Kurt Kayser - 20-05-2022 08:44:54
Good morning, fellow Internet citizens
Marek Barczyk - 20-05-2022 08:44:56
Good morning everyone :D
Elvis Daniel Velea - 20-05-2022 08:49:54
good morning in this last RIPE84 day
Kurt Kayser - 20-05-2022 08:53:55
maybe a little weather warning to all people that need to travel home today. Later in the afternoon there seems to be heading bad weather into the Berlin metro area...
Brett Carr - 20-05-2022 08:55:39
Morning everyone
Brett Carr - 20-05-2022 08:55:55
The birds don't sound like they went to the RIPE Dinner last night
Michela Galante - 20-05-2022 09:01:03
Hi everyone, I'm Michela from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read it out, please write it in the Q&A window also stating your affiliation. Otherwise, you can ask questions using the microphone icon. Please note that all chat transcripts will be archived and made available to the public on https://ripe84.ripe.net/.
The RIPE Code of Conduct: https://www.ripe.net/publications/docs/ripe-766.
Elvis Daniel Velea - 20-05-2022 09:11:31
is meetecho crashing for anyone else?
Brett Carr - 20-05-2022 09:11:43
its fine here
Marco Schmidt - 20-05-2022 09:13:51
@elvis the issue seems to exist for some attendees, IT was made aware
Elvis Daniel Velea - 20-05-2022 09:15:53
for me ...this time... it was Starlink going down for a couple of minutes.
Kurt Kayser - 20-05-2022 09:16:53
Starlink? I thought DTAG is sponsor of connectivity?
Elvis Daniel Velea - 20-05-2022 09:17:24
I'm watching from home :)
Peter Hessler - 20-05-2022 09:17:28
as good as our sponsors are, they are unable to provide services to you at home :)
Kurt Kayser - 20-05-2022 09:17:42
true, wrong end. sorry.
Ruben van Staveren - 20-05-2022 09:26:38
no problems here
Kurt Kayser - 20-05-2022 09:29:38
@NCC maybe a little weather warning to all people that need to travel home today. Later in the afternoon there seems to be heading bad weather into the Berlin metro area... https://www.dwd.de/DE/wetter/warnungen_gemeinden/warnWetter_node.html
Michela Galante - 20-05-2022 09:32:34
@Kurt I passed on the message to the organisers
Peter Hessler - 20-05-2022 09:32:59
@Kurt I'll mention it briefly during the last Q&A for this session
Kurt Kayser - 20-05-2022 09:33:22
thanks
christian bretterhofer - 20-05-2022 09:54:52
https://crt.sh/?id=6439678461 online.vtu.ru seems to be used now from GlobalSign RSA OV SSL CA 2018
christian bretterhofer - 20-05-2022 09:55:31
https://crt.sh/?id=5828347935 before march 29
christian bretterhofer - 20-05-2022 09:55:44
from Thawte RSA CA 2018
Kurt Kayser - 20-05-2022 09:59:00
happy eyeballs don't care about revocation. It's about SPEED
Daniel Mahoney - 20-05-2022 10:04:44
...if this were the case, we wouldn't be seeing this presentation.
Michael Richardson - 20-05-2022 10:08:40
I thought chrome/google did OCSP stapling.
Kurt Kayser - 20-05-2022 10:08:46
I imaginge how much OCSP traffic a CA-operator must handle, if all clients would query them!
Michael Richardson - 20-05-2022 10:09:18
I don't have a clue how to setup to pull staples, but I assumed banked do.
Marco d'Itri - 20-05-2022 10:11:59
enabling OCSP stapling is really trivial, but the exact details (how to store the certificates, what needs to be configured) change from server to server
Ruben van Staveren - 20-05-2022 10:14:47
for HAProxy it is cumbersome whereas nginx will do it inline...
christian bretterhofer - 20-05-2022 10:15:43
OCSP stapling is supported on
Apache HTTP Server (>=2.3.3)
Nginx (>=1.3.7)
Daniel Mahoney - 20-05-2022 10:18:32
Apache's mod_md is...kind of awesome for this, if you're one of those gray-beards still running apache.
Kurt Kayser - 20-05-2022 10:19:48
for node.js: https://www.example-code.com/nodejs/ocsp_certificate_validation.asp
christian bretterhofer - 20-05-2022 10:20:21
https://news.netcraft.com/archives/category/web-server-survey/ 23% apache 31% nginx
Ruben van Staveren - 20-05-2022 10:21:43
No talk from Geoff not mentioning DNS eh o/
Guillaume-Jean Herbiet - 20-05-2022 10:22:41
I've seen this coming from like 10 mins... :wink:
Michael Richardson - 20-05-2022 10:22:42
Been wanting to do this for decades... since RFC4025 and RFC4322....
Kurt Kayser - 20-05-2022 10:23:10
it's true. DNS is the motor oil which keeps the Internet-engine running
Guillaume-Jean Herbiet - 20-05-2022 10:23:38
@Kurt : can I quote this in future DNS talks?
Kurt Kayser - 20-05-2022 10:23:44
sure.
Ruben van Staveren - 20-05-2022 10:23:54
:clap:
Brett Carr - 20-05-2022 10:24:09
That was presentation of the week for me :)
Kurt Kayser - 20-05-2022 10:24:35
thank you very much. This topic was much overdue for a very long time. I always assumed there is a problem, but to check it out this deep, is very valuable.
Guillaume-Jean Herbiet - 20-05-2022 10:27:43
What is the RFC number mentioned by Geoff?
Michael Richardson - 20-05-2022 10:27:51
7091?
Brett Carr - 20-05-2022 10:27:58
7901
Cyrille Maechler - 20-05-2022 10:28:02
7901 ?
Brett Carr - 20-05-2022 10:28:15
CHAIN Query Requests in DNS
Guillaume-Jean Herbiet - 20-05-2022 10:28:48
@Brett: 7901, then. Thanks.
Michela Galante - 20-05-2022 10:29:52
This session has now ended. The next session is the Closing Plenary and it will start at 11.00. More info on the RIPE 84 meeting plan: https://ripe84.ripe.net/programme/meeting-plan/