[15:16:45] --- bert has become available
[15:20:13] --- tanupoo has become available
[15:22:41] --- tlyu has become available
[15:23:07] --- raeburn has become available
[15:23:44] --- Jeffrey Altman has become available
[15:23:59] --- hartmans has become available
[15:24:07] --- warlord has become available
[15:26:04] --- mike has become available
[15:26:35] <bert> are any slides for the presentation 9later in this session) online?
[15:27:21] <hartmans> I'm sorry. I don't think so. Let me mail them to you.
[15:27:59] --- jis has become available
[15:28:09] <jis> Just got on
[15:28:14] --- Melinda has become available
[15:28:34] <jis> Enroll, one hour slot, was there interest in the work and what can be salvaged from an inactive list
[15:28:39] <jis> Main document expired
[15:28:45] <bert> That will work Sam, thanks
[15:29:07] <jis> DIscussions of new documents
[15:29:18] --- weddy has become available
[15:29:23] <jis> Mostly discussion of terminology
[15:29:32] <jis> No interest in more help, no volunteers
[15:29:41] --- tanupoo has left
[15:29:58] <jis> Terminology doc will go out as info RFC (probably)
[15:30:16] --- pagmag has become available
[15:30:24] <jis> Will likely be a short document
[15:30:25] --- pagmag has left
[15:30:27] <hartmans> OK, I'm failing to find them
[15:30:35] --- sts has become available
[15:30:53] --- dbh has become available
[15:30:59] <jis> Russ is pleading...
[15:31:03] --- dcrocker has become available
[15:31:07] <jis> Russ originally started this work
[15:31:27] <jis> Because we have SMIME, TLS but people aren't using them because they don't have the necessary credentials
[15:31:47] <jis> ANd we have devices that if only they had some credentials life would be better
[15:31:53] --- jhutz has become available
[15:31:56] <jis> Paul would like to close the WG, but Russ would like people to work on it
[15:32:06] <jis> But if he doesn't have some help soon, he will close it down
[15:32:35] <jhutz> yes, it is
[15:32:36] --- geoff has become available
[15:32:39] <jis> Paul again calls for volunteers
[15:32:43] <jis> Next up...
[15:32:49] <jis> Sam will talk about ISMS
[15:32:55] <jis> Met for 2.5 hours on Monday
[15:33:05] <jis> Evaulation team finished 4 proposals
[15:33:13] <jis> (didn't get the list)
[15:33:16] <jhutz> OK, who wants to volunteer to help scribe. This is easier if several of us hand off
[15:33:38] <dbh> Can't stay long, but was in ISMS.
[15:34:00] <jhutz> hartmans: will have an architecture meeting which will conclude by april
[15:34:09] <jis> Kitten
[15:34:14] <jhutz> hartmans: then a charter to do that work by paris. otherwise ISMS will close
[15:34:17] <jis> (Jeff Altman)
[15:34:21] <dbh> WG will have architecture discussion to determine between three proposals. If that discussion doesn't happen, ISMS will close down.
[15:34:28] --- sureshk has become available
[15:34:28] <jis> SNEGO Update document has gone to the IESG
[15:34:35] <jis> Will be last called soon
[15:34:36] <jhutz> me next
[15:34:43] <jhutz> (at mic, that is)
[15:34:51] <jis> Two additional documents are going to go into WG last call
[15:35:04] <jis> PRF for GSSAPI and the ??? for Kerberos v5
[15:35:35] <jhutz> generic PRF for GSSAPI, and its definition for the krb5 mech
[15:35:39] <jis> Java and C# language bindings... 2 drafts under review which contains changes to RFC2053
[15:35:41] <hartmans> prf for krb5; you need both a mech document and a generic document
[15:35:54] <jis> (thinking and typing is difficult!)
[15:35:58] <jis> (at least for me)
[15:36:15] <jhutz> (it's RFC2853, not 2053)
[15:36:26] <jis> sorry
[15:36:37] <jhutz> no problem
[15:36:42] <jis> Jeff liked the Jabber and audio casting
[15:36:47] <jis> it contributed to the meeting
[15:36:52] <jis> next.. KINK
[15:36:54] <jhutz> oh, I forgot about warlord
[15:36:55] <jis> Derek Atkins
[15:37:08] <jis> Will meet tomorrow, nothing to report yet, lively discussion expected, show up
[15:37:18] <jis> Kerberos: Jeff Hutzelman
[15:37:24] <jis> Two docs
[15:37:41] <jis> published as RFCs (3961 krb crypto framework 3962 AES mech)
[15:37:45] <jis> pkinit still in progress
[15:37:55] <jis> some issues to resolve, some easy some not
[15:38:06] <jis> howto validate identity of kdcs is controversial
[15:38:13] <jis> ADs => WG: Just get it done
[15:38:28] <jis> status on kerberos extensions presentation, lots of questions and few resolutions
[15:38:46] <jis> Larry Zhu gave pres. for means for nego encryption types for use in application exchanges
[15:38:54] <sts> PKINIT to define how to identify a KDC through a cert
[15:38:54] <jis> RUSS: JUST GET IT DONE
[15:38:59] <jhutz> mobike:
[15:39:05] <jis> MOBIKE: Paul Hoffman
[15:39:11] <jis> 2 hour session
[15:39:16] <jis> discussion of scope
[15:39:17] <jhutz> paul: not only did I have to get up in the morning, but early in the week
[15:39:31] --- shep has become available
[15:39:36] <jis> WG has open issue tracker
[15:39:39] <jhutz> paul: ... then went into a discussion of open issues. tracker shows what's open/closed
[15:39:40] <jis> Went through open issues
[15:39:57] <jis> disc of how addresses are chosen under ipsec
[15:40:11] <jhutz> paul: once issue is resolved, a couple others will probably fall out.
[15:40:14] <jis> intention is to clean up open issues on the mailing list in the next month of so
[15:40:28] <jis> expect to be finished on 2 main doc by august
[15:40:37] <jis> Russ: Last call after Paris?
[15:40:40] <jhutz> russ: last call _after_ paris or before?
[15:40:48] <jhutz> paul: unknown; "that's months away"
[15:40:49] <jis> Paul: not sure, will do it as fast as we can
[15:41:04] <jis> once they go to IESG queue, other charter items will be worked on
[15:41:34] <jhutz> MSEC - ran canetty
[15:41:37] --- weiler has become available
[15:41:49] --- resnick has become available
[15:42:00] <jhutz> not done - asked to look into mcast problems in 2401bis
[15:42:10] <jhutz> russ has directed us to write a doc describing how to solve those
[15:42:15] <jhutz> two presentations on individual documents...
[15:42:16] --- nicow3k has become available
[15:42:27] <jhutz> both related to xxx
[15:42:35] <jhutz> one alternative to [damn; missing stuff
[15:42:48] <jhutz> other proposal for adding ECC public key methods
[15:42:49] --- shep has left: Disconnected
[15:43:09] <jhutz> presentations on other existing documents.
[15:43:18] <hartmans> one alternative to mikey rsa sigs method
[15:43:24] <jhutz> russ: in addition, I want to point out this slide has changed
[15:43:25] <jis> Russ: point outs that the slide has changes, a WG chair has changed
[15:43:37] <jhutz> russ: one of the WG chairs has changed. neither chair is here..
[15:43:49] <jhutz> russ: ran - wife gave birth earlier this week
[15:43:55] <jis> OpenPGP (Derek Atkins):
[15:43:56] <jhutz> russ: XXX had to go home; family ill
[15:44:00] --- dfedyk has become available
[15:44:06] <jis> 25 min meeting
[15:44:11] <jis> no real players in attendance
[15:44:14] <jis> no implementers
[15:44:34] --- pguenther has become available
[15:44:42] <jis> Sam discussed interaction between openpgp and lemonade
[15:44:53] <jis> Let IMAP server get access to enclosed session key
[15:45:52] --- nicow3k has left: Disconnected
[15:46:01] <jis> discussion of attack against pgp
[15:46:07] --- nicow3k has become available
[15:46:10] <jis> requires an oracle to encrypt chosen messages
[15:46:18] <jis> pki4ipsec
[15:46:21] <warlord> oracle to decrypt.
[15:46:23] --- dfedyk has left: Replaced by new connection
[15:46:23] --- dfedyk has become available
[15:46:23] --- dfedyk has left
[15:46:23] <jhutz> pki4ipsec. met monday afternoon
[15:46:26] <jis> discussion of requirements for cert management profile
[15:46:31] <jhutz> came up with several decisions related to that..
[15:46:43] <jhutz> lots of discussion about character representation; need for i18n
[15:46:57] <jis> need to incorporate internationalization
[15:47:05] <jhutz> be explicit where we reject it
[15:47:25] <jis> Comment from JIS: Too many of these presentations require context not available to folks not in meeting
[15:47:28] <jhutz> author of pki profile draft was unable to attend
[15:47:36] <jhutz> draft itself didn't make it; submitted in jan and lost
[15:47:41] <resnick> Would someone care to explain to me (I'm out of the room) what the attack on pgp is mentioned above wrt IMAP problem?
[15:47:41] <jhutz> available on icsa web site
[15:47:59] <jhutz> jim schadt(?) agreed to develop followon, protocol document to address requirements defined in first draft
[15:48:03] <jhutz> PKIX
[15:48:05] <resnick> And what the nature of this "oracle to decrypt" is.
[15:48:20] <jis> pkix trying to shutdown
[15:48:20] <jhutz> Tim Polk: since last meeting - supposed to be in shutdown mode;
[15:48:30] <jhutz> trying hard, but not all members seem to want to finish things and close them out
[15:48:34] <jhutz> some progress since last meeting.
[15:48:38] <jis> most agenda about two documents
[15:48:40] <jhutz> agenda on tuesday had to do with 2 docs
[15:48:44] <jis> scvp
[15:48:49] --- nicow3k has left
[15:48:51] <jhutz> simple cert validation protocol - 2 new draffs
[15:48:57] <jis> issues left: what should be mand. to impl
[15:49:02] <jhutz> what should be mandatory-to-implement
[15:49:04] <jis> and a semantics issue
[15:49:06] --- nicow3k has become available
[15:49:06] <pguenther> pete: adaptive cyphertext attack on certain mode of pgp, not related to lemonade request, as I understood the attack
[15:49:07] <jhutz> one semantics issue
[15:49:15] <jhutz> people wanting to rewrite abstract
[15:49:17] <jis> yes
[15:49:27] <jhutz> down to the point where hopefully steve (kent) will be able to judge consensus
[15:49:31] <jhutz> I (polk) now editing, so can't do that
[15:49:36] <pguenther> jis: yes to my description?
[15:49:37] <jis> 3280 followon
[15:49:42] --- sts has left: Replaced by new connection
[15:49:43] --- sts has become available
[15:49:43] <jis> pguenther: yes
[15:49:43] --- sts has left
[15:49:48] --- shep has become available
[15:49:54] <jhutz> significant new material has to do with i18n
[15:49:58] --- sts has become available
[15:50:00] <resnick> Thanks phil & jeff.
[15:50:02] <jhutz> how to handle domain names, IRI's, email addrs
[15:50:15] <jhutz> also had a presentation from japan PKI challenge on deployment of
[15:50:18] <jhutz> UTF-8 XXX
[15:50:30] --- dfedyk has become available
[15:50:34] <jhutz> RFC3280 had dec 2003 cutover deadline, but only govt CA's were
[15:50:37] <jhutz> actually following that.
[15:50:48] <jhutz> trying to figure out how to get support for i18 names in these products
[15:51:09] <jhutz> progress toward closing, not as quickly as planned
[15:51:10] <jis> sacred was cancelled
[15:51:11] <jhutz> SACRED - cancelled
[15:51:19] <jis> SASL: Kurt Zeilenga
[15:51:27] <jis> Kurt is not here
[15:51:32] <jhutz> Kurt is presumably in lemonade
[15:51:32] <jis> Tom Yu filling in
[15:51:38] <pguenther> Tom is co-chair now
[15:51:45] <jhutz> (note the slide is wrong; Tom is now co-chair of SASL)
[15:51:47] <jis> (indeed)
[15:51:57] <jis> I should know that!
[15:52:07] <jis> Concerns about original digest spec
[15:52:26] <jis> implementations of old spec did not conform to old spec but will likely work with new spec!
[15:52:40] <jis> (I am having trouble hearing Tom)
[15:52:53] --- geoff has left: Replaced by new connection
[15:52:53] --- geoff has become available
[15:52:55] --- geoff has left
[15:52:59] <sts> Why is all presentations scribed here? The audio is available from http://videolab.uoregon.edu/events/ietf/ietf622.m3u
[15:53:17] <jhutz> because not everyone can receive the audio
[15:53:18] <nicow3k> because following sound isn't always an option
[15:53:23] <sts> ok
[15:53:23] <nicow3k> and not all can hear
[15:53:32] <jhutz> for example, people in another meeting
[15:53:34] <pguenther> also easier to create minutes from jabber log
[15:53:36] <weiler> also helps when assembling minutes after the fact.
[15:53:38] <jis> (slides is being corrected in real time to show Tom as co-chair)
[15:53:42] <jhutz> also ==weiler
[15:53:57] <jhutz> housley++
[15:54:12] <jhutz> Secure Shell - Bill Sommerfeld
[15:54:18] <jis> 15 min meeting
[15:54:20] <jhutz> secsh met for about 15min this afternoon
[15:54:22] <jis> WG has been quiet
[15:54:34] <jhutz> has been quiescent for a while due to a "series of unfortunate accidents"
[15:54:34] <jis> most recent non-tech issue has been removed
[15:54:39] <jis> (appears to at least)
[15:54:51] <jhutz> at IPR meeting this week on monday, trademark was resolved
[15:55:01] <jis> ipr WG has come to consensus on how to deal with the trademark issues
[15:55:02] <jhutz> we have been given an edict from russ - proceed as if resolved, let IESG deal if not
[15:55:16] --- eric has become available
[15:55:20] <jhutz> what will remain is sweeping up some extensions drafts
[15:55:21] <jis> after main docs, need to finishe extensions draft
[15:55:28] <jhutz> some active, some expired due to quiescent period
[15:56:10] <jis> butns: Sam Weiler
[15:56:21] <jhutz> "btns"
[15:56:33] <jis> new req. that it be possible to generate an ipsec impl that can do both btns and traditional ipsec at the same time
[15:56:47] <jis> charter is up for review by iesg on THursday
[15:57:08] <jis> Sam: Steve Kent has already re-written the charter
[15:57:17] <jis> Sam: Don't expect it to be approved next week
[15:57:18] <jhutz> hartmans: but probably won't be done next thursday.
[15:57:29] --- geoff has become available
[15:57:36] <jhutz> Next, invited presentations.
[15:57:38] <jis> Russ: Others might want to see S. Kent's version before the IESG does
[15:57:55] --- nicow3k has left
[15:58:23] <jis> intermission...
[15:58:27] --- lha has become available
[15:58:27] <jhutz> Where are the other people who volunteered to help scribe???
[15:58:40] <jis> not scribing!
[15:58:41] --- StephenF has become available
[15:58:51] <jis> Note: Anyone is welcome to help scribe
[15:59:02] <jhutz> I'm not scribing either for the presentation itself.
[15:59:15] <jhutz> People will have to follow the audio unless someone else steps up
[16:00:01] <jhutz> This is a followup on the AVISPA presentation from last time, IIRC
[16:00:28] --- ekr has become available
[16:00:42] <jis> Summary: We need tools to help analyze security protocols
[16:00:42] --- eric has left: Disconnected
[16:00:43] <ekr> My slides are at http://www.rtfm.com/digests.pdf
[16:00:50] <jis> tnx
[16:01:08] <ekr> Sorry about the scary TeX fonts....
[16:01:42] <jhutz> oh, great. that crashed my browser :-)
[16:01:53] <ekr> I don't think you can blame me for that :)
[16:02:10] <ekr> though it is a DoS attack on the WG.
[16:02:40] --- sts has left: Replaced by new connection
[16:02:58] --- sra has become available
[16:03:03] --- eric has become available
[16:03:58] --- shep has left: Logged out
[16:04:38] --- sts has become available
[16:04:39] --- shep has become available
[16:05:03] --- Bill has become available
[16:05:42] --- sts has left: Replaced by new connection
[16:05:42] --- sts has become available
[16:05:42] --- sts has left
[16:06:02] --- sts has become available
[16:07:14] --- sts has left: Replaced by new connection
[16:07:14] --- sts has become available
[16:07:14] --- sts has left
[16:07:32] <tlyu> ok, who has an access point up as "HPSS"? or for that matter "Zinncorp"?
[16:07:38] <jhutz> not your fault; the netscape/mozilla acroread plugin sucks.
[16:07:44] --- sts has become available
[16:07:50] <jhutz> duh, some mac user, probably
[16:07:54] <warlord> I'm not seeing either of those, tom
[16:08:12] <jhutz> maybe they're adhoc?
[16:08:28] <sra> hpss and zinncorp have been on site since sunday at least (saw them during iesg meeting sunday morning)
[16:08:47] <sts> Thx fro the slides ekr: Works fine in my browser :-)
[16:09:28] --- eric has left: Disconnected
[16:10:05] <Bill> When I saw it earlier, Zinncorp was an access point (not ad-hoc) and had WEP enabled, so I assumed that it was someone's actual infrastructure and the RF shield around the hotel that the IETF installed had failed
[16:10:20] <jhutz> good slides. how long did it take you to put that together?
[16:10:36] --- eric has become available
[16:10:59] --- eric has left: Disconnected
[16:11:52] --- fenton has become available
[16:12:29] <ekr> jhutz: you talking to me?
[16:12:34] --- suz has become available
[16:12:45] <jhutz> yes
[16:12:52] <ekr> couple hours.
[16:12:54] <sra> yes, hpss and zinncorp were both showing as access points sunday. as were a series of ssid ietf60 with constantly changing addresses
[16:13:05] <ekr> Of course, like an hour was learning how to use seminar/TeX
[16:13:57] --- weddy has left
[16:15:27] <hartmans> O, those mechanisms;)
[16:16:32] <jhutz> Um... 24/38 is 63%, not 86%
[16:16:53] <jhutz> Granted, 24/28 is 86%, but 28 and 38 are not the same number
[16:18:11] <hartmans> Someone should ask about licensing
[16:20:57] --- ogud has become available
[16:21:38] --- nicow3k has become available
[16:22:29] --- rlbob has become available
[16:24:19] <jhutz> you can end up modelling something other than the specified protocol
[16:24:36] <ekr> Basically, the experiential data on this kind of modelling is that these analyzers almost never come up with any very interesting attacks.
[16:24:58] <ekr> you see a lot of this stuff in theory conferences.
[16:25:07] --- kanda has become available
[16:25:11] <jhutz> sure, because the interesting attacks are crypto attacks, or timing attacks, or the like
[16:25:18] <ekr> Yeah.
[16:26:05] <jhutz> ah, the licensing question
[16:28:05] <weiler> didn't someone find one of the kerb4 attacks with something like this?
[16:28:21] <jhutz> do we have a break about now?
[16:28:31] <jhutz> weiler: no, I don't think so
[16:28:46] <warlord> technically we have a 15 min break, but...
[16:28:56] <warlord> we're not taking it
[16:28:59] <jis> Is there more food at the break we are missing
[16:29:02] <jis> ?
[16:29:02] <warlord> No
[16:29:07] <jis> so who cares!
[16:29:08] <jhutz> ekr says there is no food out there
[16:29:08] <ekr> closed authentication would be better, I think...
[16:29:37] <ekr> isn't the whole point that I want my system not to be open to attack?
[16:29:56] <jis> That is what your firewall is for...
[16:29:59] <jis> :-)
[16:31:00] --- sommerfeld has become available
[16:32:00] <ekr> This is like HMAC-SHA1 in counter mode.
[16:32:25] <sommerfeld> clearly he has not tuned the presentation for IETF
[16:32:36] <hartmans> What is this? I missed his initial goal
[16:32:38] <ekr> They don't even use the cool S/key representations.
[16:32:41] <jhutz> hm? do you have a pointer to the text?
[16:32:55] --- suz has left
[16:32:57] --- suz has become available
[16:33:03] <jhutz> Sam, it's an OTP algorithm
[16:33:21] <ekr> This is substantially weaker than S/key.
[16:33:24] <sommerfeld> as opposed to iterated sha or md5 which we standardized as OTP
[16:33:33] <ekr> It has a password equivalent on the server.
[16:34:00] <jhutz> that can be used to generate any password in the sequence?
[16:34:00] --- geoff has left: Disconnected
[16:34:07] --- geoff has become available
[16:34:15] --- amelnikov has become available
[16:34:26] <hartmans> Well, you're probably going to implement it on top of your plaintext passwords in the AAA database. . .
[16:34:32] <ekr> You can generate any password in the sequence with OTP via simple iteration.
[16:34:48] --- ThePurpleStreak has become available
[16:34:51] <ekr> Yes, but this requires it whereas the OTP standard in IETF does not.
[16:35:31] --- StephenF has left: Replaced by new connection
[16:35:31] <jhutz> I thought the OTP we standardized ran the sequence backward, so the server doesn't know the next password until the user has provided the current one
[16:35:32] --- StephenF has become available
[16:35:39] --- resnick has left: Disconnected
[16:35:44] <ekr> That's rightl. Which is considered a feature.
[16:35:55] --- dcrocker has left: Replaced by new connection
[16:35:57] --- dcrocker has become available
[16:36:06] <jhutz> I agree. I gather this doesn't have that?
[16:36:07] --- sts has left: Replaced by new connection
[16:36:13] <ekr> Right. You store the key on the server.
[16:36:19] <jhutz> how nice.
[16:36:44] <hartmans> Does this have a limited sequence like s/key or does it have a large counter?
[16:37:00] <jhutz> well, this slide is true
[16:37:01] --- rlbob has left: Disconnected
[16:37:01] --- StephenF has left: Replaced by new connection
[16:37:01] --- StephenF has become available
[16:37:01] --- StephenF has left
[16:37:01] <sommerfeld> as opposed to the password-equivalent in kerberos, or...
[16:37:03] --- sts has become available
[16:37:08] --- nicow3k has left: Replaced by new connection
[16:37:11] <jhutz> it's a counter
[16:37:11] <ekr> It has a large counter, but since it requires computation on both sides, you can use s/key with 1 million key values and it's fast to compute.
[16:37:16] --- nicow3k has become available
[16:37:32] --- StephenF has become available
[16:37:53] <jhutz> ekr, let him finish before you rip his idea to shreds
[16:38:09] <jhutz> damn; he got up already
[16:38:19] <hartmans> I should try and figure out how SAAG presentations get selected.
[16:38:30] <jhutz> uh.. you don't know?
[16:38:45] <hartmans> Well, I sort of do.;)
[16:39:44] --- shima has become available
[16:39:52] <hartmans> I think neither Russ nor I do a great job of checking utility; it is mostly first-come first-serve
[16:40:00] <jhutz> (It's good to see some folks reading here who I noticed haven't been around this week)
[16:40:23] <jhutz> *boom*
[16:40:56] --- StephenF has left: Replaced by new connection
[16:40:56] --- StephenF has become available
[16:40:56] --- StephenF has left
[16:41:14] <hartmans> Perhaps a good question. Perhaps you could answer it;)
[16:41:17] <tlyu> is he dodging the question?
[16:41:18] --- ogud has left
[16:41:20] --- StephenF has become available
[16:41:25] <jhutz> So, RFC2289 is dated 1998. I'm pretty sure I implemented something very much like that spec several years before.
[16:41:32] <jhutz> How long has that been around?
[16:41:52] <sommerfeld> S/key wasa round for a while before OTP
[16:42:04] --- resnick has become available
[16:42:28] --- sra has left
[16:42:34] --- sra has become available
[16:42:46] <sommerfeld> s/key -> otp was an example of getting the trademark thing right
[16:43:05] <jhutz> Did what he just said make any sense at all?
[16:43:12] <sommerfeld> sorta
[16:43:28] <sommerfeld> he's confused abuot possible implementatins of OTP
[16:43:40] <sommerfeld> you could do 2289 OTP with a seed unknown t othe suer
[16:43:50] <sommerfeld> mm, typing lag
[16:44:41] --- ogud has become available
[16:46:35] --- StephenF has left: Replaced by new connection
[16:46:36] --- StephenF has become available
[16:46:36] --- StephenF has left
[16:46:40] <jhutz> and now, ekr will try to convince us not to panic
[16:46:54] --- StephenF has become available
[16:46:58] <jhutz> of course, I've already read his slides
[16:49:11] --- sts has left: Replaced by new connection
[16:49:12] --- sts has become available
[16:49:12] --- sts has left
[16:49:28] --- sts has become available
[16:49:58] --- sts has left: Replaced by new connection
[16:49:58] --- sts has become available
[16:49:59] --- sts has left
[16:50:13] --- sts has become available
[16:54:48] --- sureshk has left
[16:56:22] --- hartmans has left: Disconnected
[16:56:42] --- hartmans has become available
[17:01:07] --- ogud has left
[17:01:09] --- nicow3k has left
[17:01:39] --- nicow3k has become available
[17:02:21] <jis> Richard Draves: We should work on better hashes or Randomized hashes and not depend on "hacks" (cert variance)
[17:02:43] <jis> Stephan ???: Concerned about randomized serial numbers (size of CRLS)
[17:03:17] <jis> Ben Laurie: You didn't mention the other attack
[17:03:35] <jis> You gen coliders where one is prime and the other is not prime
[17:04:09] <jis> Tim Polk: another way to introduce randomness to certs
[17:04:16] <jis> Put a random GUID into the certificate
[17:04:39] --- sureshk has become available
[17:04:39] <jis> ekr: You can put randomness in the version number, no one checks it
[17:04:44] <jis> Russ: Looks at him funny
[17:05:07] <jis> NIST wanted us off of 80 bit algorithms by 2010, so we were already talking about migrations
[17:05:10] <nicow3k> [laughter]
[17:05:14] <jis> Obviously we will have to push that up by a few years
[17:05:48] <jis> We should be ok with SHA-224 and SHA-256 for a while.. maybe.
[17:06:00] <jis> We are thinking about a different approach (new tricks for our bag)
[17:06:18] <jis> Talking about how we get some things into the hash algorithm family that are not all so closely related
[17:06:36] <jis> NIST hasn't commited to a new competition
[17:06:57] <jis> ekr: Best candidates (today) are block cipher based hashes
[17:09:43] --- sts has left: Replaced by new connection
[17:09:43] --- sts has become available
[17:09:44] --- sts has left
[17:10:12] <jis> RSA signatures are not a problem with large hash outputs (until the size of the modulus is reached)
[17:10:23] <jis> But DSA has a problem because it needs a 160 bit value (or less)
[17:10:52] --- sts has become available
[17:13:09] <jis> Russ: Many trust anchors (certificates stored in "root" stores) are based on MD2 and MD5 hashes
[17:13:35] --- larry has become available
[17:15:34] --- sts has left: Replaced by new connection
[17:15:34] --- sts has become available
[17:15:35] --- sts has left
[17:15:44] --- sts has become available
[17:15:54] --- mike has left: Disconnected
[17:16:06] <weiler>
[17:17:29] --- StephenF has left: Replaced by new connection
[17:17:30] --- StephenF has become available
[17:17:30] --- StephenF has left
[17:17:37] --- StephenF has become available
[17:17:47] <sts> Legacy certificates are not a problem since the attack doesn't work on allready issued certs
[17:18:19] --- raeburn has left: Disconnected
[17:18:23] --- shima has left
[17:18:23] --- shima has become available
[17:18:40] <jhutz> <?>: shouldn't be signing values provided by another party, or easily predictable by another party
[17:18:48] <tlyu> so we took a step backwards in kerberos by not using confounders in newer checksums...
[17:18:56] <jis> <?> = Tim Polk
[17:19:06] <warlord> Yes
[17:19:08] <jis> <tlyu>: Yes
[17:20:00] <nicow3k> well, that's not good
[17:20:26] <jhutz> note that newer checksums are HMAC's
[17:20:49] --- jis has left
[17:21:04] <nicow3k> ah, right
[17:21:04] --- nicow3k has left
[17:21:10] <jhutz> newer kerberos checksums, that is
[17:21:32] --- raeburn has become available
[17:23:02] --- Melinda has left: Disconnected
[17:23:23] --- nicow3k has become available
[17:24:26] --- hartmans has left: Lost connection
[17:24:58] --- dfedyk has left
[17:26:07] --- nicow3k has left
[17:26:10] --- raeburn has left: Disconnected
[17:26:19] --- shep has left: Logged out
[17:26:19] --- shep has become available
[17:26:19] --- shep has left: Logged out
[17:26:22] --- warlord has left
[17:26:23] --- jhutz has left: Disconnected
[17:26:24] --- shima has left
[17:26:26] --- suz has left
[17:26:27] --- sureshk has left
[17:26:29] --- sts has left
[17:26:38] --- sra has left
[17:27:07] --- lha has left
[17:27:31] --- larry has left
[17:27:48] --- tlyu has left
[17:30:16] --- Jeffrey Altman has left: Disconnected
[17:31:04] --- fenton has left
[17:32:58] --- weiler has left
[17:35:19] --- pguenther has left
[17:35:23] --- resnick has left
[17:36:57] --- dcrocker has left: Disconnected
[17:40:25] --- ThePurpleStreak has left
[17:43:36] --- StephenF has left: Disconnected
[17:48:57] --- kanda has left
[17:51:02] --- Bill has left
[18:26:06] --- geoff has left: Replaced by new connection
[18:26:06] --- geoff has become available
[18:26:06] --- geoff has left
[18:41:52] --- dcrocker has become available
[18:50:44] --- ekr has left: Disconnected
[18:52:01] --- dcrocker has left
[18:53:33] --- ekr has become available
[19:05:35] --- ekr has left
[19:21:46] --- ogud has become available
[19:38:37] --- Bill has become available
[19:42:33] --- ogud has left
[19:45:22] --- Bill has left
[19:45:35] --- ogud has become available
[19:45:42] --- ogud has left
[20:25:55] --- lha has become available
[20:31:54] --- lha has left
[20:40:38] --- Jeffrey Altman has become available
[23:59:07] --- Jeffrey Altman has left
[23:59:53] --- bert has left