Archives

16:02 < emileaben_ripencc> Hi everyone, I'm Emile Aben from the RIPE NCC. If you have questions/comments for the presenter and want me to read it out, please state your name/affiliation and I'll go to the mic when questions are called for. Please note that all chat transcripts will be archived and made available to the public on https://ripe70.ripe.net/
16:09 < emileaben_ripencc> Tim Bruijnzeels has begun the presentation "Database Operational Update".
16:15 < emileaben_ripencc> tim has asked for questions
16:16 < AlexBand> anyone going to mention the fact that 74% of the updates via email are done with a plain text MD5 pw? πŸ˜€
16:23 < emileaben_ripencc> Tim Bruijnzeels has begun the presentation "New Database Software Functionality".
16:23 < shane> I didn't think of Facebook authentication! Great idea! πŸ˜›
16:24 < AlexBand> well, shane, I think the real discussion should be a proper authentication method that uses a common standard and can be applied to all use cases
16:24 < AlexBand> OAUTH2?
16:35 < CharlesTheSloth> pgp/pki?
16:36 < emileaben_ripencc> Tim asked for questions
16:45 < emileaben_ripencc> Tim Bruijnzeels has begun the presentation "Personalised Authentication".
16:51 < emileaben_ripencc> Tim has asked for questions.
16:54 < denis> you must include role objects in this otherwise you are encouraging objects to be maintained by individual people who may leave a company and that has been a major problem for the last 15 years
16:55 < shane> denis: you can still update the maintainer objects with lists of SSO auth lines.
16:55 < emileaben_ripencc> @denis: do you want me to read that out?
16:55 < denis> yes, please make comment
16:55 < denis> shane, this will replace the mntner
16:55 < shane> I also thought about the role thingy, but there may be a concern with conflating contact information with authentication. Actually the whole proposal does this...
16:56 < shane> Oh, I guess I missed the point of replacing maintainer. Hm...
16:56 < denis> I had all this worked out but never wrote it down....
16:57 < shane> Denis' Last Theorem? πŸ˜‰
16:58 < CharlesTheSloth> 15
16:58 < CharlesTheSloth> πŸ˜›
16:58 < shane> "I have a wonderful authentication scheme which solves this, but it is too bit to fit in the margin..."
16:58 < emileaben_ripencc> the presentation has ended
16:58 < shane> s/bit/big/
16:58 < emileaben_ripencc> Piotr StrzyΕΌewski has begun the presentation "New Proposals".
17:05 < shane> ζˆ‘ε–œζ¬’UTF-8!
17:05 < shane> Emile, could you please bring that to the microphone.
17:05 < shane> Just kidding. πŸ˜‰
17:07 < emileaben_ripencc> @shane: now i'm curious what it says
17:08 < shane> Google claims this is "I like UTF-8" in Chinese...
17:10 < emileaben_ripencc> Piotr asked for questions.
17:12 < emileaben_ripencc> William Sylvester has begun the presentation "Orphaned Objects".
17:14 < emileaben_ripencc> William asked for questions.
17:31 < emileaben_ripencc> Robert Kisteleki started his presentation "RPSL+RPKI - Just a Heads Up".
17:34 < emileaben_ripencc> questions were asked for
17:34 < emileaben_ripencc> Job Snijders started his presentation ""source:” Field for Non-RIPE Address Space".
17:39 < denis> you are confusing use of this MNTNER in a mnt-by with use as hierarchical authorisation...they are 2 different issues....see my recent labs article for explanation, consequences and suggested fixes
17:40 < emileaben_ripencc> denis: shall I read that out?
17:40 < denis> yes please
17:44 < emileaben_ripencc> Job started his presentation ""source:” Field for Non-RIPE Address Space"
17:48 < emileaben_ripencc> Job Snijders started his presentation "IRR Homing Project"
17:54 < shane> Elvis' proposal: https://xkcd.com/927/ ?
17:54 < shane> πŸ˜›
17:55 < slm> slm: Sandy Murpjy, Parsons. Just use RPKI?
17:55 < vato-5607> lol
17:55 < slm> slm: Sandy Murphy, Parsons. with respect to relaxing route object authorization rules. Geoff Huston brought up a good point in the IETF SIDR group about this. wrt generating prefix filters - there's a possible problem in letting just the prefix holder authorization for route objects. In my opinion there are ways to handle the problem, but people should be aware.
17:55 < emileaben_ripencc> Job started his presentation "Cross-registry authentication for IRR Data BoF".
17:56 < slm> slm: Sandy Murphy, parsons: wrt cross-registry authentication and RPSL sigs - you need a rule that only a cert from the RIR authoritative for the inet-num
17:56 < rhe-786> Sandy: What was the possile problem?
17:57 < AlexBand> With regards to Tim's proposal, try clicking the RPSL button here: http://localcert.ripe.net:8088/export πŸ™‚
17:57 < slm> long: if you have an AS that has not registered route objects, and someone is generating prefix filters where no route objects produces no filter (pass everything) and if some prefix holder creates a route object suddenly the prefix filter passes just that one route. Don't know how many people produce no filter (pass everything) from no route objects, rather than an empty filter
17:58 < rhe-786> Ta.
17:59 < slm> (those were inteded for the mike, but again too late!)
17:59 < slm> (I even composed them ahead of time!)
17:59 < emileaben_ripencc> my apologies
17:59 < slm> this remote participation thing is not easy
18:00 < slm> "thing" means activity, not the tools provided
18:01 < emileaben_ripencc> my fault for not spotting that you wanted that read out instead of being as part of chatroom discussion.