20070505 07:52:35 | jabber@irc | jabber has joined the channel.
20070509 14:09:19 | Donnerhacke@irc | Donnerhacke has joined the channel.
20070509 14:23:43 | Donnerhacke@irc | Donnerhacke quit IRC altogether
20070509 14:25:51 | Donnerhacke@irc | Donnerhacke has joined the channel.
20070509 15:45:27 | jabber@irc | jabber has joined the channel.
20070509 16:31:51 | Donnerhacke@irc | Donnerhacke quit IRC altogether
20070510 06:45:41 | Donnerhacke@irc | Donnerhacke has joined the channel.
20070510 07:29:34 | Donnerhacke@irc | Donnerhacke quit IRC altogether
20070510 07:32:01 | erik@irc | erik has joined the channel.
20070510 07:32:40 | Donnerhacke@irc | Donnerhacke has joined the channel.
20070510 07:53:55 | rhe-786@irc | rhe-786 has joined the channel.
20070510 08:02:31 | rumy@jabber.ripe.net@jabber | Hi, my name is Rumy from the RIPE NCC. I will be monitoring this channel during this session. If you have a question or comment, I can read it out for you at the end of each presentation. Please make your questions as clear as possible and state your name and organization. 
20070510 08:02:58 | Shane@jabber | The webcast doesn't seem to be working... or is that just me?
20070510 08:03:32 | pheldal@jabber | looks weird. connects to the webcast server, but gets nothing. not rejected as if there was no stream
20070510 08:03:40 | Shane@jabber | Yeah, okay, that's what I'm seeing.
20070510 08:03:42 | keith@jabber | NCC ops folk were reporting an IPv6 problem a few mins ago
20070510 08:03:48 | [rvs]@irc | [rvs] has joined the channel.
20070510 08:04:17 | Shane@jabber | IPv6 causing network problems? Why, that's never happened before!
20070510 08:04:40 | Donnerhacke@irc | Nobody has used IPv6 till today.
20070510 08:04:53 | Shane@jabber | Still, there is no IPv6 address for webcast.ripe.net, so perhaps that's just a dirty lie.
20070510 08:05:10 | weiler@jabber | and no one will try again after today, either.
20070510 08:05:16 | pheldal@jabber | doubt the cause is v6, unless v6 is used to feed the webcast back to the server in AMS
20070510 08:05:22 | Shane@jabber | Actually yesterday IPv6 worked for a site that IPv4 didn't.
20070510 08:05:27 | erik@irc | which url exactly are you using?
20070510 08:05:36 | Shane@jabber | mms://webcast.ripe.net/ripemtg
20070510 08:05:42 | weiler@jabber | mms://webcast.ripe.net/ripemtg
20070510 08:05:53 | weiler@jabber | mms://streaming.consulintel.es/ripe54mtg_bolero

20070510 08:06:09 | erik@irc | you can try the quicktime, rtsp://qtencoder.ripemtg.ripe.net/ripemtg.sdp
20070510 08:06:16 | erik@irc | for dns
20070510 08:07:08 | Shane@jabber | Sure, except then I would have to install Quicktime.
20070510 08:07:11 | Shane@jabber | ;)
20070510 08:07:12 | pheldal@jabber | erik: got a working&stable *nix client for that
20070510 08:07:18 | pheldal@jabber | ?
20070510 08:07:20 | erik@irc | vlc?
20070510 08:07:23 | mjs@irc | mjs has joined the channel.
20070510 08:08:15 | keith@jabber | vlc usually does quicktime okay, so as most recent version
20070510 08:08:20 | pheldal@jabber | vlc 0.8.6 doesn't seem to work
20070510 08:09:21 | erik@irc | it works here
20070510 08:09:40 | weiler@jabber | just started working here
20070510 08:09:52 | Shane@jabber | Here too. w00t
20070510 08:10:57 | Suzanne@jabber | hi peter
20070510 08:11:03 | pheldal@jabber | mms works now. 
20070510 08:12:09 | erik@irc | good
20070510 08:13:21 | pheldal@jabber | btw does the q stream require anything udp-wise wrt nat/filtering? I'm behind a FW and vlc times out on udp using quicktime, falls back to tcp and still gets nothing.
20070510 08:13:32 | erik@irc | hrm, not sure
20070510 08:20:21 | rumy@jabber.ripe.net@jabber | Antoin Verschuren is starting his presentation
20070510 08:21:18 | weiler@jabber | the stream is burping again
20070510 08:23:26 | Shane@jabber | It's fine here...
20070510 08:23:36 | pheldal@jabber | fine here too
20070510 08:25:54 | [rvs]@irc | I don't see problems "here" too
20070510 08:28:19 | Remco-16243@irc | Remco-16243 has joined the channel.
20070510 08:30:40 | weiler@jabber | kill it
20070510 08:31:14 | rumy@jabber.ripe.net@jabber | any questions?
20070510 08:31:24 | rumy@jabber.ripe.net@jabber | Brett is starting his presentation
20070510 08:32:33 | Shane@jabber | I always found the "say what you're going to say, say it, then say what you said" model for presentations a bit much.
20070510 08:32:34 | Shane@jabber | :)
20070510 08:35:54 | Shane@jabber | "Upgraded" to NSD?
20070510 08:35:57 | Shane@jabber | tsk
20070510 08:37:23 | erik@irc | :-)
20070510 08:38:10 | Leo@jabber | Do you want that comment read out, Shane?
20070510 08:38:27 | Shane@jabber | No need, I'm sure everyone in the audience was already thinking it. ;)
20070510 08:38:33 | Leo@jabber | Hehehhe
20070510 08:41:11 | rumy@jabber.ripe.net@jabber | any questions for brett?
20070510 08:43:53 | rumy@jabber.ripe.net@jabber | Peter Koch is starting his presentation
20070510 08:50:29 | Shane@jabber | I fully support this proposal.
20070510 08:51:08 | Leo@jabber | Me too. I think it is confusing for anyone managing reverse delegations and it is misinformation
20070510 08:51:16 | rumy@jabber.ripe.net@jabber | any questions for peter?
20070510 08:51:54 | rumy@jabber.ripe.net@jabber | Eva is starting her presentation
20070510 08:59:09 | rumy@jabber.ripe.net@jabber | questions for Eva?
20070510 08:59:39 | Shane@jabber | Can someone note that ISC runs a DLV server that solves many of these problems?
20070510 09:00:02 | rumy@jabber.ripe.net@jabber | you want me to relay that?
20070510 09:00:06 | Shane@jabber | Yes please.
20070510 09:00:15 | Donnerhacke@irc | Practical experience show a signed root to be much more stable then DLV. We have at the moment about 1050 SEPs. So I'd reccoment to run a signed root at RIPE.
20070510 09:00:19 | rumy@jabber.ripe.net@jabber | joao is standing at the mike, maybe he will mention it
20070510 09:00:19 | arno@jabber | they trust RIPE NCC more than ISC, apparently
20070510 09:00:22 | rumy@jabber.ripe.net@jabber | if not i'll mention it
20070510 09:00:24 | Shane@jabber | Okay, wait for Joao.
20070510 09:00:28 | Shane@jabber | Thanks!
20070510 09:00:52 | arno@jabber | By the way, this is what I got from talking to the teliasonera people
20070510 09:01:09 | rumy@jabber.ripe.net@jabber | ok going to relay it for you shane
20070510 09:01:24 | Shane@jabber | Actually, please don't.
20070510 09:01:30 | Shane@jabber | I'm sure Joao would have mentioned it if it was important.
20070510 09:01:32 | Shane@jabber | :-/
20070510 09:01:34 | rumy@jabber.ripe.net@jabber | ok
20070510 09:01:42 | rumy@jabber.ripe.net@jabber | you are just in time there ;)
20070510 09:01:43 | arno@jabber | it has to do with accountability and being tasked by the community
20070510 09:02:01 | rumy@jabber.ripe.net@jabber | any other questions/comments?
20070510 09:02:02 | Shane@jabber | /me is just a dumb country boy, and doesn't really know about this DNS politics stuff.
20070510 09:02:16 | Donnerhacke@irc | Yep. Already  writte
20070510 09:02:39 | Remco-16243@irc | politics: from poly, meaning many, and ticks, meaning little blood sucking insects
20070510 09:02:55 | rumy@jabber.ripe.net@jabber | Donnerhacke: you want me to relay your comment?
20070510 09:02:59 | rumy@jabber.ripe.net@jabber | Practical experience show a signed root to be much more stable then DLV. We have at the moment about 1050 SEPs. So I'd reccoment to run a signed root at RIPE.
20070510 09:03:06 | Donnerhacke@irc | Yep, please do so
20070510 09:03:06 | rumy@jabber.ripe.net@jabber | could you please state your organization?
20070510 09:03:26 | Donnerhacke@irc | IKS, Jena, Germany, Lutz Donnerhacke
20070510 09:03:49 | rumy@jabber.ripe.net@jabber | ok
20070510 09:03:53 | rumy@jabber.ripe.net@jabber | thx
20070510 09:04:07 | Donnerhacke@irc | SEP is Secure Entry Points.
20070510 09:04:18 | master@irc | master has joined the channel.
20070510 09:06:32 | rumy@jabber.ripe.net@jabber | sorry about the voice :(
20070510 09:06:42 | Donnerhacke@irc | Oh, it was great
20070510 09:06:44 | [rvs]@irc | party ?
20070510 09:06:48 | Remco-16243@irc | could you say that agian please :)
20070510 09:06:54 | rumy@jabber.ripe.net@jabber | not even that much!
20070510 09:06:57 | rumy@jabber.ripe.net@jabber | pffft!
20070510 09:09:12 | Jelte@jabber | lutz, i think the group here would be very interested in your dnssec statistics too
20070510 09:10:02 | Donnerhacke@irc | https://www.iks-jena.de/leistungen/dnssec.php
20070510 09:10:31 | Jelte@jabber | although it still falsely acuses my zone of having a broken chain ;)
20070510 09:10:52 | Donnerhacke@irc | https://www.iks-jena.de/leistungen/dnssec-root-secondary.conf  (set up a secondary for an already existent production signed root
20070510 09:11:04 | Donnerhacke@irc | Jelte: *grins*
20070510 09:11:27 | Donnerhacke@irc | I have about 20000 end customers behind the signed root
20070510 09:11:35 | Donnerhacke@irc | Mostly larger companies
20070510 09:11:57 | arno@jabber | Lutz, what's the fingerprint for your selfsigned certificate?
20070510 09:14:23 | Donnerhacke@irc | arno: SHA1 Fingerprint=8C:98:7D:C0:3E:8E:D2:1E:83:AD:0C:84:A1:E5:4F:78:4D:0D:12:CE
20070510 09:14:23 | Donnerhacke@irc |  for the CA
20070510 09:14:57 | Donnerhacke@irc | for the website SHA1 Fingerprint=C2:41:DA:4F:58:A8:7E:1E:9E:3B:3E:A1:13:01:A9:B1:D5:E7:90:E6
20070510 09:15:56 | arno@jabber | thanks, that checks out with what I see.
20070510 09:16:14 | Shane@jabber | Then my MItM attack has failed!
20070510 09:16:15 | robert@jabber | because irc is a good place to get that validated
20070510 09:16:17 | Shane@jabber | Curses, foiled again!
20070510 09:16:27 | arno@jabber | :)
20070510 09:16:44 | Donnerhacke@irc | Of course .
20070510 09:16:46 | arno@jabber | how's your MItM Jabber attack going, Shane?
20070510 09:17:06 | Donnerhacke@irc | I do not send pgp signed fingerprints on the channel
20070510 09:17:31 | robert@jabber | if you did, what is your pgp fingerprint anyway? ;)
20070510 09:19:39 | Donnerhacke@irc | robert: I have a quite good signed key.
20070510 09:20:22 | Jelte@jabber | i guess that's exactly 50/50
20070510 09:20:24 | robert@jabber | is that shane talking?
20070510 09:21:03 | Shane@jabber | Of course having an easy way to distribute certificates to clients is a good thing.
20070510 09:21:51 | Donnerhacke@irc | Geat proposal. Ask ICANN ... *roftl*
20070510 09:21:57 | Shane@jabber | Clearly ICANN should do it though!
20070510 09:22:27 | Jelte@jabber | oh they'll be fast in signing the root, they put in AAAA records in a heartbeat too
20070510 09:22:34 | Donnerhacke@irc | We suggesting this since years.
20070510 09:22:57 | Shane@jabber | Well.
20070510 09:23:17 | Shane@jabber | ICANN did have justifiable concerns about the technology.
20070510 09:23:26 | Suzanne@jabber | ICANN should do it. But if this small a group with this narrow a set of interests can't even agree it's a good idea to Do Something about DNSSEC deployment at the top level, it shouldn't  be that surprising that ICANN hasn't signed the root yet
20070510 09:23:26 | Shane@jabber | All I need say is... NSEC3.
20070510 09:23:45 | Donnerhacke@irc | They have papers about signing. They know exactly what and how to to. But they do not do it.
20070510 09:23:54 | Donnerhacke@irc | NSEC3 is a myth
20070510 09:24:05 | wouter@jabber | Shane, what sort of concerns about technology did ICANN have, apart from NSEC3 (which is lastcall now) ?
20070510 09:24:21 | Suzanne@jabber | key management
20070510 09:24:24 | weiler@jabber | why should ICANN care about NSEC3?  they don't need it for the root....
20070510 09:24:38 | Suzanne@jabber | they care about a stable spec
20070510 09:24:45 | Shane@jabber | How did they know they didn't need it for the root, since it's not even an RFC!
20070510 09:24:51 | Donnerhacke@irc | They need about 8 new staff people according a paper for the US gouvernment
20070510 09:25:06 | Jelte@jabber | heh
20070510 09:25:08 | Shane@jabber | Lets face it, the technology is not "done".
20070510 09:25:18 | wouter@jabber | Ok. thanks Suzanne.
20070510 09:25:35 | Suzanne@jabber | they are concerned about key management, operational stability, and robust spec/implementation
20070510 09:25:36 | Donnerhacke@irc | Shane: Oh, then I do not have a productive enviroment. I must dreaming
20070510 09:25:45 | weiler@jabber | and how did they know they don't need trustupdate-timers, too?  We can keep playing this game ad infinitum.
20070510 09:26:13 | Donnerhacke@irc | The spec is a minor problem. NSEC3 for TLDs does not harm a signed root
20070510 09:26:20 | Suzanne@jabber | you know, the same things you would worry about if you wanted to deploy a new service for the global internet that, if you screwed up, could cause entire TLDs to be unresolvable.
20070510 09:26:21 | Shane@jabber | Sorry guys, having the root be a little conservative is not a bad thing.
20070510 09:26:56 | Donnerhacke@irc | The only problem with a signed root is, that com and net disappears
20070510 09:27:06 | Jelte@jabber | shane, of course
20070510 09:27:11 | Shane@jabber | The fact that you say "the spec is a minor problem" means you come from a completely different culture than ICANN.
20070510 09:27:12 | Shane@jabber | :)
20070510 09:27:15 | weiler@jabber | 
response to Bill Manning suggesting that this proposal is premature, since other, not-yet-public, technologies are in the pipeline: I don't think we should delay progress for something we can't collectively evaluate.  Without a specific description of the harm done by this proposal, I would rather proceed apace.  
20070510 09:27:38 | rumy@jabber.ripe.net@jabber | weiler: do you want me to relay that?
20070510 09:27:43 | Donnerhacke@irc | Shane: No, DNSSECbis is stable and working. NSEC3 is not, but NSEC3 is not needed.
20070510 09:27:51 | weiler@jabber | listening to his most recent round before I decide....
20070510 09:27:56 | weiler@jabber | (net delay)
20070510 09:28:00 | rumy@jabber.ripe.net@jabber | ok
20070510 09:28:37 | weiler@jabber | Yes.  Name is Sam Weiler.
20070510 09:28:43 | Jelte@jabber | well especially with the history of dnssec, i can understand being conservative about it
20070510 09:28:53 | rumy@jabber.ripe.net@jabber | organization?
20070510 09:29:32 | weiler@jabber | SPARTA
20070510 09:29:38 | Donnerhacke@irc | jelte: v6 has the same problem, that's why there are no AAAA records in the root
20070510 09:30:45 | arno@jabber | was there a date set for the AAAA records in the root?
20070510 09:30:53 | Suzanne@jabber | there are AAAAs in the root now. delegation glue.
20070510 09:30:59 | arno@jabber | or just "real soon now"(tm) still?
20070510 09:31:09 | Jelte@jabber | in six months? :)
20070510 09:31:13 | arno@jabber | :)
20070510 09:31:19 | Jelte@jabber | oh wait that was dnssec specs
20070510 09:31:36 | Suzanne@jabber | the recommendation to IANA to go ahead and add AAAA glue for the root nameservers shipped at the end of March....implementation schedule up to IANA now
20070510 09:31:38 | arno@jabber | NSEC3 will be ready for deployment in 6 months
20070510 09:31:48 | Shane@jabber | ;)
20070510 09:31:54 | arno@jabber | thanks Suzanne.
20070510 09:33:27 | weiler@jabber | arno: Ben Laurie (one of the NSEC3 spec authors) made that same claim (NSEC3 in 6 mo.) in or before August 2004, too.  
20070510 09:34:02 | Remco-16243@irc | it's a very interesting take on a fixed deadline
20070510 09:34:07 | Jelte@jabber | it actually made last call now
20070510 09:34:14 | arno@jabber | it's always 6 months, is it not?
20070510 09:34:22 | Suzanne@jabber | been true about DNSSEC for many years ("in six months") why stop now? ;)
20070510 09:34:29 | arno@jabber | there will be a new 6 months target when NSEC3 is here
20070510 09:34:31 | Shane@jabber | Actually, no, I think we'll have NSEC3 in BIND in less than 6 months.
20070510 09:34:35 | jib@irc | jib has joined the channel.
20070510 09:34:39 | Shane@jabber | No promises, but Mark Andrews is a guru. ;)
20070510 09:34:51 | arno@jabber | Shane, will that be a non-beta BIND? ;)
20070510 09:35:01 | Suzanne@jabber | NSEC3 is in last call. Multiple prototype implementations were used to workshop the spec before it finalized.
20070510 09:35:12 | Suzanne@jabber | yes, including BIND
20070510 09:36:11 | weiler@jabber | 3 years and 2 workshops later.....
20070510 09:36:25 | Suzanne@jabber | arno: I'm not Shane, but quite possibly :)
20070510 09:36:54 | Donnerhacke@irc | weiler: Switch to my signed root. Mark already did this home system (at least for some days)
20070510 09:37:55 | Suzanne@jabber | Donnerhacke: that's the "inclusive namespace" one you have spoken of on the dnssec-deployment mailing list?
20070510 09:38:17 | weiler@jabber | I'll volunteer for the TF, also.
20070510 09:38:19 | Donnerhacke@irc | It's the same described in the ml.
20070510 09:39:09 | Donnerhacke@irc | I'd prefer a signed root in more trustful hands than mine.
20070510 09:39:29 | robert@jabber | me too
20070510 09:39:34 | robert@jabber | :-)
20070510 09:39:47 | rumy@jabber.ripe.net@jabber | the session is finished
20070510 09:40:10 | jib@irc | jib quit IRC altogether
20070510 10:02:08 | [rvs]@irc | [rvs] quit IRC altogether
20070510 10:42:44 | jib@irc | jib has joined the channel.
20070510 12:35:41 | jib@irc | jib quit IRC altogether
20070510 12:53:18 | andrewsullivan@irc | andrewsullivan has joined the channel.
20070510 12:59:35 | kistel@jabber | Hi, my name is Robert Kisteleki from the RIPE NCC. I will be monitoring this channel during this session. If you have a question or comment, I can read it out. Please make your questions as clear as possible. I will read out any questions when the speaker asks for questions at the end of his/her presentation.
20070510 12:59:52 | kistel@jabber | Session starts in about 1 min
20070510 13:00:39 | kistel@jabber | session started
20070510 13:01:21 | kistel@jabber | Leo's presentation starts now
20070510 13:04:28 | erik@irc | should run?
20070510 13:04:48 | erik@irc | hrm
20070510 13:05:00 | andrewsullivan@jabber.ripe.net@jabber | is the webcast working for others?
20070510 13:05:10 | master@irc | not here (WMV & QT)
20070510 13:05:14 | erik@irc | i'm working on it
20070510 13:05:17 | master@irc | thanks
20070510 13:05:19 | andrewsullivan@jabber.ripe.net@jabber | oh, ok, ty
20070510 13:05:35 | kistel@jabber | presentation ended
20070510 13:06:15 | kistel@jabber | Keith Mitchell's presentation is about to begin
20070510 13:06:48 | erik@irc | mms://webcast.ripemtg.ripe.net/ripemtg should work
20070510 13:06:52 | erik@irc | that's directly from tallinn
20070510 13:07:00 | mike_5459@irc | mike_5459 has joined the channel.
20070510 13:07:43 | erik@irc | ok, windows media from amsterdam should work too
20070510 13:08:11 | erik@irc | quicktime works for me
20070510 13:09:22 | master@irc | ok WMV works again, thanks again
20070510 13:10:51 | erik@irc | you're welcome :-)
20070510 13:13:42 | kistel@jabber | presentation ended
20070510 13:14:55 | kistel@jabber | Niclas Rosell's presentation is starting
20070510 13:23:15 | kistel@jabber | presentation ended
20070510 13:25:47 | kistel@jabber | Shinta Sato's presentation is starting
20070510 13:40:07 | kistel@jabber | presentation ended
20070510 13:41:46 | kistel@jabber | AOB starts now
20070510 13:50:59 | kistel@jabber | Session ended. Thank you for listening!
20070510 13:51:09 | andrewsullivan@irc | \quir
20070510 13:51:14 | andrewsullivan@irc | andrewsullivan quit IRC altogether
20070510 13:51:20 | mjs@irc | mjs has left the channel.
20070510 13:51:44 | Donnerhacke@irc | Donnerhacke has left the channel.
20070510 13:51:46 | master@irc | oook one to go :) 
20070510 13:51:49 | master@irc | master has left the channel.
20070510 14:01:54 | mike_5459@irc | mike_5459 has left the channel.
20070510 14:11:36 | rhe-786@irc | rhe-786 has left the channel.
20070510 14:48:40 | yb@irc | yb has joined the channel.
20070510 14:51:28 | yb@irc | yb has left the channel.
20070511 06:04:28 | erik@irc | erik has left the channel.
20070511 08:15:46 | Remco-16243@irc | Remco-16243 has left the channel.