IETF
pearg
pearg@jabber.ietf.org
Wednesday, November 7, 2018< ^ >
Room Configuration
Room Occupants

GMT+0
[07:20:54] ssahib joins the room
[07:46:51] ssahib leaves the room: Stream reset by peer
[07:55:12] ssahib joins the room
[08:11:55] ssahib leaves the room: Connection failed: connection timed out
[08:14:23] ssahib joins the room
[08:19:39] ssahib leaves the room: Stream reset by peer
[08:20:48] ssahib joins the room
[08:21:17] sara@sinodun.com joins the room
[08:23:33] ssahib leaves the room: Stream reset by peer
[08:24:10] Meetecho joins the room
[08:25:53] npdoty joins the room
[08:27:02] <npdoty> did I get my time zones right? is this meeting starting in the next 15 minutes?
[08:27:18] c0ldKVip joins the room
[08:28:09] <sara@sinodun.com> Yes - thats correct
[08:31:20] npdoty thanks!
[08:35:05] Lorenzo Miniero joins the room
[08:35:12] John Border joins the room
[08:35:13] Sara Dickinson joins the room
[08:35:13] Sofia Celi joins the room
[08:35:13] Jurre van Bergen joins the room
[08:35:15] Nick Doty joins the room
[08:36:09] ssahib joins the room
[08:37:55] Melinda joins the room
[08:39:21] Simon Pietro Romano joins the room
[08:40:54] <Sara Dickinson> Thanks Melinda!
[08:41:23] <Melinda> Happy to help (and see you in Prague)
[08:41:30] Steve Olshansky joins the room
[08:41:31] sara@sinodun.com leaves the room
[08:41:53] kaduk@jabber.org/barnowl joins the room
[08:41:53] nllz joins the room
[08:42:02] Rich Salz joins the room
[08:42:14] Rich Salz has set the subject to: PEARG at IETF 103
[08:42:16] CCath joins the room
[08:42:29] <Rich Salz> I'm your jabber scribe, ping me our put "mic" in front of your text if you want me to relay
[08:42:43] <nllz> We cannot hear you Nick
[08:42:48] Sean Leonard joins the room
[08:43:05] npdoty tested on meetecho, but nevermind
[08:43:14] <Rich Salz> Slide: "Charter Discussion"
[08:43:14] <Meetecho> We couldn't hear Nick in Meetecho either
[08:43:20] <Meetecho> So it's probably a local mic issue
[08:43:20] <npdoty> just curious about the status: is this already approved and settled? what kind of feedback are you looking for now?
[08:43:55] frodek joins the room
[08:44:04] sftcd joins the room
[08:44:22] <Rich Salz> Nalini Elkins at the mic
[08:44:31] Gunes Acar joins the room
[08:44:46] <npdoty> I thought it was notable that privacy beyond just confidentiality was highlighted, but no particular research items or topics seemed to be suggested
[08:44:54] Spamvictim joins the room
[08:45:12] <npdoty> > Furthermore, there are varying definitions of privacy and confidentiality with
> different scope and context since it is often seen technically as an aspect of
> security analysis whereas it is in fact inherently a social, technical,
> economic, and legal construct.
[08:45:43] <Rich Salz> Nick, do you want me to say those things at the mic?
[08:46:07] <npdoty> mic: I thought it was notable that privacy beyond just confidentiality was highlighted, but no particular research items or topics seemed to be suggested
[08:46:11] npdoty not the quoted part
[08:46:50] npdoty thx
[08:47:11] <Rich Salz> Bennett Cyphers, Usable Privacy in Prvacy Badger
[08:47:56] <Rich Salz> https://datatracker.ietf.org/doc/slides-103-pearg-privacybadger-slides/01/
[08:48:07] <Rich Salz> "A badger is born"
[08:48:54] <Rich Salz> DNT and the dream of a universal opt-out
[08:50:42] <Rich Salz> DNT and the way dreams die
[08:52:00] <Rich Salz> Privacy Badger
[08:53:51] <frodek> W3C will shortly publish a note declaring failure of the DNT
[08:53:57] <Rich Salz> Where we are
[08:54:05] <Rich Salz> Basic mechanics
[08:55:37] jhoyla joins the room
[08:55:53] <Rich Salz> Heuristics
[08:56:44] <Rich Salz> Compromises
[08:58:05] <Rich Salz> Cookie-blocked domains
[08:59:33] <Rich Salz> Widget replacement
[09:00:58] <Rich Salz> User controls
[09:01:51] <Rich Salz> First-party and software-specific features
[09:05:39] <Rich Salz> Badger Sett
[09:05:56] Eve Schooler joins the room
[09:07:09] <Rich Salz> Most common trackers in top 10,000 sites
[09:07:27] <Rich Salz> Most common cookie-sharing pixel sharing
[09:07:55] <Rich Salz> Privacy Badger Mobile
[09:09:07] Sukumal Kitisin joins the room
[09:09:23] Steve Olshansky leaves the room: Replaced by new connection
[09:09:29] <Rich Salz> dkg at the mic
[09:09:41] Steve Olshansky joins the room
[09:10:44] <npdoty> I imagine usage isn't that high, but I wonder if anyone has already tried that attack on Privacy Badger
[09:10:52] <Rich Salz> Corinne
[09:11:12] Steve Olshansky leaves the room: Replaced by new connection
[09:11:31] Steve Olshansky joins the room
[09:12:12] <ssahib> @npdoty what attack?
[09:12:33] <Rich Salz> Mallory
[09:13:02] <Rich Salz> Dirk Kutscher
[09:14:39] <Rich Salz> Giovane Mouda
[09:15:08] <Rich Salz> Christian Huitema
[09:15:45] <npdoty> ssahib, the attack dkg mentioned where you can learn that this is the same user because they have seen this tracker 3 times already and so didn't load it — reidentifying a user based on their privacy badger learned history
[09:16:47] Sukumal Kitisin leaves the room
[09:17:21] <Rich Salz> Tara
[09:17:24] <Rich Salz> Marco Davids
[09:17:32] <Rich Salz> (sorry missed Tara's last name)
[09:18:25] terrebyte joins the room
[09:18:54] <Rich Salz> Sofia and Jurra (meetcho), https://datatracker.ietf.org/doc/slides-103-pearg-otrv4-slides/01/
[09:19:02] <terrebyte> Tara Tarakiyee, no worries
[09:19:14] <Rich Salz> No evidence of communication: OTRv4
[09:19:18] <nllz> Tara Tarakiyee
[09:19:26] <nllz> Jurre and Sofia loud and clear
[09:19:56] jhoyla leaves the room
[09:20:01] <Rich Salz> what is OTR?
[09:21:27] <Rich Salz> OTRv3
[09:21:34] <Rich Salz> Sorry typo: OTRv4
[09:23:20] <nllz> audio stopped?
[09:23:30] <nllz> Ah there is Jurre again
[09:23:32] <Rich Salz> the flow
[09:24:10] Jurre van Bergen leaves the room
[09:25:53] Jurre van Bergen joins the room
[09:26:37] <Rich Salz> audio died
[09:28:51] <Rich Salz> the state
[09:30:41] <Rich Salz> check out our repo's!
[09:31:14] <Rich Salz> the prekey server
[09:31:23] Sukumal Kitisin joins the room
[09:31:45] jhoyla joins the room
[09:31:47] <Rich Salz> thnsk
[09:31:53] <Rich Salz> stephen farrell
[09:32:20] <Rich Salz> paul wouters
[09:32:24] jhoyla leaves the room: Stream closed by us: Replaced by new connection (conflict)
[09:32:27] jhoyla joins the room
[09:33:47] <Rich Salz> stephen
[09:33:50] <jhoyla> Does OTRv4 have any formal analysis?
[09:35:07] <Rich Salz> christian ? internet society
[09:35:30] Sukumal Kitisin leaves the room
[09:35:44] <Rich Salz> eric rescorla
[09:35:54] <ssahib> Gurshabad Grover - Center for Internet and Society was the person who spoke previously
[09:36:12] <Rich Salz> thanks!
[09:37:07] <sftcd> would seem beneficial if the crypto primitives for mls and otrv4 had the same level of analysis, so +1 to what ekr said
[09:37:30] <Rich Salz> ben kaduk
[09:38:08] ekr joins the room
[09:38:13] <Rich Salz> david oliver pluggable transports
[09:38:14] <Rich Salz> https://datatracker.ietf.org/doc/slides-103-pearg-pt-slides/01/
[09:38:21] <Rich Salz> tl/dr
[09:39:48] <ekr> In a group messaging protocol deniability is in tension (though not totally incompatible with) message sender authentication, i.e., not allowing someone to forge a message that appears to be from another group member
[09:39:52] <Rich Salz> surveillance: why should we care?
[09:40:12] <ekr> message sender authentication basically requires digital signature.
[09:40:38] <Rich Salz> deep packet inspection
[09:40:58] <ekr> So it’s possible to have deniability if you send a copy of your signing key over a deniable channel to the recipient, but that channel has to be 1:1 (otherwise reduces to a previously unsolved problem) and so the scaling properties are very bad
[09:41:40] <ekr> So it’s technically complicated
[09:42:00] Steve Olshansky leaves the room: Replaced by new connection
[09:42:07] <Rich Salz> can we defend against dpi?
[09:43:22] <Sofia Celi> so, @jhoyla, right now OTRv4 does not have the formal analysis... but we are looking for it in the future
[09:43:24] <Rich Salz> how does obfuscation technology work? (1)
[09:43:41] Steve Olshansky joins the room
[09:44:03] <Sofia Celi> exactly @ekr, thanks for the explanation :)
[09:44:27] <jhoyla> @ekr couldn’t you use some key share scheme such that a message is either created by the sender or by some large fraction of the group
[09:44:40] <Rich Salz> how does obfuscation work? (2)
[09:44:55] <Sofia Celi> @sftcd completely agree
[09:44:59] <ekr> @jhoyla: I don’t understand that well enough to answer
[09:45:24] <Sofia Celi> so, yeah, collaborating with MLS seems like a good thing from our OTRv4 side
[09:46:10] <kaduk@jabber.org/barnowl> Off the top of my head the MLS tree structure provides for asymmetric
keypairs whose private key is known to the subtree but not other
participants.  Abusing that for message sender authentication would be
pretty janky but might be tempting.
(Or am I totally confused?)
[09:46:16] <Rich Salz> pt client-side implementation (current)
[09:46:18] <Sofia Celi> @jhoyla mmm.. probably it will not attain the same deniability we want with OTRv4
[09:46:45] <jhoyla> @ekr I was thinking of secret splitting schemes, so to derive the key you need n secret portions, and the author has n, and each participant has one
[09:47:21] <Rich Salz> block diagram slide
[09:47:23] <ekr> @jhoyla: how would you establish those values
[09:48:00] <Rich Salz> types of obfuscation: currently-deployed PTs
[09:48:03] <jhoyla> @ekr During user-add some subset of participants get secret shares
[09:48:32] <Rich Salz> types of obfuscation: undeployed
[09:48:37] <kaduk@jabber.org/barnowl> secret shares of a single secret per group, or a single secret per
sender [that would need to be recomputed on each group operation]?
[09:48:37] <Rich Salz> future PT work at guardian project
[09:48:48] <ekr> @jhoyla, define “get”?
[09:49:01] <jhoyla> @ekr are sent by the new addition
[09:49:12] <Rich Salz> PT standards
[09:49:24] <jhoyla> @ekr which can be done in constant time if the size of the subset is fixed
[09:49:39] <jhoyla> @ekr constant messages*
[09:49:55] <ekr> @jhoyla: this doesn’t seem like it has very good deniability properties.
[09:49:57] <jhoyla> @kaduk I was thinking per sender
[09:50:12] <ekr> Given that the claim is going to be: “Either EKR sent it or X people colluded to make it seem like he did”
[09:50:15] <Rich Salz> the pluggable transports community
[09:50:38] <Rich Salz> more information on pluggable transports
[09:50:51] <Rich Salz> stephen farrrell at the mic
[09:51:02] <jhoyla> @ekr It might have good enough deniability to bork a court case
[09:51:14] <ekr> @jhoyla: that’s a pretty low standard
[09:51:42] <ekr> I think you would probably need to start with the threat model for deniability
[09:52:13] <Rich Salz> ben kaduk
[09:52:46] <jhoyla> @ekr Probably, I haven’t thought enough about what group deniability would mean.
[09:53:23] <Rich Salz> kathleen moriarty
[09:54:21] <Sofia Celi> @jhoyla well, the fact is that right now there is not a good study on what group deniability will have to mean. There are some good ideas around that by Nik Unger
[09:54:37] <Sofia Celi> which actually is the cryptographer who did the DAKEs for OTRv4
[09:54:52] <Sofia Celi> so, I'll start on his research to check group deniability properties
[09:55:01] <terrebyte> I missed how you send anthrax on the internet
[09:55:12] <Rich Salz> nalini elkins
[09:55:18] <Sofia Celi> there have been some other papers by Nicholas Hopper
[09:55:51] <Sofia Celi> and there was some nice discussion in PETS2018 around group deniability if interested @jhoyla  
[09:56:12] <jhoyla> Thanks for the pointers!😃
[09:56:31] <Rich Salz> https://datatracker.ietf.org/meeting/103/materials/slides-103-pearg-batterystatus-slides-01
[09:56:43] <Rich Salz> gunes acar
[09:57:35] <Rich Salz> new web features lead to privacy concerns
[09:58:08] <Rich Salz> same title, VR picture
[09:58:34] <Rich Salz> same title,
[09:58:44] <Rich Salz> the w3c has a self-review questionnaire
[09:59:11] <Rich Salz> same title,
[10:00:01] <Rich Salz> w3c privacy interest group (ping) offers guirance and reviews
[10:00:04] <Rich Salz> the battery status api
[10:00:48] <Rich Salz> the development an adoption of the api
[10:01:29] <Rich Salz> mid 2012: candidate recommendation and security and privacy considerations
[10:01:40] <Rich Salz> same title
[10:01:55] <Rich Salz> new research exposes multiple privacy vulnerabilities
[10:02:58] <Rich Salz> same title
[10:03:21] <Rich Salz> new research exposes multiple privacy vulnerabilities
[10:03:22] <Rich Salz> same title
[10:03:42] <Rich Salz> the specifiction was updated to address privacy vulnerabilities
[10:04:30] <Rich Salz> late 2016; mozilla proposes removing the api, …
[10:04:31] <Rich Salz> same title
[10:05:00] <Rich Salz> early 2017: several vendors remove or ...
[10:05:17] <Rich Salz> our data supports mozilla's decision
[10:06:07] <Rich Salz> hwo can we improve the privacy review porocess
[10:06:21] <Rich Salz> the specification process should include a privacy review of the implementations
[10:07:22] <Rich Salz> api use in the wild should be audited after implementation
[10:08:24] <Rich Salz> thank you!
[10:09:29] <Rich Salz> alyssa cooper at the mic
[10:10:55] <Rich Salz> christine runnegar
[10:11:00] sftcd leaves the room
[10:11:54] <Rich Salz> ekr
[10:12:20] jhoyla leaves the room
[10:13:08] <npdoty> I don't think it's accurate to say that all the browsers have given up on inhibiting fingerprinting
[10:14:38] Steve Olshansky leaves the room
[10:14:52] Steve Olshansky joins the room
[10:14:56] Steve Olshansky leaves the room
[10:15:06] Simon Pietro Romano leaves the room
[10:15:06] <Rich Salz> good bye
[10:15:07] Rich Salz leaves the room
[10:15:13] Sean Leonard leaves the room
[10:15:13] John Border leaves the room
[10:15:13] Sofia Celi leaves the room
[10:15:13] Nick Doty leaves the room
[10:15:13] Sara Dickinson leaves the room
[10:15:13] Eve Schooler leaves the room
[10:15:13] Gunes Acar leaves the room
[10:15:13] Jurre van Bergen leaves the room
[10:15:13] kaduk@jabber.org/barnowl leaves the room
[10:15:13] Lorenzo Miniero leaves the room
[10:15:14] ekr leaves the room
[10:15:23] nllz leaves the room
[10:15:32] CCath leaves the room
[10:15:40] CCath joins the room
[10:15:40] ssahib leaves the room: Stream reset by peer
[10:18:07] Meetecho leaves the room
[10:20:00] CCath leaves the room
[10:21:04] npdoty leaves the room
[10:22:23] frodek leaves the room
[10:22:33] Spamvictim leaves the room
[10:25:28] Melinda leaves the room: Disconnected: Replaced by new connection
[10:25:28] Melinda joins the room
[10:36:03] frodek joins the room
[10:37:25] ekr joins the room
[10:39:23] Rich Salz joins the room
[10:41:15] nllz joins the room
[10:41:58] nllz leaves the room
[10:43:48] frodek leaves the room
[10:45:26] Rich Salz leaves the room
[10:47:51] jhoyla joins the room
[10:48:14] Spamvictim joins the room
[10:49:29] Spamvictim leaves the room
[10:54:14] ssahib joins the room
[10:54:28] CCath joins the room
[10:58:35] Steve Olshansky joins the room
[11:00:04] Steve Olshansky leaves the room
[11:01:58] jhoyla leaves the room
[11:32:52] ekr leaves the room
[11:36:29] ekr joins the room
[11:52:52] Melinda leaves the room: Disconnected: closed
[12:10:54] ekr leaves the room
[12:11:39] ekr joins the room
[12:12:00] ekr leaves the room
[12:28:01] ssahib leaves the room: Stream reset by peer
[13:11:41] terrebyte leaves the room
[13:11:43] terrebyte joins the room
[13:15:42] ekr joins the room
[13:18:42] ekr leaves the room
[13:18:46] CCath leaves the room
[13:18:54] CC joins the room
[13:36:31] CC leaves the room: Disconnected: closed
[13:46:05] terrebyte leaves the room
[13:46:07] terrebyte joins the room
[13:56:24] terrebyte leaves the room
[14:07:21] terrebyte joins the room
[14:13:32] ekr joins the room
[14:16:29] terrebyte leaves the room
[14:16:33] terrebyte joins the room
[14:25:56] terrebyte leaves the room
[14:26:03] terrebyte joins the room
[16:15:15] CC joins the room
[16:17:17] CC leaves the room
[16:31:10] CC joins the room
[16:32:25] CC leaves the room
[17:14:54] ekr leaves the room
[20:52:58] terrebyte leaves the room
[20:53:01] terrebyte joins the room
[22:57:54] ekr joins the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!