IETF
openpgp
openpgp@jabber.ietf.org
Friday, July 24, 2015< ^ >
Room Configuration
Room Occupants

GMT+0
[05:37:28] Meetecho joins the room
[06:13:18] dkg joins the room
[06:13:40] <dkg> hi werner
[06:14:38] <werner> Good morning.
[06:14:46] cdl joins the room
[06:14:59] <cdl> Good morning everyone
[06:15:16] <dkg> cdl: hi!
[06:20:59] <dkg> cdl: do you want to try to voice in?  we can try: https://meet.jit.si/OpenPGPIETF93
[06:21:05] <dkg> or i can try a firefox hello call
[06:22:18] <dkg> the jitsi connection should work with multiple people if you both want to try
[06:22:22] <dkg> werner: ↑
[06:23:38] <dkg> the meeting will start in 35 minutes, so testing the A/V now would be a good idea
[06:25:40] <dkg> http://ietf93streaming.dnsalias.net/ietf/ietf933.m3u  ← audio stream for the room
[06:25:47] dkg has set the subject to: IETF 93 OpenPGP WG session
[06:26:20] <werner> my iceweasel is too old for jitsi
[06:27:24] dkg has set the subject to: IETF 93 OpenPGP WG session; MeetEcho: http://www.meetecho.com/ietf93/openpgp  listen: http://ietf93streaming.dnsalias.net/ietf/ietf933.m3u  voice-in (maybe?): https://meet.jit.si/OpenPGPIETF93
[06:27:32] <dkg> werner: what version of iceweasel are you running?
[06:28:17] <cdl> trytrying the meet.jit.si link now
[06:29:18] dkg has set the subject to: IETF 93 OpenPGP WG session; MeetEcho: http://www.meetecho.com/ietf93/openpgp  listen: http://ietf93streaming.dnsalias.net/ietf/ietf933.m3u  voice-in (maybe?): https://meet.jit.si/OpenPGPIETF93  etherpad: http://etherpad.tools.ietf.org:9000/p/notes-ietf-93-openpgp?useMonospaceFont=true&showChat=false
[06:29:19] <cdl> I'm on the meet.jit.si link
[06:29:33] <dkg> cdl: i see you there
[06:29:36] <dkg> can you try talking?
[06:30:03] <cdl> I'm talking
[06:30:16] <dkg> :(
[06:30:21] <dkg> not hearing anything at the moment.
[06:31:26] <cdl> Odd, my instance of the app is showing activity when I talk.
[06:33:09] <dkg> can you hear the stream via the meetecho link http://www.meetecho.com/ietf93/openpgp ?
[06:33:16] <dkg> or the stream http://ietf93streaming.dnsalias.net/ietf/ietf933.m3u ?
[06:33:53] <cdl> I'm getting a "too early" on meetcho
[06:34:40] <cdl> On the dnsalias, it's all quiet
[06:35:04] <dkg> i just tried sending audio through the mic
[06:35:11] <cdl> Not hearing anything, yet
[06:35:17] <cdl> Streaming may not be up yet.
[06:35:37] <cdl> Is jitsi setup to send my audio to the room/stream, or just to you?
[06:36:04] <dkg> just to my machine
[06:37:05] <cdl> Ok
[06:37:11] alex.amirante joins the room
[06:37:17] <cdl> Can you see my video?
[06:37:56] kivinen joins the room
[06:38:54] <cdl> I'll be back in a minute
[06:40:19] <cdl> can you hear me now?
[06:40:51] <dkg> nope :(  i can see that you're talking
[06:40:55] <dkg> but i don't actually get any audio
[06:41:02] <dkg> wait, try again?
[06:41:34] <dkg> :(  no sound still
[06:41:40] <cdl> I'm seeing my bitrate modulate, with just audio, no video...
[06:41:52] <cdl> let me drop and start again.
[06:42:50] <cdl> I'm back - still don't hear anything
[06:45:16] <dkg> stephen says that we won't start streaming audio until 8:55 or so
[06:45:40] <cdl> Yup, that's about right.  I'm going to step out for a sec.  It looks like we won't have audio to you.
[06:45:52] <dkg> sorry about that :(
[06:45:57] <cdl> No problem.
[06:50:38] <cdl> dkg - mozilla hello https://hello.firefox.com/rKkCnKNRq28
[06:51:41] alex.amirante leaves the room
[06:51:43] dkg closes jitsi and tries the firefox hello
[06:51:48] alex.amirante joins the room
[06:51:53] Adam Montville joins the room
[06:52:29] <dkg> cdl: i'm connected there
[06:52:37] <cdl> Ok, can you hear me now?
[06:53:01] <dkg> nope :(
[06:53:26] <dkg> can't see you either
[06:53:27] <cdl> Odd.  Not sure what is going on.  I've checked my audio paths, it all seems to be working on this end.
[06:53:35] <cdl> Very odd - I'm sending video
[06:53:51] <dkg> that's definitely weird
[06:56:20] <dkg> i'm seeing several channels from my browser to my audio multiplexe
[06:56:24] <dkg> but they're all silent :/
[06:56:31] Christopher Liljenstolpe joins the room
[06:56:38] <cdl> Very odd.
[06:56:46] <cdl> I think we'll have to troubleshoot that later.
[06:56:51] <dkg> i guess so
[06:57:01] Werner Koch joins the room
[06:58:23] jimsch joins the room
[07:00:16] <cdl> The mics are live for the remotes
[07:00:40] <Werner Koch> hummmmm
[07:00:47] sftcd joins the room
[07:00:52] <cdl> yes
[07:00:59] <werner> I can hear you.
[07:02:30] <kivinen> agenda slide
[07:02:52] <kivinen> I will be jabber scribing here, if you want anything to channeled to mic, prefix it with mic:
[07:02:57] <kivinen> charter slide
[07:03:08] <cdl> Thank's kivinen
[07:03:19] <kivinen> and no slide numbers on the slides....
[07:03:45] kivinen joins the room
[07:03:47] <cdl> Can we have a volunteer for note taker as well?
[07:03:54] <sftcd> sorted
[07:03:57] <cdl> Thx
[07:04:13] <cdl> hmm
[07:04:21] <jimsch> YOu can watch/amend notes in eitherpad
[07:04:22] <sftcd> sorted by dkg earlier that is, jim schaad is the non-jabber note taker
[07:04:32] <kivinen> Uniform Data Fingerprint presentation
[07:04:33] <cdl> thx
[07:04:54] <kivinen> pgp requirements slide
[07:05:45] <kivinen> general requirements slide
[07:05:52] <sftcd> phb generalises:-)
[07:09:17] <kivinen> UDF proposal slide
[07:10:36] kaorumaeda joins the room
[07:10:37] <sftcd> there are maybe a couple of humans who'd get those mnemonics :-)
[07:11:01] <kivinen> I would have guessed M = MD5, S = SHA... :-)
[07:11:18] <sftcd> I thought medium and small
[07:11:53] <werner> Recall that OpenPGP does not specify a human presentaion format for the fingerprint
[07:12:18] <sftcd> @werner: was that a good idea or not I wonder?
[07:12:45] <werner> Good idea.  we are specify the on-wire protocol and not a UI
[07:13:09] <sftcd> there is resulting UI confusion though would you agree?
[07:13:36] <werner> There is a de-facto standard on how to present a fingerprint.
[07:13:47] <werner> More in the scope of an informational RFC
[07:14:50] <cdl> I have the hat, if necessary here.
[07:20:00] <kivinen> Base-32 Presentation slide
[07:20:14] <werner> v3 keys use MD5 fingerprint
v4 keys uses SHA-1 fingerprint
a future v5 uses SHA-whatever fingerprint.
[07:20:48] <werner> The fingerprint length is thus implicitly known
[07:21:55] <sftcd> full disclosure: what I think about this is in https://tools.ietf.org/html/rfc6920
[07:22:04] <kivinen> Base 65536/32768 Presentations slide
[07:22:08] <sftcd> my opinion hasn't changed, seems like PHB's has:-)
[07:22:14] <sftcd> which is fine
[07:24:17] Steve Olshansky joins the room
[07:25:02] <kivinen> In crypto libraries slide
[07:25:12] <kivinen> Further Work slide
[07:25:23] <cdl> Please wrap this one up, folks.
[07:25:51] Satoru Kanno joins the room
[07:26:46] richsalz joins the room
[07:26:53] Satoru Kanno leaves the room
[07:28:12] Satoru Kanno joins the room
[07:28:52] Werner Koch leaves the room
[07:29:29] <cdl> Agreed, Stephen
[07:29:47] <kivinen> Fingerprint questions slide from the overview slide set
[07:30:39] <sftcd> those are good questions modulo werner's argument that maybe not all belongs in 4880bis
[07:30:47] Phillip Hallam-Baker joins the room
[07:31:27] Werner Koch joins the room
[07:31:29] alex.amirante leaves the room
[07:31:56] <richsalz> disagree:  we should define a 'bytes on the wire' format for passing fingerprints around
[07:32:21] <werner> Within the OpenPGp protocol or in general?
[07:32:57] <cdl> Werner and/or Richsalz, do you want that channeled?
[07:33:06] <richsalz> ill go to the mic
[07:33:07] <cdl> If so, preface it with mic:
[07:33:09] <cdl> ok
[07:33:23] Satoru Kanno leaves the room
[07:34:11] Adam Montville leaves the room
[07:34:26] Adam Montville joins the room
[07:35:03] <sftcd> the most relevant bit of 6920 here is https://tools.ietf.org/html/rfc6920#section-7
[07:35:24] <sftcd> but note I'm not trying to push that to the wg, I won't be part of picking/rejecting it now I've pointed at it
[07:36:46] <sftcd> yeah just picking one of the current ones is a valid choice if the wg decide to not care about non-PGP things (which is reasonable)
[07:36:48] <werner> anyway we want to move to a new alfo (SHA_512 etc)
[07:37:37] <werner> The fingerprint is an object used within the OpenPGP protocol.
[07:38:27] <cdl> Please use the MIC when you speak in the room
[07:38:48] <kivinen> I pointed that to them already...
[07:40:10] <werner> So the question is how do we identify fingerprint version within the protocol. For know the length is sufficient but if we allow for truncation this won't work anymore.  Thus we need rules for the binary format to distinguish between v4 and a v5, v6 format.
[07:40:33] DanYork joins the room
[07:40:59] <cdl> mic:  Hat off
[07:41:17] <sftcd> @werner if you want stuff spoken in the meeting room here (not everyone may be watching jabber) then the usual convention is to indicate that by prefacing the text with "mic:" then Tero will read it out
[07:41:20] <cdl> mic: Reading a 256 bit line to someone is much more difficult.
[07:41:31] <werner> okay.
[07:44:01] <kivinen> Elliptic Curves slide
[07:44:01] Steve Olshansky leaves the room
[07:45:35] Steve Olshansky joins the room
[07:47:06] <werner> mic: You mean EdDsa
[07:47:54] <werner> mic: Many other protocols use Ed25519 so OpenPGp should use it as weel.
[07:48:08] <werner> mic: At least as a MAY algo
[07:49:58] <werner> mic: That is an OpenPGp requirement.
[07:50:12] Steve Olshansky leaves the room
[07:50:20] <werner> mic: Also think about smartcard implementaions of Ed25519.  Thus you need to sign a hash.
[07:52:09] <kivinen> Symmetric Crypto (AEAD) slide
[07:52:27] DanYork leaves the room
[07:52:38] <cdl> No slides on meetecho
[07:52:45] <cdl> there they are
[07:52:47] <werner> Modification Detection Code
[07:52:47] <sftcd> @werner: yes, things like smartcard issues were one of the reasons cfrg seemed to favour the IUF approach
[07:53:08] <kivinen> there was someone from meetecho doing something to the camera etc.
[07:53:20] <sftcd> yes, a person fiddled:-)
[07:53:36] <Meetecho> yep, the video streamer had crashed and we had no video anymore
[07:53:55] <sftcd> thanks
[07:56:10] <werner> FWIW, I am very in favor of using OCB mode.
[07:56:57] <werner> OCB is free for almost everyone and the patent will anyway expire soon (tm)
[07:57:34] <werner> OCB requires royalities only for military use.
[07:58:27] <sftcd> @werner: there is >1 patent in play may be the issue for OCB
[07:58:58] Satoru Kanno joins the room
[07:59:00] <werner> I can't see that from Phil's info
[07:59:57] <kivinen> Mandatory-to-Implement (MTI) slide
[08:00:23] <werner> 3DES
[08:00:42] <werner> AES and SHA-256 ?
[08:01:42] <kivinen> slide: Certificates
[08:02:13] Satoru Kanno leaves the room
[08:02:46] <werner> mic: Fingerprint and HArdwired expiration time maybe
[08:03:56] <kivinen> slide: Cleanup
[08:04:09] <kivinen> slide: Revocation and Expiry
[08:06:41] <werner> I don't see a need for mandatory expiration, though.
[08:08:06] <werner> No opinion
[08:10:59] Steve Olshansky joins the room
[08:11:14] <werner> A comment with the recovation is useful as a note to one-self.
[08:18:01] <werner> "superceeded" can be repalced with an updated self-signature setting the expire date to "now"
[08:19:14] <werner> ... and also add a notation to the self-sig with the fpr of the new key
[08:32:37] <sftcd> I like that last - "signing" the new key with the old one is a good idea
[08:32:38] <kivinen> slide: cleanup
[08:32:40] <werner> Yes, we need finfgerorint as Signer-ID asap.
[08:34:08] <werner> mic: You may only add a new S2K mode because a lot of symmetrically encrypted data sits on disks
[08:36:17] <werner> Same problem exists always whether in the OpenPGp app or in another tool.
[08:36:35] <werner> All automated systems are affected by this.
[08:37:14] <sftcd> possibly-affected: yes, doesn't mean that the same reaction is appropriate
[08:38:46] <werner> ignoring the old v3 keys, a keyid is just a truncated fingerprint.
[08:39:07] <kivinen> slide: Drafting plans
[08:40:55] <sftcd> dkg in sales-mode:-)
[08:42:06] <cdl> Please speak at the mic
[08:42:13] <sftcd> ch-ching!
[08:44:15] <werner> New fingerprint is important - shall I take it?
[08:44:20] <cdl> We should also ask the list for volunteering.
[08:44:29] <cdl> yes
[08:45:48] <kivinen> slide: Open Mic
[08:46:00] Phillip Hallam-Baker leaves the room
[08:46:45] <werner> mic: We already have CERT records with PGP and IPGG types.
[08:47:14] Mankin, Allison joins the room
[08:47:23] <werner> IPGP
[08:47:41] <werner> They are used for years ...
[08:47:58] Mankin, Allison leaves the room
[08:48:53] <werner> You need to loop over all records anywat A new record type does not help in any way.
[08:50:34] Mankin, Allison joins the room
[08:51:31] Adam Montville leaves the room
[08:52:51] Mankin, Allison leaves the room: Replaced by new connection
[08:52:52] Mankin, Allison joins the room
[08:53:32] <cdl> Thank you everyone
[08:53:32] Steve Olshansky leaves the room
[08:53:33] <werner> mic: Is there a faster way to assign new notaion data ids?
[08:53:39] kaorumaeda leaves the room
[08:53:52] <werner> i.e without writing an RFC?
[08:54:03] kivinen leaves the room
[08:54:29] Mankin, Allison leaves the room
[08:54:37] Mankin, Allison joins the room
[08:57:35] <dkg> werner: did stephen's response answer your question?
[08:57:48] <werner> Yes, thanks.
[09:00:27] Christopher Liljenstolpe leaves the room
[09:00:44] Werner Koch leaves the room
[09:01:53] Steve Olshansky joins the room
[09:03:21] richsalz leaves the room
[09:03:24] richsalz joins the room
[09:04:59] Mankin, Allison leaves the room
[09:08:57] richsalz leaves the room
[09:09:29] jimsch leaves the room
[09:11:42] kivinen leaves the room
[09:11:42] sftcd leaves the room
[09:12:12] Steve Olshansky leaves the room
[09:15:39] werner should have updated his browser before the session :-(
[09:35:29] Meetecho leaves the room
[09:46:54] kaorumaeda joins the room
[09:47:06] kaorumaeda leaves the room
[09:53:00] sftcd joins the room
[10:02:16] cdl leaves the room
[10:06:59] kivinen joins the room
[10:21:59] sftcd leaves the room
[10:25:16] kivinen leaves the room
[10:57:05] Steve Olshansky joins the room
[10:57:13] Steve Olshansky leaves the room
[11:09:43] dkg leaves the room
[14:31:47] kivinen joins the room
[15:02:15] kivinen leaves the room