IETF
ipsecme@jabber.ietf.org
Tuesday, November 15, 2016< ^ >
Yoav Nir has set the subject to: IPsecME Meeting at IETF 96 in Berlin - https://tools.ietf.org/wg/ipsecme/agenda?item=agenda-96-ipsecme.html
Room Configuration
Room Occupants

GMT+0
[02:42:26] bergtau joins the room
[03:02:57] bergtau joins the room
[03:03:07] bergtau leaves the room
[03:51:00] bergtau leaves the room: Disconnected: closed
[03:51:00] bergtau joins the room
[04:19:34] Meetecho joins the room
[04:25:13] Alexander Truskovsky joins the room
[04:25:13] Jim Thompson joins the room
[04:25:13] Scott Fluhrer joins the room
[04:25:13] John Border joins the room
[04:25:21] Adam Montville joins the room
[04:25:23] Mike Brown joins the room
[04:25:54] svan joins the room
[04:26:27] <Adam Montville> '''/topic'''
[04:26:57] Scott Fluhrer leaves the room
[04:26:59] Scott Fluhrer joins the room
[04:27:00] Adam Montville has set the subject to: IPsecME Meeting at IETF 97 Berlin
[04:27:09] <Adam Montville> https://datatracker.ietf.org/meeting/97/agenda/ipsecme/
[04:27:49] Yoav Nir joins the room
[04:30:22] paulwouters joins the room
[04:30:33] whatdafuq joins the room
[04:31:02] Panos Kampanakis joins the room
[04:31:14] Dan Harkins joins the room
[04:32:12] <Adam Montville> Showing chair slides.
[04:32:18] <Adam Montville> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-chair-slides-01.pdf
[04:32:53] <Adam Montville> slide 4
[04:34:10] <Adam Montville> If you can't tell, I'm your jabber scribe today.  If you want something mentioned at the microphone, please preface it with "mic:" or otherwise let me know.
[04:34:15] <Adam Montville> slide 6
[04:34:22] <Adam Montville> sorry slide 5
[04:36:09] <Adam Montville> slide 6
[04:36:38] <Adam Montville> Slide 7
[04:37:04] <Adam Montville> Split DNS: https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-split-dns-tcp-encapsulation-drafts-00.pdf
[04:37:07] <Dan Harkins> ikev1?
[04:37:10] <Adam Montville> DNS
[04:37:23] <Adam Montville> Slide 2
[04:37:31] <Adam Montville> @Dan Harkins: Did you want me to ask something?
[04:37:33] Huiung Park joins the room
[04:37:51] <Dan Harkins> no, just making a random comment on Tero's freudian slip :-)
[04:38:00] <Adam Montville> ok :-)
[04:38:19] <Adam Montville> Slide 3
[04:38:35] mcr joins the room
[04:41:32] <Adam Montville> Slide 5 now...
[04:41:36] <Adam Montville> Slide 6
[04:42:53] Dave Waltermire joins the room
[04:43:05] <Adam Montville> Slide 7
[04:44:09] <Adam Montville> Slide 8
[04:45:53] <whatdafuq> let us not forget EAP! Doesn't everything have to be encapsulated over EAP? IKE over QUIC over EAP over....
[04:46:10] <Adam Montville> Slide 9
[04:49:11] Simon Romano joins the room
[04:49:12] <paulwouters> anyone know how to spell his name?
[04:50:05] <Adam Montville> hu jun
[04:50:14] <Dave Waltermire> Thanks
[04:50:20] <paulwouters> thanks
[04:50:27] <Adam Montville> np
[04:50:52] svan leaves the room: I'm happy Miranda IM user. Get it at http://miranda-im.org/.
[04:53:30] svan joins the room
[04:56:10] <Adam Montville> Slide 10
[04:59:35] Max Liu joins the room
[05:01:07] <Adam Montville> Next presentation: https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-draft-ietf-ipsecme-eddsa-draft-mglt-ipsecme-implicit-iv-00.pdf
[05:01:11] <Adam Montville> Slide 2
[05:01:16] <Jim Thompson> do we have any idea when the yang model might be updated?
[05:02:12] Max Liu leaves the room
[05:02:18] <Adam Montville> Slide 3
[05:03:01] <Dave Waltermire> Jim was that for the mic?
[05:03:11] <Jim Thompson> it can just be for the room
[05:03:19] <Jim Thompson> since it's not on the agneda
[05:03:20] <Adam Montville> Slide 4
[05:03:57] <Adam Montville> Slide 5
[05:04:02] <Dave Waltermire> I haven't seen any discussion for a while on the list
[05:05:12] <Adam Montville> Slide 6
[05:05:37] <Adam Montville> Back to slide 5 for Paul's question
[05:06:09] <Adam Montville> Slide 6
[05:06:32] <whatdafuq> mic: the answer is that it's a signing oracle and that is a bad (if not good) thing. Context is easy fix.
[05:07:22] <whatdafuq> i.e not, not if not, sorry for the typo
[05:07:42] <whatdafuq> NOT IT'S A BAD THING!
[05:07:48] <Adam Montville> Start over.
[05:07:53] <whatdafuq> or give up
[05:07:58] <Adam Montville> Sorry.
[05:09:23] <whatdafuq> if the key is used in something like CMS it might actually be possible to get someone to sign a "bad" blob.
[05:11:11] <Adam Montville> Slide 7
[05:12:05] <whatdafuq> mic: not clear, is ipseme's decision based upon what curdle does?
[05:12:22] Huiung Park leaves the room
[05:13:38] <Adam Montville> Next presentation - Signature Forms: https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf
[05:13:41] <Adam Montville> Slide 1
[05:13:46] <Adam Montville> (title slide)
[05:13:48] <Adam Montville> Next
[05:13:53] <Adam Montville> So, slide 2
[05:15:39] <Adam Montville> Slide 3: Real Life Interop
[05:17:07] Morton Swimmer joins the room
[05:18:43] <Adam Montville> Slide 4: Possible Future Issues
[05:19:46] <Adam Montville> Slide 5: "What to Do: Do Nothing"
[05:21:01] <Adam Montville> Slide 6: "What to Do: Make a Quick Fix"
[05:21:44] <Adam Montville> Slide 7: "What to Do: Solve Generic Problem"
[05:23:22] <Adam Montville> Slide 8: Any Thoughts?
[05:24:07] <whatdafuq> mic: waiting for "will be gone" is not right— given IKEv1's tenaciousness— so if something hurries up -PSS adoption we should do it. Size of message seems to be a small price to pay.
[05:24:46] <Adam Montville> in line…
[05:27:42] <paulwouters> whatdafuq: except we now also have PKCS#1 v2.2 ?
[05:28:07] Jim Thompson leaves the room
[05:28:18] svan leaves the room: I'm happy Miranda IM user. Get it at http://miranda-im.org/.
[05:28:43] <paulwouters> with opportunistic Encryption, you dont know what the other party supports :( and if we cannot publish this with the key, we wont know :/
[05:29:13] <Adam Montville> Next presentation: IKE and QR Reqs.  
[05:29:13] <Adam Montville> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-ike-and-qr-requirements-00.pdf
[05:29:21] <Yoav Nir> I don't see PSS adoption happening quickly if at all. RSA in general is seen as "the past" while any future development is some form of EC. So public CAs are not moving to sign certificates with PSS - they're moving to sign them with ECDSA
[05:29:29] <Adam Montville> Slide 2: Background
[05:30:14] svan joins the room
[05:30:36] <Adam Montville> Slide 3: Background (what do we do about this)
[05:32:02] <Adam Montville> Slide 4: Previous WG Meeting
[05:32:55] <whatdafuq> I guess that's the rub… if a cert is not signed with PSS then it kind of settles the matter for that exchange. And if CAs are not moving to PSS then it makes support less important. Very sad.
[05:34:20] <Adam Montville> Slide 5: Results of the WG Poll
[05:34:24] <Adam Montville> (sorry for that delay)
[05:34:36] <Adam Montville> Slide 6: Interpretation of the Results
[05:35:38] <Adam Montville> Slide 7: Updates to draft-fluhrer-qr-ikev2-03 to reflect these priorities
[05:37:41] <whatdafuq> mic: since the child SAs use KEYMAT to generate IPsec keys and KEYMAT has the PPK then why mix in the PPK again to generate child SAs?
[05:38:15] <whatdafuq> child SA's keys
[05:39:02] <Scott Fluhrer> Because we want to give an implementor the option of protecting the IKE traffic
[05:39:05] <Adam Montville> @whatdafuq good enough answer for now?
[05:39:51] <whatdafuq> but if the PPK is part of KEYMAT then the IKE traffic is always protected. And the child SA keys inherit the QC resistance the PPK provides. No?
[05:40:06] <Adam Montville> Slide 8: Changes from the previous version
[05:40:12] <whatdafuq> yes Adam thank you
[05:41:00] <Adam Montville> Slide 9: How we score against the requirements
[05:44:34] <whatdafuq> mic: the conflict between identity protection and PSKs was what caused that IKEv1 PSK problem to begin with! Usability and management are more important and our recent history demonstrates this.
[05:46:52] <Scott Fluhrer> This pseudoidentity must be enough to identify the PPK
[05:48:45] <Adam Montville> @Scott for the room or mic?
[05:50:07] <Adam Montville> Slide 10: Thank you
[05:51:36] <Adam Montville> Next presentation: Compact Format of IKE v2: https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-compact-format-of-ikev2-payloads-00.pdf
[05:51:38] <Adam Montville> Slide 2
[05:52:54] <Adam Montville> Slide 3: Existing Format Redundancy
[05:53:12] Panos Kampanakis leaves the room
[05:53:51] <Adam Montville> Slide 4: Compact Format Requirements
[05:53:51] svan leaves the room: I'm happy Miranda IM user. Get it at http://miranda-im.org/.
[05:54:37] <Dan Harkins> @Scott what other requirements are there on identifying the PPK? Is a bruteforce search of a DB of PPKs to find a per-exchange match is too onerous?
[05:54:47] <Adam Montville> Slide 5: Generic Compact Format
[05:54:47] Mike Brown leaves the room
[05:55:22] <Adam Montville> Slide 6: Special Compact Formats
[05:56:25] <Adam Montville> Slide 7: Compact SA Payload
[05:56:57] <Adam Montville> Slide 8: Compact Notify Payload
[05:57:02] <Adam Montville> Sorry… Still Slide 7
[05:57:33] <Adam Montville> NOw…Slide 8: Compact Notify Payload
[05:57:44] <Adam Montville> Slide 9: Negotiation
[05:58:43] <Adam Montville> Slide 10: Using
[05:59:31] <Adam Montville> Slide 11: Integration
[06:00:05] <Adam Montville> Slide 12: Thanks
[06:00:18] <Adam Montville> Back to Slide 10: Using
[06:07:58] <Adam Montville> Back to Slide 5: Generic Compact Format
[06:11:59] <paulwouters> Ryan Wise?
[06:12:27] <whatdafuq> Brian
[06:12:36] <whatdafuq> Weis
[06:12:58] <Adam Montville> Next presentation: Encapsulating ESP in UDP for Load-balancing — https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-encapsulating-esp-in-udp-for-load-balancing-00.pdf
[06:13:03] <Adam Montville> Slide 1: Title slide.
[06:13:39] <Adam Montville> Slide 2: Motivations
[06:14:48] svan joins the room
[06:15:06] <Adam Montville> Slide 3: ESP-in-UDP Encapsulation Format
[06:15:55] <Scott Fluhrer> Question: why don't you reuse the NAT-T packet format?
[06:16:11] <Adam Montville> @Scott, is that for the mic?
[06:16:52] <Adam Montville> Slide 5: Clarifications
[06:17:02] <whatdafuq> mic: SPI already identifies a flow. No need for any other field for flow identification. Any LB decision made by the destination MUST be transparent to the source.
[06:17:21] <Meetecho> note to chairs: Scott Fluhrer in the virtual queue
[06:17:59] <Adam Montville> @meetecho, thanks for that.
[06:18:33] <whatdafuq> did I observe properly that my comment was completely ignored?
[06:18:40] <Adam Montville> @Scott, that worked better than me getting up to the mic.
[06:18:51] <Adam Montville> I think the presenter nodded....
[06:18:59] <Adam Montville> @whatdafuq.
[06:19:12] <Adam Montville> @whatdafuq Want me to reask?
[06:19:19] <Adam Montville> Slide 6: Next-steps
[06:19:27] <whatdafuq> no, probably not. Thanks though
[06:20:05] <Adam Montville> Ok, no worries.
[06:20:39] <whatdafuq> Tero channels WTF!
[06:21:10] <Adam Montville> lol
[06:22:41] <Adam Montville> Next presentation: GDOI GROUPKEY-PUSH Acknowledgement Message — https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-gdoi-groupkey-push-acknowledgment-message-00.pdf
[06:22:46] <Adam Montville> Slide 1
[06:23:11] <Adam Montville> Slide 2: Background
[06:24:02] <Adam Montville> Slide 3: Problem Statement
[06:24:55] <Adam Montville> Slide 4: Proposed Solution
[06:25:34] <Adam Montville> Slide 5: Proposed Solution continued
[06:25:47] <Adam Montville> Slide 6: GROUPKEY-PUSH ACK Message
[06:26:06] <Adam Montville> Slide 7: Group Member Operations
[06:26:53] <Adam Montville> Slide 8: GCKS Operations
[06:27:37] HAJIME WATANABE joins the room
[06:27:43] <Adam Montville> Slide 9: Next Steps?
[06:29:48] svan leaves the room: I'm happy Miranda IM user. Get it at http://miranda-im.org/.
[06:29:59] <Adam Montville> And…we're adjourned…
[06:30:05] Adam Montville leaves the room
[06:30:11] <whatdafuq> thanks adam!
[06:30:15] whatdafuq leaves the room
[06:30:17] Yoav Nir leaves the room
[06:30:17] Meetecho leaves the room
[06:30:31] HAJIME WATANABE leaves the room
[06:30:31] Dan Harkins leaves the room
[06:30:32] Scott Fluhrer leaves the room
[06:30:32] John Border leaves the room
[06:30:32] Alexander Truskovsky leaves the room
[06:30:32] Morton Swimmer leaves the room
[06:30:39] Dave Waltermire leaves the room
[06:30:39] Simon Romano leaves the room
[06:31:18] paulwouters leaves the room
[06:32:49] Dave Waltermire joins the room
[06:32:58] Dave Waltermire leaves the room
[06:54:32] mcr leaves the room: Disconnected: closed
[06:56:12] mcr joins the room
[09:00:17] paulwouters joins the room
[09:03:25] paulwouters leaves the room
[09:48:36] mcr leaves the room: Disconnected: No route to host
[11:19:07] mcr joins the room
[23:20:54] mcr leaves the room: Disconnected: closed
[23:36:17] bergtau leaves the room: Disconnected: closed
[23:36:21] bergtau joins the room
[23:41:53] bergtau leaves the room
[23:55:04] kivinen joins the room
[23:55:50] kivinen leaves the room
[23:58:35] mcr joins the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!