:28:08] <Eric Burger> (Y)
[19:29:29] <Eric Burger> nodding
[19:30:28] <DanYork> In approach 1, the cert's subject identifies the number holder.  In approach 2, the cert exits to identify the held numbers.
[19:30:45] <DanYork> Richard Barnes at mic saying one is an indirect approach and the other is direct.
[19:30:47] <DanYork> EKR at mic
[19:32:04] <DanYork> Next slide: In-band STIR Logical Architecture
[19:32:55] <DanYork> EKR at mic
[19:34:28] Hala Mowafy joins the room
[19:34:55] <DanYork> Slide: The First Approach
[19:35:23] Alissa Cooper leaves the room
[19:35:29] Alissa Cooper joins the room
[19:36:03] <DanYork> Richard Barnes at mic
[19:36:18] <DanYork> Richard - scalability is an issue
[19:36:23] <DanYork> Martin Dolly at mic
[19:38:26] <DanYork> Chris Wendt at mic
[19:42:03] <DanYork> Slide: The Second Approach
[19:42:22] <Eric Burger> Dan, please channel: Second approach simply will not work in the U.S. Numbers are regularly, and for good reasons, listed as the Caller ID that do not have anything to do with the carrier. So, a legitimate call under the Second Approach will be rejected. Approach Two is DOA, at least in North America, and probably in most jurisdictions. This issue also kills the Oracle function Jon mentioned related to the First Approach. The most we can do is trust the vouching carrier.
[19:42:28] <DanYork> okay
[19:43:00] <Eric Burger> boom
[19:43:39] <Eric Burger> thanks
[19:43:56] Georg Mayer joins the room
[19:44:17] <Eric Burger> does audio work?
[19:44:46] <Sean Turner> btw yes the audio works
[19:48:01] dyork joins the room
[19:48:04] <Eric Burger> nobody said anything about regulation
[19:48:19] <Eric Burger> nobody said anything about laws
[19:48:26] <DanYork> I was at mic
[19:48:32] <DanYork> Chris Wendt at mic
[19:48:40] <DanYork> Eric Burger: Something else to relay?
[19:48:48] <Eric Burger> If Jon thinks something is not going to work because of legal issues, he can say what they are
[19:49:01] <Eric Burger> Feel free to channel. I have no idea what Jon is replying to.
[19:49:18] <DanYork> Eric Burger: I think Jon thought YOU were saying this wouldn't work for legal reasons
[19:49:21] <DanYork> EKR at mic
[19:49:59] <Eric Burger> By the way, all of the delegation mechanism is TBD in the draft.
[19:51:21] <Eric Burger> Dan - I know... I think he's in autoresponse mode.
[19:51:47] <Eric Burger> Channel: It may be worth noting that the delegation mechanism is TBD in the draft.
[19:52:01] <DanYork> I will relay
[19:52:50] CHANDAN KUKREJA joins the room
[19:52:54] <DanYork> Eric Burger: There is this one paragraph:   The third enrollment model is delegation: that is, the holder of a
   certificate (assigned by either of the two methods above) might
   delegate some or all of their authority to another party.  In some
   cases, multiple levels of delegation could occur: a LEC, for example,
   might delegate authority to a customer organization for a block of
   100 numbers used by an IP PBX, and the organization might in turn
   delegate authority for a particular number to an individual employee.
   This is analogous to delegation of organizational identities in
   traditional hierarchical Public Key Infrastructures (PKIs) who use
   the name constraints extension [RFC5280]; the root CA delegates names
   in sales to the sales department CA, names in development to the
Peterson & Turner      Expires September 22, 2016               [Page 5]
Internet-Draft                 STIR Certs                     March 2016
   development CA, etc.  As lengthy certificate delegation chains are
   brittle, however, and can cause delays in the verification process,
   this document considers optimizations to reduce the complexity of
   verification.
[19:53:06] <Eric Burger> And maybe remind Jon I said NOTHING about law or regulation
[19:53:17] <DanYork> But then, yes, there are two TBD sections
[19:53:43] <Eric Burger> [I was about to point you to the VERY next paragraph :-]
[19:54:04] <DanYork> Yes...
[19:54:05] <DanYork>    [TBD] Future versions of this specification may address adding a
   level of assurance indication to certificates to differentiate those
   enrolled from proof-of-possession versus delegation.
   [TBD] Future versions of this specification may also discuss methods
   of partial delegation, where certificate holders delegate only part
   of their authority.  For example, individual assignees may want to
   delegate to a service authority for text messages associated with
   their telephone number, but not for other functions.
[19:54:05] <Eric Burger> Maybe acknowledge the words 'delegate' appear? Up to you
[19:54:20] <DanYork> Chris Wendt at mic
[19:55:11] <dyork> Richard Barnes at mic
[19:55:26] <Eric Burger> Channel: How about a concrete proposal: break the draft into two (or more) certificate approaches. Why bundle them together? Approach 1 works today. Approach 2 may work if and when fleshed out.
[19:55:35] <dyork> I am next at mic channeling Eric
[19:55:46] <Eric Burger> To channel Jon: I don't want to tell the FCC we are late with STIR because we are working on an approach that may not be used.
[19:57:19] <DanYork> Jumping 2 slides to "A Migration Path"
[19:58:08] Alissa Cooper leaves the room
[19:58:19] Alissa Cooper joins the room
[19:58:28] tom mcgarry joins the room
[19:59:14] <Eric Burger> Channel: So, if the approach is to put out something that works for 90+% of traffic and then, with experience, will work for everybody, why toss out something that we may learn, from experience, may or may not work. We might even learn the right, right way to do it.
[19:59:20] <DanYork> EKR at mic
[19:59:30] <Eric Burger> I disagree that this locks out the little guys. STIR says, "use certs"
[19:59:47] <DanYork> Eric Burger: Aren't you and Jon both saying "let's deploy Approach 1 first"
[19:59:50] <Eric Burger> This (series of) draft(s) let's us plug in other certificate management schemes
[19:59:56] <Eric Burger> Dan: affirmative
[20:00:10] <DanYork> Martin Dolly at mic
[20:00:42] tom mcgarry leaves the room
[20:03:16] <Eric Burger> channel: I want to stop with Approcah 1 for now. Need to learn more before doing Approach 2
[20:03:28] <Eric Burger> Important point is "for now", not "for ever"
[20:03:47] <Eric Burger> yes, thank
[20:04:03] <DanYork> Chris Wendt at mic
[20:04:45] <DanYork> Richard Barnes at mic
[20:05:12] <DanYork> Richard Barnes quoting STIR charter
[20:05:47] <Eric Burger> Channel: I *do* agree with Richard Barnes
[20:06:19] <dyork> Russ Housely at mic
[20:06:21] <Eric Burger> If the threat model is Pink Carriers, Approach 1 works.
[20:06:36] <dyork> Eric - will channel
[20:07:09] <Eric Burger> Also channel: agree with Russ: Publish Approach 1, work on and Publish Approach 2.
[20:08:52] <ken carlberg> channel request:  could we push approach 2 to an appendix to get a current snapshot and continue approach 2 in anotehr document?
[20:09:42] <Eric Burger> hummmmm
[20:09:44] <ken carlberg> hummmmm
[20:10:50] <DanYork> Robert indicates strong support in the room to continue on the current path of including both approaches in the document.
[20:11:09] <DanYork> Next slide "The IETF and the Industry"
[20:11:51] <DanYork> Next slide "Moving forward"
[20:12:31] <Eric Burger> love to have a dip per call... not
[20:13:25] <Eric Burger> :p
[20:14:32] Sean Turner leaves the room
[20:14:47] <dyork> Any final comments?
[20:14:50] <Eric Burger> THANK YOU DAN!!!!
[20:15:44] Jean Mahoney leaves the room
[20:16:08] Alissa Cooper leaves the room
[20:16:12] Julia Kieserman leaves the room
[20:16:22] ken carlberg leaves the room
[20:16:32] DanYork leaves the room
[20:16:48] Hala Mowafy leaves the room
[20:17:31] Jonathan Lennox leaves the room
[20:17:34] CHANDAN KUKREJA leaves the room
[20:18:33] Eric Burger leaves the room
[20:20:43] Meetecho leaves the room
[20:29:19] Georg Mayer leaves the room: Disconnected: closed
[20:29:20] georg joins the room
[20:30:59] Alissa Cooper joins the room
[20:31:53] Alissa Cooper leaves the room
[20:36:45] georg leaves the room: Disconnected: closed
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!