Skip to main content

Narrative Minutes interim-2022-iesg-22 2022-10-06 14:00

Meeting Narrative Minutes Internet Engineering Steering Group (iesg) IETF
Date and time 2022-10-06 14:00
Title Narrative Minutes interim-2022-iesg-22 2022-10-06 14:00
State (None)
Other versions plain text
Last updated 2024-02-23

Narrative minutes for the 2022-10-06 IESG Teleconference

These are not an official record of the meeting.
Narrative Scribe: Liz Flynn, Secretariat

1. Administrivia
1.1 Roll call

Andrew Alston (Liquid Intelligent Technologies) /  Routing Area
Jenny Bui (AMS) / IETF Secretariat
Jay Daley / IETF Executive Director
Roman Danyliw (CERT/SEI) / Security Area
Martin Duke (Google) / Transport Area
Lars Eggert (NetApp) / IETF Chair, General Area
Liz Flynn (AMS) / IETF Secretariat, Narrative Scribe
Sandy Ginoza (AMS) / RFC Editor Liaison
Erik Kline (Aalyria Technologies) / Internet Area
Warren Kumari (Google) / Operations and Management Area
Cindy Morgan (AMS) / IETF Secretariat
Colin Perkins (University of Glasgow) / IRTF Chair
Alvaro Retana (Futurewei Technologies) / Routing Area
Zaheduzzaman (Zahed) Sarker (Ericsson) / Transport Area
John Scudder (Juniper) / Routing Area
Sabrina Tanamal (ICANN) / IANA Liaison
Amy Vezza (AMS) / IETF Secretariat
Éric Vyncke (Cisco) / Internet Area
Robert Wilton (Cisco Systems) / Operations and Management Area
Paul Wouters (Aiven) /  Security Area
Qin Wu (Huawei) / IAB Liaison

Murray Kucherawy (Facebook) / Applications and Real-Time Area
Mirja Kuehlewind (Ericsson) / IAB Chair
Francesca Palombini (Ericsson) / Applications and Real-Time Area

Lee-Berkeley Shaw
Ketan Talulikar

1.2 Bash the agenda

Amy: An executive session has been added to the end of the agenda. Also, the
independent stream document that was on the agenda for discussion has been
pushed to the next telechat to give more time to review. Any other changes?

1.3 Approval of the minutes of past telechats

Amy: Does anyone have an objection to the minutes from the September 22
telechat being approved? I'm hearing no objection, so it looks like those are
approved. I saw final narrative minutes; any objection to approving those?
Hearing no objection, so those are also approved. As a reminder, the BoF call
minutes have been out for about a week and we will take the approval of those
on the 20th.

1.4 List of remaining action items from last telechat


     o Roman Danyliw to find designated experts for RFC 8809 (WebAuthn)
       [IANA #1229681].

Roman: In progress.

     o Paul Wouters to find designated experts for RFC 9200 (ACE-OAuth)
       [IANA #1239251].
     o Paul Wouters to find designated experts for RFC 9203 (The (OSCORE)
       Profile of the (ACE) Framework) [IANA #1239258].
     o Paul Wouters to find designated experts for RFC 9237 (An
       Authorization Information Format (AIF) for Authentication and
       Authorization for Constrained Environments (ACE))[IANA #1239259]].

Paul: [These three are all] in progress.


     o Robert Wilton, Alvaro Retana, and Warren Kumari to report back to
       the IESG on the impact of COVID-19 to the IETF in October 2022.

Amy: On hold.

Éric V: As far as I know the Covid impact was measured on numbers of -00
[drafts], but it looks like we have less and less documents coming for IESG
evaluation after one or two years. Should this also be part of the statistics?

Warren: I think it is one of the charts we've shown.

Amy: The numbers are all based on mailing list activity. I'm not sure what we
could pull from the Datatracker to talk about [this].

Warren: I could have sworn we'd also seen pretty graphs with numbers about this.

Amy: Yes, that's from the mailing list activity. Anything that's a -00 draft
that gets announced, that's the number that's pulled. But coming in front of
the IESG, documents maturing to that point, is not part of that activity.

Warren: What about just documents showing up on the last-call list? It's not
quite in front of the IESG.

Éric V: You also have an approved one that is sent to ietf-announce. I don't
want to put on too much work but with three years on the IESG, I see way
[fewer] documents in the last few months than two years ago.

Warren: We also have the RFC Editor stats, I'm just finding them. Things
entering the RFC Editor state are the same as once we hit approved, which will
cover a fair bit of it.

Amy: You had a couple of big clusters sit and wait for a while before they're
all released at the same time. I don't know how useful --

Éric V: But it's entering the queue at the same time, right? The cluster
doesn't influence the entering of the queue.

Warren: Even if the data's not perfect, it still is a good rough thing. I know
this data does exist.

Amy: Okay, if you find it, please share it with the crowd.

Sandy: If there is specific information you want, just let us know and we can
provide it. We do have the dates that the documents enter the queue, even if
they're going into misref first, we have the date marked form when they are
approved. That's information we can easily provide to you.

Warren: Thank you. I know I've also seen a chart or graph somewhere on the RFC
Editor page. If you happen to come across those…

Sandy: I can send you the link.

Amy: Great. We'll see what we can use from that to see the trend for documents
entering the queue.

     o IANA to report back on CoAP Content-Format for application/tm+json.

Sabrina: We forwarded the response from the expert to you all on Tuesday. The
expert basically said that he thought it makes sense to allocate the next code
point since the media types are closely related. We just need to know if you
think the relationship between these two media types means we should assign 443
from the IESG approval space. If not, should we just assign one from the first
come first served range? The expert said that is okay as well. That's where we
are at right now.

Amy: Does anyone have an opinion?

Warren: That sounds great to me.

Amy: Is there any objection to assigning the one that's near the one they

Warren: IANA usually knows what they are doing and I see no downsides, so why
should we fuss?

John: I want someone more informed than me to comment on this but I don't have
a problem with going with this recommendation.

Amy: So it sounds like the IESG is approving assigning a code point from the
IESG approval space, not the first come first served space? I'm seeing shrugs.

John: Is "shrug" a valid response?

Amy: Well, I'm hearing that assigning the code point is approved, and we'll
send an official note to IANA.

2. Protocol actions
2.1 WG submissions
2.1.1 New items

 o draft-ietf-lsr-flex-algo-24  - IETF stream
   IGP Flexible Algorithm (Proposed Standard)
   Token: John Scudder

Amy: I have no Discusses in the tracker, so unless there's an objection it
looks like this one is approved.

John: We will need a new revision.

Amy: Okay, this will go into Approved, Announcement to be Sent, Revised ID
Needed. You can let us know when that is ready.

 o draft-ietf-lsr-pce-discovery-security-support-11  - IETF stream
   IGP extension for PCEP security capability support in PCE discovery
   (Proposed Standard)
   Token: John Scudder

Amy: I do have a couple of Discusses for this document; do we need to discuss
either of these today?

John: Yes please. I think we have Discusses from Lars and Rob, and the authors
updated their working copy to address your points. Last I looked it seemed like
their update was reasonable, so please have a look. I don't think they've
pushed -12 yet, so maybe we can ask them to push that and then you can clear if
you're okay with it.

Lars: That seems fine. I haven't had a chance to look at the text they proposed
but I followed the discussion that started yesterday and it seemed to go in the
right direction.

Rob: I'll check. I don't recall if my Discuss was a strong Discuss.

John: I can't remember what your point was but I do remember chatting with them
about it and I think they took it on board. Thanks to both of you.

Amy: All right, then it sounds like we're going to get a new revision.

 o draft-uberti-rtcweb-rfc8829bis-03  - IETF stream
   JavaScript Session Establishment Protocol (JSEP) (Proposed Standard)
   Token: Murray Kucherawy

Amy: I have no Discusses in the tracker, so unless there's an objection it
looks like this one is approved. Since Murray isn't with us today, we'll put
this in AD Followup for him.

 o draft-ietf-lsr-ospf-bfd-strict-mode-09  - IETF stream
   OSPF BFD Strict-Mode (Proposed Standard)
   Token: John Scudder

Amy: I have no Discusses in the tracker, so unless there's an objection it
looks like this one is approved.

John: Can you put this in AD Followup so I can just make sure there are no
revisions needed?

Amy: Certainly, just let us know when you're satisfied.

 o draft-ietf-dots-robust-blocks-05  - IETF stream
   Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
   Channel Configuration Attributes for Robust Block Transmission
   (Proposed Standard)
   Token: Paul Wouters

Amy: I have no Discusses in the tracker, so unless there's an objection it
looks like this one is approved. I do see we have IANA experts here for the
registries in the document, so that's great. Are there any notes needed?

Paul: Please put it in AD Followup, I just want to make sure the comments are

 o draft-ietf-lsr-ospf-reverse-metric-08  - IETF stream
   OSPF Reverse Metric (Proposed Standard)
   Token: John Scudder

Amy: I do have a number of Discusses for this document; do we need to discuss
any of these today?

John: I don't think so; it seems like this is taking place in email already. If
anyone who has a Discuss wants to talk about it, please go ahead. [silence]

Amy: It kind of seems like this might require a revision?

John: Yes.

Amy: Okay, then this will stay in IESG Evaluation, Revised ID Needed.

 o draft-ietf-lsr-ospf-l2bundles-07  - IETF stream
   Advertising Layer 2 Bundle Member Link Attributes in OSPF (Proposed
   Token: John Scudder

Amy: I have no Discusses in the tracker, so unless there's an objection it
looks like this one is approved.

John: Please put it in AD Followup. Thanks for all the LSR-ing this week,

2.1.2 Returning items


2.2 Individual submissions
2.2.1 New items


2.2.2 Returning items


2.3 Status changes
2.3.1 New items


2.3.2 Returning items


3. Document actions
3.1 WG submissions
3.1.1 New items


3.1.2 Returning items


3.2 Individual submissions via AD
3.2.1 New items


3.2.2 Returning items


3.3 Status changes
3.3.1 New items


3.3.2 Returning items


3.4 IRTF and Independent Submission stream documents
3.4.1 New items
3.4.2 Returning items


4. Working Group actions
4.1 WG creation
4.1.1 Proposed for IETF review

 o Application-aware Networking (apn)

Amy: Andrew is shepherding this chartering effort. I have a number of blocks to
this charter; do we need to discuss some of that?

Andrew: I've sent all of this back to the mailing list and said these are all
the current blocking positions, I need you to now come up with suggestions. Iw
ant to see that they're going to be doing the work before we go ahead and
charter this. I have certain misgivings. I'm waiting to see what comes back
from them and then I'll submit a revision.

Amy: Did you want to keep this on the agenda to talk about next time, or would
you like it to come off?

Andrew: Let's leave it on the agenda for next time, because if there isn't a
revision then we can figure out what to do with their meeting slot. If there
is, we can then talk about it. So let's leave it on the agenda.

Amy: Okay, we will update the date to come back next time on October 20.

Alvaro: Just a quick comment. Even if we move it to next time, for approval of
the external review, are we going to have time to approve it before IETF? I
think we don't, right?

Andrew: No we don't, but I think we said we'd have some kind of preliminary
meeting if they managed to actually get this to a point where we were properly
proceeding. Whereas if I see absolutely nothing on the list coming back, I'm
going to think about withdrawing.

Alvaro: I guess my point is, if we're not approving it, this will become sort
of a bof slot.

Andrew: Yes, then we could make it a BOF slot. It was originally scheduled as a
preliminary bof anyway.

Alvaro: I'm just making sure we're not asking Liz to deconflict this as a BOF
later because it already conflicts with other stuff.

Andrew: I have a fair number of conflicts there anyway.

Rob: Would it be fair to the proponents if this moved to a BOF? With the
two-BOF limit, will they have had time to prepare or is this just going to go
the same way as their last BOF? Maybe they want to do it anyway, but I just
want to make sure we give them a fair opportunity here.

Alvaro: It would be good for them to know that if they don't do anything before
the next call, meaning if this doesn't go into external review within the next
week, for example, they really don't have a chance to get to be a WG by the

John: I think Erik's comment in slack is well taken. They can always schedule a
side meeting like everybody else.

Alvaro: Right. They just need to know this is going to happen, is what I mean.

Andrew: I'll send something to the list to that effect.

Éric V: I don't follow the mailing list, but was there any comment on the

Andrew: I haven't seen anything on the routing area WG list. There has been
only one comment on the APN list and my reading of it is "why are we doing
this?" or "should we be doing this?"

Amy: We'll continue to keep this on the October 20 agenda. Let's move on.

4.1.2 Proposed for approval

 o Supply Chain Integrity, Transparency, and Trust (scitt)

Amy: Roman is shepherding this chartering effort. It looks like I have a block;
do we need to discuss that today?

Roman: Sure, I did want to talk a little bit about this and ask a couple of
clarifying questions on the non-blocking comments. First, I wanted to start
with the block from Paul. I roughly sent a note, because I think there was a
datatracker hiccup where mail wasn't sent so I started a new thread. Paul, can
you explain what it is that we'd need to clarify here at chartering time vs at
WG time? From my perspective these are good questions to discuss, like what
implementation choices the wg would want, and the operational incentives, makes
sense. But to charter, I didn't see personally that we would need to resolve
that right now. Can you talk me through it?

Paul: My view was that depending on the incentives of running this, if there's
no incentive to run it, then it doesn't really matter what the WG will produce
RFC wise because it will just get ignored. I wanted to make sure we're not
starting to do a lot of work and then in the end there's no way of getting it
deployed. That was my main concern; I wasn't sure if this is really
decentralized to different vendors, I can see how each of these vendors
shipping things have an incentive of publishing this data so they'll pay for
the hosting to do it. But at that point I also question whether it's still a
useful concept because you're trusting the vendor to publish something. If it's
not tied to the vendor and you're doing it really decentralized, there must be
some incentive for someone to publish this. If they don't, it doesn't really
matter that we standardize the formats and everything if no one will run this.

Roman: I think there are a number of open questions at what level in the
architecture and at what level of the supply chain you're talking about
decentralization. How many of them will it be, is it down to vendors, is it
groupings of vendors, is it a particular subvertical in software, is it going
to be driven and required by policy….I don't know. I think that's a further
conversation. The way I would answer is, is something going to run it? I answer
with the overwhelming enthusiasm that we had at the BOF with companies saying
they want this, they want this approach, and the sheer energy we've had since
the BOF continuing to refine our understanding of it. So what are the
incentives to run it? I don't know if i can be very specific just now, because
that's going to be the work of the wg and refining what's in the architecture,
so it's kind of TBD in some way. Unless you think there's some kind of
architectural element we want to have up front. There's an architecture
document and this is going to be the substance of my comments later on the
non-blocking, they roughly put this notional thing up but it's going to be
refined, no question.

Paul: We can take this offline. I guess I'm still a little bit confused about
what part is the actual work the WG is doing and which is are the starting
points there to actually do this work?

Roman: Let's back up. The only place where the charter talks about
decentralized structure is saying there's a gap. It's saying there is no global
decentralized thing. The rest of the charter doesn't even talk about that. I'm
wondering why we're picking at this particular thing when there is so much
still to be decided. If you want that problem of the ecosystem removed, if the
work continues to stand on its own by removing that, there's no talk about that
in the charter. There's also no talk about merkel trees, which also seems like
a very specific implementation choice.

Paul: I guess I just had a merkel tree instead of a blockchain. So, maybe let's
take this offline and talk after the meeting. I'm not trying to block the work,
I think the work is good. I'm just trying to make sure there are no unsolvable
problems before we start so we don't waste time.

Roman: The unsolvable problem is that the WG would come to some technical
agreement and then no one would want it? But they also came to the WG anyway to
specify it? This is a case where we have actual vendors who are in this supply
chain kind of business and want this. And they also said at the BOF, we had a
list of 10-15 companies saying they will implement it. I'm not sure what the
threshold is.

Paul: My idea was that it's so decentralized that even if these people are
happy to use the infrastructure and put their data there, who runs the
infrastructure? Normally in these decentralized ways there are miners who make
money by running this. What is the incentive for these decentralized structures
to run all of this to help people publish their integrity check?

Warren: It feels like this is outside the charter for this. Whether someone is
actually going to run it is the first thing. Secondly, there are a fair number
of non-bitcoin or non-mining based merkel trees, blockchains, whatever you want
to call them, that a lot of industries are publishing in already. One is the
coffee market, which is really large and distributed. There are also things
like certificate transparency, which is basically the same thing. It's a merkel
tree that a bunch of people run logs for. Running a chain is not expensive, so
if people want to use this thing it seems strange to me that we would say no
we're not going to form a wg because we're not sure if somebody is going to run
the needed infrastructure when there are a bunch of people who say they want to
use it and will build the infrastructure.

Paul: I think it's a little different from giving them the tools to do the job.
I guess my fundamental question remains: yes, I understand that a software
vendor is happy to do this. But then if they're the only ones who are using it,
then they will be the ones that end up running, like, a vendor starts running a
decentralized merkel tree for this, the question becomes what is the game for
it being a merkel tree instead of just a scientist of software updates from
that vendor. If it's an inter-vendor or a vendor-neutral thing then it should
be run by not a vendor, right?

Warren: I would like to know that the software I'm getting from Debian is
something that had been set by them and if I looked six months ago, I can see
it's the same software. Even if it's just run by one company, it's really
useful. Take The Juniper netscreen issue, for example, where the software had
been modified after being placed on one of the cases.

Paul: I agree that it's useful, but that can just be done by a key in the
signature from the vendor. That's not what this WG is attempting to do.

Warren: No, it can't. I don't know that they didn't go back and update the
signature four months ago. They could publish a version, they could publish a
new version, and then it turns out the first version had a massive bug. We'll
just sign another one. But that's way down in the details.

Paul: Okay. if people think this is too mad, then I'm happy to remove my block
on it. I thought maybe the charter could clarify a little bit what the
incentive is for people to do it this way and not have a list of signatures and

Roman: I personally think asking charter text to describe incentives for their
work beyond interest in adoption, that's a different bar than we use for other
work. That's not the universal bar.

Paul: Okay. Thanks for this discussion; I'll remove my block.

Roman: Thanks. The other piece I wanted to add, in no particular order, is
Éric, you were saying something that is focused on software is not clear
enough. It's in the third sentence now. The first sentence says "This is a
mechanism," the second sentence is an example of it being software, and then
the third sentence explicitly states "software only." It's got to happen sooner?

Éric V: I appreciate that you changed the last sentence. It's mostly a nit, but
I suggest you do it in the first sentence as well. Just a word.

Roman: I appreciate that clarity. Thank you. Then I think we'll still make a
little bit of an edit based on the other comments so pending Paul's
deliberation there will also be an -04 for this regardless.

Éric V: The most important comment in my mind is this: "SCITT will initially
focus" keeps the door open to other work.

Roman: I'll remove "initially."

Éric V: Super, thank you.

Amy: So this is approved pending edits and we're waiting for you, Roman.

4.2 WG rechartering
4.2.1 Under evaluation for IETF review


4.2.2 Proposed for approval


5. IAB news we can use

Warren: Not a huge amount of news other than the fact that the IAB is working
on a workshop proposal for IDR to address problems in BGP and a workshop to
have discussion about addressing a bunch of problems listed in the problem
statement. Which includes BGP security, code complexity, stability, etc. I
think that's mostly of interest to the routing ADs. This is early days and the
IAB is noodling on it, primarily Russ White. There's discussion on not
necessarily replacing BGP, but not continuing to add incremental fixes to the

John: I was not aware they were going to do a workshop on hats and I'd be
interested if there are any links you can point me to.

Alvaro: Just for the record, I'm officially aware because Russ told me. If this
is being done for IDR, it would be great if IDR knew. That doesn't mean just me.

Warren: Again, it's early days. It's called IDR Workshop. There's the problem
statement which I could have sworn Russ said he'd sent to John, but maybe it's
a different John, and a proposal. The Routing ADs should at least be aware of

Alvaro: He sent it to me, and Tony P, and some other people. I'll forward it to
you, John.

Warren: I also dropped the link in slack.

John: Thank you. It's possible he sent it to me too and I just missed it.

Warren: there is also still a document underway to comment on the trade
regulations rule on commercial surveillance and data security. I think those
are the main things.

Amy: Thank you. While we're speaking about the IAB, I hope everyone saw the
email from Cindy about the IAB wanting the Sunday afternoon slot in London to
facilitate their folks who will be remote. If you have a strong opinion about
the IESG meeting in the morning or the afternoon please respond to that message.

Lars: I wanted to check if we have any ADs who are going to be remote? We
haven't really talked about it.

Amy: There are only two who have not yet registered, Francesca and Roman.

Roman: Sorry, I don't have my administrative processes in order. I'm going to
be in person; morning or afternoon don't really matter to me.

Warren: I always have the IEPG meeting in the morning, but I Don't really have
to be there and it doesn't really matter.

Lars: You're also IAB liaison so you'd lose the morning anyway. Then they can
have what they want and owe us a favor.

Amy: Okay. So Sunday morning will be the IESG only, then a combined lunch and
meeting, and the IAB will take over in the afternoon. The only other question
is do you want us to provide breakfast or go to the hotel breakfast that comes
with the room and we will provide drinks?

Warren: I would think just hotel breakfast. Breakfast in the room is not cheap
and I don't think it's usually better.

Amy: It's never better than the hotel breakfast.

Lars: Let's do the hotel breakfast and I heard Jay promise an upgraded lunch.

6. Management issues

6.2 Draft statement on restricting access (Jay Daley/Lars Eggert)

Lars: Basically, you were supposed to have all read this by now. Is this ready
to go out for community input? Does anybody think it's not ready or need more
time to read it?

John: Let's get this over with.

Lars: It's in a Google document at the moment so I'll probably make it an email
and send it out to ietf-announce, is that where it goes?

Jay: There are two comments in there. Alvaro has a suggestion of something to
fix and then it's ready to go.

Lars: Okay, when you have it ready, send me a message and I'll start it. We
normally ask for direct feedback to the IESG. I'll check what we normally do
for IESG statements and do the same.

6.3 [IANA #1239154] Designated experts for RFC 8609, Content-Centric Networking
(CCNx) Messages in TLV Format (IANA)

Amy: We are looking for a designated expert for this registry. This came out of
the IRTF and Suresh did the conflict review in January of 2019. They're now
looking for someone to find designated experts. Is anybody familiar enough to
find experts? Maybe ask the IRSG? This was a number of IESGs ago.

Colin: This is a designated expert for an IRTF stream protocol?

Amy: Correct. Allison was the IRTF chair at the time.

Colin: It seems like something where we should ask the ICNRG chairs.

Lars: There's also a broader discussion here where this looks an awful lot like

Colin: Sure.

Lars: Maybe it's time to suggest that they BOF it. Irrespective of this
registration, if they keep doing this sort of stuff that basically makes them
act like a WG then maybe they should become a WG.

Colin: We had that discussion not long ago and they're not keen on it.

Lars: I can understand that but what they're doing now is also not the greatest
solution. I guess at some point the IESG can say no to one of these and force
it, but they really should understand that if they want to do WG things they
should become a WG. I Don't want to hijack this topic.

Colin: I can find an expert if it's useful.

Lars: Is there a registration that requires an expert? Or is this basically an
expert to fill the seat but there's no registration request yet?

Sabrina: Correct. There is no registration request at this time but there was a
recent document asking for registrations and some of the RFC required
registries within the CCNX registry group. We just noticed that we didn't have
an expert for the specification required registries. We thought we'd just
submit the request now.

Lars: Thanks. If you could ask the ICNRG chairs and combine it with this and
relay that the IESG would like to have a chat about their plans for becoming a
WG, that would be helpful.

Colin: I'll do that.

Amy: Can I get a second person for this task so that it's Lars and Colin and I
can put it on the [list of IESG action items??]

Lars: Sure.

6.4 Proposed Telechat Dates Between IETF 115 and IETF 116 (Secretariat)

Amy: With all of the holidays between 115 and 116, this is the only option I
found for the telechat dates. This gives us 8 formal telechats, and we try to
have at least 7.

Éric V: There's a formal on January 5, I'm not sure how many people will be
reviewing the documents.

Amy: We've had formals on the 6th before. I didn't know if you wanted to push
off the formal for an extra week, which would be a full month after the
previous one in December.

Éric V: I guess in the worst case we don't have enough ballots.

John: I guess the way to say it would be if you want to be on the January 6
telechat, get your draft in early.

Amy: I'm hearing we should keep the one on the 5th as a formal and continue on
with the pattern until March 16. Thank you for the discussion.

6.1 IETF 115 Agenda Conflict Resolution (Liz Flynn)

The IETF 115 agenda conflict resolution was discussed.

7. Any Other Business (WG News, New Proposals, etc.)

No other business.

6.5 Executive Session (Lars)