IETF
saag
saag@jabber.ietf.org
Thursday, March 30, 2017< ^ >
sftcd has set the subject to: SAAG at IETF97: https://datatracker.ietf.org/meeting/97/agenda/saag/
Room Configuration
Room Occupants

GMT+0
[19:43:07] JoeHallCDT joins the room
[19:58:51] JoeHallCDT leaves the room
[20:01:19] JoeHallCDT joins the room
[20:05:50] Meetecho joins the room
[20:06:07] Yoshiro Yoneya joins the room
[20:13:19] Melinda Shore joins the room
[20:13:39] m&m joins the room
[20:13:40] JoeHallCDT leaves the room
[20:14:13] JoeHallCDT joins the room
[20:15:06] bortzmeyer joins the room
[20:15:07] Dimitris Papadopoulos joins the room
[20:15:07] Lorenzo Miniero joins the room
[20:15:09] Brian Gale joins the room
[20:15:09] Sharon Goldberg joins the room
[20:15:10] Lisa Nestor joins the room
[20:15:11] Valery Smyslov joins the room
[20:15:42] David Waltermire joins the room
[20:16:15] Lisa Nestor leaves the room
[20:16:51] Stephanie Huguenin joins the room
[20:17:07] Francis Teague joins the room
[20:17:38] JoeHallCDT leaves the room: Replaced by new connection
[20:17:39] JoeHallCDT joins the room
[20:17:45] Brian Gale leaves the room
[20:17:55] Kyle Rose joins the room
[20:18:01] Adam Fahey joins the room
[20:18:38] Stephanie Huguenin leaves the room
[20:19:05] richsalz joins the room
[20:19:40] svaldez@tls.ctf.network joins the room
[20:20:04] <Sharon Goldberg> sharon is here!
[20:20:12] Stefan Santesson joins the room
[20:20:14] richsalz has set the subject to: SAAG AT IETF98 https://datatracker.ietf.org/meeting/98/agenda/saag/
[20:20:20] Tat Chan joins the room
[20:20:32] <Kyle Rose> Hey Sharon
[20:21:03] Peter Koch joins the room
[20:21:31] David Waltermire_6224 joins the room
[20:21:48] <richsalz> agenda
[20:21:48] Brian Campbell joins the room
[20:21:58] Satoru Kanno joins the room
[20:22:17] Chi-Jiun Su joins the room
[20:22:50] Wendy Seltzer joins the room
[20:23:33] ekr joins the room
[20:23:49] ietf-cw joins the room
[20:23:58] Adam Montville joins the room
[20:25:12] ekr leaves the room
[20:25:13] Carl Mehner joins the room
[20:25:16] ekr joins the room
[20:25:16] tale joins the room
[20:25:56] test account joins the room
[20:25:58] Adam Fahey leaves the room
[20:26:27] <richsalz> Im your jabber scribe, so if you want anything relayed put "mic" at the front or ping me directly.
[20:26:51] jimsch joins the room
[20:26:51] frodek joins the room
[20:28:56] sftcd joins the room
[20:29:10] John Border joins the room
[20:30:27] David Waltermire leaves the room
[20:32:17] <richsalz> IOT, Hannes presenting
[20:32:24] Wendy Seltzer leaves the room
[20:32:30] Wendy Seltzer joins the room
[20:33:35] David Waltermire_6224 leaves the room
[20:33:49] David Waltermire joins the room
[20:34:11] Andrew Mortensen joins the room
[20:35:51] Bartek Nowotarski joins the room
[20:36:13] Alex Deacon joins the room
[20:36:20] jimsch joins the room
[20:37:18] <bortzmeyer> http://www.eembc.org/iot-secure/about.php
[20:38:15] Lucas Pardue joins the room
[20:38:25] Karen O'Donoghue joins the room
[20:40:33] Andrew Regenscheid joins the room
[20:41:13] <richsalz> David Maziers, internet consensus
[20:42:19] kadukoafs@gmail.com/barnowlD26A4D0C joins the room
[20:42:19] Brian Gale joins the room
[20:42:31] D D joins the room
[20:45:08] Lisa Nestor joins the room
[20:45:14] ted.h joins the room
[20:45:41] Mike B joins the room
[20:46:12] <bortzmeyer> There was global no-trust-required secure timestamp 20 years ago http://www.itconsult.co.uk/stamper/stampinf.htm
[20:47:26] d d joins the room
[20:47:26] d d leaves the room
[20:47:37] Satoru Kanno leaves the room
[20:47:38] Satoru Kanno joins the room
[20:48:20] BG G joins the room
[20:49:41] <bortzmeyer> Stellar payment network https://www.stellar.org/
[20:50:42] jimsch leaves the room
[20:51:52] Jacob Hoffman-Andrews joins the room
[20:53:47] ietf-cw leaves the room
[20:53:54] shuque joins the room
[20:56:59] Roland Shoemaker joins the room
[20:58:44] ted.h leaves the room: Replaced by new connection
[20:58:51] ted.h joins the room
[20:59:55] Sara D joins the room
[21:00:28] ted.h leaves the room: Replaced by new connection
[21:00:28] ted.h joins the room
[21:00:45] Peter Koch leaves the room
[21:02:03] Stephen Banghart joins the room
[21:02:37] Alex Deacon_4002 joins the room
[21:06:21] sftcd joins the room
[21:07:16] <ted.h> But it may, in the usual case, be a superset of the nodes necessary to form a quorum right?
[21:08:11] <ekr> Ted, is this just very long latency?
[21:08:11] <kadukoafs@gmail.com/barnowlD26A4D0C> Er, what may be a superset of the nodes necessary to form a quorum?
[21:08:11] <ted.h> U
[21:08:11] <ted.h> Slide 33, I think.
[21:10:16] <kadukoafs@gmail.com/barnowlD26A4D0C> I see a U on slide 42
[21:10:20] frodek joins the room
[21:10:42] frodek leaves the room
[21:12:28] <ekr> sharon, can you get into the queue?
[21:12:28] <Sharon Goldberg> i'll turn on my video
[21:12:28] <kadukoafs@gmail.com/barnowlD26A4D0C> But that U is determined by assumption, not computation; that is, we
assume that all nodes in U are not malicious
[21:12:28] <Sharon Goldberg> is that ok?
[21:12:28] <ekr> It’s fine, but you have about 5 minutes if you want
[21:12:28] <ekr> I ca see you though
[21:12:28] <JoeHallCDT> @ekr, is that meetecho projector supposed to be on?
[21:12:30] <Sharon Goldberg> ok i'm turning off video
[21:12:49] <JoeHallCDT> nvm
[21:12:49] <ekr> joseph: not sure. I think I just hit the button when Sharon is ready
[21:12:59] <Sharon Goldberg> so now you know i'm here. just let me know when you want me to start and i can start
[21:13:05] <Meetecho> ekr: no need to do that, Sharon can unmute at will
[21:13:13] <Meetecho> as she's a speaker
[21:13:13] <Sharon Goldberg> i think i control when i show up.
[21:13:15] <kadukoafs@gmail.com/barnowlD26A4D0C> You're (ekr) supposed to have a projector to tell you who is waiting
to talk, though.
[21:13:27] <kadukoafs@gmail.com/barnowlD26A4D0C> Or listen to Meetecho and I'll shut up
[21:13:28] Roland Shoemaker leaves the room
[21:13:32] <Meetecho> the projector should be up if you want to see Sharon's video
[21:14:38] <Meetecho> is it off?
[21:14:38] Roland Shoemaker joins the room
[21:14:38] <kadukoafs@gmail.com/barnowlD26A4D0C> Sure looks off
[21:14:38] <ekr> It does seem to be off.
[21:14:38] <Meetecho> can you try turning it on?
[21:14:38] <ekr> Sure.
[21:14:38] <Meetecho> we're at the 40th floor and it would take forever to get there :(
[21:14:38] <ekr> hmm.... I pressed the button but nothing seems to be happening. Do I hold it?
[21:14:44] <kadukoafs@gmail.com/barnowlD26A4D0C> It's warming up
[21:14:55] <Meetecho> it looks like it worked, thx!
[21:15:00] <kadukoafs@gmail.com/barnowlD26A4D0C> Or do you mean the big red button?
[21:15:03] <ekr> oh, I see it now
[21:15:06] <Meetecho> can you guys see the virtual queue on that screen now?
[21:15:10] <ekr> yes.
[21:15:22] <Meetecho> ack, so Sharon will be able to show video too (y)
[21:15:22] <ekr> sharon please get in queue....
[21:16:37] <ekr> because I think this is the last question
[21:16:37] sftcd leaves the room
[21:16:37] ynir joins the room
[21:16:52] <Sharon Goldberg> i'm going to turn on video to confirm you guys can see me projected
[21:16:59] <ekr> great. Thanks!
[21:17:04] <ekr> It works
[21:17:10] <ekr> Not sure why you are so huge
[21:17:19] <Sharon Goldberg> cool. i will be quiet until its my turn :)
[21:17:27] <Meetecho> ekr: we can control when to zoom in and out :)
[21:17:37] <ekr> meetecho: is she already presenting?
[21:17:40] <Meetecho> we were just tsting whether we could see her from the video
[21:17:45] <ekr> or do I need to press a red button
[21:17:57] <Meetecho> no need to press the button, she has special privileges in her UI
[21:18:08] <ekr> OK
[21:18:08] <Meetecho> to allow for remote questions from the queue when she presents
[21:18:42] Andrew Regenscheid leaves the room
[21:18:59] <ekr> ok
[21:19:25] test account leaves the room
[21:20:07] sftcd joins the room
[21:20:23] test account joins the room
[21:22:51] Stephen Banghart leaves the room
[21:23:57] Andrew Regenscheid joins the room
[21:26:11] Yuji Suga joins the room
[21:27:16] Karen O'Donoghue leaves the room
[21:27:43] Dan York joins the room
[21:28:21] Karen O'Donoghue joins the room
[21:28:25] sftcd joins the room
[21:28:37] Karen O'Donoghue leaves the room
[21:28:53] mcr joins the room
[21:28:57] richard.barnes joins the room
[21:29:07] <richard.barnes> CFRG seems like the right venue
[21:29:13] <ekr> yes
[21:29:25] Karen O'Donoghue joins the room
[21:29:25] <sftcd> +1
[21:29:25] sftcd leaves the room
[21:30:06] <mcr> so VRFs build upon current assymetric mechanisms, not replace them.
[21:30:12] <ekr> mcr: correct
[21:30:42] sftcd leaves the room
[21:33:39] <bortzmeyer> mcr: and, in the case of RSA, a VRF is almost purely a RSA signature
[21:35:02] <richard.barnes> at least to first order, i’m choosing to believe that i can think of these as commitments (=hash) to signatures (=proof)
[21:35:10] <ekr> yes.
[21:35:18] <ekr> That’s how I think of it as well
[21:35:36] <richard.barnes> constructed to have certain nice properties
[21:36:00] <ekr> though that question of whether it’s a secure signature function is interesting
[21:36:19] Chi-Jiun Su leaves the room
[21:36:36] <richard.barnes> right.  clearly the proving function has to kind of look like a signature function
[21:36:45] sftcd joins the room
[21:37:16] fenton joins the room
[21:37:31] <ekr> Yeah, it would be interesting to think through what property of a signature scheme is *not* required for this
[21:37:41] <richard.barnes> so i guess the question is whether, if you have an *insecure* signature function as the proving function, does that imply that the VRF is insecure
[21:37:49] <richard.barnes> right
[21:37:56] <ekr> I think you and I just asked the question in the opposite way
[21:38:01] test account leaves the room
[21:38:17] <richard.barnes> yes
[21:39:03] <ynir> This looks so much like a TLS proxy...
[21:39:08] <JoeHallCDT> I had been thinking about something like that for election software a while back (I am very naive)... e.g., authority publishes VRF values for approved software, client checks... sounds like you’d still want TC
[21:39:10] test account joins the room
[21:39:22] <Sharon Goldberg> so i think its good to think about VRF as a deterministic signature (=proof) followed by a secure crypto hash.
[21:39:31] <Sharon Goldberg> but that is only one possible way to construct them.
[21:39:38] <Sharon Goldberg> there are other ways also
[21:39:40] Dan York joins the room
[21:39:46] <ekr> Sharon: it would be great to think if you have an answer to Richard’s question
[21:39:58] <ekr> s/think/hear/
[21:40:23] <ekr> Namely: say you use that construction, is there a way to have an insecure signature scheme that is still a secure VRF
[21:40:36] Valery Smyslov leaves the room
[21:40:36] <Sharon Goldberg> ok
[21:40:36] <richard.barnes> Sharon: happy to chat off-line about this as well
[21:40:46] <Sharon Goldberg> yes i think that is the case, but we need to check.
[21:40:48] <kadukoafs@gmail.com/barnowlD26A4D0C> Do we have an enumeration of the ways in which a signature scheme can
be insecure?
[21:40:50] <ekr> Thanks!
[21:41:09] <ekr> Well, we have an enumeration of the things a signature scheme has to have :)
[21:41:13] <richard.barnes> kaduk: if you have a list of security properties, just take the negation :)
[21:41:19] <Sharon Goldberg> that is how trevor perrin's VRF (which is almost like our EC-VRF, but only for curve ec25519) and he did this work in parallel with us
[21:41:42] <Sharon Goldberg> https://whispersystems.org/docs/specifications/xeddsa/
[21:42:05] <Sharon Goldberg> he specifies a determinstic elliptic curve signature scheme for 25519 and also shows how it is a VRF
[21:42:23] <Sharon Goldberg> (I did not know about this work until after my RWC'17 talk in January.)
[21:43:42] <Sharon Goldberg> ok. you ask if it is possible to have an insecure signature scheme that can be used to build a secure VRF
[21:43:55] <Sharon Goldberg> the answer i think is no, but i would need to check
[21:44:06] <Sharon Goldberg> note however that a signature scheme != a VRF.
[21:44:14] <ekr> Right, because ECDSA is not
[21:44:20] <Sharon Goldberg> you need to have the proof-to-hash function.
[21:44:41] <richard.barnes> but also, the proving function apparently doesn’t need to be deterministic, since the EC-VRF in the document is not
[21:44:53] <Sharon Goldberg> no, even determinstic RSA signatures does not give a VRF without a proof2hash function (eg SHA256)
[21:44:58] <Sharon Goldberg> richard, you are right on.
[21:45:24] <ekr> I don’t disagree with that, i’m just saying that even with the hash function, you need a deterministic signature scheme
[21:45:38] <ekr> or at least one that pops out something deterministic
[21:45:42] Dan York joins the room
[21:46:29] t a joins the room
[21:46:32] <Sharon Goldberg> ok let me clarify.
[21:46:49] <Sharon Goldberg> if your construction  is : proof = signature and hash = sha256(signature)
[21:46:57] <Sharon Goldberg> then you need to have a determinstic signature
[21:46:59] <Sharon Goldberg> HOWEVEr
[21:47:10] <Sharon Goldberg> you can have a vrf construction that does not follow that blueprint
[21:47:16] <ekr> yes, I understood that
[21:47:17] <Sharon Goldberg> for instance our EC-VRF
[21:47:37] <sftcd> isn't the discussion as to what might be done with 3552 moot, because as Yoav noted, we don't seem to be interested enough to do any work, I think that's a pity but is the reality right now
[21:47:43] <ekr> yes
[21:47:48] <richard.barnes> and in that case, what is the difference between (a) the proving function and a signature function and (b) the proof2hash function and a normal hash function
[21:48:10] Adam Montville leaves the room
[21:48:10] ekr leaves the room
[21:48:13] Andrew Regenscheid leaves the room
[21:48:14] <richsalz> bye
[21:48:14] Melinda Shore leaves the room
[21:48:14] richsalz leaves the room
[21:48:16] Karen O'Donoghue leaves the room
[21:48:20] <Sharon Goldberg> i don't think very much
[21:48:21] fenton leaves the room
[21:48:22] svaldez@tls.ctf.network leaves the room
[21:48:22] tale leaves the room
[21:48:28] Yoshiro Yoneya leaves the room
[21:48:30] JoeHallCDT leaves the room
[21:48:31] kadukoafs@gmail.com/barnowlD26A4D0C leaves the room
[21:48:32] Lorenzo Miniero leaves the room
[21:48:35] <richard.barnes> might be interesting to try to make that precise :)
[21:48:37] Meetecho leaves the room
[21:48:49] shuque leaves the room
[21:48:54] <Sharon Goldberg> if we adhere to the blueprint of "determisntic signature" followed by "hash" then i think this is generic, but we would have to check the crypto proofs
[21:49:00] D D leaves the room
[21:49:01] Lisa Nestor leaves the room
[21:49:01] Mike B leaves the room
[21:49:01] Francis Teague leaves the room
[21:49:01] Tat Chan leaves the room
[21:49:01] Carl Mehner leaves the room
[21:49:01] Bartek Nowotarski leaves the room
[21:49:01] Brian Gale leaves the room
[21:49:01] Alex Deacon_4002 leaves the room
[21:49:01] Sharon Goldberg leaves the room
[21:49:01] Alex Deacon leaves the room
[21:49:01] Roland Shoemaker leaves the room
[21:49:01] John Border leaves the room
[21:49:01] David Waltermire leaves the room
[21:49:01] Satoru Kanno leaves the room
[21:49:01] BG G leaves the room
[21:49:01] Wendy Seltzer leaves the room
[21:49:01] Andrew Mortensen leaves the room
[21:49:01] Brian Campbell leaves the room
[21:49:01] Jacob Hoffman-Andrews leaves the room
[21:49:01] Lucas Pardue leaves the room
[21:49:01] t a leaves the room
[21:49:01] Stefan Santesson leaves the room
[21:49:01] Dimitris Papadopoulos leaves the room
[21:49:01] Sara D leaves the room
[21:49:01] test account leaves the room
[21:49:01] Yuji Suga leaves the room
[21:49:39] Dan York leaves the room
[21:49:42] sftcd leaves the room
[21:50:09] Kyle Rose leaves the room
[21:50:12] ynir leaves the room
[21:52:42] sftcd leaves the room
[21:53:57] jimsch leaves the room
[21:54:27] richard.barnes leaves the room
[21:56:35] bortzmeyer leaves the room
[21:56:36] bortzmeyer joins the room
[21:56:57] Dan York leaves the room
[21:57:12] ekr joins the room
[21:59:17] ekr leaves the room
[22:01:42] frodek leaves the room
[22:02:55] sftcd joins the room
[22:03:12] sftcd leaves the room
[22:04:58] mcr leaves the room: Disconnected: No route to host
[22:05:15] frodek joins the room
[22:05:31] m&m leaves the room: Disconnected: No route to host
[22:05:42] ted.h leaves the room
[22:07:13] Kyle Rose joins the room
[22:13:23] Dan York leaves the room
[22:15:34] bortzmeyer leaves the room: Replaced by new connection
[22:15:36] bortzmeyer joins the room
[22:19:31] bortzmeyer leaves the room
[22:19:32] bortzmeyer joins the room
[22:21:24] sftcd joins the room
[22:21:42] sftcd leaves the room
[22:36:48] bortzmeyer leaves the room
[22:37:02] mcr joins the room
[22:37:30] sftcd joins the room
[22:37:38] sftcd leaves the room
[22:42:12] Andrew Regenscheid joins the room
[22:42:19] Karen O'Donoghue joins the room
[22:42:35] ekr joins the room
[22:45:05] richard.barnes joins the room
[22:45:24] richard.barnes leaves the room
[22:48:33] Andrew Regenscheid leaves the room
[22:55:12] Karen O'Donoghue leaves the room
[23:00:23] m&m joins the room
[23:01:56] m&m joins the room
[23:02:00] m&m leaves the room
[23:04:19] Dan York joins the room
[23:16:58] m&m leaves the room: Disconnected: closed
[23:31:42] frodek leaves the room
[23:35:36] ekr leaves the room
[23:37:51] Dan York joins the room
[23:40:19] Dan York leaves the room
[23:58:33] mcr leaves the room: Disconnected: closed
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!