IETF
saag
saag@jabber.ietf.org
Thursday, July 20, 2017< ^ >
richsalz has set the subject to: SAAG AT IETF98 https://datatracker.ietf.org/meeting/98/agenda/saag/
Room Configuration
Room Occupants

GMT+0
[04:44:07] lix leaves the room
[08:27:51] hernani leaves the room
[09:55:50] hernani joins the room
[10:11:22] hernani leaves the room
[10:32:34] Bernie Hoeneisen joins the room
[11:16:22] Yoshiro Yoneya joins the room
[11:17:24] Meetecho joins the room
[11:23:22] sftcd joins the room
[11:23:41] Mike Jenkins joins the room
[11:25:22] Simone Ferlin joins the room
[11:25:29] Vukasin Karadzic joins the room
[11:26:57] Bernie Hoeneisen leaves the room
[11:27:00] Mike Jenkins has set the subject to: SAAG AT IETF99 https://datatracker.ietf.org/meeting/99/agenda/saag/
[11:27:20] m&m joins the room
[11:28:09] cw-ietf joins the room
[11:28:33] Vukasin Karadzic leaves the room
[11:28:35] Vukasin Karadzic joins the room
[11:29:49] Simon Pietro Romano joins the room
[11:30:01] hernani joins the room
[11:30:01] frodek joins the room
[11:30:45] Bernie Hoeneisen joins the room
[11:30:46] Wolfgang Beck joins the room
[11:30:48] lucaspardue joins the room
[11:31:50] Melinda joins the room
[11:32:01] Ira McDonald joins the room
[11:32:53] kathleen.moriarty joins the room
[11:33:28] Barry Leiba joins the room
[11:33:38] ted.h joins the room
[11:34:00] <ted.h> Awaiting in-room audio; please stand by.
[11:34:14] <ted.h> If you want something reflected to room, please preface with MIC:, thanks.
[11:34:30] <Barry Leiba> Ted will do a little mime performance for you while we wait for the sound.
[11:35:06] Timothy Shepard joins the room
[11:35:12] <Barry Leiba> Durn.  Sounds here.  No miming from Ted.
[11:36:06] Satoru Kanno joins the room
[11:36:28] <ted.h> Hannes reports on ACE.
[11:36:43] <ted.h> i2NSF report by Linda Dunbar
[11:36:45] blassey joins the room
[11:37:38] <ted.h> OAUTH report by Hannes, and the room senses a pattern.
[11:37:51] Aaron Zauner joins the room
[11:38:01] Dennis Kort joins the room
[11:38:54] richard.barnes joins the room
[11:39:05] Francesca Palombini joins the room
[11:39:08] <ted.h> OPENPGP report by Barry Leiba, and reports remarkable  results (unfortunately, lack of success).  The chairs ask the AD to close the WG, and ekr agrees.  Barry has a sad, which he shares with dkg.
[11:39:18] <Aaron Zauner> sad about openpgp
[11:39:20] <ted.h> dkg still hopes documentation will emerge in time.
[11:40:15] <ted.h> tokbind report by Leif Johannsson; core docs in WGLC.  Playing a bit with proxy issues.
[11:40:50] <ted.h> Lionel Morand presents on "Diameter End to End Security".
[11:41:52] Francesca Palombini leaves the room
[11:41:53] Francesca Palombini joins the room
[11:41:59] Gianluca Capitani joins the room
[11:42:05] <hernani> The pEp slides linked in the agenda are the wrong ones, just in case this doesn't get updated fast enough:
[11:42:09] <hernani> https://pep.foundation/docs/pEp_saag_security_area_open_meeting2.pdf
[11:43:33] Francesca Palombini leaves the room
[11:43:52] <ted.h> The request from diameter folks is for help in developing a solution—volunteers for a design team would be welcome.
[11:44:08] <ted.h> Jean adds "Please help!"
[11:44:56] JoeHallCDT joins the room
[11:45:03] <ted.h> Phill Hallam-Baker notes he has done something similar; he can pull it out (It is based on JOSE).  He volunteers to help.
[11:45:16] C. J. Su joins the room
[11:45:47] <Aaron Zauner> yet another thing based on JOSE (which is a major fuckup, sorry)?!
[11:46:26] <hernani> ACK, Eric updated: slides for the input talks are fine.
[11:46:41] <ted.h> DBOUND is closed.  DIME report from Barry.
[11:46:48] ilari.liusvaara joins the room
[11:47:02] Ben Kaduk joins the room
[11:47:02] Shumon Huque joins the room
[11:47:22] Eric Burger joins the room
[11:47:38] <ted.h> Sara reports on DPRIVE:  dkg's proposal to have DNS and HTTP traffic on a single report; also a conversation on DNS and QUIC.
[11:47:51] Martin Langer joins the room
[11:48:02] <ted.h> Lars Eggart:  we are monitoring the situation in TLS with interest.
[11:48:37] Peter van Dijk joins the room
[11:48:37] <Aaron Zauner> whats it called?
[11:48:38] <ted.h> PERC:  Richard reports that it is getting around some of its issues with its double encryption; review will be sought after the next version is out (few weeks).  He'll ping saag list.
[11:48:44] <Aaron Zauner> rad??
[11:48:45] richard.barnes leaves the room
[11:48:47] richard.barnes joins the room
[11:48:59] <Aaron Zauner> ah radext
[11:49:33] <Barry Leiba> Correction above: DMARC report from Barry (not DIME).
[11:49:39] <richard.barnes> Here’s the relevant PERC draft:
[11:49:39] <richard.barnes> https://tools.ietf.org/html/draft-ietf-perc-double-05
[11:49:42] <ted.h> (Apologies, thanks for the correction)
[11:50:17] <richard.barnes> For context: The double encapsulation is necessary to allow a conferencing server to change some header values without giving it access to the plaintext
[11:50:18] <ted.h> Curdle for DKIM report by Rich Salz.  (DCRUP?)
[11:50:38] <Barry Leiba> Yes, DCRUP
[11:51:52] <ted.h> TEEP had a tutorial on Sunday, well attended (Hannes reporting).  Wednesday they met to discuss the charter.
[11:52:05] <ted.h> Webinars will continue to develop things further.
[11:52:10] ekr joins the room
[11:52:16] <ted.h> FUD had a side meeting today.
[11:52:38] Wolfgang Beck leaves the room
[11:52:55] <ted.h> Kathleen notes that they hope to charter soon.
[11:53:21] Wolfgang Beck joins the room
[11:53:37] <ted.h> Sam gives a W3C update:  web authentication group is doing new work; W3C is also trying to expand review of privacy and security issues.
[11:53:43] Martin Langer leaves the room
[11:53:46] <ted.h> Presentation next, on Post-quantum crypto.
[11:54:04] <ted.h> Kenny Patterson presenting.
[11:54:43] Peter van Dijk leaves the room
[11:56:18] ekr leaves the room
[11:57:35] Simon Hicks joins the room
[11:58:38] ekr joins the room
[11:58:56] Kyle Rose joins the room
[11:59:12] Victor Firoiu joins the room
[12:00:12] Kyle Rose leaves the room
[12:00:12] Kyle Rose joins the room
[12:00:38] Victor Firoiu leaves the room
[12:00:53] Matthew Ford joins the room
[12:00:59] Ira McDonald leaves the room
[12:02:28] Jean Mahoney joins the room
[12:03:40] Karen O'Donoghue joins the room
[12:04:50] Ira McDonald joins the room
[12:05:19] Dennis Kort leaves the room
[12:05:25] Dennis Kort joins the room
[12:05:34] Gabor Bajko joins the room
[12:05:51] Karen O'Donoghue leaves the room
[12:06:04] Samuel Weiler joins the room
[12:08:31] richard.barnes leaves the room
[12:08:33] richard.barnes joins the room
[12:09:50] Philip Lafrance joins the room
[12:10:47] Karen O'Donoghue joins the room
[12:16:24] Simone Ferlin leaves the room
[12:16:44] Samuel Weiler leaves the room
[12:17:24] Simon Hicks leaves the room
[12:21:16] Natasha Rooney joins the room
[12:24:09] Dennis Kort leaves the room
[12:24:40] lucaspardue leaves the room: Disconnected: Replaced by new connection
[12:24:40] lucaspardue joins the room
[12:25:21] Tony Hansen joins the room
[12:26:29] Kyle Rose leaves the room
[12:26:54] Jean Mahoney leaves the room
[12:27:06] <ted.h> Orderly queue forming: Richard Barnes is first.
[12:27:14] Ned Freed joins the room
[12:27:15] <Aaron Zauner> +1 on hybrid
[12:29:24] <ted.h> Paul Hoffman up next.
[12:29:50] richard.barnes leaves the room
[12:29:54] richard.barnes joins the room
[12:30:18] Peter van Dijk joins the room
[12:30:32] <ted.h> Paul asks for help with his c2pq draft.
[12:30:45] Satoru Kanno leaves the room
[12:30:50] Aaron Zauner will take a look
[12:30:56] <richard.barnes> Here’s the link to the NIST process:
[12:30:59] <richard.barnes> http://csrc.nist.gov/groups/ST/post-quantum-crypto/
[12:31:02] <Aaron Zauner> I'm not an expert on PQC though
[12:31:09] <ted.h> Phill Hallam-Baker at the mic.
[12:33:15] Eric Burger leaves the room
[12:33:27] <ted.h> Stephen Farrell at the mic
[12:35:13] Jean Mahoney joins the room
[12:35:53] <ted.h> NIST required the IPR to be declared (noted by  Quynh, in response to a question by Stephen)
[12:36:17] <ted.h> (Missed a commenter)
[12:36:24] <ted.h> Tobias Gondrum at the mic
[12:36:33] <ekr> @hardie: that was nick sullivan
[12:36:40] <ted.h> @ekr, Thanks.
[12:36:45] <ekr> (cloudflare)
[12:37:27] David Waltermire joins the room
[12:37:41] <richard.barnes> If anyone wants an overview of a fielded QKD system:
[12:37:41] <richard.barnes> https://arxiv.org/ftp/quant-ph/papers/0503/0503058.pdf
[12:38:00] <ted.h> Next talk is Pretty Easy Privacy
[12:38:29] <ted.h> By Volker Birk, p3p foundation.
[12:38:38] Samuel Weiler joins the room
[12:38:39] <richard.barnes> pEp
[12:38:49] <richard.barnes> We don’t talk about P3P any more :)
[12:38:50] <ted.h> sorry:  https://pep.foundation/
[12:38:58] ekr leaves the room
[12:40:18] Karen O'Donoghue leaves the room
[12:40:20] Vukasin Karadzic leaves the room
[12:40:41] <hernani> I added some links here: https://etherpad.tools.ietf.org/p/notes-ietf-99-saag?useMonospaceFont=true
[12:41:00] ekr joins the room
[12:43:00] Gianluca Capitani leaves the room
[12:44:33] <Aaron Zauner> mic (once it's time for questions): has the pep foundation ever taken a look at the work in UTA (WG) with regard to email security. reporting and UI/security improvements? AFAIK pep is just implementing a kind of overlay for popular clients based on either smime or gpg/pgp
[12:44:47] <Aaron Zauner> UTA meets later on, please join
[12:45:26] <ted.h> @Aaron Will reflect
[12:45:30] <Aaron Zauner> thx!
[12:46:22] <Peter van Dijk> where can I find the slides for pEp? They are not in the meeting materials
[12:46:35] <ekr> They are. I just downloaded them from there
[12:46:36] <Peter van Dijk> nevermind, reload helped
[12:47:35] <Aaron Zauner> talked to pEp people in the past, unfortunately they have very different ideas than what people do in IETF usually
[12:48:01] <Aaron Zauner> would be cool to collaborate as they have funding and are implementing client features (i.e. UTA)
[12:48:50] <sftcd> but UTA is for TLS, not smime or pgp?
[12:49:03] <richard.barnes> USA?  UPA?
[12:49:21] <Aaron Zauner> doesn't matter - as far as I understood pEp doesnt care about the way stuff is encrypted
[12:49:27] <ted.h> Paul Wouters at the mic
[12:49:47] <Aaron Zauner> but I talked to two people from pEp and have gotten two different ideas from them so no idea
[12:50:00] <Aaron Zauner> @sftcd ^
[12:50:03] <sftcd> @aaron: but they have to care if they wanna interop with an smime or pgp recipient that doesn't have a pep client
[12:50:12] <Aaron Zauner> I'm aware of that :)
[12:50:14] <Aaron Zauner> not sure if they are
[12:50:16] sftcd also chatted with them:-)
[12:50:35] <ted.h> Martin Thomson at the mic
[12:51:06] <Aaron Zauner> since openpgp  WG is defunct its probably a good idea for them to join UTA still to see what's around
[12:51:19] Gianluca Capitani joins the room
[12:52:35] Gianluca Capitani leaves the room
[12:52:40] <ted.h> Phill Hallam-Baker at the mic
[12:55:23] <ted.h> Next up, work on certificate limitation profile by Dmitry Belyvasky
[12:55:34] <ted.h> Belyavskiy
[12:55:38] resnick joins the room
[12:57:10] Aaron Zauner leaves the room
[12:58:42] <hernani> Aaron: yeah, the big picture to to assess what your peers are able to do and just engage in the most private way; fallback is: unencrypted (as mostly today)
[12:59:09] Jean Mahoney leaves the room
[12:59:27] <hernani> Aaron: And pEp started to do that with email & OpenPGP-based implementations now; but "holy grail" is GNUnet messaging. In between there's lot of other stuff.
[13:00:42] dkg joins the room
[13:00:52] <dkg> hm, this smells a lot like https://p11-glue.freedesktop.org/doc/storing-trust-policy/
[13:01:25] <ted.h> Martin Thomson at the mic:
[13:01:28] <richard.barnes> This is basically CRLsets / OneCRL + a bunch of extra stuff
[13:02:02] Andrew Sullivan joins the room
[13:02:45] m&m leaves the room
[13:03:01] m&m joins the room
[13:03:02] <ted.h> Richard Barnes at the mic: there are application vendors that do this, though a limited subset of the proposal here.
[13:03:12] <ted.h> What value does the additional functionality provide?
[13:03:33] richard.barnes leaves the room
[13:03:34] <ted.h> dkg:  notes the p22-glue project.
[13:03:36] ynir joins the room
[13:03:37] richard.barnes joins the room
[13:03:41] <ted.h> (see upthread for link)
[13:04:01] <ted.h> dkg: there is merit in this kind of work, but there is also existing work.
[13:04:03] <ynir> Hasn't the IETF already standardized a protocol for managing trust anchors?
[13:04:06] <ted.h> rsalz at the mic
[13:04:11] Philip Lafrance leaves the room
[13:04:24] <ynir> https://tools.ietf.org/html/rfc5934
[13:04:28] <ted.h> Rich would like to see it extensible past the browsers.  A standard data format would be useful.
[13:04:37] <dkg> p11-glue, not p22-glue
[13:04:46] <dkg> did i say p22-glue?  that's embarrassing!
[13:04:51] Samuel Weiler leaves the room
[13:04:51] <ted.h> MT:  we'd certainly be willing to participate; we already collaborate with others.  We'd be open to a standard on this.
[13:05:31] <ted.h> Richard Barnes again:  thanks to dkg for the clarificaiton.  Some work on who you trust to distribute this information outside the vendor relationships.
[13:05:36] <ted.h> ekr:  from the floor
[13:05:45] richard.barnes leaves the room
[13:05:47] richard.barnes joins the room
[13:05:49] <ted.h> There are two problems to solve:  policy problem (anchors to trust etc.)  
[13:06:00] ekr leaves the room
[13:06:05] <richard.barnes> dkg: https://p11-glue.freedesktop.org/ ?
[13:06:19] <ted.h> The other issues is entity certificates, which might require compression that is not available.
[13:06:43] <ted.h> Dmitry: yes, this is a common problem and I hope that there are common methods we can re-use to solve it.
[13:07:12] <ted.h> ekr: points also at the issues with introducing new trust anchors/CAs in this context.
[13:07:18] <ted.h> AOB: open mic
[13:07:23] <ted.h> Stephen Farrell at the mic.
[13:08:07] <ted.h> References to TLS discussion of yesterday.
[13:08:22] <dkg> richard.barnes: in particular: https://p11-glue.freedesktop.org/doc/storing-trust-policy/
[13:08:47] <dkg> their idea is to staple external X.509 extensions to the trust anchors
[13:08:53] <dkg> it's been a while since i've looked at it
[13:09:10] <richard.barnes> Looks plausible on a quick skim
[13:09:21] <cw-ietf> that kind of thing is in 5914 and 5937
[13:09:30] <richard.barnes> dkg: is there any story for who should be trusted?
[13:09:46] <cw-ietf> 5937 works nicely to use extensions from TAs with a 5280 compliant engine
[13:09:58] none joins the room
[13:10:08] <dkg> i think the p11-glue folks don't try to standardize the *who*, they try to standardize the *how*
[13:10:30] <ted.h> Yaron at the mic
[13:11:10] <dkg> richard.barnes: my classic example is: my OS and default crypto stacks just have a pile of "trusted root CAs" for doing cert validation -- but firefox and chrome have a bunch of extra fancy checks.
[13:11:24] ekr joins the room
[13:11:34] <dkg> so when things like startcom come to light, and the browsers have a more nuanced ramp-down mode,
[13:11:56] ted.h leaves the room
[13:11:57] Natasha Rooney leaves the room: Stream reset by peer
[13:11:57] Barry Leiba leaves the room
[13:11:58] C. J. Su leaves the room: offline
[13:11:58] ekr leaves the room
[13:11:58] m&m leaves the room
[13:11:58] <dkg> the non-browser TLS applications are forced into either a stricter cutoff (e.g. a VPN client breaks because we reject startcom)
[13:12:02] Peter van Dijk leaves the room
[13:12:08] ynir leaves the room
[13:12:10] <dkg> or they have extended vulnerability
[13:12:15] sftcd leaves the room
[13:12:22] Melinda leaves the room
[13:12:24] <dkg> (all startcom certs are still considered valid )
[13:12:28] Tony Hansen leaves the room
[13:12:29] Wolfgang Beck leaves the room
[13:12:29] Simon Pietro Romano leaves the room
[13:12:29] Ben Kaduk leaves the room
[13:12:29] Timothy Shepard leaves the room
[13:12:29] Shumon Huque leaves the room
[13:12:29] Gabor Bajko leaves the room
[13:12:29] Ned Freed leaves the room
[13:12:29] Ira McDonald leaves the room
[13:12:29] David Waltermire leaves the room
[13:12:29] Matthew Ford leaves the room
[13:12:56] Andrew Sullivan leaves the room
[13:13:18] kathleen.moriarty leaves the room
[13:13:43] Peter van Dijk joins the room
[13:13:48] JoeHallCDT leaves the room
[13:14:32] resnick leaves the room
[13:14:49] blassey leaves the room: Disconnected: closed
[13:15:38] blassey joins the room
[13:17:08] cw-ietf leaves the room
[13:17:21] none leaves the room: Replaced by new connection
[13:17:25] none joins the room
[13:18:22] hernani leaves the room
[13:18:26] blassey leaves the room: Disconnected: closed
[13:19:09] lucaspardue leaves the room
[13:21:37] Peter van Dijk leaves the room
[13:23:41] none leaves the room
[13:25:24] Peter van Dijk joins the room
[13:25:28] Mike Jenkins leaves the room
[13:27:28] Bernie Hoeneisen leaves the room
[13:27:28] frodek leaves the room
[13:27:35] Meetecho leaves the room
[13:28:32] Peter van Dijk leaves the room
[13:29:28] richard.barnes leaves the room
[13:29:31] Yoshiro Yoneya joins the room
[13:30:28] dkg leaves the room
[13:31:22] Yoshiro Yoneya joins the room
[13:32:11] Yoshiro Yoneya joins the room
[13:34:00] Yoshiro Yoneya leaves the room
[13:34:27] ekr joins the room
[13:37:19] blassey joins the room
[13:39:51] Natasha Rooney joins the room
[13:40:58] Yoshiro Yoneya leaves the room
[13:42:58] Yoshiro Yoneya leaves the room
[13:43:32] Barry Leiba joins the room
[13:44:14] ted.h joins the room
[13:44:14] Barry Leiba leaves the room
[13:44:24] metricamerica joins the room
[13:45:06] ted.h leaves the room
[13:46:12] metricamerica leaves the room
[13:46:14] frodek joins the room
[13:46:19] Natasha Rooney leaves the room
[13:46:28] Yoshiro Yoneya leaves the room
[13:47:04] frodek leaves the room
[13:47:43] richard.barnes joins the room
[13:47:56] ynir joins the room
[13:48:03] ynir leaves the room
[13:49:22] lucaspardue joins the room
[13:51:46] Melinda joins the room
[13:52:41] ilari.liusvaara leaves the room
[13:56:04] Samuel Weiler joins the room
[14:01:31] Samuel Weiler leaves the room
[14:02:57] Peter van Dijk joins the room
[14:08:36] ekr leaves the room
[14:13:23] ekr joins the room
[14:18:00] hernani joins the room
[14:20:21] lucaspardue leaves the room: Disconnected: Replaced by new connection
[14:20:22] lucaspardue joins the room
[14:29:35] Peter van Dijk leaves the room
[14:29:38] Peter van Dijk joins the room
[14:36:09] hernani leaves the room
[14:50:58] richard.barnes leaves the room
[14:51:05] richard.barnes joins the room
[14:59:27] ekr leaves the room
[15:03:49] richard.barnes leaves the room
[15:15:55] ekr joins the room
[15:28:09] Melinda leaves the room
[15:40:15] lucaspardue leaves the room
[15:52:52] Peter van Dijk leaves the room
[15:54:19] blassey leaves the room
[15:55:31] ekr leaves the room
[16:03:31] lucaspardue joins the room
[16:04:55] Peter van Dijk joins the room
[16:16:58] Bernie Hoeneisen joins the room
[16:36:47] Peter van Dijk leaves the room
[16:41:09] blassey joins the room
[16:41:14] Peter van Dijk joins the room
[16:45:50] hernani joins the room
[16:51:05] blassey leaves the room: Disconnected: closed
[16:55:19] lucaspardue leaves the room
[16:56:32] blassey joins the room
[16:59:15] Peter van Dijk leaves the room
[16:59:40] Peter van Dijk joins the room
[17:02:33] Peter van Dijk leaves the room
[17:02:58] Peter van Dijk joins the room
[17:04:22] Peter van Dijk leaves the room
[17:05:16] hernani leaves the room
[17:05:35] Peter van Dijk joins the room
[17:09:32] blassey leaves the room
[17:13:28] Bernie Hoeneisen leaves the room
[17:21:52] Peter van Dijk leaves the room
[17:44:27] blassey joins the room
[18:09:56] ekr joins the room
[18:17:50] blassey leaves the room
[18:42:23] ekr leaves the room
[20:02:42] hernani joins the room
[21:17:18] blassey joins the room
[21:33:59] blassey leaves the room: Disconnected: closed
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!