Narrative Minutes interim-2022-iesg-25 2022-12-01 15:00
narrative-minutes-interim-2022-iesg-25-202212011500-00
Meeting Narrative Minutes | Internet Engineering Steering Group (iesg) IETF | |
---|---|---|
Date and time | 2022-12-01 15:00 | |
Title | Narrative Minutes interim-2022-iesg-25 2022-12-01 15:00 | |
State | (None) | |
Other versions | plain text | |
Last updated | 2024-02-23 |
narrative-minutes-interim-2022-iesg-25-202212011500-00
INTERNET ENGINEERING STEERING GROUP (IESG) Narrative minutes for the 2022-12-01 IESG Teleconference These are not an official record of the meeting. Narrative Scribe: Liz Flynn, Secretariat 1. Administrivia 1.1 Roll call ATTENDEES --------------------------------- Andrew Alston (Liquid Intelligent Technologies) / Routing Area Jenny Bui (AMS) / IETF Secretariat Jay Daley / IETF Executive Director Roman Danyliw (CERT/SEI) / Security Area Martin Duke (Google) / Transport Area Lars Eggert (NetApp) / IETF Chair, General Area Liz Flynn (AMS) / IETF Secretariat, Narrative Scribe Sandy Ginoza (AMS) / RFC Editor Liaison Erik Kline (Aalyria Technologies) / Internet Area Murray Kucherawy (Facebook) / Applications and Real-Time Area Mirja Kuehlewind (Ericsson) / IAB Chair Warren Kumari (Google) / Operations and Management Area Cindy Morgan (AMS) / IETF Secretariat Francesca Palombini (Ericsson) / Applications and Real-Time Area John Scudder (Juniper) / Routing Area Sabrina Tanamal (ICANN) / IANA Liaison Amy Vezza (AMS) / IETF Secretariat Éric Vyncke (Cisco) / Internet Area Robert Wilton (Cisco Systems) / Operations and Management Area Paul Wouters (Aiven) / Security Area Qin Wu (Huawei) / IAB Liaison REGRETS --------------------------------- Alvaro Retana (Futurewei Technologies) / Routing Area Zaheduzzaman (Zahed) Sarker (Ericsson) / Transport Area OBSERVERS --------------------------------- Shwetha Bhandari Frank Brockners Marek Hajduczenia Mike Jones Greg Wood 1.2 Bash the agenda Amy: Does anyone want to add anything new to today's agenda? Any other changes? 1.3 Approval of the minutes of past telechats Amy: Does anyone have an objection to the minutes from October 20 and October 27 being approved? I'm hearing no objection. I also saw final narrative minutes for both; any objection to those being approved? I'm hearing no objection. 1.4 List of remaining action items from last telechat * DESIGNATED EXPERTS NEEDED o Paul Wouters to find designated experts for RFC 9200 (ACE-OAuth) [IANA #1239251]. o Paul Wouters to find designated experts for RFC 9203 (The (OSCORE) Profile of the (ACE) Framework) [IANA #1239258]. o Paul Wouters to find designated experts for RFC 9237 (An Authorization Information Format (AIF) for Authentication and Authorization for Constrained Environments (ACE))[IANA #1239259]]. Paul: I have 2 confirmations, one is Francesca and one is Goran, but then I realized they're both at Ericsson so I started looking for a third just to have a non-Ericsson person there. If I don't get an answer from that person I'm not sure there is anyone else. Roman: We should really try not to have them from the same company, and that really tells us something about that registry. Warren: I agree that it's better if we don't, but we do have a bunch where they are from the same company. I don't know how important the registry is for that and how likely people are to want code points and fight over them. John: There's always an escalation path if someone thinks the DEs are misbehaving, but it would be easier if they weren't. Paul: Okay, well let's see what the third person says, and maybe I can ping Francesca to suggest some names of people that might not be as active on the mail list. Francesca: I can suggest names if you want me to; we can take it offline. o Lars Eggert and Colin Perkins to find designated experts for RFC 8609 (Content-Centric Networking (CCNx) Messages in TLV Format) [IANA #1239154]. Lars: Happy to report this is in progress. This should be moving forward; sorry for being slow. o Roman Danyliw to find designated experts for RFC-ietf-lamps-cmp- updates-23 (Certificate Management Protocol (CMP) Updates) [IANA #1241372] Roman: In progress, thank you. o Francesca Palombini to find designated experts for RFC 9290 "Concise Problem Details for Constrained Application Protocol (CoAP) APIs" [IANA #1241511]. Francesca: Action caught, thank you. o Alvaro Retana to find designated experts for RFC 9303 "Locator/ID Separation Protocol Security (LISP-SEC)" [IANA #1241556]. o Alvaro Retana to find designated experts for RFC 9305 "Locator/ID Separation Protocol (LISP) Generic Protocol Extension" [IANA #1241559]. Amy: Alvaro is not on the call today. * OPEN ACTION ITEMS o Robert Wilton, Alvaro Retana, and Warren Kumari to report back to the IESG on the impact of COVID-19 to the IETF in March 2023. Amy: On hold until just before IETF 116. 2. Protocol actions 2.1 WG submissions 2.1.1 New items o draft-ietf-pim-igmp-mld-proxy-yang-08 - IETF stream A Yang Data Model for IGMP/MLD Proxy (Proposed Standard) Token: Alvaro Retana Amy: I have a Discuss in the tracker and Alvaro is not here to discuss the Discuss. He did say in his note that he wants all of his documents to go into AD Followup and the authors are aware of that. Unless there's anything to discuss here, we should do that. Rob: That's fine, I'm sure this can be resolved with the authors. Amy: Okay, we'll put this in AD Followup and Alvaro can pick it up when he's back online. o draft-ietf-lamps-lightweight-cmp-profile-16 - IETF stream Lightweight Certificate Management Protocol (CMP) Profile (Proposed Standard) Token: Roman Danyliw Amy: I have no Discusses for this document, but I also don't have enough positions for this to pass. Lars: I didn't ballot on anything this week, sorry. If you need something I will review it next week and ballot. There's also an IANA not okay on it, though. Sabrina: We just need experts for this one; the action item is already assigned to Roman. Roman: I'm working on it. There were no new registries, so the registries it's adding new entries to don't have any DEs? Sabrina: That's correct. Roman: Got it. So we can't proceed with finding DEs after the fact, we need their names now? Sabrina: Preferably, I think. If the document is approved we can't proceed with the actions until we have experts. Roman: Okay, thanks. It just needs more ballots and there is some good feedback in here that can get sorted out. Amy: Will this require a Revised ID or just AD Followup? Roman: Can you just give me AD Followup? I think it's probably Revised ID but I can make those changes. And I want to say thank you, this was a very large document. Murray: I didn't get through it; I can try to do so this weekend and get another ballot. Rob: Roman, can you look at the comment I made? I'd like your input on that as well. You may have a better view as to whether there should be an updates tag on a couple of documents or not. Roman: Will do. Thank you. o draft-ietf-ippm-ioam-ipv6-options-09 - IETF stream In-situ OAM IPv6 Options (Proposed Standard) Token: Martin Duke Amy: I have a number of Discusses; do we need to discuss these today? Martin: Not all of them. One micro point and one macro point. John, I know we chatted about this but I was a little surprised by your Discuss. I saw it as basically a fairly simple true standards spec, requesting the code points and whatnot, and then a bunch of deployment considerations. I would think deployment considerations are by nature pretty loosey goosey and not terribly well structured. I guess I'm not clear what you think that section should look like, or whether it should exist. John: That's why it's a Discuss; I really want to hear from the authors. That's the weird thing, that section is not a deployment considerations section, because then it would present itself as such. It's neither fish nor fowl and I guess I'd be more comfortable if it either moved in one direction or the other. If I were implementing this thing I wouldn't quite be sure what to do with all of this stuff. Martin: That's fair enough. I took it as deployment considerations when I read it but maybe I'm wrong. We'll see what the authors say. The larger comment, the other theme in these Discusses is this leaking data limited domain thing. I agree there's some not great language in there about potential leaks, but I'm also a little leery of replaying the IOAM discussion again and again. The IOAM RFC had a whole pile of Discusses about how to make sure data doesn't get out of the domain and so on. I'm a little concerned that we'll go through this every single time. Warren: Normally if I see a limited domain type thing I say it's really bad, what happens when it leaks? In this particular case, I abstained because to me it feels like the document tried really hard to minimize the limited domain type aspect of it. If the data does leak I don't think it's the end of the world, as opposed to if it was something more like SPRING. I do have a concern though which Andrew mentioned, which I only saw after I had finished my balloting: what if this isn't actually a destination address and it's instead a SID or something similar? That's the important bit. We shouldn't have the same fight over and over, and I agree, and in this case the authors did as good a job as could be expected with the domain part of it. Andrew: From my side, my discuss is not about leakage. My Discuss is more about undefined behavior that needs to be addressed. Martin: It's a great Discuss. I'm just speaking broadly, I saw a running theme through these was the IOAM leakage thing. To me it's an encapsulated tunnel in some ways. Andrew: I think the problem comes, my take on the whole limited domain thing, and this is not limited to IOAM but in general, is that the moment you define a limited domain you have to clearly define how those borders are defined, and how do you actively prevent leakage. As Warren said, I think they tried really hard in this case to address that, and others had commented on it, but the general thing you'll find from me with anything on limited domain is A) have they adequately defined that border in such a way that it's clear to me as someone implementing this, and B) have they given something more than you need to stop exiting the domain with no specifics on how to do that? That is going to cause me to scream every time, IOAM or not. That's my thing about the whole limited domain. Martin: I understand the general philosophical concern here. The authors still need to engage with this, so I would just ask if you also have a Discuss in this topic, to take a look at the IOAM document and maybe we should have a reference to it if we don't have one already. A lot of this information can happen in one place. This is probably the last one of these coming out of IPPM and then it will become a thing other WGs will do, so whatever protocol is going to have this encapsulation. It would be good to figure out what we want out of these and provide a template. This is a good opportunity to do that. I see Frank just joined. Frank, do you have anything you'd like to say about this? Frank Brockners: I think we've been over rotating on the concept of limited domains. We see IOAM deployed today in data centers, it's there in the linux kernel, it's in BPP, so there are 2 open source implementations of the whole thing. If you want to go and run it somewhere on the global internet, and you have routers next to it where things leak, yeah it could be a problem. But it's not a problem that's specific to IOAM, it's a generic problem with all limited domains where stuff in the limited domain might happen that you don't want to see appearing on the big-I Internet. I'm not really sure it's "fair" to hold IOAM hostage. It's just delivering yet another use case for the behavior instead of what I think is a general concern around limited domains. If we need to go and solve the problem for limited domains, we should do that, but don't ask IOAM to go and solve it for everybody. Andrew: I think that's a fair comment and there is some work being done on that. One other note while Frank is on the line, Frank, on my Discuss, you may want to take a look at Suresh's document in 6man about how to handle stuff with destination options. While that's still a draft, the solution to the second part of my discuss may be a reference to that. Erik K: I asked Suresh last night to consider adding some pre SRH hop by hop destination option treatment text to his SIDS document. Frank: We can absolutely do that, that's a fair comment. Some of this stuff has been cooking for a lot longer than SRV-6. We can fold those in if so required. Overall I think you know the history of that document, it's a merger of 2 documents, which you still see a document which was more of an informational document to provide a set of considerations, not really guidance but considerations, for what might need to be considered to deploy IOAM and the other is asking for code points. So it's more of a specification and informational combined. Martin: Okay, I think this has been helpful. What I would hope people take away from this is let's try to think systematically, since this is a template for future instantiations of IOAM. Let's try to figure out a system to make this less painful in the future. Does anyone else want to say anything about this document? Frank: A high level question; would it make sense to split this document again, into one part that's purely about deployment considerations and one that's purely about the code points? One informational and one standard? John: If that's addressed to me, I think that potentially could work. We shouldn't try to hash it out on the call right now because time is limited. Up to section 4 it's super straightforward. Let's continue in email or a call later. Erik K: I had a different concern about IPv6 protocol violations but I suggested a way forward in my followup. Martin: There are several Discuss points on this ballot that are legitimate and the authors need to deal with them; I just wanted to address a couple of themes. Thank you. Amy: Okay, so for this one we'll give this a Revised ID Needed and move on. Martin: We're also going to need one more ballot on this, because of the Abstain. Lars: I'll take a look at it. o draft-ietf-ipsecme-ikev2-multiple-ke-10 - IETF stream Multiple Key Exchanges in IKEv2 (Proposed Standard) Token: Roman Danyliw Amy: I have no Discusses in the tracker, so unless there's an objection now, this is approved. Roman: Thank you for everyone's review. I had a question. I was trying to go through and see whether all the comments were addressed. Paul, the way you did your ballot, are you saying everything is good to go? You re-pasted the Discuss and I wasn't sure what you meant. Paul: I tend to put my Discusses in after they're resolved in the comment section otherwise they vanish from history. But yeah, it's all resolved. Lars: It's not actually vanished, because the history of the document will have the old Discusses. Éric V: What I do is put in the mail archive URL of the first ballot in my next one, which makes it easier. Paul: Good advice, thanks. Roman: I'd like to put this in AD Followup; there's a reference check I want to run down. o draft-ietf-stir-messaging-06 - IETF stream Messaging Use Cases and Extensions for STIR (Proposed Standard) Token: Murray Kucherawy Amy: I have a couple of Discusses; do we need to discuss any of those today? Murray: I don't think so. I think I understood them. STIR is notoriously slow at getting back with ballot feedback, so leave it to me. Warren: I think similar to John on this, yes a lot of the document is discussion around stuff, but it has a little bit of spec and I think that's all that's needed. I don't understand the if it's not purely protocol we can't have it as a standard thing. Maybe that's more of a discuss Discuss and we can take it offline. Murray: My intent is to ask if the WG or authors want to push back on what the discuss holders are saying about that point. If they say they want it to be this way, we'll go that direction. Warren: One of my points of unease is not turning stuff into a lot of additional work for authors and the IETF as a whole just for some sort of process wangling stuff we think we need. The reason I mention this now is it feels like this has happened a couple of times in this set of ballots. The EMP for BGP thing was a lot of work to get a single code point. Having people take docs and split them up to appease the process feels like allowing the process to become the guiding thing, not the quality or utility of the document. Rob: My comment wasn't really about trying to make extra work, it's that there's a part of the document that's really waffly and not very precise. There's a very small amount that's clear specification. All I was asking for was to make those two bits of the document very clear, that this is the stuff you'll have to implement and the rest is waffle. Don't mix those two things together. That's all I was asking for, really. Warren: Thank you; that's a lot clearer. Murray: On the BGP document point, I agree that's a lot of process to do something, but that's the process they have selected for their registry. They've kind of forced that on themselves. You can't just do an IANA request on that registry, it's standards action so this is the requirement. Warren: That part of the soapbox rant was more of a meta point. That was 120-something emails, many hours of time, and I understand that's what's required of that registry but maybe we should sometime try to discuss how to get work to move through the IETF faster and provide guidance about standards required registries. Murray: That's an excellent point and Barry used to take that up as a cause, don't make your IANA rules worse than they really need to be. I give that some thought when I see new registries come through but I don't push back as hard as he did. Maybe we should. Warren: In this particular case I think that particular registry should probably be standards required, because of what it is, but overall we keep talking about how to make work faster but also spend a lot of time on process stuff. Soapbox rant, moving on. Amy: Okay, so this stays in IESG Evaluation and needs a Revised ID? Murray: Let's do AD Followup, in case they decide to fight for this. I'll change it if needed. o draft-ietf-lamps-rfc3709bis-08 - IETF stream Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates (Proposed Standard) Token: Roman Danyliw Amy: I have a Discuss in the tracker; do we need to discuss that today? Roman: Yeah, that would be super. Warren, I wanted to talk about your feedback. I'm not sure how to resolve this. This is a little bit of a role reversion where we have a bis document and I feel like you're asking if we should have done the thing we already defined, which I know Security has a tendency to do. I don't know how to answer your question other than to say we're revising the thing we already decided we wanted to do with a little more guidance on the graphic formats we wanted to support and a little more security considerations. Warren: While writing it I did think this is already possible, maybe we shouldn't be making it any easier. But I do understand that we've already defined it. I have just changed my [ballot]. Paul: It's not making it easier; the increased security and privacy considerations in theory make it harder to use. Warren: Well, yeah, but I think people shouldn't be using it. Touching it again and not saying this was a bad idea, make it historic. But whatever. I've just moved from Discsus to No Objection because I don't really think my discuss position is tenable. I still think it's awful. I believe people are going to look at it and say I know this website should have a picture of a cat, this looks vaguely like a cat, i'm not going to look at anything else and move on. That means people are more likely to become victims to phishing attacks, etc. but it's too late now. Paul: For the record, I screamed too when I read this, and then I realized it was a bis. Warren: through the big repository of all certs for this specific oid, I could not find a single one of these in the real world that actually worked. There were some CA certs that had it, but the ones I tried were links to images that didn't actually exist on the internet. Roman: I appreciate that you cleared your Discuss, thank you. I'll note this is another of five documents on this telechat that doesn't have enough ballots to pass, so I'll ask for more reviews. Lars: I'll put it on my list. Amy: So it sounds like this is going to go into AD Followup so you can get a few more reviews. o draft-ietf-stir-passport-rcd-23 - IETF stream PASSporT Extension for Rich Call Data (Proposed Standard) Token: Murray Kucherawy Amy: I have a Discuss in the tracker; do we need to discuss that today? Murray: No, there's enough for me to take back to the WG and talk to them. There wasn't anything that stuck out to me as needing discussion. Roman, did you want to discuss? Roman: No. Murray: Okay. AD Followup please. o draft-ietf-lamps-5g-nftypes-08 - IETF stream X.509 Certificate Extension for 5G Network Function Types (Proposed Standard) Token: Roman Danyliw Amy: I have no Discusses in the tracker, but it is still missing a position or two. Lars: I'll put it on my list. Roman: If it's helpful, I'm happy to put these documents on the Dec 15 or the Jan 5 telechat. Martin: I have a comment about this. I think this is probably because of the 3GPP overlap thing. There's all this use your own NF types, please don't collide, but there's no registry. Is that because we don't own it? Roman: That's exactly it. I had a back and forth with the WG on exactly that, because it didn't feel right. The right thing felt like creating a registry. The answer I got back was not a satisfying one to the cleanliness of managing this. Effectively, 3GPP doesn't have sufficient governance in place to think about this right now so they need us to provide this mechanism and there will be an evolution about how this ultimately gets managed. It's not as clean as we would hope it would be. Martin: Okay. Warren: Cindy, would you mind refreshing? [Warren balloted No Objection and the document now has enough positions to pass.] I had read it but hadn't balloted anything. Roman: Perfect, thank you. I still want to check whether all of the comments were addressed; Approved, Announcement to be Sent, AD Followup please. Thank you. o draft-ietf-stir-identity-header-errors-handling-07 - IETF stream Identity Header Errors Handling for STIR (Proposed Standard) Token: Murray Kucherawy Amy: I have no Discusses in the tracker, so unless there's an objection now, this is approved. It does have enough positions. Murray, is this ready to go as-is? Murray: Give me one more pass on it, please. Amy: Okay, this will be Approved, Announcement to be Sent, AD Followup. o draft-ietf-idr-bfd-subcode-04 - IETF stream A BGP Cease Notification Subcode For Bidirectional Forwarding Detection (BFD) (Proposed Standard) Token: Alvaro Retana Amy: I have no Discusses in the tracker, so unless there's an objection now, this is approved. Alvaro is not with us but did say all his documents should go into AD Followup so this will be Approved, Announcement to be Sent, AD Followup. 2.1.2 Returning items NONE 2.2 Individual submissions 2.2.1 New items NONE 2.2.2 Returning items NONE 2.3 Status changes 2.3.1 New items NONE 2.3.2 Returning items NONE 3. Document actions 3.1 WG submissions 3.1.1 New items o draft-ietf-lsr-isis-flood-reflection-11 - IETF stream IS-IS Flood Reflection (Experimental) Token: John Scudder Amy: I have the consensus as Unknown here, so we'll set that to Yes. There are no Discusses in the tracker, so unless there's an objection now, it looks like this is approved. John: Thank you, and for all of my documents today I'd like this in AD Followup, and the consensus bit set to Yes. o draft-ietf-raw-use-cases-08 - IETF stream RAW Use-Cases (Informational) Token: John Scudder Amy: We're going to set this Consensus to Yes for you, and we do have a Discuss. Do we need to discuss that today? John: Not as far as I'm concerned; I saw that Carlos replied to Roman and hopefully that discussion will continue apace. It looks like there are also some comments that need followup. Unless anyone wants to talk about this thing? Andrew: Roman, I supported your Discuss here but I was also in two minds when you're talking about purely use cases whether or not the privacy concerns are in the use case or in the implementation document, if that makes sense. The use case doesn't really change whether or not you've got privacy concerns. Roman: This is one that will take some discussion to resolve. In my opinion you've stated the use cases which are fabulous, you're not engineering the protocol which I understand. It seems to me though, we have this idea of security considerations and privacy considerations; it seems like you should describe those at the level of abstraction at which you're describing the rest of the document; if you were to describe a protocol, I'd expect a lot of protocol specific mechanics. Here you're using prose to describe how things will be used, it should feel like you can add one or two sentences about those considerations relative to the prose. This idea of amusement parks and watchbands doing tracking of humans, we should explicitly acknowledge that this is something that's going to have to be worked out. Andrew: That kind of makes it more clear. While I support the discuss and fully acknowledge there are privacy concerns, I was of two minds about how much detail to put in when you're discussing a use case. John: I don't see any of the authors on the call but I kind of want to take Romans' short statement from right now and send it to the authors. It's very clear. One other thing; Martin, I thought your abstain was really well taken and also an awesome use of 'banal' in a ballot. I'm not sure we're actually going to end up restructuring the document to this extent. You're right, it's just a question of whether it's worth everybody's time. Martin: It's harmless as it is, even if I don't think it's a huge contribution. I think there's probably a retreat topic in here about use case and requirements documents, but I'm not going to hold that against these particular authors. Warren: I think I disagree on a lot of that stuff. I always think that use case documents are really useful. This one maybe not quite as much as others, but when someone has to deploy a protocol, having an architecture and a use case is similar to understand what it's supposed to be accomplishing so they know when it's working. John: I thought Martin offered a rubric for how to produce a use case document that is fit for purpose. Warren: Somewhat. I guess more discussion needed at some other time. I found this kind of useful. Roman: to support what Martin was saying, I appreciate prose that tells me how it could be used. What could have tightened this up was if this is used to engineer a solution, you need much tighter performance envelopes to be able to action it. Saying low latency is helpful, I don't know how you write a protocol against it. If you say amusement park you have to follow it up with numbers that are specific. John: Anyway, this isn't going to be moving forward in the next week, so there is further time to have these discussions. Amy: You still want this in AD Followup? John: Yes. o draft-ietf-ccamp-gmpls-otn-b100g-applicability-15 - IETF stream Applicability of GMPLS for Beyond 100G Optical Transport Network (Informational) Token: John Scudder Amy: There are no Discusses in the tracker, so unless there's an objection now, it looks like this is approved. We'll put this in Approved, Announcement to be Sent, AD Followup. o draft-ietf-dnsop-rfc5933-bis-13 - IETF stream Use of GOST 2012 Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC (Informational) Token: Warren Kumari Amy: I'm changing this consensus from Unknown to Yes. Warren: Thank you. I would like to discuss this, assuming that was going to be your next question. This document does update an existing standards track document, and I understand that it could be split into two different documents, but this document talks about how one uses a crypto algorithm. It doesn't define the crypto algorithm itself. It just says, if you're using this crypto algorithm that was developed over here in DNSSEC, here's how you munge things to make it work. To me, having it in the IETF stream seems correct and reasonable. I'll also note that the authors have been working under the assumption that was the right thing to do. They've put in a bunch of time and effort on this. Getting to the end of the process and being told they've done it all wrong and should do it this other way that feels arbitrary, doesn't feel reasonable. This was a document that was going to move forward as a cluster, so it's not just a small delay for this document, it impacts other documents that have been waiting on it including the DNS terminology one. If this actually defined GOST, I would much better understand Paul and Roman's position. Seeing as it doesn't, this feels kind of arbitrary. Roman: Yeah. But my retort to that is, when we specify behavior, then we comment on the sec cons. To specify the code point, then we need to talk about why we have confidence in what we have specified. What is the basis of the security analysis that we are doing? Paul: The thing is that during this document's life cycle, the registries got updated. It had to be in this stream because of the registries, but the registries have now been relaxed enough that it can go through the ISE. Warren: Except for the fact that the document obsoletes 5933 and updates 8624, which I don't think an ISE document should be doing. Paul: But as Roman also pointed out to me, if this is your reasoning now, you'll never get out of this reasoning when there's a new version of GOST in the future. You'll have the exact same problem again. Warren: To me it feels like a more reasonable thing to do would be for there to be a statement saying this is how you use the algorithm in DNSSEC; we're not saying the algorithm is good. If you're using whatever, and we make an explicit statement that we don't think the whatever you're relying on is a good idea, that feels more tractable than this which mainly says how to use something, whether or not the something is reasonable. Paul: Maybe I don't see the bigger issue you're worried about. We could basically finish this document here on all the other items and leave out the stream issue. Say it's ready to pass and hand it over to the ISE who hopefully could just quickly let it go. This shouldn't be more than a two week delay, right? Warren: If the ISE agrees to that, perfectly fine with me. Saying dear ISE, we're all happy with this but we don't want to dirty our hands by publishing it. You take it and do it for us… Paul: I can rephrase it somewhat more positively. Roman: What was the point of relaxing the registry entries, as was done not once but twice, if not to allow for exactly what we're saying, which is we're going to have algorithms we can't review that can be specified elsewhere, and it's okay to specify them but we're not going to do it. Otherwise, why relax it? Warren: We relaxed it because this used to be standards track and it was taken off standards track because people were uncomfortable with a standards track saying here's GOST, you might want to use it with DNSSEC. We made it informational instead specifically to address these concerns. We all thought that would be sufficient because it doesn't define GOST. Roman: I'm making a different distinction. I'm not talking about whether this document is PS or informational, what I'm saying is that there were changes made to the registry policies with two other RFCs. is that not why we did that, to allow for exactly having an ISE document on these code points? Why did we do 6014 and 9157 if not for this exact situation? Warren: Those were relaxed so they didn't need to be standards track, because people wanted to more easily introduce algorithms. That was done a long time ago, before this. Paul: Not entirely. The WG really disliked having more algorithms. There's this whole thing of nation-state crypto which they need to allow, and that's why the relaxation was done. Not because DNSOP likes to see even more algorithms published; they do not. Warren: DNSOP even more than that does not want people to squat on code points. That was some of the reason for relaxing originally, the earlier version. Otherwise people were just going to squat on code points. Paul: Warren, if your main concern is that it will take too much time, cna we first ping the ISE and see if we can get it done quickly? Roman: I'm not sure if folks saw in my ballot, I provided how to do that fast, you have a document with four sections you pull out of the current document, that's what you ask the ISE and then the residual text stays in the IETF stream. That gives GOST an agile mechanism to update itself tomorrow and structurally fix this problem of the IESG having to re-litigate this situation about why this was one of the last places where we have national crypto in the IETF stream when we have the flexibility to not do that. Warren: Okay. I'll talk to the authors. It just feels like they've been jerked around with this document, which I realize is not your problem. I can propose it. Thank you for making the suggestion. I'll have another look. Roman: I struggle to see that given the work in TLS, SSH and others where we have a fairly well trodden path to the ISE for these. I'm confused why they feel singled out, because this is consistent with other standard practices of the last few years. Warren: I guess thank you for your suggestion. I will chat with the authors. Paul: I have one other item in my Discuss; they were discussing changing one of the bits but they should make the whole thing obsolete. Warren: I will re-read your Discuss and chat with you some more about it. Sorry for being riled up about this. Amy: Do you want AD Followup for this? Warren: Yes please. 3.1.2 Returning items NONE 3.2 Individual submissions via AD 3.2.1 New items NONE 3.2.2 Returning items NONE 3.3 Status changes 3.3.1 New items NONE 3.3.2 Returning items NONE 3.4 IRTF and Independent Submission stream documents 3.4.1 New items o conflict-review-smyslov-ike2-gost-00 IETF conflict review for draft-smyslov-ike2-gost draft-smyslov-ike2-gost-12 Using GOST Cryptographic Algorithms in the Internet Key Exchange Protocol Version 2 (IKEv2) (ISE: None) Token: Roman Danyliw Amy: I have no Discusses for this conflict review, so it looks like this is approved. Roman: Just to put a fine point on it, this is exactly what I was talking about in the last document where flexible registry policies allow this national crypto. Warren: Some of it is because the original GOST thing was a standards track document. But let's move on. Amy: I'm hearing no objection to approving this conflict review message, so we'll send this to the IRSG. 3.4.2 Returning items NONE 4. Working Group actions 4.1 WG creation 4.1.1 Proposed for IETF review o Javascript Object Signing and Encryption (jose) Amy: This is the re-animation of a closed WG. I have no blocks for this charter to external review, so unless there's an objection, this can go for external review. Roman: I appreciate everyone's review and John, about half an hour before the telechat I merged your editorial comments. That's -01. Amy: Do you need to add anything or is it ready to go right now? Roman: It's ready to go. Amy: Thank you; we'll get that sent. 4.1.2 Proposed for approval NONE 4.2 WG rechartering 4.2.1 Under evaluation for IETF review NONE 4.2.2 Proposed for approval NONE 5. IAB news we can use Warren: I don't believe there's news; there was no IAB call yesterday. Mirja and Lars might have updates? Mirja: The important news is there is a workshop going on next week. There will be four sessions about energy impact and environmental impact. If you want to join, contact Jari. 6. Management issues 6.1 Designated Experts (Rob Wilton) Amy: Rob has identified three replacement designated experts for three registries.. Are there any objections to these changes? I'm hearing no objections, so we will send official notice to IANA about all of these three. 6.2 Designated expert for IANA-MAU-MIB (Rob Wilton) Amy: This item is to approve Marek Hajduczenia as the primary expert for this registry? Rob: I'd like to thank Marek for doing this. Amy: I'm hearing no objection, so we'll send notice to IANA. Thank you. 6.3 [IANA #1241511] Designated experts for RFC 9290 "Concise Problem Details for Constrained Application Protocol (CoAP) APIs" (IANA) Amy: Francesca has picked up this action item. 6.4 [IANA #1241556] Designated experts for RFC 9303 "Locator/ID Separation Protocol Security (LISP-SEC)" (IANA) 6.5 [IANA #1241559] Designated experts for RFC 9305 "Locator/ID Separation Protocol (LISP) Generic Protocol Extension" (IANA) Amy: These are both for Alvaro and we'll make sure he sees these when he returns. 7. Any Other Business (WG News, New Proposals, etc.) Éric V: Just a quick reminder, I sent an email about a poll box in Meetecho. If you can comment and provide me feedback on my one-sentence proposal, that would be cool. That's all. Lars: Talking about this ICANN announcement of this RFC annotation thing; Sabrina has reached out to someone on their CTO's staff. I haven't gotten email from them yet but I suggest we might want to take some time next Thursday on the informal to see if we want to chat with them and amend what they've offered in a way that makes us less unhappy. I'll suggest that. Jay: I was just going to respond to Eric, but I'll do it by email. Francesca: I also wanted to mention that Murray and I are going to create a new directorate for HTTP reviews. I don't think there should be any problem, but just a heads up. 6.6 Executive Session: IESG appointment to the IETF Trust (Lars Eggert)