IETF
saag
saag@jabber.ietf.org
Thursday, March 22, 2018< ^ >
synp has set the subject to: SAAG AT IETF100 https://datatracker.ietf.org/meeting/100/materials/agenda-100-saag/
Room Configuration
Room Occupants

GMT+0
[13:16:35] meetecho joins the room
[13:18:43] opaqsFgv joins the room
[13:19:52] synp joins the room
[13:20:37] synp has set the subject to: SAAG AT IETF101 https://datatracker.ietf.org/meeting/101/materials/agenda-101-saag-01
[13:21:05] opaqsFgv is now known as xLS2Vt6x
[13:24:55] Barry Leiba joins the room
[13:25:10] Vasilios Mavroudis joins the room
[13:25:14] Francis Teague joins the room
[13:25:56] Matt Tooley joins the room
[13:29:12] Juan Pedro Cerezo joins the room
[13:31:57] Sean Leonard joins the room
[13:33:10] John Scudder joins the room
[13:34:01] <John Scudder> is there a jabber scribe (or someone else in the room) who would be willing to update jabber w/ where the meeting is in the agenda as it moves along?
[13:34:17] <synp> I thought I had volunteered to do that?
[13:34:34] <synp> (OK, I still thing that)
[13:34:49] <John Scudder> ok thanks. I just came in so, just checking.
[13:35:23] <synp> Yeah.  Nobody's started talking yet. The ADs are not up there.
[13:37:09] Yoshiro Yoneya joins the room
[13:40:42] mellon joins the room
[13:41:07] m&m joins the room
[13:41:25] <synp> Now we're getting started
[13:42:15] <mellon> Today this is the swaag working group
[13:43:55] Brian Campbell joins the room
[13:44:36] Henry Hotz joins the room
[13:44:39] Renzo Navas joins the room
[13:46:36] <synp> Hi, I will be your Jabber scribe. If you want a message relayed to the room microphone, please preface it with "mic:"
[13:48:39] <synp> https://datatracker.ietf.org/meeting/101/materials/slides-101-saag-karthik-bhargavan-00
[13:48:49] <synp> Slide #2
[13:48:51] <synp> Slide #3
[13:48:59] <synp> slide #4
[13:49:24] <synp> slide #5
[13:49:38] <synp> slide #6
[13:50:17] <synp> "Example:" slide
[13:50:42] <synp> "Classic man-in-the-middle attack" slide
[13:50:54] Barry Leiba leaves the room
[13:50:58] <synp> "SIGMA: authenticated Diffie-Hellman" slide
[13:51:23] <synp> "Crypto Proof: Diffie-Hellman assumption" slide
[13:52:00] <synp> "Crypto Weakness: small prime groups" slide
[13:52:36] <synp> "Negotiating the strongest available group" slide
[13:54:25] <synp> "Protocol Flaw: group downgrade attack" slide
[13:54:27] hernani marques joins the room
[13:55:03] mellon leaves the room
[13:55:11] francesca joins the room
[13:55:53] <synp> IMO downgrade attacks don't matter. If 512-bit is not strong enough it shouldn't be supported. If everything that is supported is good enough, then downgrade doesn't matter.
[13:56:07] <synp> "Implementation Bugs" slide
[13:56:07] Michael Scharf joins the room
[13:56:25] Markus Stenberg joins the room
[13:57:05] <synp> "Identifying and preventing such attacks" slide
[13:59:11] Sandra Murphy joins the room
[13:59:13] <synp> Another "Identifying and preventing such attacks" slide
[13:59:22] <synp> "Designing protocols to be verifiable" slide
[13:59:56] slm joins the room
[14:01:50] <synp> "The TLS 1.3 experiment" slide
[14:02:31] Brian Campbell leaves the room
[14:02:45] <synp> "Some modes of TLS 1.2 are broken." slide
[14:03:47] Kyle Rose joins the room
[14:03:57] <synp> "Modeling TLS 1.3 in ProVerif" slide
[14:04:36] Stefan Santesson joins the room
[14:04:39] <Kyle Rose> ITT "TLS 1.3 is provably secure" against the classes of attacks we know about
[14:05:17] <synp> "TLS 1.3 model in ProVerif syntax" slide
[14:05:59] <synp> How do you know that the model fits the English of the draft?  Or that an implementations fits it?
[14:06:16] <synp> "Defining a Symbolic Threat Model" slide
[14:07:04] kaduk@jabber.org/barnowl joins the room
[14:07:49] <synp> "Writing and Verifying Security Goals" slide
[14:08:35] mellon joins the room
[14:08:40] <synp> "Refining Security Queries" slide
[14:09:19] <synp> Another "Refining Security Queries" slide
[14:09:20] Brian Campbell joins the room
[14:09:42] <synp> Yet another "Refining Security Queries" slide
[14:10:05] <synp> A fourth "Refining Security Queries" slide
[14:10:31] <synp> "Symbolic Security for TLS 1.2 + TLS 1.3" slide
[14:11:15] sftcd joins the room
[14:12:11] <synp> "Not just TLS: Analyses for Other Protocols" slide
[14:13:12] <synp> "OAuth 2.0 Web Authorization Protocol" slide
[14:13:37] Kyle Rose leaves the room
[14:14:18] <synp> "What is the Web threat model?" slide
[14:15:09] Piers O'Hanlon joins the room
[14:16:13] <synp> "IdP Mix-Up Attack in Implicit Mode" slide
[14:16:15] John Scudder leaves the room
[14:16:28] John Scudder joins the room
[14:16:53] <synp> "Conclusion" slide
[14:17:14] John Scudder leaves the room
[14:19:07] <synp> "Questions?" slide
[14:19:12] Kyle Rose joins the room
[14:20:27] <slm> having done formal verification of protocols long long ago, looks like tools are much improved.  and in my lifetime.  wow.
[14:23:27] <synp> "Designing protocols to be verifiable" slide
[14:26:37] mcr joins the room
[14:27:07] <mcr> but, when we try to not use TLS, because it's a hammer for our screw, then we are told that it's the only protocol with formal proofs.
[14:31:41] Markus Stenberg leaves the room
[14:32:14] <synp> https://datatracker.ietf.org/meeting/101/materials/slides-101-saag-harry-halpin-sphinx-00
[14:32:24] <Renzo Navas> nice presentation. I used Scyter to prove a small protocol I designed ,because it was the easier to learn.
[14:32:39] <synp> Slide #2
[14:33:29] <synp> Slide #3
[14:35:24] <synp> Slide #4
[14:36:45] <synp> Slide #5
[14:37:00] <synp> Slide #6
[14:38:47] <synp> Slide #7
[14:38:53] Kyle Rose leaves the room
[14:39:31] Brian Campbell leaves the room
[14:40:48] <synp> Slide #8
[14:42:21] <synp> https://datatracker.ietf.org/meeting/101/materials/slides-101-saag-nadim-kobeissi-capsule-01
[14:42:40] <synp> Yet another presso without slide numbers :-(
[14:43:34] <synp> "Security Goals" slide
[14:43:48] <synp> simple, elegant slide
[14:43:57] <sftcd> no slide numbers but pleeenty of enthusiasm
[14:44:35] <synp> "Formally Verified" slide
[14:45:04] <synp> Amazing! slide
[14:46:30] <synp> https://datatracker.ietf.org/meeting/101/materials/slides-101-saag-deprecating-md5-for-ldp-00
[14:46:55] <synp> "Our Problem" slide
[14:47:21] <synp> (it's like there wasn't a thread on the attendees list about recommendations for presenters)
[14:47:51] <synp> "Small Survey among operators and vendors - I" slide
[14:47:56] Vasilios Mavroudis leaves the room
[14:48:32] <synp> "Small Survey among operators and vendors - II" slide
[14:49:39] <synp> "What we need" slide
[14:51:20] <synp> "What we are doing." slide
[14:52:06] <synp> "More Details" slide
[14:52:28] <synp> "Finally" slide
[14:53:11] <synp> "Whither Deprecating TCP-MD5?" slide
[14:53:22] <synp> Frodo slide
[14:53:30] <synp> Back to the "Finally" slide
[14:55:38] metricamerica joins the room
[15:02:09] <mcr> This is a layer-9 problem, and will be solved only when national security agencies read the riot act to the operators and vendors.  
[15:05:15] <kaduk@jabber.org/barnowl> Michael: the mic queue is cut, whether physical or virtual
[15:06:05] <mcr> I'm in the room.  Watching the mic line.
[15:09:23] Stephanie Huguenin joins the room
[15:11:01] Yoshiro Yoneya leaves the room
[15:11:03] <Henry Hotz> Boilerplate states what security properties are provided -- feeds into step 1 of formal modeling mentioned before.
[15:11:37] Kyle Rose joins the room
[15:11:53] <synp> Reminder: I am your Jabber scribe. If you want a message relayed to the room microphone, please preface it with "mic:"
[15:12:09] <synp> But not for this bit, because the mic line's been cut
[15:12:16] <kaduk@jabber.org/barnowl> Well, once the open mic starts; the queue for this talk is closed
[15:12:55] Kyle Rose leaves the room
[15:14:57] Kyle Rose joins the room
[15:15:47] Kyle Rose leaves the room
[15:17:09] John Scudder joins the room
[15:17:40] <synp> https://datatracker.ietf.org/meeting/101/materials/slides-101-saag-yang-keystore-00
[15:17:53] <synp> Slide #2
[15:18:56] <synp> Slide #3
[15:18:59] <synp> Slide #4
[15:19:46] mellon leaves the room
[15:20:01] <synp> Slide #5
[15:20:01] Michael Scharf leaves the room
[15:20:16] <synp> Slide #6
[15:20:30] <synp> Slide #7
[15:21:05] <synp> Slide #8
[15:28:00] m&m leaves the room
[15:28:45] John Scudder leaves the room
[15:29:58] Sean Leonard leaves the room
[15:29:58] Stefan Santesson leaves the room
[15:29:58] Matt Tooley leaves the room
[15:29:58] Francis Teague leaves the room
[15:29:58] Renzo Navas leaves the room
[15:29:58] Piers O'Hanlon leaves the room
[15:29:58] Juan Pedro Cerezo leaves the room
[15:29:58] Stephanie Huguenin leaves the room
[15:29:58] hernani marques leaves the room
[15:29:58] Henry Hotz leaves the room
[15:29:58] Sandra Murphy leaves the room
[15:30:15] sftcd leaves the room
[15:31:49] meetecho leaves the room
[15:34:50] synp leaves the room
[15:35:12] francesca leaves the room: Connection failed: connection closed
[15:35:41] francesca joins the room
[15:37:16] slm leaves the room
[15:37:16] xLS2Vt6x leaves the room
[15:40:45] metricamerica leaves the room
[15:42:11] Barry Leiba joins the room
[15:43:11] francesca leaves the room: unknown reason
[15:44:37] mcr leaves the room: Disconnected: Replaced by new connection
[15:44:37] mcr joins the room
[15:44:42] Kyle Rose joins the room
[15:45:40] Kyle Rose leaves the room
[15:47:22] mellon joins the room
[15:47:32] mellon leaves the room
[15:49:32] metricamerica joins the room
[15:53:01] Barry Leiba leaves the room
[15:57:45] John Scudder joins the room
[15:58:00] John Scudder leaves the room
[16:01:22] francesca joins the room
[16:15:59] mcr leaves the room: Disconnected: Replaced by new connection
[16:15:59] mcr joins the room
[16:16:27] metricamerica joins the room
[16:17:28] mcr leaves the room
[16:18:32] francesca leaves the room: unknown reason
[16:29:45] metricamerica leaves the room
[17:02:55] metricamerica leaves the room