[11:58:02] --- hartmans has become available
[13:13:00] --- raeburn has become available
[13:55:50] --- lha has become available
[13:58:27] --- kenh has become available
[14:00:54] --- raeburn has left: Disconnected
[14:10:57] --- raeburn has become available
[14:19:41] --- Jim Galvin has become available
[14:20:54] --- kanda has become available
[14:21:54] --- tk_ has become available
[14:22:43] --- kazunori has become available
[14:25:49] --- mrichardson has become available
[14:28:09] --- tlyu has become available
[14:28:21] --- shep has become available
[14:29:48] --- fp has become available
[14:30:09] --- ray_atarashi has become available
[14:30:25] --- kanda has left: Replaced by new connection
[14:32:12] --- fenton has become available
[14:32:19] --- kanda has become available
[14:33:27] --- kazunori has left
[14:34:30] --- ray_atarashi has left
[14:35:37] --- fenton has left: Replaced by new connection
[14:35:37] --- fenton has become available
[14:35:38] --- fenton has left
[14:36:21] --- Suresh Krishnan has become available
[14:36:24] --- fenton has become available
[14:36:26] --- jhutz has become available
[14:38:28] --- warlord has become available
[14:38:54] <hartmans> Bill and Kurt have been sent mail
[14:39:02] <jhutz> mix
[14:39:38] --- ray_atarashi has become available
[14:42:32] --- kanda has left: Replaced by new connection
[14:46:56] --- ray_atarashi has left
[14:49:12] --- jis has become available
[14:54:59] --- fp has left
[14:55:13] --- kazunori has become available
[14:55:32] --- kazunori has left
[15:04:40] --- jb has become available
[15:04:42] --- becarpenter has become available
[15:05:21] --- becarpenter has left: Replaced by new connection
[15:05:21] --- becarpenter has become available
[15:05:22] --- becarpenter has left
[15:05:28] --- becarpenter has become available
[15:06:06] --- pigdog has become available
[15:07:43] --- becarpenter has left
[15:08:34] <jhutz> but, how is this useful to the IETF?
[15:09:18] --- kivinen has become available
[15:13:47] --- kivinen has left
[15:13:54] <jhutz> I get concerned when people say something like "that's just normal legalese" when presented with specific questions about the language.
[15:14:24] --- pigdog has left: Replaced by new connection
[15:14:24] --- pigdog has become available
[15:16:44] --- kanda has become available
[15:17:47] <jhutz> not being a vpn does not make an ipsec implementation a toolkit
[15:18:15] <jhutz> "oh, the wording reflects building boxes, not software; don't worry about it"
[15:18:19] <jhutz> again I am concerned
[15:18:58] <jis> I am not comfortable with this
[15:19:17] <jis> The benefit of EC doesn't seem to balance out the hassle of using it
[15:19:28] <jhutz> If the NSA wants to make EC crypto "work", it needs to encourage vendors to build stuff for wide deployment, which means lowering the barrier to the point where vendors can build and ship EC products not targeted at the government
[15:19:38] <jis> Particularly if I have to use a certicom toolkit whose source is restricted
[15:19:47] <jis> Its the RSA BSAFE/TIPEM stuff all over again
[15:19:50] <raeburn> Yeah, it looked good at first glance, but the limitations, esp. for the free software world, could be too much.
[15:19:50] <jis> Been there, done that
[15:19:52] --- jishac has become available
[15:20:17] <jhutz> yeah, only this time we don't have a compelling reason to use the crack they're selling anyway
[15:20:44] --- pigdog has left: Disconnected
[15:20:56] --- smb has become available
[15:20:58] <jhutz> RSA was arguably the right thing to do even with the license restrictions, which is part of what made it maddening. I'm not convinced EC is that technically superior
[15:21:12] <jis> agreed.
[15:21:37] <jis> The question is can we use longer length DH/Elgamal/RSA keys to get the security we need until the Certicom patents expire
[15:21:45] <jhutz> they care about interop, but only for themselves. it's OK if the rest of us are screwed
[15:21:59] <jis> That's probably too strong a statement
[15:22:10] <jhutz> maybe
[15:22:23] <jhutz> my gut feeling is that yes, we can. but IANAC
[15:23:23] <jhutz> they are talking to us as vendors, rather than protocol designers. bleah
[15:23:23] <shep> someone ask how this "toolkit" can be used in open source software.
[15:23:47] <hartmans> If the toolkit costs money, then it cannot
[15:24:17] <raeburn> Yeah, this doesn't look useful for OSS.
[15:24:17] --- Jeffrey Altman has become available
[15:24:19] <shep> when do the relevant patents expire?
[15:24:35] <Jeffrey Altman> is this a sales pitch?
[15:24:40] <jhutz> there is a per-project 1-time fee, with 20% annual maintenance
[15:24:44] <jhutz> yes, yes it is
[15:24:56] <jis> Looks like patents are around until 2020
[15:24:56] <jhutz> thank you, steve
[15:25:32] <warlord> They were only filed in 2000???
[15:25:58] <jis> Hard to tell when they were filed, but some were issued in 2000
[15:26:27] <warlord> it's 20 years from filing date.
[15:26:35] <jhutz> 16 years is a long time
[15:26:43] <warlord> true
[15:26:53] <jis> yep, but how inefficient is a 4096 bit RSA key?
[15:27:05] <jis> And will that be secure through 2020 (I think it probably will)
[15:27:15] <smb> very, especially on low-end devices
[15:27:21] <jis> I can see EC being desirable for devices with little processing power
[15:27:25] <shep> The real question is how can this be shipped with the free (as in speech) open source software.
[15:27:28] <jis> (oops smb and I collided on that one)
[15:27:44] <jhutz> IMHO, the question is - does starting to deploy EC crypto buy us something in 20 years? Or are we going to be unhappy then anyway?
[15:28:00] <warlord> well, a 4096-bit RSA key requires 512+ bytes to transmit each sig.
[15:28:01] <jis> It cannot unless someone writes a GPL'able toolkit that can be licensed
[15:28:17] <warlord> what about a license for OpenSSL?
[15:28:21] <jis> 512 bytes = 1/3 of a 1500 byte frame
[15:28:27] <jhutz> jis - not all open-source licenses are viral a la GPL
[15:28:59] <shep> I guess open source versions will probably be developed in and distributed from states where there is no patent problem.
[15:29:02] <warlord> jis: right, which doesn't leave a lot of extra space for additional information, or multiple sigs.
[15:29:57] <jis> understand
[15:30:17] <jis> But the terms of the certicom license aren't really useful
[15:30:29] <warlord> agreed.
[15:30:40] <jis> (when I was an AD, Certicom attempted to feed me coolaid as well)
[15:31:02] <jis> In fairness, it is hard to offer this community anything other then "free"
[15:31:05] <jhutz> true, but I believe that's mostly because the field of use is too small and the fee structure doesn't work for open source
[15:33:09] <jhutz> Sam's point is absolutely right. We have questions on the kerberos@mit.edu mailing list pretty much every week saying "I'm trying to do single sign-on with Kerberos..." The people deploying it care about SSO, not secure authentication
[15:34:39] <jhutz> yes, it is hard. we don't like to hear "please standardize our encumbered technology so people can deploy it all over the world for only a small fee they'll all have to pay us"
[15:36:31] <smb> right -- but how much easier would dnssec be if the signatures were that much smaller, and hence didn't stress the DNS MTU, or if the CPU were enough lower that online signed responses (in a few cases) was possible
[15:37:39] <jhutz> I expect that DNS zones are bipolar on online signatures. Either they're small and low-load enough that they can do online signatures today, or they're .com and nothing is going to save you
[15:38:19] <jhutz> in my mind the real benefit of online signatures would be in making it easier to deploy dnssec; you just click the "turn it on" button
[15:39:37] <jhutz> not that smaller/faster signatures wouldn't be useful in some cases. the question is, is it enough useful to justify an encumbered solution that will be hard to get people to implement.
[15:39:39] --- jishac has left
[15:40:54] <tlyu> dude, more hash, please
[15:42:01] --- jb has left
[15:42:33] <jhutz> the requirement is simple. when I plug a device in, I want to set it up and have it work, and I should not _EVER_ have to create accounts on it before it's useful
[15:51:31] <jhutz> No. you don't put local accounts on boxes. not when you have thousands of boxes
[15:51:39] <jhutz> not even when you have tens of boxes
[15:56:13] <hartmans> It's wonderful that we've finally come to a point in this area where we believe this is a problem.
[16:01:59] <jhutz> yes
[16:02:19] <jhutz> now we can start designing protocols and frameworks to solve the problem. Oh, wait...
[16:03:53] <jhutz> authorization is about who can do what.
[16:04:00] <jhutz> every protocol has a different set of what's
[16:04:13] <smb> every protocol has a different semantic model
[16:09:35] <jhutz> hm. so, should we volunteer ekr to be the third security ad
[16:10:40] <raeburn> No major unsolved security problems? We could work on that pesky P=NP question.
[16:11:14] <jhutz> Proving P!=NP would be nice. Proving P=NP would result in a new unsolved security problem.
[16:11:28] <smb> and the ietf protocol for that is?
[16:16:18] <jhutz> Of course, it will also help keep customers from using your bank...
[16:16:45] <smb> not clear -- eliot lear says that at least one european bank is moving to something like that
[16:16:50] <jhutz> does perry think we still don't have security area advisors on WG's ?
[16:17:08] <raeburn> "Dear customer, your token is broken. For a free replacement, please send it and your password to this PO box..."
[16:20:41] <jhutz> you make it a smartcard. people generally don't think they should mail off their credit card because it's "broken".
[16:20:49] <jhutz> they expect to just be sent a new one
[16:20:56] --- fenton has left
[16:22:49] <jhutz> ekr is right.
[16:23:17] --- jis has left: Disconnected
[16:23:59] <jhutz> WG's generally listen to the advice of their AD, in part because it is advice on what they need to do in order for their document to reach the IESG and not be bounced by it.
[16:24:09] --- Suresh Krishnan has left
[16:24:54] <jhutz> A WG security advisor fills the same role, and they and the chair need to recognize that. It doesn't mean they are always right, but it does mean they might be worth listening to
[16:26:26] --- raeburn has left: Disconnected
[16:26:29] --- smb has left: Logged out
[16:26:31] --- kenh has left: Disconnected
[16:26:34] --- tlyu has left
[16:26:36] --- jhutz has left
[16:26:42] --- hartmans has left
[16:26:54] --- shep has left
[16:28:08] --- lha has left
[16:30:12] --- Jim Galvin has left
[16:33:36] --- tk_ has left
[16:35:11] --- warlord has left
[16:44:14] --- kanda has left: Disconnected
[16:49:26] --- Jeffrey Altman has left: Replaced by new connection
[16:49:27] --- Jeffrey Altman has become available
[16:49:27] --- Jeffrey Altman has left
[18:42:54] --- raeburn has become available
[18:43:02] --- raeburn has left