[13:42:56] --- Jim Galvin has joined
[13:43:55] --- hartmans@jis.mit.edu/owl has joined
[13:44:36] --- mrichardson has joined
[13:45:03] <mrichardson> hi.
[13:45:15] <Jim Galvin> hi.
[13:53:02] --- eludom has joined
[13:53:35] <eludom> foo
[13:53:57] <hartmans@jis.mit.edu/owl> bar
[13:54:03] <eludom> baz
[13:55:51] --- behcet.sarikaya has joined
[13:59:27] --- eric has joined
[13:59:44] --- tlyu has joined
[13:59:45] --- Simon Josefsson has joined
[14:00:01] --- hallam has joined
[14:00:12] --- FDupont has joined
[14:00:39] <eludom> we begin
[14:01:30] --- jhutz has joined
[14:01:58] --- tlr has joined
[14:02:08] --- ryu has joined
[14:02:41] <eludom> agenda review
[14:03:28] <eludom> HOKEY report
[14:03:35] <eludom> Charles Clancy
[14:04:20] --- mrex has joined
[14:04:23] <eludom> NEA Seve Hanna
[14:04:33] <eludom> reqs doc in WGLC
[14:05:06] <eludom> next steps: rev doc, another WGLC if needed, then IESG
[14:05:39] <Simon Josefsson> [the IDN presentation doesn't seem to be available online, any chance to correct that before it is presented?]
[14:05:50] <eludom> Tim Polk: encourages everyone to review NEA reqs
[14:06:16] <eludom> Acknowledged
[14:06:23] <eludom> DKIM
[14:06:48] --- stefans has joined
[14:06:48] --- washad has joined
[14:07:20] <hartmans@jis.mit.edu/owl> If people see John Klensin enter the room ask him if he's ready with the presentation. If so, and if he wonders up here and gives me a USB frob I'll stick it online.
[14:07:43] --- m.behringer has joined
[14:07:50] <eludom> Krb-wg
[14:08:10] <eludom> Proposal for next gen of kerb-spec
[14:08:43] <eludom> met 2nd time tuesday. review discssu KDC data model, cross-realm, pre-authoring
[14:08:51] --- guenther has joined
[14:08:57] <eludom> TLS
[14:09:04] <eludom> ekr.
[14:09:16] <eludom> tls 1.2 getting close.
[14:10:26] <eludom> emu
[14:11:18] --- secastro_scl has joined
[14:11:22] <eludom> smime
[14:11:29] <eludom> 10 people.
[14:11:33] <eludom> 1 RFC
[14:11:41] <eludom> 2 at last call
[14:11:45] <eludom> 5 @ editor.
[14:12:11] <eludom> will probably close down after next meting
[14:12:27] --- Stephen Farrell has joined
[14:12:52] <eludom> Tim Polk: issues with ASN.1. Don't want to used version for which we don't have a public compiler.
[14:12:56] <eludom> SASL
[14:14:06] <eludom> Sam Hartman: what happed to password auth
[14:14:19] --- ldondeti has joined
[14:14:21] <eludom> Tom yu: never provided to WG to be considered
[14:14:37] <eludom> TY: moving MD5 to historic
[14:14:40] <hartmans@jis.mit.edu/owl> Simon, what's up with that?
[14:15:04] <eludom> KITTEN
[14:15:45] --- finn- has joined
[14:16:15] <eludom> Sam Hartman: thank Jeff ?Altman? for starting work.
[14:16:20] --- fp has joined
[14:16:21] --- kdz has joined
[14:17:06] <eludom> SH: thanks to new chairs.
[14:17:17] <jhutz> Yes; Jeff Altman who helped form KITTEN and was its chair recently, and Shawn Emery and Alexei Melniov, who took over.
[14:17:42] <eludom> Major issue: namespace drafts in iesg-discuss
[14:18:38] <Simon Josefsson> Sam, my intention was to provide it for consideration in the WG, as far as it is applicable to SASL (it is combo SASL/GSS-API mechanism and mechanism-independent protocol). There were mailing list discussions about it. i couldn't participate at the sasl meeting yesterday though.
[14:19:18] <eludom> keyprov
[14:19:39] <eludom> main doc dskpp accepted as WG doc
[14:20:19] <hartmans@jis.mit.edu/owl> OK. I'll talk to you offline.
[14:20:27] <eludom> could have used a tutorial on how to write web services
[14:20:33] <jhutz> What does a tutorial on WS-based standards have to do with keyprov?
[14:20:44] <jhutz> oh, I see
[14:21:27] <eludom> BTNS
[14:21:46] <mrichardson> I think, we should spend some mike time in saag to talk this keyprov sponsored algorithm list.
[14:21:58] <eludom> addressed some issues with NAT
[14:22:06] <mrichardson> jhutz, educate the rest of us why keyprov relates to WS-based stuff?
[14:22:26] <hallam> Keyprov is a Web Service based standard
[14:22:33] --- brian.minard@gmail.com has joined
[14:22:49] <hallam> The confusion that has been introduced here is that a Web Service need not run on SOAP.
[14:22:58] <eludom> LTANS
[14:23:12] <hallam> A Web service can run on naked HTTP and we can use WSDL to describe it still
[14:23:25] <eludom> focus for group now on protocol specs
[14:23:30] <hallam> We could even layer over BEEP but I see zero advantage to doing so
[14:23:33] --- nico has joined
[14:23:37] --- shpark has joined
[14:23:49] <eludom> ISMS
[14:24:21] <eludom> SH: meeting thisafternoon. close to last call. getting ready closeing down/recharter.
[14:24:39] <eludom> Tim Polk: PKIX meeting later today as well
[14:24:48] <eludom> PKIX preview...
[14:25:54] <eludom> Steve Kent: full agenda. Need two hours next time. 4 talks on agenda. Will be busy.
[14:26:24] <eludom> Tim Polk: BOF tomorrow morning on Trust Anchor Management (TAM)
[14:27:24] <eludom> Problem statment submitted. Will go over usecase, device usecases, is there interest (BOF stuff). Not aimed at charter in this session.
[14:27:41] <eludom> Tim Polk: This is more a discussion BOF.
[14:27:43] <jhutz> power does not seem to be stable in here
[14:28:17] <eludom> Invited Presentations
[14:28:46] <eludom> Presentation being put up before talk starts
[14:28:54] --- barryleiba@gmail.com has joined
[14:29:47] <mrichardson> hallam: yes... I'm a fan of RESTful stuff myself. Perhaps you've seen me carrying around my Ruby on Rails book....
[14:30:28] <eludom> Sam: plugs internationalization while we wait....but declines to sing
[14:31:06] <eludom> file is now uploaded to web site
[14:31:11] <eludom> (URL anyone ?)
[14:31:45] <eludom> John Kleinsin
[14:31:59] <eric> http://www3.ietf.org/proceedings/07jul/slides/saag-2.ppt
[14:32:36] <Simon Josefsson> thanks!
[14:33:24] <jhutz> Yeah; I don't see any advantage in layering keyprov over beep
[14:34:23] <nico> or sacred over beep, but it was done
[14:36:27] <Stephen Farrell> ...and ignored
[14:37:14] <nico> was sacred ignored or was a non-beeped version of sacred deployed?
[14:37:47] <Stephen Farrell> the fomer, I'd speculate due to timing (dot bomb)
[14:38:25] <eludom> "Assuming that everyone will be well behaved" is a bad idea.
[14:38:56] <eludom> app writers started substituting their ideas for standards.
[14:39:16] <eludom> e.g. if app writer decides string is dangerous, you don't get to resolve dns name
[14:39:56] <eludom> original IDNA: unicode is wonderful. Include everythying.
[14:40:27] <eludom> lots of pressure against excluding things.
[14:40:33] --- alexeymelnikov has joined
[14:41:27] <eludom> We discovered it was desirable to have mappings be reversable.
[14:41:54] <eludom> you do not want random mappings that nobody understands.
[14:42:20] <eludom> homoglyph problems...
[14:42:38] <eludom> there is no protocol or procedural fix
[14:43:04] <eludom> there is no protocol silver bullet
[14:44:47] <eludom> "words" were never an expectation of DNS.
[14:45:08] <eludom> But why do we call them "names" instead of "funny-strings-that-map-to-hosts" ?
[14:45:32] <eludom> IDNA trying to change vocabulary
[14:45:55] <eludom> e.g. punycode is an agorithm, not a string.
[14:46:09] <eludom> IDNAbis.....
[14:46:16] <eludom> fewer variants
[14:49:38] <eludom> no string of cutsy symbols.
[14:49:52] <eludom> only "word" characters.
[14:51:32] <eludom> Using a large table is bad because it ties you to one version of the stanard
[14:59:02] --- finn- has left
[15:00:17] --- washad has left: Logged out
[15:01:09] --- finn- has joined
[15:02:18] --- shep has joined
[15:05:33] <jhutz> It's messy because lots of people write domain names in upper case, and in German, when you capitalize, say, "groß", it becomes "GROSS", because 'ß' is a lower-case character with no upper case form.
[15:06:27] --- behcet.sarikaya has left
[15:06:46] <tlyu> it's an engineering tradeoff full of political consequences...
[15:07:17] <Simon Josefsson> i'm curious about the ß example, klensin said ß will be permitted in idnabis (right?). in current idna, it is mapped to 'ss'. if they produce different outputs for the same inputs, we'll have problems in authorization systems...
[15:07:35] <jhutz> So if I tell you (verbally) that my domain is "groß-rad" (big wheel), then you will either type "groß-rad" or "GROSS-RAD", depending on whether you tend to type it in upper or lower case.
[15:07:44] --- raeburn has joined
[15:07:46] <jhutz> Right, Simon; that's what I'm concerned about.
[15:08:12] --- barryleiba@gmail.com has left
[15:08:31] <jhutz> Hm. "Ask Ted Hardie to write text" probably does not scale.
[15:08:47] <nico> well, this applies to domainname slots
[15:08:50] --- carl-ietf has joined
[15:08:53] <eludom> Hanas?: this sounds complecated.
[15:08:53] <eludom> x
[15:08:53] <eludom> x
[15:08:53] --- eludom has left
[15:09:05] <nico> so, yes, it could affect authz
[15:09:11] <nico> how does this not affect stringprep?
[15:09:30] <Simon Josefsson> idnabis doesn't use stringprep at all. they are abandoning it..
[15:09:36] <tlyu> unicode is hard. let's use paper.
[15:10:41] --- eludom has joined
[15:11:01] <eludom> PHB: DNS is not a good basis for authentication.
[15:11:45] <eludom> JK: We're sharing IDNA lessions.
[15:12:20] <eludom> JK: we need to get clear about what DNS is good for and what it's not good for. But people use things for what they want to.
[15:12:30] <Simon Josefsson> there is also the pr-29 problem when the UTC decided to break backwards compatibility in nfkc. for a small set of weird strings, nfkc behaves differently in 3.2 and later versions of unicode. that hurts us too..
[15:12:49] <eludom> Sam H: lets focus on internationalization in securtiy
[15:13:14] <nico> I see, abandoning stringprep
[15:13:14] <eludom> Sam H: (as individulal): good that it's not changing stringprep.
[15:14:10] <eludom> Sam H: think about whether we need to create a general tool
[15:15:51] <eludom> JK: if I ship you a string, and you don't have the fonts, it all turns in to ??? or boxes.
[15:15:58] <eludom> JK: they are hard to extract info from.
[15:16:18] <eludom> JK: if I send you a script you don't read/understand, is it better ?
[15:16:33] <hartmans@jis.mit.edu/owl> RFC 4952 is the document he was discussing for a-label vs u-label
[15:16:36] <eludom> JK: Cutting and pasting ops generally don' work.
[15:17:09] <eludom> Paul Hoffman: Answering Sam and Hannas: no.
[15:17:58] <eludom> PH: each group (such as security) needs to start form scratch with lessions from IDNA and IDNAbis
[15:18:19] <eludom> PH: These docs have not been through any WG process.
[15:18:32] <eludom> PH: premature to say what this docoment "will do".
[15:19:18] <eludom> Sam: were you saying you think we should not create a general too ?
[15:19:30] <eludom> PH: you were asking if "is there any guidance for"
[15:20:25] <eludom> PH: Tables that have yes or no are better than lookup
[15:20:34] <eludom> JK: I agree.
[15:21:04] --- michaelpeck has joined
[15:21:05] <mrex> Iwould use code that used the rules during initialization to populate a table
[15:21:33] <eludom> JK: to make this stuff work, if people are maintianing their own libraries, you need access to a code table, properties
[15:21:50] <hartmans@jis.mit.edu/owl> Simon, I think a lot of us believe we can treat TR29 as a bug fix and completely ignore the things it breaks. I respect you disagree.
[15:22:09] <Simon Josefsson> language experts also seem to believe tables are the way to go. human language are not possible to categorize algorithmically sufficiently well. you can use rules to do the majority of the work, but hand-tuning is needed.
[15:22:10] <eludom> JK: if you make the standardad a talble, you lock out anything that [appears after the table is defined]
[15:22:39] <eludom> JK: You can't have version agnostic tables.
[15:23:00] --- raeburn has left: Logged out
[15:23:11] <eludom> Jeff ???: Looking up a name containing an unassigned code point will never happen ?
[15:23:24] <eludom> JK: Look up will be prohibited.
[15:23:33] <mrex> I understood that looking up a name with an unassigned codepoint will have to fail
[15:23:48] <eludom> Jeff: so there are names I can't lookup because my client is not new enough ?
[15:24:44] <mrex> I can not start using a cipher to protect my communication as soon as I learned how to pronounce its name.
[15:25:20] <mrex> Of course it will have to be implemented in interoperable fashion and implementations updated before it can be used
[15:26:59] <eludom> Jeff ???: A human will type german "s" differently.
[15:27:41] <eludom> Jeff ???: If you have a laundry list of these issues, you should write them down.
[15:28:23] <jhutz> ==hartmans
[15:28:37] <eludom> David Black: there will be a small number of important cases. focus on those.
[15:29:09] <jhutz> "Jeff ???" is me
[15:29:21] <eludom> DB: what you allow, disallow ARE security considerations.
[15:31:03] <eludom> Nico: the only consideraton for using a codepoint is whether the client can deal with them ?
[15:31:29] <eludom> JK: If you need to start parsing unicode, you have challenges.
[15:31:37] <eludom> Sam H: thanks John.
[15:32:06] <eludom> Sam H: read. 4690n IDNAbis
[15:32:17] <eludom> Sam H: Read assumptions of DNS
[15:33:10] <eludom> next.....
[15:33:19] <eludom> Morris Dworkin, NIST
[15:33:38] --- michaelpeck has left
[15:33:47] <eludom> Should NIST develop an Additional Versoin of GCM ?
[15:36:01] <eludom> in process of standardizing GCM
[15:39:34] --- kdz has left
[15:41:04] --- Simon Leinen has joined
[15:42:57] --- fp has left
[15:43:37] <mrichardson> wow. so, there are some serious implementation risks for this mode, and other than people with the funds to trivially build 10Gb/s+ data paths, there seems to be simply no advantage of this mode over using any number of AES-CBC + AES-XMAC/SHA2 methods with hardware that can do a single DMA operation.
[15:43:38] <jhutz> I'm trying to figure out what the slide two slides ahead of this means
[15:44:11] --- michaelpeck has joined
[15:44:48] <jhutz> I mean, I understand applying a strong KDF and using different subkeys in different parts of the algorithm, but I don't see understand the placement of the various K(n) blocks on the diagram.
[15:45:24] --- m.behringer has left
[15:45:50] <nico> for some protocols this problem isn't
[15:46:12] <nico> I would certainly worry about non-Internet protocol use of GCM though
[15:47:14] <jhutz> I don't know about "serious implementation risks". If you reuse an IV, you're in trouble.
[15:47:46] <jhutz> Oh, now I understand the diagram. The keys replace the previous inputs where they were.
[15:48:00] <jhutz> Rather, K3 and K4 do, and K2 is used as a mask
[15:48:15] --- Simon Leinen has left
[15:48:30] <mrichardson> with the original GCM, you had to be very careful about not reusing IVs, and generating them wasn't part of the specification. Easy to get wrong by accident.
[15:49:51] --- alexeymelnikov has left
[15:53:55] <mrichardson> what EKR said... +1.
[15:54:58] * eludom is having problems with the semantic an verbal bandwidth an would appriciate people chiming in.
[15:55:43] <eludom> Russ Housley: this is about FIPS 140 validation ?
[15:55:54] <eludom> MD: correct.
[15:56:17] <eludom> RH: You're talking about making sure the implemtation dosn't generate the IVs improperly
[15:57:03] --- Jabber-Wile has joined
[15:57:05] <eludom> RH: we already have GCM. You're going to validate it for us.
[15:58:07] <eludom> David ? (original GCM guy): Proposed changes don't address all his concerns.
[15:59:18] <eludom> David McGrew
[15:59:54] <jhutz> "David ? (original GCM guy)" was enough identification for whoever ends up preparing the minutes
[16:01:04] <eludom> David Black: the pipeline stall is not pretty. There's a fair ammount of work being done on existing modes. Don't hold up others.
[16:02:06] <eludom> Sam H: asks for show of hands. People working on protocol who think this would help.
[16:02:08] <eludom> No hands.
[16:02:24] --- Stephen Farrell has left
[16:02:33] <eludom> Sam H: encourages people to explain uses on list.
[16:02:41] --- ryu has left: Computer went to sleep
[16:02:54] <eludom> Michael Richardson: Not sure why we needed GCM, not sure why we need improved GCM.
[16:03:01] <eludom> MR: choose one and tell us.
[16:03:02] <jhutz> Note we are officially out of time, but will continue with open mic for a few minutes.
[16:03:18] --- brian.minard@gmail.com has left
[16:03:34] <eludom> MR: but there are people who build 10G+ boxes.
[16:04:02] --- eric has left
[16:04:28] --- finn- has left
[16:04:44] --- Jabber-Wile has left
[16:05:11] --- jhutz has left: Disconnected
[16:05:12] <eludom> Thomas: workgroup at W3C on XML sigantures
[16:06:14] --- shep has left
[16:06:16] --- michaelpeck has left
[16:06:18] --- carl-ietf has left
[16:06:34] --- tlyu has left
[16:06:39] <eludom> Sam H: requsts mail to saag
[16:06:47] --- shpark has left
[16:06:49] --- hallam has left
[16:06:56] <eludom> We're done. people are arriving for next meeting.
[16:07:23] --- nico has left: Disconnected
[16:09:07] --- ryu has joined
[16:09:15] --- stefans has left
[16:09:48] --- ryu has left
[16:10:47] --- Jim Galvin has left
[16:11:37] --- alexeymelnikov has joined
[16:12:05] --- ldondeti has left: Disconnected.
[16:14:30] --- Simon Josefsson has left
[16:15:27] --- finn- has joined
[16:15:46] --- eludom has left: Disconnected.
[16:15:47] --- finn- has left
[16:17:59] --- FDupont has left: Replaced by new connection
[16:20:01] --- michaelpeck has joined
[16:20:26] --- tlr has left
[16:22:07] --- mrichardson has left
[16:25:33] --- mrex has left: Logged out
[16:31:22] --- alexeymelnikov has left
[16:31:49] --- secastro_scl has left
[16:38:37] --- guenther has left
[17:18:07] --- michaelpeck has left
[17:56:03] --- raeburn has joined
[17:56:09] --- raeburn has left