RE: Hiroshima room rates (was Re: Non-smoking rooms at the Hiroshimavenue?)
David Morris wrote: || On Fri, 4 Sep 2009, Andrew Sullivan wrote: || ||| On Fri, Sep 04, 2009 at 07:43:15AM -0400, Lou Berger wrote: Yes. I checked Sept 14-18. Try it yourself, I expect you'll get the same results... ||| ||| I don't understand why the rate during another period is relevant to ||| the rate we might get. Remember that hotels, like everyone else, ||| charge more when demand is higher. || || And the cost of meeting space and/or other standard features || (i.e., internet service in the room) is built into rate for meeting || attendees. ___ As I understand the norm, it is meeting rooms and facilities are charged as a set fee with attendee room rates normally reduced due to the numbers involved. Like most things, volume purchases reduce prices and unless the meeting is held at a peak time for the hotel, good rates should be able to be negotiated. Rates may be higher than the norm if the negotiations included extras such as the provision of morning and afternoon teas etc. That is to be expected. I imagine the committee has concluded the best deal possible. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: Possible RFC 3683 PR-action
Spencer Dawkins wrote: || I've been carefully not posting in this thread for a while, || but can't control myself today. (So I'm not particularly || arguing with Ted's points, his e-mail is just the the latest e-mail || in the thread) || || My apologies in advance. || || As Ted said, in theory, all decisions are supposed to be || confirmed on the mailing list, but I haven't seen anyone || point out the reason why - because we also think it's || important to have very few barriers to participation in the || IETF, so we don't require attendance at any face-to-face || meeting, ever. || || So I'm not sure how we verify identities when anyone we || question can just post from an e-mail account at an ISP in || Tierra del Fuego, and say the next time you're in the tip || of South America, come by and verify my identity. SNIP My understanding is there is a system of peer validation in operation. If a contributor only posts once or twice, they are less likely to be taken seriously than someone who posts regularly and often, especially when first starting to participate. The damage done by sock puppets and stooges is minimised in such systems as they are fairly quickly recognised for what they are. It is more a matter of judging the content of contributions rather than the contributor. Darryl (Dassa) Lynch ___ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
RE: IETF Eurasia
[EMAIL PROTECTED] wrote: Why do IETF meetings have to be monolithic and all-inclusive? || ||| I can tell you why we do - crosstalk. It can be incredibly useful ||| for people from the Security Area to look in on Applications, or for ||| Transport and RAI folks to understand the workings of the layers ||| beneath them and their users, for example. ||| ||| That doesn't make for a has to, but it seems like a good reason to ||| choose to, from my perspective. || || I agree with your reasoning. I should have asked, why do || *ALL* IETF meetings have to be monolithic and all-inclusive? || || Smaller meetings held outside North America could be located || in smaller cheaper hotels, and would encourage wider || participation in the IETF. In fact, smaller meetings in || North America would achieve the same ends. || || I'm not suggesting getting rid of the existing monolithic || meetings, but adding another type of meeting that is || smaller, cheaper to attend, and held in cities/countries || that are far from the USA but closer to people who should be || more involved in the IETF. For instance, Pune and Bangalore || India, Moscow and Ekaterinburg Russia, Dalian and Shanghai || China as well as places like Helsinki, Frankfurt, Tokyo, Seoul. || || Note that smaller regional meetings still provide the || opportunities for some crosstalk, even if the variety of WG || choices to attend will be smaller. And it increases the || amount of crosstalk and cross-fertilization between people || who regularly work in the IETF and those who have not done || IETF work because they have not had the opportunity to see || it in action, face to face. || || Note also that RIPE does something along these lines with || their regional meetings having more focus on education. I || expect that an IETF regional meeting would also have to have || more focus on education since a higher proportion of first-timers || would attend. Wouldn't the regional meetings you are suggesting have a totally different focus and be a different type of event all together compared to the main meetings currently? I would expect such regional meetings to have a focus on educating the local public about the IETF and be about increasing participation but not including any actual work on IETF content. Believe such regional meetings would be a great idea as a means to facilitate mentoring of future participants and encouraging new blood into the organization. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Travel Considerations
Jari Arkko wrote: Please save the planet by working on a better Internet, not by posting to an off-topic mail thread. Perhaps the IETF should consider purchasing carbon credits for each standards track document produced :) Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: joining the IETF is luxury Re: 70th IETF - Registration
Adrian Farrel wrote: We shall see, but I don't know that putting up the price necessarily fixes the registration income issue. You only have to deter a relatively small proportion of attendees to wipe out the increase in charge. I assume that the converse is also being applied: viz. cutting meeting costs. It's hard for us oiks to tell because we only see: - registration fee - breakfasts/cookies Anyway, registration is still the smallest component of attendance for me. Hotel and travel are still bigger problems, and I continue to wonder whether we could increase attendance (and hence registration income) by facilitating cheaper accommodation and travel. Like Adrian the associated costs are a factor for myself, the meeting fee itself is very reasonable compared to other conferences. The biggest factor for me is the time. I don't seem to have the time to contribute enough even on the online possibilities let alone attend meetings. I suspect that when I will have the time, the expense will not be a factor but by then the willingness to participate will have gone. At least at present everyone has the possibility of putting forward input either online or in person with the IETF, it is one of the main attractions I see with the organisation. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: NATs as firewalls
Hallam-Baker, Phillip wrote: From: John C Klensin [mailto:[EMAIL PROTECTED] And, when I conclude that IPv6 is inevitable (unless someone comes up with another scheme for global unique addresses RSN), Here we disagree, I don't think that IPv6 is inevitable. When I model the pressures on the various parties in the system and consider the shortest route by which the participants can reach their short term goals there are certainly alternative schemes. I certainly do not want to see these schemes deployed but they are certainly possible outcomes. For example, a hyperNAT where the ISP NATs residential Internet as a matter of course. I suspect we will start to see this deployed on a large scale as soon as the market price for IP address allocation reaches a particular point. There is a major difference between a NAT box plugged into the real Internet and a NAT box plugged into another NAT box. It is a pretty ugly one for the residential user. I'm afraid it is already happening on a large scale in some parts. Here in Australia I've seen multiple ISP's who NAT all residential customers. Some of them amongst the largest players in the market. Even some commercial offerings are on NATs. Personally I'm more set against the wholesale blocking of ports and services which ISPs seem to be favouring at the moment, and the pricing that is applied to have the blocks removed. There are artificial blocks being deployed to keep usage down that are a bigger problem than NATs IMHO. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Douglas Otis wrote: If an application happens to be malware, it seems it would be unlikely stop these applications. How about: vi) Provide application level advisory information pertaining to available services. Points that seem to be missing are: vii) Notification of non-compliance. (Perhaps this could become a restatement of i.) viii) Time or sequence sensitive compliance certificates provided following a remediation process or service. Often bad behavior is detected, such as scanning or sending spam which may violate AUPs. These violations may trigger a requirement for the endpoint to use a service that offers remedies the endpoint might use. There could then be a time-sensitive certificate of compliance offered following completion of a check-list and an agreement to comply with the recommendations. Those that remain infected after remediation, or that ignore the AUPs and are again detected, may find this process a reason to correct the situation or their behavior, or the provider may wish to permanently disable the account. Am I mistaken or is NEA intended to be a compliance check before a node is allowed onto the network? As such, observed behaviour and application abuse would seem to be issues that would be dealt with by other tools. NEA may be used to ensure certain applications are installed and some other characteristics of the node but actual behaviour may not be evident until such time as the node has joined the network and would be beyond the scope of detection by NEA IMHO. NEA may be used to assist in limiting the risk of such behaviour but that is about the extent of it that I see. My reading of the charter gives me the impression NEA is only intended for a specific task and some of what we have been discussing seems to extend well beyond the limited scope proposed. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Brian E Carpenter wrote: I run a very closed network, ports are closed and not opened unless there is a validated request, external drives are disabled etc etc. A contractor comes in with a notebook and needs to work on some files located on our internal secure network. A trusted staff member rings in with the request to open a specified port. The port is opened and the contractor hooks up the laptop to it. NEA does it's thing and if the laptop doesn't match the requirements of the internal network policy it is directed to a sandbox network for remediation. If the laptop does meet the policy then it allowed onto the internal network. What if your contractor has carefully configured the laptop to give all the right answers? What if it has already been infected with a virus that causes it to give all the right answers? The first case is certainly current practice, and the second one could arrive any day. Hello Brian I would be monitoring for unusual behaviour on the network and would be warned if the laptop started to behave in ways not expected. NEA would only save time in getting the system onto the network as instead of physically inspecting it I'd be relying on automated means to judge compliance. It would be an acceptable risk. The risk of someone wishing to hack in or being infected with a virus as you describe is low. I'd mainly be using NEA to assist in those situations where the trust isn't total but there isn't harmful intent. If you know of a system that provides total protection, is easy for users to perform their duties and doesn't have me or IT staff doing physical checks I'd be more than willing to look at it. Let's face it, there will always be a risk of someone getting around any informational or protection mechanism put into play, we all have to judge that risk and set up networks accordingly. If we really want to be secure we wouldn't allow any ad hoc connections at all. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Hello Ted Comments inline as appropriate. Ted Hardie wrote: At 7:55 PM +1000 10/11/06, Darryl \(Dassa\) Lynch wrote: I run a very closed network, ports are closed and not opened unless there is a validated request, external drives are disabled etc etc. A contractor comes in with a notebook and needs to work on some files located on our internal secure network. A trusted staff member rings in with the request to open a specified port. The port is opened and the contractor hooks up the laptop to it. NEA does it's thing and if the laptop doesn't match the requirements of the internal network policy it is directed to a sandbox network for remediation. One of the points that has been made here several times is that the rosy promise of a sandbox for remediation has a number of thorns, even in the case where a posture assessment method has identified a potential issue. As it stands, there are commonly multiple ways to work around a vulnerability, including base-levels upgrades (from OS Foo v3 to v4) specific patches (either to the OS or to the application), and, in some cases, configurations (turning off functionality BAR). Assessing those is difficult; offering remediation is trickier yet, especially when one or more of the systems which may need remediation may not even been active at the time of attachment. As I have expressed before, I have serious doubts that the standardized parameters will be sufficient to do any reasonable assessment, and the same carries through in spades for remediation, since that involves a check that none of the remediations has already been applied. Very true, any remediation is difficult. It may be there will be options provided so once a system fails to meet NEA compliance they are offered a number of options instead of remediation, perhaps limited access, no access or intervention by IT staff, all this is beyond the scope of NEA at this stage IMHO. Maintaining a valid, *current* set of patches, OS upgrades, and the like for remediation is going to be a very big task; managing the licensing on it a nasty problem; and handling the potential liability of applying the *wrong* remediation a nightmare. Handling unknown states (even for those running recognized assessors) is an even more problematic issue, but you may not care that some folks run development drops of OSes and applications, since you can always remediate them by offering a downgrade. What is the difference to maintaining the network nodes already on the system. They all have to be maintained and kept in compliance already. NEA just provides some information on what may be needed. In your example, the contractor presumably also agrees to your mucking with their laptop configuration as part of the contract, but the number of cases in which this is going to be wise is clearly a subset of all cases and it may be a tiny subset. If I came into your network and offered to work with you, my corporate IT folks would be upset if I allowed you to do any of the updates discussed above, so the sandbox is effectively a denial of network access. That's a policy decision you are welcome to make (it's your network), but it's a complex and risky way to make it. If they don't agree to the network policy then alternatives would need to be available such as providing a trusted system for them to use. Hackers and theives wouldn't agree to abide by any policy in place but that doesn't mean I have to provide methods to make their life easier :). I continue to think that the core of this work (passing an opaque string prior to attachment) has some benefits I don't disagree. snip Just another tool to give network administrators information and systems they can use to ensure the majority of users get their requirements met in a reasonable and timely manner. And I believe others agree with your tool in the toolkit view. But if you advertise a saw as a hammer, someone is going to get cut. Most accidents occur in the home. People do have to take some responsibility for themselves. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] Re: WG Review: Network Endpoint Assessment (nea)
Hi Vidya Comments inline as appropriate. Narayanan, Vidya wrote: Your email indicates that you would: a) somehow require that a visitor's laptop run an NEA client, b) expect the device to support PAs that the server requires to be checked, and c) trust data coming out of it, rather than treat that endpoint as an unknown endpoint and do IDS/IPS in the network. You are limiting my options to a small subset of what I would have available. I may sandbox systems that don't have an NEA client and are unwilling to install one, they would be treated as an unknown node and given very limited access, they wouldn't be allowed onto the trusted network for instance. I would expect some information to be available which I would then be able to check against my policy. I would assume a limited amount of trust but would continue to have other mechanisms in place to be informed where that limited trust has been abused. Other than finding this a rather bizzarre trust model, I have to say that there will be a very small set of such endpoints where the owner of that endpoint is going to be thrilled to allow you to place such clients on his/her device and perform updates on it. If they wish to join my network they have to abide by the policies I have in place, they don't like it, they don't get to play. In short, this is exactly the type of endpoint I wouldn't imagine NEA being useful for! NEA is a means to automate the information gathering about this endpoint, if they don't agree to the policies, they will have options to. If a person or device doesn't agree with the policies in place, it doesn't mean I should still provide full access for them. Risk management will dictate what will or will not be allowed. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Harald Alvestrand wrote: SNIP Posture checking is certainly a leaky bucket. It doesn't protect all kinds of endpoint, it doesn't protect the endpoints against all kinds of threats, and it doesn't protect much of anything against a smart, resourceful attacker who is deeply familiar with the NEA system in use and is interested in investing considerable resources in attacking or circumventing it. NEA itself may not offer any protection, it is more an informational tool from my perspective. How that information may be used could lead to some protection but that would vary with each deployment. But (to recycle a very old simile) the fact that I can open the locks of most doors with a crowbar doesn't mean that locks are not useful. Organizations that have deployed products that do something like what NEA is talking about have reported that their TCO is reduced. In these days of information overload I still maintain, the more information available the better it is. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: [Nea] WG Review: Network Endpoint Assessment (nea)
Hi Vidya Narayanan, Vidya wrote: -Original Message- From: Susmit Panjwani [mailto:[EMAIL PROTECTED] Sent: Saturday, October 07, 2006 5:04 PM To: Harald Alvestrand Cc: Narayanan, Vidya; [EMAIL PROTECTED]; iesg@ietf.org; ietf@ietf.org Subject: Re: [Nea] WG Review: Network Endpoint Assessment (nea) Third, I simply can't see what the organization's interests would be in protecting a device that doesn't even belong to it. An organization might not be interested in protecting a device that does not belong to it but would definitely be interested in preventing the attacks originating from such device (if compromised) when it joins the organization network. It appears that the NEA charter is completely misleading to some people from what is stated in this email. As the NEA charter alludes to, NEA does nothing to protect against compromised devices. Also, as has been agreed, NEA is not a protection mechanism for the network - it is meant to be a protection mechanism for compliant, truthful and as yet uncompromised end hosts against known vulnerabilities. True the NEA doesn't do anything to protect against compromised devices but it does assist in limiting the known compromises on endpoint devices by being a mechanism for the checking and reporting on compliance to what ever network policy is in place including virus and patch levels. As a network administrator I already deploy mechanisms for doing just this, but at a higher level than the NEA charter indicates. To me the difference is between being reactive or proactive. Compliance testing I already run occurs after an end node has joined the network, with NEA the possibility is for compliance checking before being allowed onto the network so isolation and immediate remediation is possible. Any network, in its own best interests, must assume that it has lying and compromised endpoints connecting to it and that there are unknown vulnerabilities on any NEA-compliant devices connecting to it. Any kind of protection that addresses these general threats that the network may be exposed to at any time will simply obviate the need for NEA from the network perspective. Reliance on one protection or reporting mechanism is not enough. We need a lot of varied tools to cover all the bases and minimise risk. A network operator that thinks the network is getting any protection by employing NEA is clearly ignoring the obvious real threats that the network is exposed to at any time. No, NEA would just be one more tool used to improve overall security and minimise risk. It would be at a different level to the tools some of already deploy. This is what I meant when I said that the charter is unclear and it must explicitly state that NEA is not meant as a protection mechanism of any sort for the network. I don't believe the Charter needs to delve into this at all. If some people see it as part of their protection mechanisms, so be it. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Meetings in other regions
| -Original Message- | From: JORDI PALET MARTINEZ [mailto:[EMAIL PROTECTED] | Sent: Saturday, July 15, 2006 1:05 AM | To: ietf@ietf.org | Subject: Re: Meetings in other regions | | There are two issues: I believe there are far more issues which makes the whole thing much more complex than most of us would like and it is sometimes a good idea to hash over the issues now and again to see if there have been any changes which may assist with future direction. | 1) Cost. IETF has limited resources, so unless each of us | want to pay more and more for the registration fees or we | are able to compensate the cost with more sponsors (which is | every day more difficult), we need to look for cheaper locations. For someone like me who is involved in a lot of things from personal interest and inclination without corporate backing, costs are an important issue. I've given some thought to this, how participation is restricted for individuals and have come to the conclusion it is not such a bad thing. Individuals can participate in the IETF without having it cost them a fortune which is different to a lot of other organisations, even if that participation is somewhat limited. It is one of the great things about the IETF I like, how anyone can become involved. | 2) Is un fair that the main driver is only looking at where | more people comes from (this is fortunately changing anyway, | and thus will less and less easy to match). Even worst if | that's a country with doesn't allow everyone to come in. I'm not sure if it is because I'm getting older and have more understanding or if I have seen enough evidence to support it but I find myself relying more on the intrinsic good will of people and assuming they make decisions after considering all factors, more often than not. As has been pointed out, the location will affect demographics and I'm satisfied this is considered when a decision is made on where the next meeting will be held. As are a lot of other factors. There will always be ideas put forward for alternative locations and ways to decide on the selection. This is a good thing. It keeps the whole process on track. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Proposal for keeping free speech but limitting the nuisance to the working group (Was: John Cowan supports 3683 PR-action against Jefsey Morfin)
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Harald Tveit Alvestrand | Sent: Wednesday, January 25, 2006 7:10 AM | To: Jeroen Massar; ietf@ietf.org | Subject: Re: Proposal for keeping free speech but | limitting the nuisance to the working group (Was: John Cowan | supports 3683 PR-action against Jefsey Morfin) | | | | --On 24. januar 2006 20:46 +0100 Jeroen Massar | [EMAIL PROTECTED] wrote: | | My proposal to solve this issue but keeping everybody happy: | | Two mailinglists: wg@ietf.org + full.wg@ietf.org | | full.wg@ is completely open, anybody can post anything they want | though hopefully on topic on the subject of the | workinggroup and of | course based on the source address having a subscription | *1 full.wg@ | is subscribed to wg@ thus full.wg gets everything preserving, at | least parts, of the freedom of speech that is wanted and for the | people who want to read a lot of mail everyday. | | In fact this has been implemented at least once that I know | of - on the DNSO GA mailing list. The full version had | relatively few subscribers. | | You can find the archives of that experiment at | http://www.dnso.org/dnso/gaarchives.html - it's probably | difficult to guess from the archives whether it was | successful; better ask someone who was there at a time | whether they think it worked. snip I was a subscriber to both of the DNSO GA mailing lists and I do think the experiment worked for the most part. I've seen this a few times and it does take a load of the main list but there are dangers in the full list becoming a dumping ground for garbage. Both lists need dedicated people to keep them functioning correctly. It all boils down to how much traffic and noise individuals can handle. It appears there are large numbers of participants who need to be sheltered a little more than others to retain their participation, not a bad thing, just a fact. Anything that can be done to improve participation is a good thing. Darryl (Dassa) Lynch PS...I've known Jefsey online since those early DNSO and IDNO days and whilst I don't always agree with him I respect his right to opinions. I haven't followed his postings to other lists but haven't seen anything here I object to with regard to posting rights. I wouldn't like to see a blanket ban placed on his postings so a full list experiment would be a preference for me. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Wireless at IETF
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Ted Faber | Sent: Thursday, January 19, 2006 5:57 AM | To: ietf@ietf.org | Subject: Re: Wireless at IETF | | On Wed, Jan 18, 2006 at 10:30:31AM -0800, Hallam-Baker, | Phillip wrote: | The result is that 70% of wireless access points are open and can be | used by Internet criminals to achieve anonymous access. | | Loaded statement? Check. | Precise statement? Check. | Supported statement? H. I don't see the 70% of access points being open actually. My own figures indicate less than 20% within the local area, information from capital cities tends to suggest a slightly higher figure but certainly not that high. But then, how many wired networks have link layer access controls? I don't see very many of those and implementing it is extremely difficult unless you have everything set up exactly as the hardware has been designed for. For example trying to use password/password combinations instead of token/password has proven problematic in one practical case I'm aware of for activating port locking. It amuses me just how easy it is to walk into a business and plug a system in with full access to the network. Most people/businesses do not appear to have security as a high priority. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Normative figures
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Stewart Bryant | Sent: Tuesday, January 10, 2006 6:47 AM | To: Sam Hartman | Cc: Harald Tveit Alvestrand; ietf@ietf.org | Subject: Re: Normative figures | | Sam Hartman wrote: | | Hi. With the exception of packet diagrams, I think all the | examples | you bring up benefit significantly from clear textual description. | | Sam | | I am not saying that clear text is not needed to accompany a diagram. | However a diagram allows a lot less text to be written | producing a shorter clearer draft with less clutter. SNIP Perhaps this is getting to the crux of the issues. I see the IETF documents as breaking down the problems into smaller chunks that can be dealt with one at a time and which add up to a big picture description of the whole Internet. I see each individual document as being simple within itself, limiting the context to the smallest level an issue may be dealt with. By adding more complexity to the documents I feel it is allowing more complex issues to be described in the documents but the documents then become larger, more difficult to comprehend and will be more difficult to process. Using the example you gave for routing costs, I see the description of routing cost basics or specifics as one document and the description of how they may be dealt with as another. By forcing the documents to be in a simple format, there are limitations on the complexity that may be explained in a single document, but I consider this a good thing. It forces everyone to break the problems and issues down to their lowest levels and forces simple explanations that make it easier for everyone to understand. If more complex documents with full diagramatic process flows are required, these could be books written linking a number of IETF documents together to describe a more general practical picture of their implementation. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: ASCII art
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Hallam-Baker, Phillip | Sent: Thursday, November 24, 2005 3:09 AM | To: Ted Faber | Cc: Dave Aronson (re IETF); ietf@ietf.org | Subject: RE: ASCII art | | No, the IETF needs to demonstrate that it is CAPABLE of change. | | The Internet has changed and will continue to change. If the | IETF wants to remain relevant to the future of the Internet | it must change as well. Note that 'remaining relevant' is | not exactly a stretch goal | | How familiar the bureaucrat's definition of priorities: | 'needed for the good of the institution'. Does this mean | that you think that the IETF only exists to serve its own interests? | | There are a billion users out there who expect much more of | this institution than they receive. We have a mission here | that they expect us to realize: an Internet that is open, | safe and accessible to everyone. Personally I'm not against change when it is going to achieve or help us achieve our goals. I dislike change for the sake of change or to make someone feel as if they are doing something. Any change to the RFC formats has to be considered with the goals of the IETF in mind, not the ease it may bring to a few. I haven't seen any arguments that convince me changing from ASCII for text and diagrams would be an improvement or further the goals of the IETF. I see too many drawbacks and would hate to see RFC and other documents presented with diagrams that would require me to find and download templates and art files to be able to view them or to have special programs to read them. I'm trying to convince people that plain text is the best and I often point out IETF documents as a proof the concept works. The KISS principle works well with documents. It is PR and sales that always want documents to be flashy and contain elements not all can view. Opening up a document in vi, notepad or MS Word and having it readable and understandable in all is good. If a format can be found that allows as wide an opportunity of being compatible with the same programs people use now then it may be worthwhile to change, I can't see any real benefits at the moment. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Excellent choice for summer meeting location!
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Mark Prior | Sent: Wednesday, January 05, 2005 12:22 AM | To: [EMAIL PROTECTED] | Cc: 'IETF Discussion' | Subject: Re: Excellent choice for summer meeting location! | | Dassa wrote: | | | -What kind of city with a population of 75,000 has hotel | | accommodations for 2000 people unless it's a tourist Mecca and | | likely expensive and overbooked? | | A lot of regional centres are geared to large numbers of tourists/visitors. | As for expensive and overbooked, I find most large cities have prices | two or three times those in regional centres for accommadation and as | any use of a regional centre would be a big bonus to the host city, | there is scope for negotiation and I'm sure additional price cuts. | | Not many regional cities would have the conference | facilities that will cope with an IETF, it's not your normal | conference that just needs a single large plenary hall. This may be the biggest issue. True a lot of regional cities wouldn't have the facilities. Some do however. It may mean that all the conference rooms are not at the same location but the distance between them would not be great. Usually within a 5-10 minute walk. I can think of at least two regional cities in NSW that could cope fairly easily and I'm sure there would be more in Australia. | I will also note that in 2000 Adelaide, a city of around 1 | million people, struggled for hotel rooms given that people | not associated with the IETF also wanted hotel rooms in the city :) True, in a regional city, not everyone would be able to stay in the one place and would be scattered around the city at various hotels, motels and other accommadation. I know of a few regional cities that can handle the numbers talked about so far, there are sure to be others. The timing would have to be right so other major events are not being held at the same time but that sort of problem exists for capital and major cities also. For instance Tamworth has a massive influence of people for the Country Music Festival. It is hard to find acccommadation there unless booked well in advance. I have a chat to our local Tourism Officer and see just what sort of figures are available for some of the regional cities with regard to facilities and how many visitors they get/can handle. It may be interesting. Actually I find it hard to understand Adelaide having issues with accommadation unless there was another major event at the same time. How does it cope with motor sport events, they used to hold some there didn't they? There would certainly be a bit more work in preparing for a meet such as the IETF and there may be too many issues to consider regional cities but it is a worthwhile exercise to see just what the disadvantages and advantages may be. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Excellent choice for summer meeting location!
not be considered. | It would also assist with focusing on the issue of increasing | broadband uptake and opportunities. It would certainly be a good PR | exercise. | | It's not the goal of IETF meetings to do PR exercises, nor | would one week of demand be enough to convince the local | telco or regulators that increased deployment of broadband | is necessary. You would be surprised by what can be done to motivate a telco. ;) Such a meeting in itself would only be used as a catalyst. I do consider PR is one of the goals of the IETF, I may be mistaken but I certainly hope not. It would not be a high priority but it would certainly be within the scope of the IETF. Considering sponsorship and the like it is fundamental. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Excellent choice for summer meeting location!
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of John C Klensin | Sent: Tuesday, January 04, 2005 12:19 AM | To: [EMAIL PROTECTED]; 'IETF Discussion' | Subject: RE: Excellent choice for summer meeting location! | Dassa, | | For better or worse, we've had a preference for locations | close to major airports with significant international connections. | We haven't been consistent about it (note, e.g., San Diego), | but, unlike that other organization whose name starts with I | (not IEEE, Glen), we have considered it a really bad thing | if most of the attendees have to spend two days getting to | and/or from a meeting: turning a five-day meeting into an | eight- or nine-day one is really hard on those who have | other things to do | besides going to meetings.I have no idea how the boondocks | of NSW would fall on that criterion, but it is what has kept | us near or in fairly major cities. | Hello John I was being a little tongue in cheek but the suggestion of regional centers being used is one I pursue for a lot of groups. Living in the country in a smallish city, a lot of meetings occur in the capitals that I and others just don't get a chance to attend. I'm sure it would be the same in a lot of areas. I can understand the issues but the benefits all round may overcome them. For instance where I live is only an hour flight from Sydney, you ask, why don't you fly there for meetings and I have to explain, being in a regional area, the finances available for travel are limited. We tend to get paid less than equilivant workers in the capitals and companies out here are less likely to approve spending on non-essential travel. It is also a fact that connections out in regional areas are often less than optimal for most people so this has an impact for online participation. It is only recently I was able to get ADSL at home for instance and operated for years with a dialup that meant long hours for participation online and I missed a lot of broadcasts due to downloading constraints. My suggestion is the IETF considers moving some meetings out to regional centres within reasonable travel of the major ingress airports in an effort to promote awareness and participation. Within the States and other countries, I'm sure there would be some benefits in holding meetings at cities with populations of 30,000 - 100,000 or so rather than the capitals and other major cities with populations into the millions. There are issues with such locations and they may be insurmountable but I would like to see the idea considered. Given more people making lifestyle changes that involve moving away from major cities, it may become more important in the future. Darryl (Dassa) Lynch ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: Excellent choice for summer meeting location!
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Theodore Ts'o | Sent: Monday, January 03, 2005 11:20 AM | To: Glen Zorn (gwz) | Cc: 'Iljitsch van Beijnum'; 'IETF Discussion' | Subject: Re: Excellent choice for summer meeting location! | | Shrug I've always liked Minneapolis, myself. I've | always considered it a great place for an IETF meeting. Australia isn't bad in August :). Perhaps some thought could be given to holding some meetings in more regional areas also, not just major cities. Darryl (Dassa) Lynch (who lives out in the boondocks of NSW Australia). ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: I-D ACTION:draft-lyons-proposed-changes-statement-01.txt
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | On Behalf Of Patrice Lyons | Sent: Wednesday, November 03, 2004 2:34 AM | To: Brian E Carpenter | Cc: [EMAIL PROTECTED] | Subject: Re: I-D ACTION:draft-lyons-proposed-changes-statement-01.txt | | Brian, | | While this shouldn't be viewed as legal advice on the issue, | it is my understanding that, in general, members of an | unincorporated association (and participants in IETF | activities may be viewed as members) will have personal | liability for the authorized debts and actions of the association. | In Virginia, state statutes permit an unincorporated | association to become a limited liability company by | filing articles of organization, maintaining a registered | agent in the State, paying certain fees, and meeting certain | other requirements. If it were to do so, IETF could limit | the usual personal liability of its members. But in the | absence of some such liability-limiting legal structure, the | general personal liability principles would apply. | | Regards, | | Patrice When I last researched this type of issue in Australia, members of an unincorporated association could be held liable only to an amount equal to any memberships or fees they contribute to the association. It was possible for association officials to be held personally liable for higher amounts but I don't remember the exact criteria. Very low risk issues. The situation may be different in other countries but I doubt if the issue of personal liability would be a barrier for the IETF. Darryl (Dassa) Lynch ___ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
RE: Naming crap (Re: IESG review of RFC Editor documents)
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On | Behalf Of Iljitsch van Beijnum | Sent: Sunday, March 28, 2004 9:38 PM | To: Harald Tveit Alvestrand | Cc: IETF Discussion | Subject: Re: Naming crap (Re: IESG review of RFC Editor documents) | | On 27-mrt-04, at 18:36, Harald Tveit Alvestrand wrote: | | If we are to change the process that produces this stuff, | we HAVE to | understand what the reasons are that reasonable, competent people | produce things that are sub-par, broken or crap. And | IMHO, we can't | do that without saying what these unacceptable results of | the process | are. | | [...] | | I don't think anonymous, class-based criticism will get us much | further. We need to be specific about what our problems are. | | To me it seems that the IETF can't make up its mind: are | RFCs just drafts that don't expire, or are they hugely | important documents that must be absolutely perfect before | they are published? | | The problem is version control. We're engineers. That means | we are, more so than mere mortals, doomed never to get | anything right the first time out. However, the RFC | publishing model doesn't really allow for incremental | changes: you have to write a completely new RFC, which then | gets a new number that has no relation to the original RFC. | | What we need is a way to add information to RFCs whithout | the need to rewrite the original RFC or make the new | information a full-blown RFC of its own. Personally and from observation it would appear RFCs are stand alone documents that do not get revised. They get superseded by new RFCs covering the same topic. Perhaps the way to approach this particular issue is to provide better navigation aids through the various RFCs so that it is easier for users to find all the related documents showing the relationship (timeline and validity) between the documents. A more involved and comprehensive document management system. Darryl (Dassa) Lynch
RE: [ga] Fracturing the Internet
| -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of | Patrick Corliss | Sent: Monday, April 16, 2001 10:21 AM | To: [GA] | Subject: [ga] Fracturing the Internet | | | Multilingual Top Level Domains | Available top level domains (TLD) in Arabic: | http://www.nativenames.net/english/whois/topleveldomains.asp | | Here's an example of an approach that may fracture the internet. From :http://www.nativenames.net/english/domains/policies/standards-warning .asp QUOTE NativeNames is among the first pioneers to enter the arena of multilingual domain names, and is among the first pioneers to support languages of the Middle East, including Arabic, Farsi, and Urdu. As with any pioneering efforts, there are dangers associated with being first. The most important one which you, the domain name registrant, need to be concerned about, is the evolution of standards regarding domain names. Until the standards get hammered out and are ratified, there is a chance of the same domain name being sold by different companies. Should that happen with a domain that you purchase through an affiliated registrar of NativeNames, NativeNames and that registrar will make every good faith effort - God willing - to return any prorated fees owed to you from the time of reporting to us of a problem for the remaining part of your registration term. Note that NativeNames, unlike many other registries, is virtually unique in warning potential buyers. We are deeply concerned about assuring you the best possible quality and service, and we appreciate your business. Please also note that we are actively pursuing avenues to minimize any potential problems. We are the first, and currently the only, registry that is focusing on Mideastern languages. We also hold a prominent role in the IETF's working group on Arabic domain names (in fact, our COO is the chair of that group). We will do our best to make sure that whoever you buy your domain name from, that domain name is yours God willing. End QUOTE Wouldn't the above in the last paragraph indicate a conflict of interest for being involved in this Registry and holding a chair in the IETF working group? Darryl (Dassa) Lynch.
RE: Relation email - person (re: Mail sent to midcom)
|-Original Message- |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] |Sent: Thursday, February 15, 2001 3:49 AM |Subject: Re: Relation email - person (re: Mail sent to midcom) | |25.00% defunct | 0.1% duplicates (same person, different addresses) | 0.01% wrong person | |which is a pretty strong evidence of Harald's assertion: | ||The mapping address - person is pretty strong, and mostly single-valued. ||The mapping person - address is multivalued, and getting more so. | |One would expect that in "clean" data, these mappings would |be even stronger. The first and second statistics can be taken care of with management. The last one is of concern but could also be taken care of with management. Not sure that it is strong evidence. I have multiple e-mail addresses, some of them redirections to other addresses and others that map finally through redirections to multiple addresses and individuals. Take mailing list addresses for instance where a single address resolves out to multiple individuals, some in fact may not be to individuals but expanded out in other directions, add in wap and it starts getting complicated. It may be desirable to have an authoritive address for each individual and I assume this is where this thread is heading. I'm interested in the subject of e-mail which is why I broke my lurking :). Darryl (Dassa) Lynch.
RE: Relation email - person (re: Mail sent to midcom)
|-Original Message- |From: Harald Alvestrand [mailto:[EMAIL PROTECTED]] |Sent: Wednesday, February 14, 2001 5:41 AM |To: Mike O'Dell; [EMAIL PROTECTED] |Subject: Relation email - person (re: Mail sent to midcom) | |I recently had the dubious pleasure of sending out 40.000 |emails to a set of email addresses gathered (with the owners' approval!) over |a period of seven years. | |The result was roughly 10.000 bounces (naturally), dozens of |requests to merge multiple registrations for the same person, and on the |order of FIVE occurences of an email address previously used by one person |now being used by another. | |The mapping address - person is pretty strong, and mostly single-valued. |The mapping person - address is multivalued, and getting more so. | |Not quite "not working", if we take it for what it is. I would consider such results the fault of the list maintainer and not a fault in the email system. Much like physical addresses used within the postal system, anyone maintaining a list needs to provide a means to maintain the validity of the data. If the data is invalid it is a cost the person using the data has to carry. It doesn't mean that all the data is invalid, just the means to keep it current was inadequate. Most mailing lists for instance employ means to maintain the integrity of the subscribtions, including regular probes. There are means available for other types of lists, a lot depending on the usage and value. Darryl (Dassa) Lynch.
RE: Example of dns (non) fun
Hi Actually IMHO, it would not be such a jump for them to make. They impose trademark restrictions on DNS entries and the URDP has been used to capture some generic wording. As the by--aduwvya actually translates to a similar wording I don't see it holding up the courts or the URDP for long. Dassa |-Original Message- |From: Stephen Dyer [mailto:[EMAIL PROTECTED]] |Sent: Tuesday, December 05, 2000 9:14 PM |To: vint cerf; Richard Shockey; Dan Kolis; [EMAIL PROTECTED] |Subject: Re: Example of dns (non) fun | | |Hi, | |There is also an interesting legal problem lurking with |http://www.deja.fr/ and http://www.bq--aduwvya.fr/ | |A court might find me guilty of trademark violation of "deja" |with the |first URL, but I can't see them upholding the same for "bq--aduwvya"
