IETF
cfrg
cfrg@jabber.ietf.org
Friday, March 15, 2013< ^ >
Room Configuration
Room Occupants

GMT+0
[12:58:55] tlyu joins the room
[12:59:47] kasamatsu.kouhei joins the room
[13:02:37] Sean Turner joins the room
[13:02:49] jimsch joins the room
[13:02:54] burcam joins the room
[13:05:51] Robin Wilton joins the room
[13:06:27] <Robin Wilton> If anyone in the Jabber room would like something relayed to the mic, please preface it with mic:
[13:06:29] <Robin Wilton> thanks
[13:07:43] <Robin Wilton> Kevin Igoe presented the agenda - which is online here: https://datatracker.ietf.org/meeting/86/materials.html#wg-cfrg
[13:07:55] bkihara.l joins the room
[13:08:10] <Robin Wilton> Next up: Jim Schaad - "What is JOSE"?
[13:10:44] sftcd joins the room
[13:12:58] satoru.kanno@gmail.com joins the room
[13:15:38] =JeffH joins the room
[13:16:18] hillbrad joins the room
[13:25:15] mcgrew joins the room
[13:32:12] <Robin Wilton> Paul Hoffman: ECMAscript specifies that, in parsing, the *last* of any identically-named Members in a lexical scope is the one to be used. (So if JOSE specifies that Member names MUST be unique, that will introduce incompatibility with ECMAscript
[13:39:36] <mcgrew> Why would one need multiple authentication tags?
[13:42:50] <Robin Wilton> Relayed to the mic - sorry, it took a while for me to see the message :^(
[13:43:47] <mcgrew> Interesting, sounds like the encryption scheme security needs to be considered in a group model as well.
[13:44:18] kivinen joins the room
[13:44:19] <mcgrew> We should consider the security goals for authenticated encryption in a group model
[13:45:11] Melinda joins the room
[13:47:12] hillbrad joins the room
[13:47:17] hillbrad leaves the room
[13:48:51] tlyu leaves the room
[13:49:50] tlyu joins the room
[13:52:53] <mcgrew> mic: why isn't the key metadata part of the key, so that it doesn't need to be separately specified?
[13:54:08] <mcgrew> The above question is for slide 30
[13:54:11] <mcgrew> Thanks!
[13:54:54] <mcgrew> :-)
[13:54:58] <Robin Wilton> oops - Jabber sync problems!
[13:55:23] <Robin Wilton> (the problem, as usual, is the squishy thing between the chair and the keyboard - sorry)
[13:56:18] Karen O'Donoghue joins the room
[13:56:53] hillbrad leaves the room
[13:56:59] <Robin Wilton> wait for it… wait for it...
[13:57:43] hillbrad joins the room
[13:59:09] <Sean Turner> what they're saying is that everyhing in the {} is a key
[13:59:21] eburger joins the room
[13:59:46] <mcgrew> Thanks, I misunderstood the slides.   I should not have tried to read ahead.
[14:00:10] <Robin Wilton> no apology needed!
[14:01:07] semery joins the room
[14:02:34] <Robin Wilton> Paul Hoffman: Sean, what do you want cfrg's role/purpose to be, here?
[14:02:41] Karen O'Donoghue leaves the room
[14:02:59] <Robin Wilton> Sean Turner: to provide advice on algorithm choice, alg combos etc., please
[14:04:24] <Robin Wilton> Sean Turner: can you just remind us why there are multiple encoding methods?
[14:04:32] <eburger> He is Security Area Director.
[14:04:41] <eburger> In theory he is just a participant in the IRTF.
[14:04:55] <Sean Turner> that is correct I'm just a participant here
[14:05:10] <eburger> But you have a little pull :-)
[14:06:44] <tlyu> mic: if you're going to require HTTPS for key URLs, and public keys don't have to have certificates, aren't you delegating certification of public keys to the underlying web PKI? that kind of complicates analysis of key trust
[14:06:52] <=JeffH> in the talk the term "json key" was used, but just fyi, in the spec it is "json web key"
[14:07:11] <Robin Wilton> Mike Jones: just to clarify the question raised by Sean - there's a current draft on ways of transporting keys; one option would be to use the JSON structures as the vehicle for transporting keys… but cfrg's input would be very useful in deciding whether that's a suitable method
[14:07:52] mcgrew leaves the room
[14:07:56] mcgrew joins the room
[14:10:54] <Robin Wilton> [passim] RFC 5279 and NIST 838F are both possible sources of guidance on appropriate algorithms for key wrapping
[14:11:24] <mcgrew> I second Kevin in thanking Jim for the presentation!
[14:11:41] <Robin Wilton> Sorry - NIST 800-38F
[14:12:38] <Robin Wilton> OCB mode - Offset Codebook Mode (http://en.wikipedia.org/wiki/OCB_mode)
[14:12:42] <Sean Turner> well thanks for the cfrg's time and review.  I have a funny feeling this jose thing might be used in a lot of places so I'd like to get it right from a cryptographic standpoint
[14:13:27] <mcgrew> mic: I am in favor of publishing the OCB RFC
[14:13:56] <Robin Wilton> Hummm was in favour of adopting the OCB RFC as a cfrg document
[14:16:25] <=JeffH> a minor point -- hum was in favor of advancing OCB I-D draft-irtf-cfrg-ocb-00 to become an RFC
[14:16:39] <Robin Wilton> Thank you Jeff
[14:17:12] <Robin Wilton> Next up - Paull Hoffman - Diffie-Hellman Test for IKEv2
[14:18:33] <Robin Wilton> Slides here: http://www.ietf.org/proceedings/86/slides/slides-86-cfrg-4.pdf
[14:19:53] <Robin Wilton> Dan - Tests are required if *both*: using ECDH or another finite field algorithm with small field AND DH private key is reused for multiple sessions
[14:20:45] <Robin Wilton> Mike StJohns: what do you mean by "verify" here?
[14:24:14] <Robin Wilton> Teru Kivinen: testing for groups with small sub-groups (see slide 3) is appropriate if re-using keys, but may not actually save you much time/processing relative to generating a fresh key
[14:25:27] <Robin Wilton> Paul Hoffman: please submit any comments on draft-ietf-ipsecme-dh-checks-00 soon, via the ipsecme mailing list, so it can go to WGLC soon after Orlando
[14:26:39] <Robin Wilton> Correction to one of the previous comments; Dan - Tests are required if *both*: using ECDH or another finite field algorithm with small *small sub-groups AND DH private key is reused for multiple sessions
[14:27:12] <mcgrew> The draft that Kevin mentioned: http://tools.ietf.org/html/draft-mcgrew-hash-sigs-00
[14:27:18] <Robin Wilton> Next up - Kevin Igoe: Intro to Hash Signatures
[14:30:45] <Robin Wilton> Slides here: http://www.ietf.org/proceedings/86/slides/slides-86-cfrg-3.pdf
[14:31:39] yaron.sheffer joins the room
[14:32:12] <Robin Wilton> Kevin Igoe; [there's] a class of hashes which I will call "Abysmally Stupid"  ;^)
[14:37:31] sftcd leaves the room
[14:40:43] <Robin Wilton> Here's the Dave McGrew draft Kevin referred to: http://tools.ietf.org/html/draft-mcgrew-hash-sigs-00
[14:41:34] <Robin Wilton> (Lamport, Diffie, Winternitz and Merkle are the sources cited)
[14:42:03] <=JeffH> this is an application of "merkle hash trees" it seems?
[14:42:55] <Robin Wilton> would you like me to ask via the mic?
[14:43:06] <yaron.sheffer> I *think* the summary version is at http://en.wikipedia.org/wiki/Merkle_signature_scheme
[14:43:56] <mcgrew> mic: Dan Bernstein gave a brief preview of the multi-session attacks on TLS-RC4 in his talk at Fast Software Encryption 2013 earlier this week
[14:44:31] sftcd joins the room
[14:50:54] <Robin Wilton> Paul Hoffman: are you suggesting small devices are going to be H/W AES-capable?
[14:51:14] <Robin Wilton> Tero Kivinen: they already are
[14:52:10] <Robin Wilton> Mike StJohns  - but only implementing encrypt mode…
[14:52:34] semery leaves the room
[14:53:40] Melinda leaves the room: Computer went to sleep
[14:53:58] burcam leaves the room
[14:54:24] =JeffH leaves the room: Logged out
[14:54:34] hillbrad leaves the room
[14:56:14] yaron.sheffer leaves the room
[14:57:00] eburger leaves the room
[14:57:19] Robin Wilton leaves the room
[15:00:43] kasamatsu.kouhei leaves the room
[15:02:49] Sean Turner leaves the room
[15:05:00] mcgrew leaves the room
[15:05:06] sftcd leaves the room
[15:08:40] satoru.kanno@gmail.com leaves the room
[15:14:09] bkihara.l leaves the room
[15:15:48] kasamatsu.kouhei joins the room
[15:16:10] Sean Turner joins the room
[15:16:33] kasamatsu.kouhei leaves the room
[15:17:46] Sean Turner leaves the room
[15:17:55] Sean Turner joins the room
[15:22:15] Robin Wilton joins the room
[15:22:47] Sean Turner leaves the room
[15:23:43] bkihara.l joins the room
[15:24:18] bkihara.l leaves the room
[15:29:47] Robin Wilton leaves the room
[15:34:59] tlyu leaves the room
[15:58:08] eburger joins the room
[16:08:32] kivinen leaves the room
[16:09:52] eburger leaves the room
[16:10:55] eburger joins the room
[16:25:21] eburger leaves the room
[17:06:48] jimsch leaves the room
[17:26:10] jimsch1 joins the room
[18:14:27] jimsch1 leaves the room
[18:23:07] jimsch1 joins the room
[18:27:13] jimsch1 leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!