IETF
saag
saag@jabber.ietf.org
Thursday, August 1, 2013< ^ >
hillbrad has set the subject to: http://tools.ietf.org/agenda/85/agenda-85-saag.html
Room Configuration
Room Occupants

GMT+0
[06:51:51] yuioku.yj joins the room
[08:11:33] yuioku.yj leaves the room
[10:48:53] wouter joins the room
[10:52:37] andrey.uzunov joins the room
[10:56:21] tlyu joins the room
[10:57:55] matthijs joins the room
[10:59:28] jaap joins the room
[11:00:24] jaap leaves the room: Replaced by new connection
[11:00:24] jaap joins the room
[11:01:01] Juan-Pedro Cerezo Martin joins the room
[11:02:02] <tlyu> why are there 2 copies of the sha3 and dns slides?
[11:02:05] Olafur joins the room
[11:02:37] sftcd joins the room
[11:04:38] Franck Martin joins the room
[11:05:16] Hugo Kobayashi joins the room
[11:05:18] sa10kan3@gmail.com joins the room
[11:06:21] Chris Griffiths joins the room
[11:08:28] yone joins the room
[11:08:47] weiler joins the room
[11:09:33] m&m joins the room
[11:09:34] danyork joins the room
[11:09:43] fneves joins the room
[11:09:52] marcos.sanz joins the room
[11:09:55] semery joins the room
[11:10:51] Adam Montville joins the room
[11:11:27] <sftcd> if someone's remote please put "mic:" before your comment if you want someone to say it in the room
[11:11:46] olaf joins the room
[11:11:51] <weiler> anyone else distracted by the mixing of DNSSEC and claims re: encryption?
[11:12:21] derek joins the room
[11:13:07] davewaltermire joins the room
[11:13:10] paulwouters joins the room
[11:14:05] <derek> Geeze, DNS is vulnerable to cache poisoning attacks?  Who woulda thunk it?  :)
[11:14:22] <weiler> mic:  ARRRRGH!
[11:14:30] <marcos.sanz> Are the slides available for the people sitting remote?
[11:14:40] <Olafur> http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf
[11:14:40] <sftcd> @weiler: doesn't count
[11:14:58] <weiler> had to try.
[11:15:02] stpeter joins the room
[11:15:23] <marcos.sanz> thanks, olafur
[11:15:45] stpeter has set the subject to: https://datatracker.ietf.org/meeting/87/agenda/saag/
[11:16:14] kbaumann joins the room
[11:16:23] <weiler> do these slides have IPR issues?
[11:16:39] olaf leaves the room
[11:16:48] Wendy Seltzer joins the room
[11:16:49] <derek> weiler: probably
[11:16:49] <tlyu> the pdf of these slides seem corrupted and the pptx is slow to download
[11:16:51] <stpeter> weiler: I was wondering about that, too
[11:17:11] <sftcd> @tlyu: will  check, noticed the slow server response too
[11:18:25] <weiler> $10 to whomever gets the guy a DMCA takedown notice before the end of his talk.
[11:18:25] Florob joins the room
[11:18:35] Olaf Kolkman (adium) joins the room
[11:19:04] <sftcd> uploading that pdf again...
[11:19:11] <sftcd> try now
[11:20:09] <sftcd> still veeeeeeeeerrrrrrrrrrrrrry   slooooow
[11:21:21] <sftcd> but downloading amir's pdf works for me now
[11:22:35] kohei.kasamatsu130 joins the room
[11:23:24] fneves leaves the room
[11:23:28] fneves joins the room
[11:23:41] <paulwouters> slides still wont load for me
[11:23:56] <sftcd> the pdf or ppt-thing?
[11:24:27] <weiler> stephen: how did is the file?
[11:24:42] <weiler> big
[11:24:47] gmaxwell joins the room
[11:24:51] <sftcd> how big? 2534057 bytes
[11:25:07] <derek> so 2.5M
[11:25:36] <sftcd> oops, that the pptx pdf is 1233701
[11:25:42] Karen O'Donoghue joins the room
[11:25:47] <sftcd> cookie monsters are expensive
[11:28:56] kohei.kasamatsu130 leaves the room
[11:29:14] kohei.kasamatsu130 joins the room
[11:30:19] <sftcd> is the audio ok in remote land?
[11:30:43] <tlyu> sounds ok to me
[11:30:49] <sftcd> great ta
[11:31:25] weiler leaves the room
[11:33:59] Dan Wing joins the room
[11:34:20] kohei.kasamatsu130 leaves the room
[11:34:50] fneves leaves the room
[11:36:48] <marcos.sanz> long live RFC 5737!
[11:37:08] fneves joins the room
[11:37:09] weiler joins the room
[11:37:21] kbaumann leaves the room
[11:38:34] fdupont joins the room
[11:38:57] <fdupont> does saag take questions?
[11:39:28] <sftcd> sure, ask @ the end I guess
[11:39:44] <sftcd> if you're remote, preface your question/comment with "mic:"
[11:40:20] <fdupont> I have many about current DNSSEC presentation so I'll type them here and jump to the mic at the end
[11:41:40] <fdupont> 1- is the NAT concern still valid for with port randomization on (it is an option for Linux NAT)?
[11:42:41] <fdupont> 2- is the fragmentation attack really requiring large response (i.e., limiting UDP unsecured responses to 512B enough)?
[11:42:49] <derek> fdupont: do you need me to ask for you?
[11:44:07] <fdupont> 3- not a question: ECDSA for DNSSEC promotion paper and presenation at DNS OARC (but ECDSA is still not used, numbers are very bad/low)
[11:44:29] <danyork> Did I just understand that .ORG no longer returns packets that line up with what is on this slide?
[11:45:03] <danyork> (not for the mic, just asking the chat room)
[11:45:36] <fdupont> 4- full references ([HS13] -> I have an idea of the authors, published where? with what title?)
[11:46:14] <sftcd> #4 - yeah not in slides, will get it sent to the saag list
[11:47:41] <fdupont> I can ask sns-pb.isc.org managers (I work for ISC) but as far as I know hard DDoS defence is still in design so not deployed
[11:48:16] tlyu leaves the room
[11:48:24] tlyu joins the room
[11:48:30] <fdupont> for #4 I understand to not present the slide(s) with full references but it/they should be in the PDF.
[11:48:43] <sftcd> fair point, will fix
[11:50:14] <fdupont> 5- to make DNS response larger is simply not what we want (enough issues with amplification and DNSSEC)!
[11:50:52] gmaxwell joins the room
[11:50:54] andrey.uzunov leaves the room
[11:51:42] gmaxwell leaves the room
[11:51:50] andrey.uzunov joins the room
[11:54:04] kivinen joins the room
[11:54:50] richard.barnes joins the room
[11:55:42] <danyork> Point of language (not for mic, unless I get up there and make it) - when talking about "Registrars" here the function of a "registrar" is being mixed with the function of a "DNS operator".  Granted, many times both functions are performed by the same "registrar" entity, but they are two distinct and separate functions.
[11:57:38] <Olafur> ECDSA verification speed is an issue for large validators
[11:58:19] g.e.montenegro joins the room
[11:58:20] <tlyu> danyork: typically the "registry" not "registrar" operates the TLD (or other high-level) zone DNS, right?
[11:58:25] kbaumann joins the room
[11:58:49] =JeffH joins the room
[11:59:04] Hugo Salgado joins the room
[11:59:14] kbaumann leaves the room
[12:00:01] kbaumann joins the room
[12:00:26] mrex-ietf joins the room
[12:00:46] <danyork> tlyu: Well, yes, that's another level of language, but I was talking about the reference to registering domain names.
[12:01:56] <danyork> I just get grumpy on this point because we as a community/industry are a bit sloppy with that language.
[12:03:52] <tlyu> oh you mean if i as a customer register a domain with a registrar, often that registrar offers to sell me the service of operating my zone for me?
[12:05:06] =JeffH leaves the room
[12:05:14] =JeffH joins the room
[12:05:18] <danyork> right
[12:05:34] <derek> tlyu: yes
[12:07:15] <weiler> slow downloads: blame AT&T.  20% packet loss on both v4 and v6 as the packets pass to www.ietf.org <http://www.ietf.org>.
[12:10:03] <paulwouters> where is the link?
[12:11:31] <Franck Martin> everyone is awake now... :)
[12:11:40] danyork leaves the room
[12:11:43] Chris Griffiths leaves the room
[12:12:05] <mrex-ietf> that may be an NSA surveillance side-effect.  AT&T isn't allowed to deliver packets that the NSA server is unable to capture, and the responsible NSA Xkeyscore server is in desperate need of a hardware upgrade
[12:12:33] <Franck Martin> as well as improve their power point skills....
[12:12:48] <sftcd> http://scholar.google.com/scholar?hl=en&q=Amir+Herzberg%2C+Haya+Shulman+++dnssec&btnG=&as_sdt=1%2C5&as_sdtp= is the link Jeff sent to the saag list for haya's publications
[12:12:49] <stpeter> paulwouters: the link for the DNSSEC paper?
[12:12:59] Klaas Wierenga joins the room
[12:13:00] <stpeter> right, http://www.ietf.org/mail-archive/web/saag/current/msg04401.html
[12:13:13] <sftcd> some of the work is still "in-publication"
[12:13:26] <paulwouters> thanks
[12:15:24] tlyu leaves the room
[12:15:32] tlyu joins the room
[12:16:08] <sftcd> he links to start a slide with a bang:-)
[12:16:17] <sftcd> s/links/likes/
[12:16:32] andrey.uzunov leaves the room
[12:16:54] danyork joins the room
[12:17:02] =JeffH leaves the room
[12:17:09] =JeffH joins the room
[12:17:55] <derek> Someone's got the shakes?
[12:18:35] andrey.uzunov joins the room
[12:19:58] <weiler> mrex: there must be a great side-channel in choosing which packets to drop.
[12:20:17] danyork leaves the room
[12:20:31] <gmaxwell> uh. The person was asking about KDFs.  There is in fact a KDF competition going on, though not run by NIST.
[12:20:45] <gmaxwell> https://password-hashing.net/
[12:23:35] <=JeffH> Haya Shulman publications: https://sites.google.com/site/hayashulman/publications
[12:24:18] wouter leaves the room
[12:24:26] <fdupont> Which name does the NSA use to sponsor Tor?
[12:32:01] Chris Griffiths joins the room
[12:33:46] <=JeffH> https://www.torproject.org/download/download
[12:34:16] <=JeffH> https://www.torproject.org/download/download#warning
[12:34:31] <=JeffH> https://www.torproject.org/about/overview.html.en#thesolution
[12:40:32] =JeffH leaves the room
[12:40:39] =JeffH joins the room
[12:41:26] <Wendy Seltzer> https://gitweb.torproject.org/torspec.git
[12:42:11] <stpeter> minutes referred to by Bob at the mic just now: ftp://ftp.ietf.org/ietf-online-proceedings/95apr/area.and.wg.reports/sec/ipsec/ipsec-minutes-95apr.txt
[12:42:15] paulwouters leaves the room
[12:43:56] <gmaxwell> Random backgroun: The tor stuff has integrity, but IIRC its just end to end, which leads to tagging attacks which are pretty much anonymity system specific attacks.   See also: http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf  
[12:45:07] <Olafur> crimes against humanity mentioned in IETF (a first ?)
[12:45:33] <sftcd> @olafur: I'm sure someone must've said that about NAT already
[12:46:34] matthijs leaves the room
[12:46:41] =JeffH leaves the room
[12:46:49] =JeffH joins the room
[12:48:01] semery leaves the room
[12:48:23] paulwouters joins the room
[12:49:13] <mrex-ietf> going forward:  being much MORE focused on reasonable security (easy, simple, low-cost)
[12:49:16] Chris Griffiths leaves the room
[12:49:16] paulwouters joins the room
[12:49:45] paulwouters leaves the room
[12:50:06] fdupont leaves the room: Computer went to sleep
[12:50:15] Olafur leaves the room
[12:50:29] Olaf Kolkman (adium) leaves the room
[12:50:38] <mrex-ietf> _one_ of the roadblocks to folks adopting IPv6 is the mandate for IPsec.  But that thing is so horribly complex to implement, different from the security in pretty much every other protocol, and sufficiently close to unusable on the internet in general, that it is essentially irrelevant
[12:50:47] marcos.sanz leaves the room
[12:51:15] paulwouters leaves the room
[12:51:49] =JeffH leaves the room: Logged out
[12:52:50] <mrex-ietf> the other problem is the huge and unnecessary complexity in PKIX.  This this is full of useless crap.  We should really strip the mandatory PKIX parts down to what is mandatory in the CABrowser profile.
[12:53:24] Adam Montville leaves the room
[12:53:32] tlyu leaves the room
[12:53:33] <derek> mrex-ietf: or just SSH
[12:53:40] tlyu joins the room
[12:54:12] <mrex-ietf> yup, SSH worked, because it got most of right from the start
[12:55:30] davewaltermire leaves the room
[12:55:33] sa10kan3@gmail.com leaves the room
[12:55:41] Juan-Pedro Cerezo Martin leaves the room
[12:55:45] jaap leaves the room
[12:55:45] weiler leaves the room
[12:55:45] Karen O'Donoghue leaves the room
[12:55:53] Hugo Kobayashi leaves the room
[12:55:55] m&m leaves the room: Disconnected: connection closed
[12:56:06] yone leaves the room
[12:56:10] Dan Wing leaves the room
[12:56:23] kivinen leaves the room
[12:56:23] richard.barnes leaves the room
[12:57:02] kbaumann leaves the room
[12:57:38] Klaas Wierenga leaves the room
[12:57:44] andrey.uzunov leaves the room
[12:58:16] Franck Martin leaves the room
[12:58:16] sftcd leaves the room
[12:59:17] <derek> until Vancouver, all!
[12:59:20] derek leaves the room
[13:01:10] Florob leaves the room: offline
[13:03:18] Wendy Seltzer leaves the room
[13:03:20] Wendy Seltzer joins the room
[13:04:03] fneves leaves the room
[13:04:48] gmaxwell leaves the room
[13:06:19] stpeter leaves the room
[13:06:46] Chris Griffiths joins the room
[13:09:05] Hugo Salgado leaves the room
[13:11:37] Karen O'Donoghue joins the room
[13:13:02] fneves joins the room
[13:13:54] danyork joins the room
[13:16:02] Olafur joins the room
[13:16:06] Olafur leaves the room
[13:16:42] Chris Griffiths leaves the room
[13:18:23] g.e.montenegro leaves the room
[13:19:10] tlyu leaves the room
[13:20:16] Dan Wing joins the room
[13:20:52] fneves leaves the room
[13:21:47] fdupont joins the room
[13:22:06] paulwouters joins the room
[13:22:21] paulwouters leaves the room
[13:23:53] sa10kan3@gmail.com joins the room
[13:24:54] kbaumann joins the room
[13:26:11] sftcd joins the room
[13:26:20] kbaumann leaves the room
[13:26:21] kbaumann joins the room
[13:26:28] sftcd leaves the room
[13:27:27] stpeter joins the room
[13:27:33] stpeter leaves the room
[13:36:33] kbaumann leaves the room
[13:36:58] kbaumann joins the room
[13:46:54] kbaumann leaves the room
[13:47:36] gmaxwell joins the room
[13:47:47] Karen O'Donoghue leaves the room
[13:49:25] sa10kan3@gmail.com leaves the room
[13:52:06] Olaf Kolkman (adium) joins the room
[13:54:11] Dan Wing leaves the room
[13:54:15] kbaumann joins the room
[13:56:34] kbaumann joins the room
[13:56:52] kbaumann leaves the room
[14:03:52] Wendy Seltzer leaves the room
[14:07:34] eburger joins the room
[14:08:15] eburger leaves the room
[14:11:14] Olaf Kolkman (adium) leaves the room
[14:12:32] Olaf Kolkman (adium) joins the room
[14:12:44] Olaf Kolkman (adium) leaves the room
[14:12:53] Olaf Kolkman (adium) joins the room
[14:15:15] kbaumann joins the room
[14:15:16] g.e.montenegro joins the room
[14:15:35] kbaumann leaves the room
[14:16:06] g.e.montenegro leaves the room
[14:16:29] kbaumann leaves the room
[14:19:26] kbaumann joins the room
[14:19:58] Karen O'Donoghue joins the room
[14:21:40] Olaf Kolkman (adium) leaves the room
[14:22:05] kbaumann leaves the room
[14:22:35] kbaumann joins the room
[14:24:24] Olaf Kolkman (adium) joins the room
[14:26:35] Karen O'Donoghue leaves the room
[14:40:47] Karen O'Donoghue joins the room
[14:41:30] Karen O'Donoghue leaves the room
[14:56:43] Olaf Kolkman (adium) leaves the room
[14:57:00] kbaumann leaves the room
[14:57:02] richard.barnes joins the room
[14:57:35] richard.barnes leaves the room
[14:58:26] gmaxwell leaves the room
[14:58:59] danyork leaves the room
[15:04:10] fdupont leaves the room: Logged out
[15:05:06] kbaumann joins the room
[15:05:36] kbaumann leaves the room
[15:07:15] kbaumann joins the room
[15:19:25] kbaumann leaves the room
[15:22:37] kbaumann joins the room
[15:24:57] kbaumann joins the room
[15:25:03] kbaumann leaves the room
[15:30:35] wseltzer joins the room
[15:30:41] kbaumann leaves the room
[15:56:56] kbaumann joins the room
[15:57:26] kbaumann leaves the room
[15:58:17] kbaumann joins the room
[15:58:49] wseltzer leaves the room
[16:04:59] kbaumann leaves the room
[16:29:01] kbaumann joins the room
[16:29:36] kbaumann leaves the room
[16:30:28] kbaumann joins the room
[16:31:03] Wendy Seltzer joins the room
[16:34:16] kbaumann leaves the room
[16:34:46] kbaumann joins the room
[16:36:33] kbaumann leaves the room
[16:37:30] kbaumann joins the room
[16:41:50] Wendy Seltzer leaves the room
[16:50:49] kbaumann leaves the room
[16:52:38] kbaumann joins the room
[16:59:53] kbaumann leaves the room
[17:00:44] kbaumann joins the room
[17:05:09] kbaumann leaves the room
[17:26:03] Olaf Kolkman (adium) joins the room
[17:35:06] Olaf Kolkman (adium) leaves the room
[17:37:10] Olaf Kolkman (adium) joins the room
[17:41:05] Olaf Kolkman (adium) leaves the room
[22:38:46] Wendy Seltzer joins the room
[23:00:53] Olaf Kolkman (adium) joins the room
[23:01:12] Olaf Kolkman (adium) leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!