Minutes of Open IAB meeting, 39th IETF, Munich, Wed 13 Aug 1997, 19:30 Reported by the Internet Architecture Board. Attendance: Brian Carpenter (in or behind the chair) Fred Baker Jon Crowcroft Robert Elz (taking notes) Tony Hain Erik Huizer Cyndi Jung John Klensin (a little late) Charles Perkins Radia Perlman Jon Postel (initially in the audience) and a hundred or so poor blighted souls with nothing better to do with their time. Apologies: Steve Bellovin (by our request - attending NAT bof) Steve Deering (by our request - attending NAT bof) Bob Moskowitz Abel Weinrib Brian Carpenter opened the meeting, said there almost no agenda, because the IAB would all prefer to be in various parallel sessions (and two members had been asked to attend one of the BOFS rather than attending the open IAB meeting). Jon Postel gave the RFC Editor's report - they are more or less keeping up with the RFC editor's queue. Of the pending RFCs, of the uncomplete ones, one group are a set of 7, of which 6 are ready. All will appear when last is done, which will reduce the queue. Brian Carpenter announced the result of POC appointments by the IAB, after earlier requesting nominations from the community, and community views of the nominees suggested. Patrik Faltstrom has been appointed for 3 years, and Rob Austein for 1 year. Carpenter explained that they were appointed to represent their own technical expertise, not act as representatives of the IAB or IETF. He also thanked Geoff Huston and Hank Nussbacher for serving on the IAHC and iPOC, and all those who had allowed themselves to be nominated for the POC. End of prepared agenda 19:35. Questions from the floor. William Flanigan, US DoD Reston: Activity to tie down top level domain issue, and political activities among some governments - are these being related (to each other)? Carpenter: the link exists in Europe Postel: as engineers we should be concerned whenever the US government offers to help solve a problem Klensin: national governments & pieces thereof tend to think of things in geographical terms and in their own areas - it takes time for them to learn to think in terms of the internet which doesn't follow that model. We have educational role to help those people expand their horizons. The name problem seems to have arisen first, but it almost certainly won't be the last. Carpenter: we can't work on model that if we wait a while, governments will go away. Postel: Currently there is an announcement from US Dept of Commence about notice of inquiry - anyone interested should send them comments about what they should do, responses due Monday 18 Aug, 1997 (next Monday) Klensin: one positive thing about the NOI is that it appears that they are really looking for comments and considering them, which isn't always the case with government enquiries. Scott Petrack, VocalTec: long question preamble... H.323 use IETF standards, and would like to reference them - can if an RFC number is available, but if only an I-D, must incorporate text from the current draft, then they are likely to diverge. Would like to find a way to refer to docs that are still drafts. In particular current version of SDP from the mmusic WG. The ITU text needs to be sent to be translated in September, an RFC won't exist by then - so ITU feels compelled to simply take text. Baker: take this off line, discuss it with Scott Bradner. Klensin: ITU has typically considered drafts as secret docs, can't be referenced in any way at all as they can't be found. It seems strange that they want our drafts publishable in a way they can be referenced. Baker: If the WG is ready to release it, then maybe it can be fast tracked, if not, can't help. Klensin: need to work out how we got ourselves into this situation. Questioner (identity missed): last few IETFs have focussed on security, wonders if IAB think it is moving along at suitable level. Are there other areas that need work? Perlman: yes, it is happening, but real world impediments exist. IPsec is almost done. And yes, routing, IPng, ... Questioner: question intended more for work across all the areas Postel: really a question for IESG Baker: Thanks Jon Carpenter: we lack unambiguous recommendation to application developers on how to plug in authentication yet. Still see too many I-D's that are basically done, but still say "security-considerations not considered in this version", though that is better than "not considered in this document". We need to convey the message that security should be done along with the design, not later. Baker: IESG are knocking back docs without security Crowcroft: we're trying to think about route scaling stability and QoS (the "Q" word) - intserv made good progress. Bill Manning, ISI. Jon C talked about scaling - is this the appropriate time to talk about the targets for IPv6, number of nodes, etc. Have projected numbers increased or decreased. Also looking at increased demand for low end hardware with little resources. Carpenter: Requirements in 1994 were so ambitious, we doubt if they would have increased. But no new analysis has been done. Peter Kirstein, UCL: Question about "security not being addressed in memo", security directors don't want to look at drafts until finished, so almost have to do it that way. Carpenter: Chicken & Egg - security work is harder if delayed. Elz: It is WG's job to get security right, not the security AD's, security people will help when requested usually, but WG's cannot invent a protocol and then ask the security area to make it secure. Baker: Two documents coming that address security (one from Ran Atkinson exists now as an Internet Draft, another, from Bellovin, should be coming soon) Jack Houldsworth - representing ISO: Asks about our relationship with ITU-T. We have tidy relationship between ISO and IETF, would like to have it 3 way, with ITU... And, if looking for something to do, look at scoping of global information infrastructure. ITU-T & ISO are looking at that. There exists a big infrastructure, a lot of rubbish, the internet which seems to work, with or without security, it would be nice to see all 3 groups looking to see how the whole thing will finally appear, which requirements will be generated, and which will fall by wayside, and how will we make users migrate from one to the other. When he came to IETF first, IPng was just starting, he was told that the ISO method wouldn't work to develop the standards because it would take 2 - 3 years -- 4 or 5 years ago. ISO is ahead of Internet in that it has migration plan, and method to migrate the users. The IETF should be helping users with migration. Carpenter: one point is that we aren't only people trying to help, there are many others, DAVIC, etc... We are in some degree of conversation, Carpenter had a meeting with Mary-Anne Lawler, Chair of ISO/IEC JTC1, a few weeks ago, and will be at the Brussels Global Standards meeting in October. Perkins: There is the ngtrans working group working on transition, their work is close to being a proposed standard. Proposed standards for IPv6 exist, and a lot of code. Useful transition method. He was at a conference a few weeks ago in Reston, VA, where a lot of representatives of standards groups met, to decide how to interoperate more effectively, a hard problem. The IETF position is the it is hard for anyone to be more open than us, all you need to do is log in on the internet, and participate. Maybe we should seek out other standards bodies and see if we can work together, but this requires time and effort. Baker: Will Houldsworth be at ITU-T in Geneva? If so, Baker will sit down and talk with all three groups about all of this. Houldsworth: No, but others from ISO will be. Carpenter: All organisations will be in Brussels in October, not Geneva in September. Klensin: one additional observation - independent of the process of getting standards right, the history of any standards organisation in figuring out where market will go has been abysmal. It is not clear that the IETF, which is a body much closer to engineering than ISO or ITU-T, is an appropriate body to do star gazing, better for ISO ITU-T and the IETF doing standards where demand exists, rather than trying to drive the market. Houldsworth: some of ISO protocols regarded as losers, and we should be following other protocols, should all get together and decide which were the winners, and help the users Klensin: one way to get into trouble is to try to figure out what the users are doing. Houldsworth: disappointed that IPv6 hasn't been taken up more rapidly Klensin: It will be adopted when users are ready Carpenter: IETF has generated standards that have failed, fully deploying IPv6 will take decades Perlman: successful patches (NAT, DHCP) have extended the life of IPv4 Hain (co-chair of ngtrans): ngtrans is trying to specify mechanisms people can use but not tell them how to use them, perhaps give some hints. Perkins: There was a sense of urgency, which still exists, everyone knew that not just the specifications, but also deployment, and then fixing any errors, etc - need to do all of that too. Carpenter: The 6bone is getting big. Bob Fink (6bone co-ordinator): 27 implementations of IPv6 are available. Carpenter: Various people have different ideas of when the zero year is. Houldsworth: The challenge to help define the GII. Pete Resnick, Qualcomm: has been coming to a few open IAB sessions, partly to figure out what the IAB does, seems to be not clear that the IAB knows what it does. Perhaps IAB can say what we can do about spam. Some technical thought, and social thought, and legal - what kind of architectural thought can go on? Klensin: as he said at lunch on this topic (not eating spam) - most of the problems are political and sociological, about assumptions from various cultures about what is appropriate (some think if they can get away with it it is OK). Some technical measures that can be taken - the IESG will look at those. But most is not engineering, is sociological or political. Resnick: wondering if IAB have sat down and talked about it, and decided that there is nothing we can do, or just not considered the matter. Carpenter: we haven't considered it really yet, which is why Klensin went to the lunch Perlman: is more annoyed by junk phone calls than spam e-mail. No-one seems worried about that. Resnick: caller id seems to have solved that problem in his state. Perhaps first step accountability might help. Crowcroft: ask a question : are there engineering solutions, if so, not architecture, just various kinds of engineering (including social) Resnick: there are some engineering solutions floating around, worried that there is a smattering of engineering solutions is because there is just a smattering of architecture. Carpenter: we are just starting Charles Breed, PGP Inc: encumbered security protocols won't get through as standards track documents, true or false? Carpenter: redirect to Fred Baker. Baker: simple yes or no isn't good enough - Diffie Hellman algorithms exist, patent will expire Sep 6, and thus IESG will prefer DH solution, but if WG has a requirement that DH doesn't meet, they can argue that. Huizer: standards process doc does say that can use encumbered technology, ... Carpenter (from Scott Bradner): that was debated in poised95 with only small subset of people, not everyone comes. If IETF doesn't like that they should participate in that. Breed: sounds as if where there is equivalent unencumbered tech, we should use it, but if technical requirements can't be met, then perhaps other can be used. Meeting adjourned 20:30