IETF
saag
saag@jabber.ietf.org
Thursday, November 7, 2013< ^ >
stpeter has set the subject to: https://datatracker.ietf.org/meeting/87/agenda/saag/
Room Configuration
Room Occupants

GMT+0
[16:48:23] neilkatin joins the room
[17:59:24] rgb joins the room
[19:49:13] saag@jabber.ietf.org joins the room
[21:00:05] barryleiba joins the room
[21:00:24] synp joins the room
[21:01:07] Dan York joins the room
[21:01:48] Dave Michaud joins the room
[21:02:03] kivinen joins the room
[21:02:05] kaduk@jabber.openafs.org/barnowl joins the room
[21:02:06] Adam Montville joins the room
[21:02:08] Tom Yu joins the room
[21:02:11] g.e.montenegro joins the room
[21:02:16] Hugo Kobayashi joins the room
[21:02:21] <synp> Hi all, I'll be your Jabber scribe. If you want something spoken to the room mike, please prefix with "mic:"
[21:02:21] Wes George joins the room
[21:02:23] kohei.kasamatsu130 joins the room
[21:02:58] satoru.kanno@jabber.org joins the room
[21:03:02] SM joins the room
[21:03:31] sftcd joins the room
[21:04:00] <neilkatin> which document is being shown right now (please...)?
[21:04:52] <SM> It is the WG reports
[21:04:58] yaron.sheffer joins the room
[21:05:38] Dan Wing joins the room
[21:06:16] stpeter joins the room
[21:06:41] <synp> If you want something spoken to the room mike, please prefix with "mic:"
[21:07:13] <sftcd> that's the 3rd saag in a row we've mis-spelled precis
[21:07:50] m&m joins the room
[21:08:28] Kazuya Okada joins the room
[21:08:31] <sftcd> i guess mptcp and tsvarea had security stuff - anyone here wanna speak to those?
[21:08:40] <kaduk@jabber.openafs.org/barnowl> Hmm, I guess the quiet audio stream from Regency D is a well-known
issue at this point?
[21:08:50] Andrew Yourtchenko joins the room
[21:10:08] mcharlesr joins the room
[21:10:20] hartmans joins the room
[21:11:20] <mcharlesr> http://www.ietf.org/proceedings/88/slides/slides-88-saag-4.pdf
[21:11:24] barryleiba leaves the room
[21:12:18] barryleiba joins the room
[21:13:22] <synp> slide: "Historical perspective on cryptographic standards"
[21:13:37] œü÷÷üœ joins the room
[21:14:09] Hugo Kobayashi leaves the room
[21:14:20] roessler joins the room
[21:14:28] <synp> slide: ""
[21:14:41] <synp> slide: "Authority, stakeholders & impact"
[21:14:42] <kaduk@jabber.openafs.org/barnowl> When we get to the questions portion, I hope someone asks if NIST is
considering holding a competition for a stream cipher.
[21:15:54] <synp> prefix that with "mic", and I'll do it.  Although I'd rather say I'm channeling someone with a real name rather than "barnowl"
[21:16:28] <kaduk@jabber.openafs.org/barnowl> I'll try to remember to say it again closer to that time.
[21:16:29] <hartmans> Uh, he's got a real jid there.
[21:16:57] <stpeter> hartmans: yeah, some clients seem to default to that behavior, which isn't a great idea IMHO
[21:18:02] Karen O'Donoghue joins the room
[21:19:45] mrex-ietf joins the room
[21:21:39] mrex-ietf has set the subject to: https://datatracker.ietf.org/meeting/88/agenda/saag/
[21:24:09] <roessler> does the link to the IAB comment work for anybody?
[21:24:47] <SM> http://www.iab.org/wp-content/IAB-uploads/2013/10/IAB-NIST-FINAL.pdf
[21:24:49] <roessler> thx
[21:26:31] tony.l.hansen joins the room
[21:27:08] semery joins the room
[21:28:33] <sftcd> don't send to tim - notoriously long list of unread messages:-)
[21:28:48] Phill joins the room
[21:29:30] fenton joins the room
[21:29:30] m&m leaves the room
[21:29:32] m&m joins the room
[21:29:52] <kaduk@jabber.openafs.org/barnowl> mic: (Ben Kaduk) Any chance of a stream cipher competition in the near
future?
[21:29:53] <Phill > Tim will be happy if you accost him with burning pitchforks and torches...
[21:29:56] <synp> Does it matter who you send the message to?  They can just look for "NIST process" on that big datacenter in Utah
[21:30:05] <tony.l.hansen> the link to the IAB comment in Tim's slides is wrong
[21:30:14] <mrex-ietf> @SM:  Funny: Russ, the IAB Chair didn't realize that the reference to the clippered TLS Suite B cipher suites in the IAB statement is outdated (reference 5430 instead of 6460) -- although he is listed as co-author on both documents...
[21:30:14] <synp> in line
[21:30:24] <kaduk@jabber.openafs.org/barnowl> synp: thanks :)
[21:30:27] <sftcd> @tony: ack: http://www.iab.org/wp-content/IAB-uploads/2013/10/IAB-NIST-FINAL.pdf
[21:30:50] jimsch1 joins the room
[21:30:59] <SM> Martin, time to file an erratum :-)
[21:32:13] <synp> I mentioned that I'm in line because that line is long
[21:34:04] <sftcd> and the line is closed for now, there'll be more time at the end
[21:34:51] Loris Corazza joins the room
[21:34:56] <synp> Yeah, but I'm in
[21:35:03] <sftcd> you are
[21:35:21] Joe Hildebrand joins the room
[21:40:18] Phill leaves the room
[21:41:58] slm joins the room
[21:44:14] Phill joins the room
[21:44:14] Olafur Gudmundsson joins the room
[21:44:17] cabo joins the room
[21:44:21] <kaduk@jabber.openafs.org/barnowl> Heh
[21:45:02] Phill leaves the room
[21:45:02] <kaduk@jabber.openafs.org/barnowl> synp: It's actually closer to kay-duck, but it's no big deal.
[21:47:30] <synp> We're an international crowd. Had no idea where you were from, so I thought some European variation could be close.
[21:47:50] Phill joins the room
[21:47:52] kohei.kasamatsu130 leaves the room
[21:48:45] <synp> Next Up: Bob Moskowitz about "SIESTA" - SessionLayer Security Approach
[21:49:37] Phill leaves the room
[21:51:22] Dan York leaves the room
[21:56:45] <synp> I wonder why they're attaching this to "application" rather than "user" or if that's not practical, user device?
[21:56:45] Joe Hildebrand leaves the room
[21:57:02] Phill joins the room
[21:58:02] Phill leaves the room
[21:58:13] Dan Wing leaves the room
[21:59:26] Dan York joins the room
[22:00:07] <rgb> hmmm, shaded bits in his slides show up black opaque in Chrome...
[22:00:25] <sftcd> for me too with evince
[22:00:26] wseltzer@jabber.org joins the room
[22:00:32] <sftcd> will upload ppt
[22:01:18] <sftcd> done
[22:01:28] <synp> ESP already supports 64-bit sequence numbers. But weird that they limit length to 32-bit. In the application layer this doesn't make sense.
[22:01:48] Joe Hildebrand joins the room
[22:01:54] Joe Hildebrand leaves the room
[22:02:02] <rgb> what are the fields in compact and large?
[22:02:57] kohei.kasamatsu130 joins the room
[22:03:14] <synp> rgb: pretty much like ESP, except that he's added a length field. Only difference between comopact and large is the size of these two fields
[22:03:14] Phill joins the room
[22:03:14] <rgb> ah, got it from ppt.  thanks!
[22:03:37] Hugo Kobayashi joins the room
[22:04:12] kohei.kasamatsu130 leaves the room
[22:04:25] <yaron.sheffer> If there's one thing we've learned with ESP is the lack of extensibility (see WESP, which itself failed). Pity they don't have it either.
[22:04:31] <synp> Next up: Adding Data-plane security to the lisp protocol
[22:04:57] <synp> slide 2
[22:04:59] <sftcd> not sure how much this is the LISP WG asking vs Dino asking
[22:05:11] <sftcd> interesting nonetheless
[22:05:29] <synp> slide 3
[22:05:42] <synp> slide 4
[22:06:07] <mrex-ietf> crypto without integrity protection has proven to be a failure time and time again
[22:06:40] <synp> mrex: but there's always a good chance to learn it again and again
[22:07:07] <synp> "only second chance you get is the chance to make the same mistake twice"
[22:08:05] <synp> slide 5
[22:08:58] <synp> slide 6
[22:09:47] <synp> slide 7
[22:09:54] Dave Michaud leaves the room
[22:10:00] Adam Montville leaves the room
[22:10:10] Loris Corazza leaves the room
[22:12:30] <synp> GDOI?
[22:12:49] Phill leaves the room
[22:15:30] Olafur Gudmundsson leaves the room
[22:15:31] Dan Wing joins the room
[22:16:23] kohei.kasamatsu130 joins the room
[22:16:51] Olafur Gudmundsson joins the room
[22:17:11] kohei.kasamatsu130 leaves the room
[22:17:51] <mrex-ietf> rsa seems to be the only public key algorithm that isn't cryptoglycerin
[22:17:55] Dave Michaud joins the room
[22:18:20] kohei.kasamatsu130 joins the room
[22:18:26] stpeter leaves the room: Disconnected: closed
[22:18:31] stpeter joins the room
[22:18:36] <semery> mrex: could you elaborate?
[22:19:05] Adam Montville joins the room
[22:19:13] <kaduk@jabber.openafs.org/barnowl> Maybe Phill should write ASN.2...
[22:19:20] <mrex-ietf> (DC)DSA as signature algorithm blow up in your face so easily, that it is extremely unsafe to use them for authentication
[22:19:39] <sftcd> curve25519 for LISP?
[22:19:51] <Tom Yu> any protocol with "simple" in its name isn't
[22:20:36] <synp> Ben: I'm sure he has...
[22:20:43] Phill joins the room
[22:20:46] <synp> Tom: same for Lightweight
[22:20:51] <hartmans> wmrex: DH seems relatively safe
[22:21:01] <Tom Yu> mrex-ietf: determinstic DSA
[22:21:24] <mrex-ietf> sorry, I meant (EC)DSA
[22:21:34] kohei.kasamatsu130 leaves the room
[22:22:08] kohei.kasamatsu130 joins the room
[22:23:16] kohei.kasamatsu130 leaves the room
[22:23:21] <mrex-ietf>   Jean-Charles Faugere, Christopher Goyet and Guenael Renault
  "Attacking (EC)DSA Given Only an Implicit Hint"
  http://www-polsys.lip6.fr/~goyetc/doc/ImplicitECDSA_Goyet.pdf
[22:23:38] <Tom Yu> unauthenticated encryption can compromise confidentiality. (sorry no citation handy at the moment, but shouldn't be hard to search for)
[22:24:08] <synp> Next Up: Opportunistic Encryption revisited" - Paul Wouters
[22:24:48] yrz joins the room
[22:24:53] <neilkatin> @tom: the point (I think) is that it protects against passive attacks, but is vulnerable to active attacks...
[22:25:47] fenton leaves the room
[22:27:04] m&m leaves the room: Disconnected: closed
[22:27:58] Adam Montville leaves the room
[22:28:01] <Tom Yu> mrex-ietf: that seems to require partial knowledge about the DSA nonces.  you can have a deterministic but secret nonce
[22:28:22] œü÷÷üœ leaves the room
[22:29:04] m&m joins the room
[22:29:15] œü÷÷üœ joins the room
[22:29:27] <mrex-ietf> @tom:  a small bias is already lethal
[22:30:42] œü÷÷üœ leaves the room
[22:30:54] <Tom Yu> is RFC 6979 vulnerable?
[22:31:30] Olafur Gudmundsson leaves the room
[22:33:23] Olafur Gudmundsson joins the room
[22:34:38] Olafur Gudmundsson leaves the room
[22:35:55] Karen O'Donoghue leaves the room
[22:37:01] g.e.montenegro leaves the room
[22:37:36] <semery> Had Paul considered connection latching?  I may have missed it in his slides.
[22:38:01] <synp> semery: mic?
[22:39:36] <semery> I'm here, but I think I'll defer since he may have implied this with CB.
[22:39:47] <kaduk@jabber.openafs.org/barnowl> (which slide?)
[22:40:38] Karen O'Donoghue joins the room
[22:40:46] <synp> "Opportunistic Encryption with IPsec"
[22:41:03] <kaduk@jabber.openafs.org/barnowl> thanks.
[22:41:42] barryleiba leaves the room
[22:42:00] Dave Michaud leaves the room
[22:44:01] <synp> Next Up: Open Mic. If you want me to channel anything to the room, please prefix it with "mic:"
[22:45:39] Dan Wing leaves the room
[22:46:38] neilkatin leaves the room
[22:47:54] <mrex-ietf> @tom: I frankly don't know.  I'm not a cryptographer.  On a quick scan, I did not notice any obvious problem in rfc6979.  The ephemeral k appears to be derived with HMAC from the message hash using the private DSA key as the hmac secret.  Using a too small hash (for the keypair) would be lethal  (using a too short hash is only a should not in a few places (not all) in FIPS 186-3)
[22:50:37] Phill leaves the room
[22:51:37] semery leaves the room
[22:51:46] <mrex-ietf> btw. the sensitivity of "ephemeral k" in (EC)DSA signatures is explicitly mentioned in 6979 (Introduction, 2nd paragraph).
[22:52:23] Phill joins the room
[22:54:02] hartmans leaves the room: Disconnected: connection closed
[22:54:13] <Tom Yu> right, which is why i'm wondering if 6979 succeeds in mitigating that vulnerability
[22:54:30] jimsch1 leaves the room
[22:54:45] Hugo Kobayashi leaves the room
[22:54:57] <mrex-ietf> but the safe generation of ephemeral k is just _half_ of the game.  For online signatures, you can still loose.  The algorithm to compute the inverse of k is inherently non-constant time
[22:56:00] <Tom Yu> oh
[22:58:28] Dan Wing joins the room
[22:59:03] m&m leaves the room
[22:59:56] Karen O'Donoghue leaves the room
[23:00:06] kivinen leaves the room
[23:00:18] slm leaves the room
[23:00:30] sftcd leaves the room
[23:00:30] cabo leaves the room
[23:00:32] Dan Wing leaves the room
[23:00:36] Phill leaves the room
[23:01:00] satoru.kanno@jabber.org leaves the room
[23:01:24] Kazuya Okada leaves the room
[23:03:55] Andrew Yourtchenko leaves the room
[23:04:13] stpeter leaves the room
[23:04:33] sftcd joins the room
[23:04:43] roessler leaves the room
[23:04:56] Dan York leaves the room
[23:05:08] SM leaves the room
[23:05:30] wseltzer@jabber.org leaves the room
[23:05:36] Olafur Gudmundsson joins the room
[23:06:07] mcharlesr leaves the room
[23:08:38] Tom Yu leaves the room
[23:08:52] cabo joins the room
[23:09:13] jimsch1 joins the room
[23:10:55] jimsch1 leaves the room
[23:11:28] Phill joins the room
[23:11:33] Olafur Gudmundsson leaves the room
[23:14:00] Wes George leaves the room
[23:14:45] yaron.sheffer leaves the room
[23:17:08] m&m joins the room
[23:17:15] mcharlesr joins the room
[23:17:17] m&m leaves the room
[23:19:53] Phill leaves the room
[23:20:27] synp leaves the room
[23:22:13] stpeter joins the room
[23:22:34] stpeter leaves the room
[23:22:39] stpeter joins the room
[23:24:26] stpeter leaves the room
[23:24:46] Dan York joins the room
[23:25:02] sftcd leaves the room
[23:27:26] satoru.kanno@jabber.org joins the room
[23:28:35] Phill joins the room
[23:29:27] Karen O'Donoghue joins the room
[23:31:16] Dan York leaves the room
[23:31:22] satoru.kanno@jabber.org leaves the room
[23:39:57] œü÷÷üœ joins the room
[23:40:25] Andrew Yourtchenko joins the room
[23:40:46] Phill leaves the room
[23:41:23] Andrew Yourtchenko leaves the room
[23:44:02] Andrew Yourtchenko joins the room
[23:48:39] slm joins the room
[23:49:21] roessler joins the room
[23:50:15] hartmans joins the room
[23:50:20] wseltzer joins the room
[23:50:42] wseltzer leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!