IETF
cfrg
cfrg@jabber.ietf.org
Wednesday, March 25, 2015< ^ >
Room Configuration
Room Occupants

GMT+0
[00:03:46] Tadanori TERUYA joins the room
[00:05:01] Tadanori TERUYA leaves the room
[09:27:43] ilari.liusvaara joins the room
[14:43:28] Tadanori TERUYA joins the room
[15:47:42] Tadanori TERUYA joins the room
[16:09:31] nico joins the room
[16:28:57] Tadanori TERUYA leaves the room
[17:25:45] Tadanori TERUYA joins the room
[17:36:09] Tadanori TERUYA leaves the room
[17:40:24] Tadanori TERUYA joins the room
[17:47:17] Meetecho joins the room
[17:48:58] wseltzer joins the room
[17:50:41] Yoav Nir joins the room
[17:51:59] ericf joins the room
[17:53:46] Tadanori TERUYA leaves the room
[17:54:17] alexey.melnikov joins the room
[17:55:19] yaron.sheffer joins the room
[17:55:51] <alexey.melnikov> We are going to start in 5 mins. Plenty of people in the [physical] room in Dallas
[17:55:51] Tadanori TERUYA leaves the room
[17:56:08] <yaron.sheffer> If you want to be channeled, please prefix your message by "mic:".
[17:56:19] Aaron Zauner joins the room
[17:56:38] Bill Mills joins the room
[17:56:39] Eric Flores joins the room
[17:56:40] tlyu@mit.edu joins the room
[17:57:39] Randy Bush joins the room
[17:57:49] C Peters joins the room
[17:57:53] sftcd joins the room
[17:58:18] <sftcd> cfrg needs a bigger room next time;-)
[17:58:48] Eric Flores leaves the room
[17:58:48] satoru.kanno@jabber.org joins the room
[17:58:51] <Aaron Zauner> crowded? :)
[17:59:24] Satoru Kanno joins the room
[17:59:29] <sftcd> yep and still coming in
[17:59:34] Tadanori TERUYA joins the room
[17:59:57] ogud@jabber.org joins the room
[18:00:06] Frederico A C Neves joins the room
[18:00:14] Randy Bush leaves the room
[18:00:40] Randy Bush joins the room
[18:01:16] wseltzer joins the room
[18:02:25] Adam Montville joins the room
[18:02:49] David Waltermire joins the room
[18:03:22] Paul Selkirk joins the room
[18:05:19] Valery Smyslov joins the room
[18:05:33] hallam joins the room
[18:06:58] Frederico A C Neves leaves the room
[18:07:59] ericf leaves the room
[18:09:52] wseltzer leaves the room
[18:09:53] smemery joins the room
[18:12:32] Mark Baker joins the room
[18:12:57] Nicolas Williams joins the room
[18:13:10] <hallam> OK so is there a way that I can tell code that does the signature right from stuff that is broken
[18:13:20] <hallam> Without auditing the code
[18:14:30] <smemery> Would you like this to be channeled?
[18:14:42] Kathleen Moriarty joins the room
[18:14:50] <yaron.sheffer> He's on the physical queue
[18:14:58] <Kathleen Moriarty> room temp should start to adjust soon
[18:15:05] <Kathleen Moriarty> a little cooler
[18:15:52] ericf joins the room
[18:16:47] ericf leaves the room
[18:17:00] <Nicolas Williams> who was just speaking?
[18:17:12] Eric Flores joins the room
[18:17:22] <yaron.sheffer> Rene Struik
[18:17:48] Simon Romano joins the room
[18:19:46] <Nicolas Williams> I came in late; just in case, allow me to state my support for de-randomized signatures
[18:20:15] <yaron.sheffer> Channel to the mic?
[18:20:40] <Nicolas Williams> we generally don't treat national crypto standards specially
[18:21:10] <Nicolas Williams> yaron: if the question was asked, yes, but let the ciurrent comments run
[18:21:11] Frederico A C Neves joins the room
[18:21:44] <Nicolas Williams> we should let NIST/ANSI do their thing and let them get non-RTI codepoint assignments like all the others
[18:22:10] <Aaron Zauner> I concur. Besides we really don't want to wait for them, do we?
[18:23:09] <Nicolas Williams> can we get video from the other mic line?
[18:23:22] <Nicolas Williams> aaron: yes, we don't and shouldn't
[18:24:02] <Nicolas Williams> so I'm +1 to Paul H.'s point, though not because we should distrust NIST as much as because they are an external entity to be handled as we do so many others
[18:25:00] Deb Cooley joins the room
[18:25:36] Samuel Weiler joins the room
[18:26:44] weiler joins the room
[18:27:11] wseltzer joins the room
[18:27:22] wseltzer leaves the room
[18:27:30] Aaron Zauner leaves the room
[18:27:49] Aaron Zauner joins the room
[18:27:56] mike  hamilton joins the room
[18:29:55] Eric Flores leaves the room
[18:30:29] Antonio Araujo joins the room
[18:31:34] Dirk Balfanz joins the room
[18:31:52] ogud@jabber.org leaves the room
[18:31:57] Vinod Anupam joins the room
[18:32:28] <Nicolas Williams> Mic: Why Informational?
[18:33:08] ogud@jabber.org joins the room
[18:33:47] <Nicolas Williams> if you make it informational then Standards-Track docs will have a hard time using it
[18:34:00] <Nicolas Williams> (downrefs)
[18:34:35] <sftcd> @nico: we can fix that, not a problem
[18:34:37] <Nicolas Williams> we don't want to use this?
[18:34:45] <Nicolas Williams> I couldn't hear the comments
[18:34:52] <Nicolas Williams> yes, I know
[18:34:57] <sftcd> comments were that info isn't a problem
[18:35:06] <Nicolas Williams> that's what I thought
[18:35:19] <Nicolas Williams> still
[18:35:35] Eric Flores joins the room
[18:35:43] kaduk joins the room
[18:36:05] <yaron.sheffer> RFC 2104 (HMAC) is informational, and this is just one example.
[18:36:57] <Aaron Zauner> Nicolas: what would be the difficulty in referencing an informational document?
[18:37:26] <kaduk> You just have to get it approved for the list of normative downrefs
[18:37:36] <Nicolas Williams> Aaron: ah, I though tPBKDF2 was standards-track
[18:37:42] <Nicolas Williams> never mind...
[18:38:12] <hallam> OK I think I solved the problem I raised easlier
[18:38:29] <alexey.melnikov> Nico: Pretty much all security primitives are Informational RFCs
[18:38:44] <Nicolas Williams> yeah, nvm
[18:38:59] Tadanori TERUYA leaves the room
[18:39:04] mike  hamilton leaves the room
[18:39:05] <hallam> Lets say that we are going to use an API for a DSA algorithm using a secret key that is embedded in hardware.
[18:39:37] <hallam> My concern is to make sure that the routine does not leak the key by choosing a weak value of k
[18:39:54] Yoav Nir leaves the room
[18:40:04] <Nicolas Williams> phb: the hardware would have to generate the random
[18:40:08] Yoav Nir joins the room
[18:40:21] <Nicolas Williams> mind you, I want derandomized ECC signatures
[18:40:42] <hallam> I can provide a mechanism that allows me to provide a 'salt' value in such a way that I can veryfy that the routine actually made use of it in calculating the signature.
[18:41:18] <hallam> We have protection against defective r if either the HSM being called or the caller supplied a strong r.
[18:41:18] <Nicolas Williams> yes, that would be clever
[18:41:50] <hallam> Well, I will submitted a similar proposal to the NIST conference.
[18:42:05] Dan Wing joins the room
[18:42:06] <hallam> The math is pretty simple
[18:42:48] Tadanori TERUYA joins the room
[18:45:03] <Nicolas Williams> mic: there's a TTP that can totally break the system, so you don't want to use this outside your personal set of devices
[18:45:22] <Nicolas Williams> that's the answer to Yoav (it's Yoav asking, yes?)
[18:45:30] <kaduk> Yes, that was Yoav
[18:46:45] Kathleen Moriarty leaves the room
[18:46:54] <Nicolas Williams> mic: to Derek: isn't that what I just said? :)
[18:47:08] <Nicolas Williams> mic: who would you trust to throw away the conjugator?
[18:47:37] <Nicolas Williams> yes!
[18:47:41] <Nicolas Williams> that's the point
[18:47:59] <Nicolas Williams> you can do this for your IoT, with your TTP
[18:48:23] <Bill Mills> so it requires agreement/setup, not suitable for arbitrary unknown other actors?
[18:48:23] <Aaron Zauner> hm why didn't that get discussion on list before having it at a meeting (did I miss a thread)?
[18:48:53] <yaron.sheffer> It actually did.
[18:49:20] <Aaron Zauner> ok. nevermind.
[18:51:24] Steve Olshansky joins the room
[18:52:04] Frederico A C Neves leaves the room
[18:53:35] <Nicolas Williams> Mic: there's no problem with this, except that one has to generate one's own parameters, because there's always a backdoor that can only be closed by throwing away the secrets used to generate it, and so the only TTP one can trust for this are the TTPs one runs
[18:53:40] svan joins the room
[18:53:54] <Aaron Zauner> dan gilmore is now in line with chinese gov? :)
[18:53:55] <Nicolas Williams> yes, this could work for DNSSEC root keys
[18:54:23] Kathleen Moriarty joins the room
[18:54:30] <Nicolas Williams> :)
[18:54:37] Frederico A C Neves joins the room
[18:55:47] Kathleen Moriarty leaves the room
[18:55:51] <alexey.melnikov> All slides can be found at https://datatracker.ietf.org/meeting/92/materials.html
[18:56:25] Eric Flores leaves the room
[18:58:18] <Aaron Zauner> are there specific ideas for protocols that could use sphincs?
[18:59:11] <Aaron Zauner> (well, besides openpgg I guess)
[18:59:19] <Aaron Zauner> openpgp
[18:59:34] Tadanori TERUYA leaves the room
[19:00:03] alexey.melnikov leaves the room
[19:00:48] Frederico A C Neves leaves the room: Replaced by new connection
[19:01:03] Frederico A C Neves joins the room
[19:01:25] Antonio Araujo leaves the room
[19:01:27] Kathleen Moriarty joins the room
[19:02:01] alexey.melnikov joins the room
[19:04:41] renzoe joins the room
[19:06:14] Kathleen Moriarty leaves the room
[19:08:05] Mike Hamburg joins the room
[19:08:22] ogud@jabber.org leaves the room
[19:08:46] bitwiseshiftleft@gmail.com joins the room
[19:10:43] <smemery> Aaron: Does that answer your question?
[19:10:58] <Aaron Zauner> yes :)
[19:13:44] Sandy Murphy joins the room
[19:13:59] Frederico A C Neves leaves the room
[19:16:11] <smemery> Is there any IPR associated with the proposals?
[19:16:41] Frederico A C Neves joins the room
[19:17:36] <bitwiseshiftleft@gmail.com> Is there a security proof of AugPAKE more recent than http://eprint.iacr.org/2010/334.pdf?
[19:18:40] Frederico A C Neves leaves the room
[19:18:48] alexey.melnikov leaves the room
[19:18:49] <bitwiseshiftleft@gmail.com> … because I think that proof is wrong…
[19:18:56] Kathleen Moriarty joins the room
[19:19:20] <smemery> Would you like the question channeled?
[19:19:30] alexey.melnikov joins the room
[19:19:30] alexey.melnikov leaves the room
[19:20:37] <bitwiseshiftleft@gmail.com> Meaning that you'll repeat it in the physical conference?  Sure, once he gets to questions.
[19:21:04] <smemery> OK.
[19:21:07] <bitwiseshiftleft@gmail.com> Thanks.
[19:21:31] edgardo navas joins the room
[19:21:47] <smemery> My question answered for the second proposal.
[19:23:31] Bill Mills leaves the room
[19:25:20] kivinen joins the room
[19:25:40] edgardo navas leaves the room
[19:26:00] ericf joins the room
[19:26:19] ericf leaves the room
[19:26:40] ogud@jabber.org joins the room
[19:26:50] edgardo  navas joins the room
[19:27:36] ogud@jabber.org joins the room
[19:27:52] ogud@jabber.org leaves the room
[19:28:52] Frederico A C Neves joins the room
[19:30:07] kaduk leaves the room
[19:31:00] Tadanori TERUYA joins the room
[19:32:20] <hallam> Yes, Digest Auth is insecure, it was designed that way because RSA and Diffie Hellman were both patent encumbered at the time. Why on earth would folk use it today?
[19:33:01] <ilari.liusvaara> hallam, Because nothing better exists currently? :-/
[19:33:17] Frederico A C Neves leaves the room
[19:33:33] Frederico A C Neves joins the room
[19:33:41] <Yoav Nir> ilari: so come to the http-auth session on Thursday and make it exist.
[19:37:43] Mike Hamburg leaves the room
[19:37:46] bitwiseshiftleft@gmail.com leaves the room
[19:40:09] Adam Montville leaves the room
[19:40:21] David Waltermire leaves the room
[19:41:23] ericf joins the room
[19:42:52] wseltzer leaves the room
[19:45:57] smemery leaves the room
[19:46:06] <Tadanori TERUYA> this question is about curve selection, how many curves will we select and think about for each security level in today's talk (or the future)?, only one curve?
[19:46:06] sftcd leaves the room
[19:46:21] <yaron.sheffer> Is that for the mic?
[19:46:37] Tadanori TERUYA leaves the room
[19:46:39] renzoe leaves the room
[19:46:44] yaron.sheffer leaves the room
[19:46:46] tlyu@mit.edu leaves the room
[19:46:52] Randy Bush leaves the room
[19:46:54] Paul Selkirk leaves the room
[19:47:00] kivinen leaves the room
[19:47:22] Vinod Anupam leaves the room
[19:47:30] Meetecho leaves the room
[19:47:35] Deb Cooley leaves the room
[19:47:48] <hallam> Yoav, 25 years later nobody has done better than the first thing I banged out while reading Bruce. That would be sad
[19:47:48] satoru.kanno@jabber.org leaves the room
[19:47:58] hallam leaves the room
[19:48:04] Mark Baker leaves the room
[19:48:07] Dirk Balfanz leaves the room
[19:48:27] Satoru Kanno leaves the room
[19:49:08] Yoav Nir leaves the room
[19:50:15] Aaron Zauner leaves the room
[19:50:53] Steve Olshansky leaves the room
[19:53:05] Dan Wing leaves the room
[19:53:40] renzoe joins the room
[19:53:53] ogud@jabber.org leaves the room
[19:55:03] Frederico A C Neves leaves the room
[19:55:09] ogud@jabber.org joins the room
[19:56:23] ogud@jabber.org leaves the room
[19:56:23] ogud@jabber.org joins the room
[19:56:42] ericf leaves the room
[20:00:10] ogud@jabber.org joins the room
[20:00:23] ogud@jabber.org leaves the room
[20:00:27] satoru.kanno@jabber.org joins the room
[20:10:23] satoru.kanno@jabber.org leaves the room
[20:10:45] Steve Olshansky joins the room
[20:13:53] ogud@jabber.org leaves the room
[20:16:06] Kathleen Moriarty leaves the room
[20:18:59] Frederico A C Neves joins the room
[20:19:05] renzoe leaves the room
[20:20:02] Frederico A C Neves leaves the room
[20:20:39] weiler leaves the room
[20:23:05] Steve Olshansky leaves the room
[20:23:55] sftcd joins the room
[20:27:54] renzoe joins the room
[20:27:55] ericf joins the room
[20:27:58] ericf leaves the room
[20:28:08] Kathleen Moriarty joins the room
[20:28:17] Kathleen Moriarty leaves the room
[20:28:35] sftcd leaves the room
[20:32:09] wseltzer joins the room
[20:34:07] Eric Flores joins the room
[20:34:31] Tadanori TERUYA joins the room
[20:34:34] Tadanori TERUYA leaves the room
[20:35:20] ilari.liusvaara leaves the room: offline
[20:36:41] Eric Flores leaves the room
[20:38:37] renzoe leaves the room
[20:48:57] ogud@jabber.org joins the room
[21:01:29] Eric Flores joins the room
[21:05:23] ogud@jabber.org leaves the room
[21:23:06] Eric Flores leaves the room
[21:27:29] svan leaves the room
[21:28:23] Simon Romano leaves the room
[21:37:23] wseltzer leaves the room
[21:57:57] ogud@jabber.org joins the room
[22:04:23] ogud@jabber.org leaves the room
[22:08:54] ogud@jabber.org joins the room
[22:10:25] wseltzer joins the room
[22:20:18] satoru.kanno@jabber.org joins the room
[22:40:24] satoru.kanno@jabber.org leaves the room
[22:46:54] ogud@jabber.org leaves the room
[22:49:34] satoru.kanno@jabber.org joins the room
[23:16:25] Simon Romano joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!