IETF
cfrg
cfrg@jabber.ietf.org
Wednesday, July 22, 2015< ^ >
Room Configuration
Room Occupants

GMT+0
[07:13:04] ahuelsing joins the room
[08:55:28] grothoff joins the room
[08:55:45] grothoff leaves the room
[08:55:59] grothoff joins the room
[09:01:13] grothoff leaves the room
[09:18:32] ahuelsing leaves the room: Disconnected: closed
[09:25:49] ahuelsing joins the room
[10:21:12] ahuelsing leaves the room: Disconnected: closed
[10:33:19] ahuelsing joins the room
[10:38:34] ahuelsing leaves the room
[10:39:02] andreas.huelsing joins the room
[10:50:22] cabo joins the room
[10:50:59] Meetecho joins the room
[10:53:17] Yoshiro Yoneya joins the room
[10:55:00] Frederico A C Neves joins the room
[10:55:36] cw-ietf joins the room
[10:55:37] Yoav Nir joins the room
[10:56:04] Steve Olshansky joins the room
[10:56:55] Olafur Gudmundsson joins the room
[10:57:31] richsalz joins the room
[10:58:15] richsalz has set the subject to: IETF-93 CFRG Meeting
[10:58:27] Sean Turner joins the room
[11:00:16] sftcd joins the room
[11:00:51] Jens Trillmann joins the room
[11:02:11] <richsalz> I'm relaying to the mic, so if you think I haven't noticed you, ping me harder :)
[11:02:14] DanYork joins the room
[11:02:29] whatdafuq joins the room
[11:02:43] Andreas Huelsing joins the room
[11:02:48] Simon Romano joins the room
[11:03:08] dkg joins the room
[11:03:39] <sftcd> cfrg needs a bigger room next time
[11:04:03] <whatdafuq> amen!
[11:04:16] <DanYork> +1
[11:05:38] andreas.huelsing leaves the room
[11:05:57] <ilari.liusvaara> Well, depends on how "explosive" stuff they are doing (of course, predicting that isn't trivial). :-)
[11:08:41] <richsalz> we can probably derive room size from # of messages over the previous 'n' weeks.
[11:10:26] <ilari.liusvaara> Or amount of controversy in topics (highly controversial topics tend to draw lots of people).
[11:11:12] <whatdafuq> yes, 5 separate "EC signature proposals" should've been a sign….
[11:11:21] Steve Olshansky leaves the room
[11:11:22] Yoshikazu GOTO joins the room
[11:11:42] Joe Hall joins the room
[11:12:13] <ilari.liusvaara> whatdafuq, yup.
[11:13:08] <ilari.liusvaara> (and especially with one of the proposals being quite different from others).
[11:13:40] <DanYork> In fairness, though, meeting room planning gets done LONG before agendas are set.
[11:15:19] <richsalz> yes, but i claim  list traffic is a leading indicator of agenda and interest/room-size
[11:15:53] Kyle Rose joins the room
[11:15:55] <Joe Hall> cfrg always seems to get small rooms
[11:16:12] <ilari.liusvaara> Well, hopefully the signature algorithms doesn't go into fireworks territory (I have listened at least one WG meeting that turned into fireworks).
[11:17:12] Steve Olshansky joins the room
[11:19:11] <Andreas Huelsing> at least there are no running patents on hash based and we know exactly how secure the schemes are...
[11:19:20] <Andreas Huelsing> ... even against quantum computers...
[11:21:32] Ram R joins the room
[11:21:47] Carl Mehner joins the room
[11:22:11] whatdafuq leaves the room
[11:22:46] Carl Mehner leaves the room
[11:23:07] Carl Mehner joins the room
[11:23:28] Amreesh  P joins the room
[11:23:49] alexey.melnikov joins the room
[11:24:18] dan brown joins the room
[11:24:52] <alexey.melnikov> We are currently on "Cheap quantum-safe cryptography without breaking anything" presentation
[11:25:19] Yoshikazu GOTO leaves the room
[11:25:25] Carl Mehner leaves the room
[11:25:38] <alexey.melnikov> Are people listening to audio or is anybody here just on jabber?
[11:25:51] <dan brown> i am watching
[11:26:02] <ilari.liusvaara> Listening to audio (with unknown delay).
[11:26:05] <dan brown> but I don't have audio
[11:26:30] <Andreas Huelsing> got video with audio running
[11:26:30] Yoshikazu GOTO joins the room
[11:26:35] Carl Mehner joins the room
[11:27:14] whatdafuq joins the room
[11:27:19] <alexey.melnikov> I didn't know we had video :-)
[11:27:35] <alexey.melnikov> Never mind, I can see the camera
[11:27:37] <Andreas Huelsing> Meetecho...
[11:27:53] <Meetecho> http://www.meetecho.com/ietf93/cfrg
[11:28:06] <alexey.melnikov> Thanks!
[11:28:24] <Meetecho> if you want just slides+audio (no video and jabber) you can use this instead: http://conf.meetecho.com/video/?s=athens-barcelona&r=cfrg&c=8893098
[11:28:58] Amreesh  P leaves the room
[11:30:19] Joe Hall leaves the room
[11:31:15] dan brown leaves the room
[11:31:49] <alexey.melnikov> Kenny: is there any IPR on hybrid approach for combining algorithm?
[11:32:05] Kyle Rose leaves the room
[11:32:10] <alexey.melnikov> William: I've done some search earlier and didn't find anything
[11:32:42] Amreesh P joins the room
[11:34:08] <alexey.melnikov> PHB: use Kerberos approach for keys? (Not sure I got it right)
[11:34:30] kodonog joins the room
[11:34:30] <alexey.melnikov> ?: GPL is not very friendly to OpenSSH/OpenSSL, as they are BSD based
[11:35:29] <alexey.melnikov> Stephen: interesting work, CFRG should work on it.
[11:36:04] <alexey.melnikov> EKR: "5 bits is bad" :-)
[11:37:07] <alexey.melnikov> EKR: when is good time to consider quantum safe algorithms? Are things stable enough to play?
[11:38:17] Joe Hall joins the room
[11:38:25] <alexey.melnikov> Stephen: have you thought about trying to fit your algorithm into Kerberos? Answer: no.
[11:40:22] dan brown joins the room
[11:40:39] Frederico A C Neves leaves the room
[11:40:41] <alexey.melnikov> DKG: use software update mechanisms in browsers and other software to drive research
[11:41:08] Frederico A C Neves joins the room
[11:41:11] <Andreas Huelsing> hummmmm
[11:41:13] <dan brown> hummmmm
[11:41:16] <Amreesh P> hummmmm
[11:41:32] <richsalz> unanimous hum in favor.
[11:41:37] <whatdafuq> those were 3 hums "for"
[11:42:02] <richsalz> karen donahue talking on cryptech
[11:42:27] <sftcd> https://cryptech.is/
[11:42:50] Steve O joins the room
[11:43:33] Satoru Kanno joins the room
[11:43:59] <alexey.melnikov> Tanja (earlier): some stuff we transfer now should still be unreadable in 10 years, even if quantum computers are deployed. So we should start deploying quantum crypto now-ish
[11:46:33] kodonog leaves the room
[11:47:16] <richsalz> no Q&A time, but there will be a preso at the SAAG tomorrow (which will probably also have remote support)
[11:47:41] Martin Thomson joins the room
[11:47:41] Kyle Rose joins the room
[11:47:58] Ram R leaves the room
[11:48:21] cabo leaves the room
[11:48:39] <richsalz> Dan Brown, remote, on his signature presentatoin
[11:48:46] cabo joins the room
[11:50:04] kodonog joins the room
[11:53:07] Steve O leaves the room
[11:53:21] Olafur Gudmundsson leaves the room
[11:54:11] Antonio Banderas joins the room
[11:54:26] Steve Olshansky_b joins the room
[11:55:02] Steve Olshansky_b leaves the room
[11:56:01] Kyle Rose leaves the room
[11:58:18] Antonio Banderas leaves the room
[12:01:06] m&m joins the room
[12:01:23] Amreesh P leaves the room
[12:01:30] bitwiseshiftleft@gmail.com joins the room
[12:01:31] Frederico A C Neves leaves the room
[12:03:55] whatdafuq leaves the room
[12:04:35] Mike Boyle joins the room
[12:09:59] Phillip Hallam-Baker joins the room
[12:10:02] Kyle Rose joins the room
[12:11:19] <Phillip Hallam-Baker> I would prefer just to use SHA-2-512 and SHA-3-512 for all non bulk systems
[12:11:46] <Phillip Hallam-Baker> If I had to do 384 for something it would be extra code.
[12:11:48] Michael Hamburg joins the room
[12:11:49] whatdafuq joins the room
[12:11:55] <richsalz> `Ilari, remote, on his EdDSA proposal
[12:12:19] Michael Hamburg leaves the room
[12:12:43] Kyle Rose leaves the room
[12:12:44] <Phillip Hallam-Baker> Getting back to Tanya's comment on mine, is she saying that hash functions are vulnerable to quantum computing?
[12:12:59] Michael Hamburg joins the room
[12:14:38] Frederico A C Neves joins the room
[12:15:02] <Phillip Hallam-Baker> At the moment TLS calculates a pre-master secret which is then used to authenticate the ephemeral parameters. This means that if the pre-master has a work factor of 2^256 and the ephemeral is 2^128, the security is reduced.
[12:15:04] <alexey.melnikov> Ilari's PPT has notes below slides, which might help to follow what he is saying
[12:15:08] <dan brown> I don't think hashes are vulnerable to quantum, except that one just doubles the size
[12:15:21] Kyle Rose joins the room
[12:15:51] <Phillip Hallam-Baker> So the function for derriving keys today should be  H (pre-maser + ephemeral)
[12:16:10] <Joe Hall> (can we get that AC back on… hot in the front of the room)
[12:16:13] <Andreas Huelsing> The best known quantum attacks on hash functions  are variants of Grovers algorithm and they have be shown to be optimal
[12:16:17] <Phillip Hallam-Baker> And in QC resistant should be H (pre-master + ephemeral + QCresist)
[12:16:37] <Phillip Hallam-Baker> Yep, we already double the size of hashes.
[12:16:54] <Andreas Huelsing> they change the complexity from 2^n to 2^(n/2) for (second-)preimage attacks
[12:17:28] <Andreas Huelsing> and from 2^(n/2) to 2^(n/3) for collision attacks
[12:17:35] <Andreas Huelsing> for n bit hashes
[12:18:38] <Andreas Huelsing> seems reasonable
[12:19:22] <Phillip Hallam-Baker> So use SHA-x-512 and the system should be acceptably secure.
[12:19:38] <Phillip Hallam-Baker> The point is to guarantee a work factor of 2^128.
[12:19:42] <Andreas Huelsing> yes
[12:19:54] <Phillip Hallam-Baker> We dont use longer keys to create a bigger work factor
[12:20:07] <Phillip Hallam-Baker> we use bigger keys to reduce the risk of algorithm compromise
[12:20:20] <Phillip Hallam-Baker> So a WF128 backup seems fine.
[12:20:21] <Andreas Huelsing> You also need to choose at least 256 bit sym. keys
[12:20:26] <richsalz> Tanja+Dan, local, on EdDSA for more curves
[12:20:56] Jens Trillmann leaves the room
[12:21:08] <Phillip Hallam-Baker> yep, for QC hardened...
[12:21:11] <Andreas Huelsing> As Grover also speeds-up exhaustive (key)-search
[12:21:16] Jens Trillmann joins the room
[12:22:12] <ilari.liusvaara> Sorry about poor pronouncation. :-/
[12:22:46] <sftcd> no probs quite understandable
[12:22:46] Steve Olshansky leaves the room
[12:23:05] <ilari.liusvaara> I probably pronounced EdDSA in some really horrible way...
[12:23:14] <richsalz> nobody noticed.
[12:24:51] DanYork leaves the room
[12:28:09] Kyle Rose leaves the room
[12:29:13] dan brown leaves the room
[12:29:48] hazekiah joins the room
[12:31:20] Martin Thomson leaves the room
[12:32:04] <richsalz> martin thomson presenting for watson, even though he does not understand it fully. :)
[12:32:11] Frederico A C Neves leaves the room
[12:33:41] dan brown joins the room
[12:34:04] Frederico A C Neves joins the room
[12:35:02] rbarnes joins the room
[12:35:12] <rbarnes > i joined this room just to contribute this: https://en.wikipedia.org/wiki/Fork-marked_lemur
[12:36:18] Martin Thomson joins the room
[12:36:44] Michael Hamburg leaves the room
[12:37:16] <richsalz> mike hamburg, remote, on the other variant of schnorr
[12:37:17] m&m leaves the room: Disconnected: closed
[12:38:14] <dan brown> is that a cricket sound or feedback?
[12:38:32] <Martin Thomson> I note that mike has forgotten operator precedence re - and %
[12:38:33] <Joe Hall> birds?
[12:38:36] <dkg> re: djb's point about GnuPG signing hashed messages: GnuPG's EdDSA-SHA512 normally signs SHA256(m), but it can also be made to sign SHA512(m) if an implementor only wants to implement one digest.
[12:38:46] <Sean Turner> hampster wheel
[12:39:44] <richsalz> fork-marked lemur wheel
[12:39:45] <Martin Thomson> Sean Turner: /crickets
[12:39:56] <dan brown> Sorry if I'm repeating myself: all the proposal permit batch signing, I think.
[12:39:56] <rbarnes > /crickets stop
[12:39:56] <Sean Turner> /fingerprint
[12:41:58] <dan brown> definitely hear some birds now, nice.
[12:42:29] <Joe Hall> please someone AC us, might help the squeaks too
[12:44:01] <Phillip Hallam-Baker> Well it isn't a hot tub.
[12:44:31] <Sean Turner> unless the fork-marked lemur is using a squeaky wheel to power the tub
[12:44:33] <Joe Hall> skype codecs have gone to shit, maybe
[12:44:37] <Phillip Hallam-Baker> I was once taking a call from the hot tub room which was the only room in my house with AC at the time and the clean cycle started...
[12:44:55] <Joe Hall> :)
[12:44:59] <dan brown> some schnorr proofs break down at half-length hashes
[12:45:16] <richsalz> TMI PHB :)
[12:46:04] alexey.melnikov leaves the room
[12:46:16] <Phillip Hallam-Baker> Oh you worried I was going to tell the other story rich?
[12:46:34] <richsalz> wait wait... didn't you get the envelope with cash?
[12:47:56] rbarnes leaves the room
[12:48:05] bitwiseshiftleft@gmail.com leaves the room
[12:48:12] bitwiseshiftleft@gmail.com joins the room
[12:48:31] <Yoav Nir> If it's not encoded in ASN.1, is it really a sig?
[12:49:51] <ilari.liusvaara> Well, one could use another notation just as easily (I developed some somewhat crazy ones). :-)
[12:50:43] DanYork joins the room
[12:50:46] Joe Hall leaves the room
[12:51:11] <Yoav Nir> Hey, our ability to read the BER from a hexdump is what makes us look like wizards
[12:51:18] <richsalz> http://ed25519.cr.yp.to/cfrg/signatures.py
[12:52:03] <ilari.liusvaara> Just don't try to decode it or you can get BERserk. :-)
[12:54:33] <Yoav Nir> or 'openssl asn1parse', sure, but you can point to the first bytes (inevitably 30 82) and saying "this means it's a sequence, this is the length field..."
[12:56:05] Phillip Hallam-Baker leaves the room
[13:00:06] rbarnes joins the room
[13:00:48] <bitwiseshiftleft@gmail.com> yeah, i put that in there because i was trying to implement tls in a few kilobytes for a project, and i was annoyed at having to add a bunch of padding and parsing and encoding functions for the ECDSA sigs :-/
[13:00:56] whatdafuq leaves the room
[13:02:09] Simon Romano leaves the room
[13:02:13] Phillip Hallam-Baker joins the room
[13:02:22] DanYork leaves the room
[13:02:22] Steve Olshansky joins the room
[13:02:37] <Phillip Hallam-Baker> Hey, lets call this script 'djb' and use THAT as the algorithm
[13:02:52] <rbarnes > what i am learning from this is that hamburg likes cute strings
[13:03:12] <bitwiseshiftleft@gmail.com> PHB: but then we'll have to add it to the script so we can compare it.  Self-printing code?
[13:03:15] Rich D joins the room
[13:05:32] whatdafuq joins the room
[13:05:46] Joe Hall joins the room
[13:11:51] Phillip Hallam-Baker leaves the room
[13:12:30] <rbarnes > re: pkcs11, you already have to do things like specify the hash functions for PSS
[13:12:41] Steve Olshansky leaves the room
[13:12:43] <rbarnes > Martin Thomson: ^^^
[13:14:38] <bitwiseshiftleft@gmail.com> Nothing to add in particular
[13:15:08] DanYork joins the room
[13:15:19] <bitwiseshiftleft@gmail.com> I'm here, but I've gone inside and don't want to wake my roommates, which is why I'd rather not talk unless there's an important point.
[13:15:35] Phillip Hallam-Baker joins the room
[13:15:38] <dkg> so were those birds?
[13:15:41] <richsalz> you can type into jabber and i'll repeat at the mic, mike.
[13:19:06] <bitwiseshiftleft@gmail.com> I like SHA-3 and particularly SHAKE.
[13:19:43] rbarnes leaves the room
[13:20:13] <bitwiseshiftleft@gmail.com> For larger curves, SHAKE avoids the problems of "my curve is 521 bits but my hash is only 512 bits" or "i want a double-length output"
[13:20:14] kodonog leaves the room
[13:20:59] <bitwiseshiftleft@gmail.com> cheers everyone, have a good rest of your afternoon
[13:21:04] bitwiseshiftleft@gmail.com leaves the room
[13:21:20] <richsalz> sorry, missed it before the subject changed.  mike, please email your comments
[13:24:05] Sean Turner leaves the room
[13:25:30] DanYork leaves the room
[13:25:44] <Yoav Nir> you put your left key in, you put your left key out, you put your left key in and you shake it all about
[13:25:57] <dan brown> SHAKE it all about
[13:26:48] Joe Hall leaves the room
[13:27:15] <richsalz> by folks
[13:27:19] richsalz leaves the room
[13:27:24] Frederico A C Neves leaves the room
[13:27:59] <Yoav Nir> ... and you SHAKE-256 it all about
[13:28:32] <dan brown> SEC1 version 2.0 has server-assisted key generation!
[13:28:57] <Yoav Nir> db: mic?
[13:29:05] Frederico A C Neves joins the room
[13:29:21] <Yoav Nir> too late...
[13:29:28] Yoshiro Yoneya leaves the room
[13:29:30] Phillip Hallam-Baker leaves the room
[13:29:33] Martin Thomson leaves the room
[13:29:35] whatdafuq leaves the room
[13:29:46] hazekiah leaves the room
[13:29:52] cabo leaves the room
[13:29:56] Yoav Nir leaves the room
[13:30:09] cw-ietf leaves the room
[13:30:11] Yoshikazu GOTO leaves the room
[13:30:55] Rich D leaves the room
[13:31:15] <ilari.liusvaara> Well, at least that one didn't turn into fireworks. :-)
[13:31:34] Andreas Huelsing leaves the room
[13:31:41] Meetecho leaves the room
[13:32:05] Jens Trillmann leaves the room
[13:32:35] Mike Boyle leaves the room
[13:32:46] Satoru Kanno leaves the room
[13:33:10] Carl Mehner leaves the room
[13:36:08] <ilari.liusvaara> If you really want to turn meeting into fireworks, it is not enough to have just controversial things to discuss, but also things that parties have signifcant financial interest about. :-)
[13:36:08] dan brown leaves the room
[13:38:30] Frederico A C Neves leaves the room
[13:38:34] kodonog joins the room
[13:41:16] kodonog leaves the room
[13:42:22] sftcd leaves the room
[13:43:52] dkg leaves the room
[13:45:14] Sean Turner joins the room
[13:45:35] Sean Turner leaves the room
[13:47:08] ilari.liusvaara leaves the room: offline
[13:49:04] whatdafuq joins the room
[13:53:51] Martin Thomson joins the room
[13:56:04] whatdafuq leaves the room
[13:59:26] Frederico A C Neves joins the room
[13:59:32] kodonog joins the room
[14:01:27] kodonog leaves the room
[14:03:01] rbarnes joins the room
[14:07:56] rbarnes leaves the room
[14:08:45] kodonog joins the room
[14:12:19] kodonog leaves the room
[14:13:14] kodonog joins the room
[14:15:00] kodonog leaves the room
[14:22:17] cabo joins the room
[14:30:09] Joe Hall joins the room
[14:31:08] Olafur Gudmundsson joins the room
[14:32:39] rbarnes joins the room
[14:32:53] Olafur Gudmundsson leaves the room
[14:32:56] rbarnes leaves the room
[14:41:18] Joe Hall leaves the room
[14:45:58] kodonog joins the room
[14:48:10] kodonog leaves the room
[14:50:05] Joe Hall joins the room
[15:15:23] cabo leaves the room
[15:19:59] Martin Thomson leaves the room
[15:22:18] Olafur Gudmundsson joins the room
[15:23:05] Joe Hall leaves the room
[15:26:23] Olafur Gudmundsson leaves the room
[15:26:54] kodonog joins the room
[15:27:06] Frederico A C Neves leaves the room
[15:37:19] kodonog leaves the room
[15:47:50] cabo joins the room
[15:53:47] Martin Thomson joins the room
[15:59:10] cabo leaves the room
[16:18:42] Martin Thomson leaves the room
[16:20:03] Martin Thomson joins the room
[16:20:23] Olafur Gudmundsson joins the room
[16:26:04] kodonog joins the room
[16:26:07] Olafur Gudmundsson leaves the room
[16:27:08] Martin Thomson leaves the room
[16:28:34] Martin Thomson joins the room
[16:32:23] kodonog leaves the room
[17:29:31] ilari.liusvaara joins the room
[17:41:09] Martin Thomson leaves the room
[18:32:50] Martin Thomson joins the room
[20:07:08] Martin Thomson leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!