IETF
saag
saag@jabber.ietf.org
Thursday, 29 March 2012< ^ >
stpeter has set the subject to: SAAG, IETF 81 | slides at https://datatracker.ietf.org/meeting/81/materials.html#wg-saag | audio at http://ietf81streaming.dnsalias.net/ietf/ietf805.m3u
Room Configuration

GMT+0
[15:24:25] yaron.sheffer joins the room
[15:31:26] yaron.sheffer leaves the room
[15:34:05] yaron.sheffer joins the room
[15:34:28] Dave Mitton joins the room
[15:35:32] <Dave Mitton> Audio is having problems
[15:36:18] <Dave Mitton> hmmm... okay I got back
[15:38:19] SM joins the room
[15:38:37] <Dave Mitton> it keeps cutting in and out
[15:39:13] yone joins the room
[15:41:39] kazubu joins the room
[15:43:11] sftcd joins the room
[15:43:41] kshu joins the room
[15:44:13] smb joins the room
[15:44:23] <Dave Mitton> I keep losing the audio... maybe a network issue
[15:44:47] <yaron.sheffer> I'm having very good audio here.
[15:45:54] <Dave Mitton> The audio is good when it's on... it was frequently going silent... currently on
[15:46:07] barryleiba joins the room
[15:46:20] gshapiro joins the room
[15:46:39] Satoru Kanno joins the room
[15:46:45] <SM> Dave, VLC?
[15:46:46] gridmerge joins the room
[15:49:02] <Dave Mitton> VLC?
[15:49:52] <barryleiba> Start with a joke. But he's good.
[15:50:07] =JeffH joins the room
[15:50:41] lel joins the room
[15:52:00] cm-msk joins the room
[15:52:01] mrex-ietf joins the room
[15:52:05] smb leaves the room
[15:52:09] smb joins the room
[15:53:58] kivinen joins the room
[15:56:52] mjbarnes joins the room
[15:58:57] <SM> Your audio client
[15:59:05] mkatagi joins the room
[15:59:19] <sftcd> audio is ok for you SM?
[15:59:27] <SM> Yes, it's fine, thanks
[15:59:35] derek joins the room
[15:59:38] <sftcd> grat
[15:59:45] <sftcd> great he meant to type
[16:01:11] mjbarnes leaves the room
[16:02:18] barryleiba leaves the room
[16:04:02] Judy joins the room
[16:04:48] barryleiba joins the room
[16:06:00] semery joins the room
[16:09:44] <mrex-ietf> getting off the no-fly-list would be legally enforcable in europe while you're out-of-luck in the US
[16:10:39] <=JeffH> indeed
[16:13:33] Judy leaves the room
[16:14:00] <mrex-ietf> it covers all kinds of data persistence on the browser, known and unkown, cookies, flash-cookies, user data persistence, etc
[16:17:06] lel leaves the room
[16:18:55] <barryleiba> Again with the cookies, EKR?
[16:19:06] <=JeffH> ekr: trying to understand cookie example -- what is approp behavior of bwsr when offered cookie
[16:19:07] <=JeffH> ?
[16:19:10] <sftcd> 9" cookies
[16:19:22] <mrex-ietf> static IPv6 network prefixes is incompatible with data protection laws for DSL home subscriber in Europe
[16:19:25] <barryleiba> The macaroons are better.
[16:19:29] <=JeffH> ans: well, there's cookie-creep, 3d parties, etc
[16:19:46] <SM> The web is third-party
[16:19:51] <derek> i'd prefer some oatmeal raisin
[16:19:55] <=JeffH> ekr: askd about sfwr -- what shd it do ?
[16:19:59] jpc joins the room
[16:20:45] <=JeffH> ans: cookies r typically placed w/o user notification -- its a matter of increased notification to users
[16:21:01] <=JeffH> ans cont'd: as implied by EU law
[16:21:24] <SM> and the user will be annoyed and will want to turn it off
[16:21:26] <=JeffH> ekr: but if one doesn't use cookies when building a web app, they don't work very well -- so what does one do?
[16:21:41] <mrex-ietf> using a cookie for steering one single session without warnings is perfectly OK
[16:22:05] <mrex-ietf> but re-using the cookie for independent sessions without explicit consent from the user is unlawful
[16:22:13] <=JeffH> IW (ian walden): so users have grown up w/o knowlege of this stuff, and are being taken advantage of, and EU regulators are trying to roll that back a bit
[16:22:37] <=JeffH> IW: not advocating this law in particular, rather is informing this group
[16:22:52] <=JeffH> ?: notes the approach in .SE
[16:23:06] gshapiro leaves the room
[16:23:09] <=JeffH> users see cookie notification banner
[16:23:31] <=JeffH> ekr: if u write web app (site) u need to store state somewhere
[16:24:34] <=JeffH> henry story (hs): in safari in particular, if u send a cert to server, no user notifiation --- but Firefox is doing work wrt UI that's really good and appropriate
[16:25:39] <=JeffH> ekr: these priv laws have complete insensitivity of tech constraints and developing actual applications
[16:25:54] <=JeffH> IW: just conveying what the EU law is, not advocating
[16:26:47] <=JeffH> klaus weirnga (kw): nothing about "forgetting data" -- so if you can't demonstrate that you don't need data, you should get rid of it -- this not explicit?
[16:27:25] <=JeffH> IW: yes, not explicit, but going to be made explicit eg "right to be forgotton" in future revisions, but not clear if will be adopted due to balancing the effectsa
[16:28:26] <=JeffH> KW: data moving across borders -- not addr in talk -- ques: if pers data is in the cloud somewhere and is sufficiently encrypt so not available, then is it still personal data?
[16:28:38] <mrex-ietf> personal data is personal data is personal data
[16:28:45] <mrex-ietf> no amount of encryption is going to change it
[16:28:48] <=JeffH> IW: no, it isn't as long as can't be traced back to user......
[16:29:10] <=JeffH> s.farrell: the EU Directive?
[16:29:30] <=JeffH> IW: the new proposal pub'd on 25-Jan-2012, this could take a while to become law
[16:30:03] Mem Sandberg joins the room
[16:30:21] <mrex-ietf> again: non-persistent cookies that do not work cross-sections can be used without consent
[16:30:34] <mrex-ietf> s/cross-section/cross-session/
[16:31:06] <=JeffH> yngve p. (yp): cookies enableed by default, cuz if don't have em, UX sux. but anyway, what about what law says about asking for user creds ----- did survey of online shopping sites recently, noticed that many don't use encryption (ie secure channels) during login process ---- does law apply here?
[16:31:25] <mrex-ietf> persistent cookies and cookies that leak across sessions are a problem (the stuff that facebook does with the like buttons is illegal without consent
[16:31:32] <=JeffH> IW: law sez u have to take "appropriate" measures. this sounds inapprop
[16:32:29] mcharlesr joins the room
[16:34:22] <=JeffH> A. Vessely (AV): what about fairness -- is it "fair" to put a cookie with UI and user has choice......but users commonly don't have a list of towhom they gave what data ..... so not very useful ........ some sites let me know, but most don't
[16:34:54] <mrex-ietf> there is no principal difference (with respect to the european data "cookie" directive) between hidden data in form fields, non-persistent cookies, and session identifiers tacked to the end of the URL
[16:35:14] <=JeffH> IW: an entity is only required to give data at this time of interaction to the user ........
[16:35:28] <=JeffH> AV: user can't remember......
[16:36:33] <=JeffH> IW: yes, this is a fundamental issue of these times. I don't have time to read t & c's..... am not proposing that you have to force the user to go thru t & c's in detail -- the law reqs providers to provide the info, but don't have to force people to read 'em
[16:36:59] <mrex-ietf> the problem with cookies comes in whenever cookies are persisted _without_ consent, and when they leak cross-session without consent
[16:38:07] <mrex-ietf> so the browser would have to prompt not on receipt of cookies, but rather on sending cookies outside of the session (as perceived by the user)
[16:38:26] <=JeffH> HS: have been working on WebID in W3C, this is based on TLS, mostly just using IETF stack, teaches users to use TLS in simple way w/o CAs, webid.info -- ptr to doc ------ allows u to put up your social net box at home, and decentralizes social networks ------ any idea how this would affect individuals and their collection of data on their friends?
[16:38:42] <mrex-ietf> personal collections of personal data are unregulated
[16:39:22] <=JeffH> IW: law is full of blurred lines, the regs don't directly address persoanl and family matters ..... one wud hope the things you're talking about could be achieved ----- tho there is the law enforc. folks wanting to have access for that info
[16:40:00] <=JeffH> Wendy Seltzer (WS): want to note that there's lots going on @w3c, and webid is a "community group" -- not W3C sactioned officially
[16:40:33] <mrex-ietf> actually, the law is _not_ blurred. But both lawyers and companies try to create this impression
[16:41:09] <=JeffH> eilliot lear: am working at layer 9 these days :) ..... so in looking at http 2.0, and middleboxes and their keeping cookies in play w/ many stateless connecitons ---- but new protocol w/longlived connections may mitigate this
[16:41:17] <=JeffH> FINI for that preso
[16:41:17] gshapiro joins the room
[16:41:19] <mrex-ietf> in order for data subjects to need legal counsel or to not interfere with business objectives
[16:41:35] <=JeffH> Tim Polk --- SHA-3 FOR iNTERNET PROTOCOLS
[16:46:29] <=JeffH> barry leiba: clarification -- are they tweaking alg's ?
[16:46:35] <=JeffH> TP: yes
[16:50:04] Roland Hedberg joins the room
[17:03:39] <mcharlesr> what is a "white block cipher"... is it hash + XOR?
[17:04:04] mcharlesr is now known as mcr
[17:04:05] mcr is now known as mcharlesr
[17:05:10] wseltzer joins the room
[17:05:27] mcharlesr is now known as mcr
[17:05:27] mcr is now known as mcharlesr
[17:06:04] <yaron.sheffer> wide-block encryption, for disk encryption (but I'm not sure about the motivation, probably to get away from the complexities of IV generation in disk encryption).
[17:06:07] Roland Hedberg leaves the room
[17:06:50] <=JeffH> michael richardson(mr): understands that all devices out there using radios use CCM* for privacy
[17:07:10] <=JeffH> is in hdwr, may not have access to modifying it
[17:07:40] carl-ietf joins the room
[17:08:17] <=JeffH> once we get some sort of keying infras into constraind devices, cert processing will have big impact on them, and this processing depends on sha-1 -- so if impact can be reduced by using sha-3, that'll be a win ---- shd perhaps use then in DTLS etc.
[17:08:51] <=JeffH> Tim Polk (TP): yes, competing with a variety of other modes, will have to work/compete with them
[17:09:26] <=JeffH> mr: so bunch of stuff in there that we need a hash for, and its a short msg, and so sha-3 may be useful
[17:09:33] <=JeffH> ekr: his is all sort of a bummer yes?
[17:09:52] <=JeffH> tp: yes, not like aes, hard decision, there we are
[17:10:29] mcharlesr is now known as mcr
[17:10:50] <=JeffH> ekr: so shud throw this away, and concentrate on a MAC -- actually sort of serious -- if u can't find a place where sha-3 is a bunch better than sha-2, u shud not publish --- don't want to foster market confusion
[17:11:34] <=JeffH> ekr: in particular case of a mac, folks continue to use sha-1 cuz of convenience ----- tls implementor, its no brainer to stick with what they have now
[17:11:51] <=JeffH> ekr: what environment will sha3 bring me any substantial benefit
[17:11:52] <=JeffH> ?
[17:12:26] <=JeffH> tp: it'll be a bennie in some specific places, but you're right, not acrss-the-board clearly-better advantages
[17:12:49] <=JeffH> ekr: encourage u to come up with some scenario where it is clearly better
[17:13:11] <=JeffH> tp: here to hear from u what the key decision points/scenarios are
[17:14:41] <=JeffH> david mcgrew: in HIP, trying to avoid using a hash alg -- using a block cipher for deriving a secret key, am worried about what if they need a collision-resistant hash ----- if cud use sha3 for this, prob solved ----- so if there's some mode for sha3 that helps here cud be worth it
[17:15:14] <=JeffH> mike jones (mj): most intrig data point is the potential other bennies ---- so is another wide-block cipher vaulable or confusing?
[17:15:31] mcr is now known as mcharlesr
[17:15:59] <=JeffH> tp: well AES isn't wide-blk cipher, so this wud complement that ---- but this is a hash competition, not a cipher, so don't want to make that a major deciding factor
[17:16:47] <=JeffH> there are some apps that wud bennefit from a wide-blk cipher, havent pushed for that per se with everything else going on, but if we get it for free, it's a clear bennie
[17:17:08] <=JeffH> paul hoffman: haven't seen the "signif faster" you've indicated
[17:17:21] pawal joins the room
[17:17:44] <=JeffH> tp: the #s i'm using are the ebash ones, if search for ebash, there's djb results, graphs, look at how they flow on diff types of platforms
[17:17:58] <=JeffH> ph: think ur misusing "significant" (faster)
[17:18:45] <=JeffH> steve bellovin(sb): wrt easing concerns about merkle-dagaard --- but might we be more secure over long term just sticking with sha-512 ???
[17:19:14] <=JeffH> tp: one of real positives of competition -- we move hash competition from black art to a scientific process
[17:20:09] <=JeffH> tp: we feel confident the candidates are stronger than sha in general, but sha -256 & -512 look really good, but that doesn't say the candidates aren't better, and there's lots of analysis
[17:20:33] mcharlesr is now known as mcr
[17:20:33] mcr is now known as mcharlesr
[17:21:00] <=JeffH> russ housley(rh): tried to convice community to transition years ago to sha-2 from sha-1 and hasn't had tons of uptake -- so why be doing this now?
[17:21:11] <=JeffH> tp: have a "hot backup" ?
[17:21:23] <mrex-ietf> Using ECDSA credentials with TLS will also be a loooooong and painful transitions
[17:21:32] <=JeffH> sam: what about new protocols -- might they be able to use this?
[17:21:58] <=JeffH> tp: sure, take a look at it, there's bennies like single-pass MAC ---- but not saying rip out the prior hash alg
[17:22:22] <=JeffH> russ: but just changing hash alg doesn't nec. incr security
[17:22:40] <=JeffH> tp: haveing backup is compelling, times change, things evolve
[17:23:10] <=JeffH> stefan santesson(ss): since we got all these inputs, and tons of work, do we have to pub somjething just cuz?
[17:23:36] <=JeffH> tp: a bit unfair, but there has been 5 yrs of work and we do want to do something for all that work & time
[17:23:39] <mrex-ietf> would it really be bad to come out of the SHA-3 competition with the decision/result that SHA-2 is good enough?
[17:23:53] <=JeffH> (that preso done, next preso)
[17:24:11] <=JeffH> Hannes Tschofenig: report on smart object security workshop
[17:25:26] <=JeffH> see this talk's slides for pointers to workshop materials
[17:25:34] mcharlesr is now known as mcr
[17:25:34] mcr is now known as mcharlesr
[17:27:15] Roland Hedberg joins the room
[17:28:37] cm-msk leaves the room
[17:29:15] smb leaves the room
[17:30:36] mcharlesr is now known as mcr
[17:30:36] mcr is now known as mcharlesr
[17:31:26] cm-msk joins the room
[17:33:56] Mem Sandberg leaves the room
[17:34:20] <=JeffH> ekr: theres coming quest of whethjer http2.0 shud be enryp all time
[17:34:22] <cm-msk> that's an old topic
[17:34:37] cm-msk leaves the room
[17:34:42] barryleiba leaves the room
[17:34:44] <mrex-ietf> http 2.0 with all encryption would mean that we define a new scheme and
[17:35:11] Roland Hedberg leaves the room
[17:35:14] <mrex-ietf> a new port for HTTP2.0 over TLS
[17:35:37] mcharlesr is now known as mcr
[17:35:37] mcr is now known as mcharlesr
[17:35:37] gshapiro leaves the room
[17:36:58] <=JeffH> jeff hodges: ca/browser forum governance reform proposal headzup
[17:37:02] <derek> That's unclear -- it may just work on 443
[17:37:15] <=JeffH> tom yu: sha 3 remark -- missed it
[17:37:56] <carl-ietf> missed yoav's comment about CAB forum opacity too
[17:38:02] <=JeffH> TP: skein is built on 3fish, so if u use skein, it's based on known/analyzed cipher. so on other new stuff, yes will lag behind as they are reviewed and reviews of them are reviewed
[17:38:47] jpc leaves the room
[17:38:49] <=JeffH> yoav observed that the CABF is almost totally opaque as an org and hard to give them reform feedback if one can't observe their present structure or governance policies
[17:39:09] <=JeffH> and jeffh agreed and suggested they point that out to them
[17:39:16] <=JeffH> (at least)
[17:39:50] <=JeffH> TP: (missed his remarks there)
[17:40:12] <=JeffH> sam hartman: wrt getting rid of DES, folks shud comment on ? which is Last Call right now
[17:40:33] <yaron.sheffer> getting rid of DES in Kerberos
[17:40:38] mcharlesr is now known as mcr
[17:40:38] mcr is now known as mcharlesr
[17:40:45] <=JeffH> sh: keep running into the things Russ brought up........ wud using new hashalg be better in certain cases? hard to tell
[17:40:53] pawal leaves the room
[17:40:54] carl-ietf leaves the room
[17:40:58] <=JeffH> <chairs closed it down, go eat/drink>
[17:41:07] yaron.sheffer leaves the room
[17:41:08] <SM> Thanks Jeff
[17:41:11] gridmerge leaves the room
[17:41:16] =JeffH leaves the room: Logged out
[17:41:17] Dave Mitton leaves the room
[17:41:19] SM leaves the room
[17:41:24] kshu leaves the room: offline
[17:41:25] <mrex-ietf> cryptographic agility is a fine concept in theory. how old is AES? It is not available in Windows XP
[17:41:38] Satoru Kanno leaves the room
[17:41:54] kivinen leaves the room
[17:42:41] kazubu leaves the room
[17:43:24] mkatagi leaves the room
[17:44:05] derek leaves the room
[17:44:15] semery leaves the room
[17:45:40] mcharlesr is now known as mcr
[17:45:40] mcr is now known as mcharlesr
[17:46:08] sftcd leaves the room
[17:49:25] mcharlesr leaves the room
[17:51:09] pawal joins the room
[17:52:38] yone leaves the room
[17:53:05] sftcd joins the room
[17:54:08] wseltzer leaves the room
[18:02:32] pawal leaves the room
[18:03:32] pawal joins the room
[18:05:30] Roland Hedberg joins the room
[18:06:35] pawal leaves the room
[18:10:38] sftcd leaves the room
[18:11:34] Roland Hedberg leaves the room
[20:02:52] mrex-ietf leaves the room
[21:19:08] semery joins the room
[21:20:25] semery leaves the room
[21:57:30] =JeffH joins the room
[21:57:55] =JeffH leaves the room
[22:13:43] mcharlesr joins the room
[22:15:56] mcharlesr leaves the room
[22:37:19] pawal joins the room
[22:39:02] kazubu joins the room
[23:23:16] pawal leaves the room
[23:36:57] kazubu leaves the room
[23:48:48] wseltzer joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!