IETF
Lurk
lurk@jabber.ietf.org
Monday, July 18, 2016< ^ >
sftcd has set the subject to: Virtual LURK BoF https://datatracker.ietf.org/secr/proceedings/interim-2016-lurk-2/lurk/
Room Configuration
Room Occupants

GMT+0
[11:13:42] ilari.liusvaara joins the room
[15:08:46] metricamerica joins the room
[15:10:24] metricamerica joins the room
[15:10:30] metricamerica leaves the room
[15:23:00] metricamerica leaves the room
[15:38:59] JeffH joins the room
[15:39:17] eburger joins the room
[15:50:21] Meetecho joins the room
[15:55:10] Eric Burger joins the room
[15:55:58] Lorenzo Miniero joins the room
[15:56:23] <JeffH> minutes will be here — feel free to pitch-in & help :)
[15:56:25] <JeffH> http://etherpad.tools.ietf.org:9000/p/notes-ietf-96-lurk?useMonospaceFont=true
[15:56:46] <eburger> Thanks, Jeff. I forgot to arrange beforehand - is there anyone in the room to Jabber scribe?
[15:57:15] <JeffH> Yaron is tugging sleeves...
[15:57:36] Lucas Jenß joins the room
[15:58:20] <Lucas Jenß> I could scribe, would be my first time though
[15:59:16] metricamerica joins the room
[15:59:29] cw-ietf joins the room
[16:00:04] Yoav Nir joins the room
[16:00:05] Sean Turner joins the room
[16:00:07] <eburger> It has to be the first time some time!
[16:00:10] Ben Kaduk joins the room
[16:00:30] <Yoav Nir> Yaron has already tagged my sleeve though.
[16:01:02] <Lucas Jenß> asked in the room and seems like there already is a scribe
[16:01:11] <eburger> great
[16:01:18] <eburger> thanks for volunteering anyway
[16:02:12] <Yoav Nir> Hi. I'll be your Jabber scribe. If you want anything read at the room microphone, just prefix it with "mic:"
[16:02:33] JoeHallCDT joins the room
[16:02:49] Sean Leonard joins the room
[16:03:45] wseltzer@jabber.org joins the room
[16:03:47] sftcd joins the room
[16:03:59] <Yoav Nir> We're looking at the chair slides now.
[16:04:06] Kyle Rose joins the room
[16:04:09] DanYork joins the room
[16:04:18] <Yoav Nir> "Session Goals" slide
[16:04:35] Martin Thomson joins the room
[16:04:52] <Yoav Nir> "Meeting Agenda"
[16:05:34] eburger leaves the room
[16:06:18] <Yoav Nir> Daniel Migault presenting use cases: https://www.ietf.org/proceedings/96/slides/slides-96-lurk-1.pdf
[16:06:43] <Yoav Nir> Slide #1: Lurk Architecture
[16:06:53] <Yoav Nir> (I'm going by the numbers printed on the slides)
[16:07:26] <Yoav Nir> Slide #2
[16:07:50] m&m joins the room
[16:08:28] Simon Pietro Romano joins the room
[16:08:28] <Yoav Nir> Slide #3
[16:08:43] Barry Leiba joins the room
[16:09:54] Stefan Santesson joins the room
[16:10:07] <Yoav Nir> Slide #4
[16:11:22] <Yoav Nir> Slide #5
[16:12:38] metricamerica joins the room
[16:16:31] <Yoav Nir> That was Subodh at the mic. Martin Thomson now.
[16:18:15] <Yoav Nir> DKG @ the mic
[16:20:27] rsalz joins the room
[16:20:59] <Yoav Nir> Subodh again
[16:22:09] <Yoav Nir> Still looks strange to me that you trust that side enough to allow them to impersonate you, but not enough to give them the private key.
[16:23:28] <Ben Kaduk> What if the "hostile environment" is one where you can't prevent the disks from being pulled on the machine, but you can detect when it happens?
[16:23:35] dkg joins the room
[16:23:53] <Yoav Nir> If client changes were in scope, we could do several cooler things
[16:24:56] <Yoav Nir> @Ben: can you distinguish powering off of the edge server to pull the hard disk as opposed to random power failure?
[16:25:55] <Yoav Nir> Daniel's done
[16:25:55] metricamerica leaves the room
[16:26:00] <JoeHallCDT> only if you see in the news or from your provider that your metal was seized: https://www.privateinternetaccess.com/forum/discussion/21779/we-are-removing-our-russian-presence
[16:27:06] <Yoav Nir> Yaron (from the chair position) presenting https://www.ietf.org/proceedings/96/slides/slides-96-lurk-2.pdf
[16:27:15] <Yoav Nir> Slide #2
[16:27:25] <rsalz> You can usually distinguish using a variety of evidence.  E.g., if one server goes down vs all racks just vanish.
[16:27:48] Andrew Sullivan joins the room
[16:28:46] <JoeHallCDT> makes a lot of sense, like the PCH study of the egyptian internet shut-off (those were route announcement connections all going dark within about 1 minute)
[16:29:31] <Yoav Nir> Or the attacker (which could be a government official with a warrant) could type some commands that share the disk remotely over the net. NFS FTW
[16:29:58] <Yoav Nir> Slide #3
[16:30:19] <Ben Kaduk> Yoav: I think you can detect certain things ... you may want to do some validation of the running system every time it boots, before you authorize it to use the signing oracle.
[16:30:57] <Yoav Nir> EKR at the mic
[16:31:48] <Yoav Nir> DKG at the mic
[16:33:25] <Yoav Nir> Joe Sallowey at the mic
[16:33:47] hildjj joins the room
[16:34:18] <Yoav Nir> Slide #4 (Upon Compromise)
[16:35:41] wseltzer@jabber.org is now known as wseltzer
[16:36:36] <Yoav Nir> Ben: maybe, but if you have entity A in country B hosting the server for company C in country D, I think A is going to cooperate with country B's law enforcement rather even if it means sending copies of the server that belongs to company C.
[16:36:45] <Yoav Nir> Slide #5
[16:36:55] <Eric Burger> Is there anyone in queue behind Ted (who is speaking at the mic)
[16:36:57] <Eric Burger> ?
[16:36:59] <JoeHallCDT> no
[16:37:06] <Eric Burger> thanks
[16:37:15] JoeHallCDT waves
[16:37:32] <Meetecho> FYI for remote attendees on Meetecho: the current Etherpad session is integrated, so you can open it using the document icon on the upper right part of the screen (second from the right)
[16:37:32] wseltzer is now known as wseltzer@jabber.org
[16:37:46] <Yoav Nir> Ted Hardie at the mic
[16:37:55] <Ben Kaduk> Yoav: in that scenario, compliance with local law enforcement seems likely.  But that is not the only potential scenario.
[16:38:18] <Yoav Nir> Subodh at the mic
[16:38:56] <Yoav Nir> PHB at the mic
[16:39:33] <Yoav Nir> Says most clock skew is up to 24 hours before or after
[16:39:38] <Yoav Nir> Makes sense
[16:39:49] <Yoav Nir> Ben Schwartz (Jigsaw)
[16:40:06] <Eric Burger> Line closed after Ben.
[16:41:42] <Yoav Nir> DKG
[16:42:16] <Simon Pietro Romano> Eric acting as a lurker in lurk! Ironic :-)
[16:42:28] <Eric Burger> 8)
[16:42:44] <Ben Kaduk> I may have to fire up some nethack now.
[16:42:44] <Yoav Nir> Daniel Migault again, this time presenting https://www.ietf.org/proceedings/96/slides/slides-96-lurk-3.pdf
[16:43:24] <Yoav Nir> Slide #1
[16:43:38] <Yoav Nir> As before, I'm typing the number of slide printed on the slide
[16:43:39] <Yoav Nir> Slide #2
[16:43:44] <Yoav Nir> Slide #3
[16:44:16] <Yoav Nir> Slide #4
[16:45:55] <Yoav Nir> EKR
[16:47:52] <Yoav Nir> Slide #5
[16:48:13] <Yoav Nir> Slide #6
[16:48:33] Yoav Nir has set the subject to: Lurk Meeting - IETF 96
[16:49:31] <Yoav Nir> EKR again
[16:50:01] hildjj leaves the room
[16:52:39] sftcd joins the room
[16:52:47] sftcd leaves the room
[16:52:59] <Yoav Nir> PHB at the mic
[16:53:42] <Yoav Nir> Subodh at the mic
[16:54:50] <Yoav Nir> Slide #7
[16:54:56] <Yoav Nir> Slide #8
[16:55:18] Andrew Sullivan leaves the room
[16:55:40] hildjj joins the room
[16:57:08] <Yoav Nir> Rich Salz
[16:57:42] <Yoav Nir> DKG
[16:58:17] <Yoav Nir> Yaron presenting the (draft) charter
[16:59:16] <Yoav Nir> https://www.ietf.org/proceedings/96/slides/slides-96-lurk-4.pdf
[16:59:16] <Yoav Nir> Looking at the Introduction
[16:59:16] <Yoav Nir> And now at the "Body" page
[17:01:52] <Yoav Nir> Tero Kivinen
[17:02:26] JoeHallCDT leaves the room
[17:02:41] <Yoav Nir> Fix the long tail with an axe
[17:02:42] Carlos Martinez joins the room
[17:02:49] <Yoav Nir> Erik Nygren
[17:02:58] <Sean Turner> +1 to the axe
[17:03:16] <Yoav Nir> (that's me paraphrasing Tero)
[17:03:40] <Yoav Nir> PHB
[17:03:43] <Sean Turner> @yoav: it was nice summary
[17:04:08] Safa Almalki joins the room
[17:05:32] <Yoav Nir> DKG
[17:06:49] <cw-ietf> this is why the sub-certs/proxy certs approach has appeal
[17:07:27] <Yoav Nir> EKR again; Ben Schwartz is next
[17:08:01] Olle E. Johansson at IETF Berlin (GMT+1 DST) joins the room
[17:10:26] <Yoav Nir> Seems weird that you would have one of the solutions we saw today in this group, and then go and do sub-certs elsewhere. These are solutions to the same problem.
[17:10:56] <Yoav Nir> Martin Thomson
[17:11:26] <Yoav Nir> Subodh again
[17:11:50] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> How would sub-certs be handled in DANE?
[17:13:19] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> The mic queue is growing
[17:13:42] <Yoav Nir> sub-certs are not well defined yet. They could be X509 certificates signed by the EE, or they could be something else.
[17:13:43] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> For those of you remote participants: You can use Meetecho to place yourself in a queue and speak
[17:14:04] <Yoav Nir> Or they can prefix a message here with "mic:"
[17:14:15] <Sean Turner> https://datatracker.ietf.org/doc/rfc3820/
[17:14:27] <Sean Turner> proxy certificates
[17:15:31] <cw-ietf> that fails the can't break clients requirement
[17:15:51] <Sean Turner> sure does cw-ietf
[17:15:59] <Yoav Nir> My favorite idea for sub-certs is a delegation message. Something that says "a39.akamai.com can serve content for www.content.com". So when the (modified) client connects to www.content.com, it is rerouted to a39.akamai.com. The server shows its own certificate plus the delegation message. Of course this works only for new clients.
[17:16:28] <Yoav Nir> So not valid according to the constraints for this group
[17:16:28] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> Are proxy certificates in use anywhere?
[17:16:43] <cw-ietf> seems like a non-critical extension that includes a delegation message like this could work within a proxy certificate
[17:16:56] <cw-ietf> at the cost of having to validate the proxy cert and the delegator
[17:17:44] <Yoav Nir> PHB
[17:18:03] <Sean Turner> I think the "grid" people are using the proxy certificates, but that's all I'm aware of
[17:18:31] Barry Leiba leaves the room
[17:22:43] <Yoav Nir> Latency is not the only issue. We use a CDN not just to reduce latency. We use a CDN so that our content server don't need to scale and don't need to have insane uptime. The CDN takes care of the insane reliability. Remote signing brings the scalability and reliability requirements back to the content owner.
[17:22:43] <Yoav Nir> PHB again (earlier it was Joe Hildenbrandt (sp?))
[17:22:45] <Yoav Nir> *Hildebrand
[17:23:28] Carlos Martinez leaves the room
[17:23:28] <Sean Leonard> mic:with all of the private keys floating around on various services with the proposed LURK model, it would make sense to label or annotate private keys in a common way, to designate its intended use, or sensitivity. (These would be considered intrinsic properties of the private key, although they are not mathematical properties.) Perhaps common labels or attributes for private keys intended for remote-use (or for keys used for authenticating the untrusted entity to a LURK server) may make sense. Such common labeling might also help with identifying when to rotate keys out of service, for example.
[17:23:29] Kyle Rose leaves the room
[17:23:30] Kyle Rose joins the room
[17:23:37] <hildjj> To be clear, I absolutely don't care about DNSsec in this space.
[17:23:43] <sftcd> yoav is heading to mic
[17:24:28] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> A certificate for a private key?
[17:24:36] <Yoav Nir> Daniel Migault
[17:24:44] bergtau joins the room
[17:25:48] Aaron Falk joins the room
[17:25:51] Suzanne joins the room
[17:26:08] Suzanne leaves the room
[17:27:39] <Yoav Nir> Stephan at the mic
[17:28:04] <Yoav Nir> Stephan Emile
[17:28:29] <Yoav Nir> Mike Bishop
[17:29:30] <Yoav Nir> RSA with RC4 and MD5 :-)
[17:29:41] <rsalz> don't laugh.
[17:29:52] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> And a maximum of 128 bit key length… Right...
[17:29:55] <Yoav Nir> Ben S again
[17:30:11] <Ben Kaduk> We have only mostly gotten rid of rc4 with md4 over in kerberos land...
[17:30:16] <Yoav Nir> Nah, just use the 40-bit export version
[17:30:28] <Olle E. Johansson at IETF Berlin (GMT+1 DST)> Right, we are looking for a GLOBAL solution
[17:32:08] <Yoav Nir> 0x00,0x03    TLS_RSA_EXPORT_WITH_RC4_40_MD5
[17:33:43] <Yoav Nir> Stephen Farrell thinks there is no reason to do hums right now. Anybody thinks different?
[17:36:40] <Eric Burger> I am hearing a lot of people saying what is good for CDN's and I am hearing those who run CDN's saying they are beyond wrong.
[17:37:38] <Yoav Nir> I'm hearing that as well.
[17:37:57] <hildjj> there's a list of work that needs to be done for any of these use cases when short-lived certs are used.  we should get that list written down.  I'm happy to help with that brainstorming task.
[17:38:33] DanYork leaves the room
[17:39:10] <Yoav Nir> And it seems we're done.
[17:39:11] <Eric Burger> Thank you all!
[17:39:17] Aaron Falk leaves the room
[17:39:19] <Yoav Nir> Auf wiedersehen
[17:39:20] Eric Burger leaves the room
[17:39:24] Yoav Nir leaves the room
[17:39:26] Olle E. Johansson at IETF Berlin (GMT+1 DST) leaves the room
[17:39:38] bergtau leaves the room
[17:39:49] Kyle Rose leaves the room
[17:39:51] Simon Pietro Romano leaves the room
[17:39:52] Stefan Santesson leaves the room
[17:39:52] Kyle Rose joins the room
[17:39:53] Kyle Rose leaves the room
[17:39:53] Sean Leonard leaves the room
[17:39:53] Lorenzo Miniero leaves the room
[17:39:54] Safa Almalki leaves the room
[17:40:01] wseltzer@jabber.org leaves the room
[17:40:05] cw-ietf leaves the room
[17:40:16] Meetecho leaves the room
[17:40:25] Ben Kaduk leaves the room
[17:40:44] Martin Thomson leaves the room
[17:40:44] Lucas Jenß leaves the room: Disconnected: closed
[17:40:46] Sean Turner leaves the room
[17:44:16] m&m leaves the room: Disconnected: closed
[17:46:44] sftcd leaves the room
[17:50:27] JeffH leaves the room
[17:50:31] metricamerica leaves the room
[17:53:01] hildjj leaves the room
[17:55:54] Lucas Jenß joins the room
[17:56:01] Lucas Jenß leaves the room
[18:00:27] Kyle Rose joins the room
[18:00:44] Kyle Rose leaves the room
[18:21:03] rsalz leaves the room
[19:12:31] dkg leaves the room
[20:53:59] Martin Thomson joins the room
[21:05:18] m&m joins the room
[21:08:29] Martin Thomson leaves the room
[21:18:13] Martin Thomson joins the room
[21:47:17] Martin Thomson leaves the room
[22:09:19] Aaron Falk joins the room
[22:11:37] m&m leaves the room: Disconnected: closed
[22:45:31] Martin Thomson joins the room
[22:47:48] Martin Thomson leaves the room
[23:46:09] Martin Thomson joins the room
[23:49:08] Martin Thomson leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!