IETF
secdispatch
secdispatch@jabber.ietf.org
Monday, July 16, 2018< ^ >
synp has set the subject to: SecDispatch @ IETF 101 - https://datatracker.ietf.org/meeting/101/materials/agenda-101-secdispatch-03
Room Configuration
Room Occupants

GMT+0
[15:25:25] Yoshiro Yoneya joins the room
[16:12:24] Yoshiro Yoneya leaves the room
[17:43:20] Yoshiro Yoneya joins the room
[18:28:24] Yoshiro Yoneya leaves the room
[18:28:29] Yoshiro Yoneya joins the room
[19:03:32] metricamerica joins the room
[19:29:24] metricamerica leaves the room
[19:34:29] meetecho joins the room
[19:41:55] pyJOLIR8 joins the room
[19:43:56] fenton joins the room
[19:45:10] Jake Holland joins the room
[19:45:23] Stephen Banghart joins the room
[19:46:21] fenton has set the subject to: SecDispatch @ IETF 102 - https://datatracker.ietf.org/meeting/102/materials/agenda-102-secdispatch-04
[19:47:06] Yoshiro Yoneya joins the room
[19:47:23] Yoav Nir joins the room
[19:47:24] Yoshiro Yoneya leaves the room
[19:49:07] Rich Salz joins the room
[19:49:55] <Rich Salz> I'm yer jabber scribe.  If you want something said put MIC at the front or ping me directly.
[19:51:25] Satoru Kanno joins the room
[19:52:21] John Border joins the room
[19:52:25] ted.h joins the room
[19:52:42] Kaoru Maeda joins the room
[19:53:12] <Rich Salz> noge well
[19:53:20] <Rich Salz> Note well (of course)
[19:53:24] <Rich Salz> Administrative tasks
[19:53:32] m&m joins the room
[19:53:48] Stephen Banghart leaves the room
[19:54:02] cw-ietf joins the room
[19:54:03] <Rich Salz> Dispatch process (p4)
[19:54:09] <m&m> the amplification in this room is not great, or the chair mic is not turned on?
[19:54:45] <Yoav Nir> I can hear him, so his mic *is* on
[19:54:46] <fenton> Chair mic is definitely on, at least from my perspective.
[19:55:31] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-reference-terminology-for-remote-attestation-procedures-draft-birkholz-attestation-terminology-02-01
[19:55:50] Rolf E. Sonneveld joins the room
[19:56:23] metricamerica joins the room
[19:56:29] <Rich Salz> p2 on remote attestation (ra)
[19:57:39] <Rich Salz> Oh BTW, full meeting materials are at https://datatracker.ietf.org/meeting/102/session/secdispatch
[19:59:00] <Rich Salz> p3 A general Model for Remote Attestation
[19:59:18] sftcd joins the room
[19:59:47] <Rich Salz> p4 Here We Stand
[20:00:38] Ned Freed joins the room
[20:01:31] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-entity-attestation-token-draft-mandyam-eat-00-00
[20:01:33] <ted.h> sinkingship.org is available, rats people.  Just saying.
[20:01:40] richard.barnes joins the room
[20:01:47] <richard.barnes> Always EAT your RATS
[20:01:55] <Rich Salz> Is that the previous ISO standard maybe?
[20:02:07] <Rich Salz> p2 Entity Attestation Token
[20:02:15] <Rich Salz> RATS leaving the Sinking Ship
[20:02:29] Stephen Banghart joins the room
[20:03:24] <Rich Salz> p3 End-End Attestation Flow
[20:03:42] Barry Leiba joins the room
[20:04:37] <Rich Salz> p4 EAT format
[20:05:17] Lucas Pardue joins the room
[20:06:28] <Rich Salz> p5 Similar and Related Technologies
[20:08:07] Martin Thomson joins the room
[20:08:08] <fenton> I didn't hear the chairs over the speakers that time.
[20:09:50] <fenton> ekr at mic
[20:13:54] sftcd leaves the room
[20:19:39] wseltzer@jabber.org joins the room
[20:22:54] sftcd joins the room
[20:23:00] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-generating-certificate-requests-for-star-certificates-draft-sheffer-acme-star-request-02-00
[20:23:16] <Rich Salz> p2 Outline
[20:23:23] <richard.barnes> MOVE FAST AND BOF THINGS
[20:23:28] <Rich Salz> p3 Glossary
[20:23:56] <Rich Salz> p4 problem statement
[20:25:53] =JeffH joins the room
[20:26:01] <Rich Salz> p5 history
[20:26:37] <Rich Salz> p6 Requesting name delegation
[20:27:13] <Rich Salz> p7 STAR cert is issued
[20:27:53] <Rich Salz> 8 IdO terminates the name delegation
[20:28:11] <Rich Salz> p9 Next steps
[20:28:47] <Yoav Nir> Rich: You probably know this better than I do, but is there a relationship between the CP and the CA? Isn't "getting a certificate" part of the service that a CDN provides?
[20:29:24] <richard.barnes> Yeah, seems like operating this proxy thing is not something that would be appealing to customers
[20:29:24] <Rich Salz> Almost always yes but it depends on the CDN and the customer.  We have some customers, for example, who get their own certs and upload cert+key to Akamai.
[20:30:05] ted.h leaves the room
[20:30:54] <Yoav Nir> I guess all of us security people feel queezy about "upload key to Akamai".
[20:30:55] <richard.barnes> I’m pretty sure this thing is an ACME b2bua
[20:31:14] <Yoav Nir> But I'm not sure this multi-party thing is much better.
[20:31:21] Simon Pietro Romano joins the room
[20:31:38] ted.h joins the room
[20:31:45] <Rich Salz> @Yoav, yeah.  If Akamai (or other CDN) does the keygen and makes the certreq, then if it leaks you know exactly who to blame.  In the upload case, you don't know
[20:32:29] <Yoav Nir> Nice thing about ACME is that the protocol runs on the web server. If it runs on the CP and then gets transported just adds complexity.
[20:34:57] ted.h leaves the room
[20:36:50] ted.h joins the room
[20:37:47] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-asymmetric-manifest-based-integrity-draft-jholland-mboned-ambi-00-02
[20:38:11] <Rich Salz> p2 problem statement
[20:38:36] <Rich Salz> p3 integrity scheme requirements
[20:39:19] <Rich Salz> p4 single manifest
[20:40:33] <Rich Salz> p5 manifest tree
[20:41:02] <Rich Salz> p6 rolling root manifest
[20:41:56] Scott Fluhrer joins the room
[20:41:59] <=JeffH> who is willing to take notes— i wanna decamp to resolverless DNS confab....
[20:42:10] Scott Fluhrer leaves the room
[20:42:30] m&m joins the room
[20:43:12] <Lucas Pardue> ekr: I understood that you want protection during the distribution at the router level
[20:43:33] m&m leaves the room
[20:43:39] <Lucas Pardue> e.g. don't want to commit resource at the router to buffer gigs of windows update
[20:44:36] Scott Fluhrer joins the room
[20:46:07] craigt joins the room
[20:48:03] <Lucas Pardue> it is lots harder to inject packets in the broadcast spectrum
[20:48:39] <craigt> s/lots/differently/
[20:50:26] resnick joins the room
[20:50:44] resnick leaves the room
[20:50:59] resnick joins the room
[20:52:24] <Lucas Pardue> hand
[20:52:37] <richard.barnes> ack
[20:53:04] ted.h leaves the room
[20:54:34] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-storing-validation-parameters-in-pkcs8-draft-mavrogiannopoulos-pkcs8-validated-parameters-00
[20:54:40] <Rich Salz> p2 history
[20:55:19] m&m leaves the room: Disconnected: closed
[20:55:48] <Rich Salz> p3 premise of the document
[20:57:51] wseltzer joins the room
[20:57:55] wseltzer@jabber.org leaves the room
[20:58:03] <Rich Salz> p4 is this the right scope
[21:00:05] resnick leaves the room
[21:00:50] resnick joins the room
[21:02:37] <richard.barnes> https://i.pinimg.com/originals/41/32/72/4132727be2c271ec7bde0d19492b4be3.gif
[21:05:24] <Yoav Nir> Huh? It's not an IETF consensus document if it's published by the ISE
[21:05:25] whatdafuq joins the room
[21:05:31] <Yoav Nir> But it's fine. Ship it.
[21:06:11] <Scott Fluhrer> But what problem does it solve?  If it's a private proof that a value is prime, well, values are fairly easy to test for primality
[21:06:43] <Scott Fluhrer> Yes, checking a Shawe-Taylor proof is a bit easier that (say) an iteration of Miller-Rabin, but not *that* much
[21:07:45] Dan Harkins joins the room
[21:07:53] <Yoav Nir> Eat more mic. Mic is highly nutritious and contains a lot of iron
[21:08:54] resnick leaves the room
[21:09:20] <Yoav Nir> We can't hear that
[21:10:40] <Yoav Nir> Still barely hearing the chairs
[21:11:19] <Yoav Nir> Better now...
[21:11:36] <Yoav Nir> <<hum - for ISE>>
[21:11:59] <Scott Fluhrer> hmum
[21:12:29] <Rich Salz> Thanks.  #1 had clear consensus
[21:12:43] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-dare-message-and-container-formats-01
[21:12:50] <Martin Thomson> Rich: #1 got the vote, there is a difference
[21:12:53] <Rich Salz> p2 Encrytping logfiles with openpgp
[21:13:16] Sean Turner joins the room
[21:13:27] <Rich Salz> p3 DARE container
[21:13:37] <Sean Turner> https://en.wikipedia.org/wiki/Drug_Abuse_Resistance_Education :)
[21:13:57] <Rich Salz> I DARE you to EAT RATS
[21:14:13] <richard.barnes> 💯
[21:15:02] <richard.barnes> Rich: You’re a STAR
[21:15:10] <Rich Salz> ha
[21:15:34] <Rich Salz> Next IETF Must be able to compose a sentence from all secdispatch acronyms
[21:15:37] <richard.barnes> O(log N) is the new O(1)
[21:15:43] <Rich Salz> p4 Efficiency
[21:15:59] <Yoav Nir> ...for sufficiently large values of 1
[21:16:16] <Martin Thomson> was it intentional to put RATS and STAR on the same billing?
[21:16:52] <richard.barnes> why do you think we put them back to back?
[21:18:25] <Rich Salz> As in RATS|STAR  It's a mirror, dangit.
[21:18:35] <Yoav Nir> amortize = we'll never get a security proof?
[21:18:41] <Rich Salz> oops, sorry, DARE key derivation
[21:18:54] <Lucas Pardue> *derrivation
[21:19:31] <richard.barnes> SIV
[21:19:44] <richard.barnes> https://www.imperialviolet.org/2017/05/14/aesgcmsiv.html
[21:19:44] <richard.barnes> for example
[21:20:05] <Rich Salz> P9? Applications
[21:22:00] <Dan Harkins> GDPR is the new Sarbanes-Oxley
[21:22:33] <Ned Freed> Dan: I have been saying that since I read the document.
[21:22:56] Jake Holland leaves the room
[21:23:18] <Rich Salz> Next steps
[21:23:31] <Martin Thomson> OK, waiting for someone to mention cose
[21:23:55] <Ned Freed> A standard signed/encrypted log container format would be very useful.
[21:24:25] ted.h joins the room
[21:24:28] <Ned Freed> I wonder, though, if the specific requirements of a given log make a one-size-fits-all solution difficult
[21:24:46] <Martin Thomson> SIV won't fix that, but it might be a good defense, though a better defense is to just maintain a counter and use an explicit nonce
[21:24:52] Christopher Wood joins the room
[21:25:15] <Martin Thomson> it's not like this is space-efficient, using JSON as it does
[21:25:21] ted.h leaves the room
[21:25:26] ted.h joins the room
[21:25:50] ted.h leaves the room
[21:25:58] cw-ietf leaves the room
[21:27:05] <Rich Salz> https://datatracker.ietf.org/meeting/102/materials/slides-102-secdispatch-using-secp256k1-with-jose-and-cose-draft-jones-webauthn-secp256k1-00-00
[21:27:41] <Rich Salz> p2 draft-jones-webauthn-secp256k1
[21:28:45] <Rich Salz> p3 reason to become an rfc
[21:30:17] <Rich Salz> p4 actions to date
[21:31:32] <Rich Salz> p5 this wont be the last such draft registering identifiers
[21:32:23] <Rich Salz> p6 possible next steps
[21:32:23] <richard.barnes> https://eprint.iacr.org/2014/161.pdf
[21:32:23] <richard.barnes> <-- side channels to extract private keys in 200 signatures
[21:32:29] <Yoav Nir> I hope nobody's going to register identifiers for Salsa20Poly1305.  AFAIK that's not even defined
[21:33:41] <Lucas Pardue> EAT SALSA
[21:33:59] Philippe Bergeon joins the room
[21:35:44] <richard.barnes> If there’s an IETF doc on this, it will need BIG WARNING LABELS
[21:36:32] Robert Chodorek joins the room
[21:37:02] <Yoav Nir> How do we get the experts for COSE, TLS, IPsec, others to make the same decision about a particular algorithm?
[21:37:31] <Yoav Nir> ISTM like we have multiple gatekeepers and it never makes sense for them to reach different conclusions.
[21:38:33] Stephen Banghart leaves the room
[21:39:51] Robert Chodorek leaves the room
[21:40:38] <richard.barnes> +1 to doing nothing
[21:40:46] Martin Thomson leaves the room
[21:41:28] Scott Fluhrer leaves the room
[21:42:39] Martin Thomson joins the room
[21:43:03] Philippe Bergeon leaves the room
[21:44:08] Dan Harkins leaves the room
[21:44:25] fenton leaves the room
[21:44:25] Sean Turner leaves the room
[21:44:57] Barry Leiba leaves the room
[21:45:00] Martin Thomson leaves the room
[21:45:01] sftcd leaves the room
[21:45:10] wseltzer leaves the room
[21:45:12] richard.barnes leaves the room
[21:45:17] Rich Salz leaves the room: Stream reset by peer
[21:45:21] metricamerica leaves the room
[21:45:21] <Yoav Nir> Rich: I'll see you tomorrow at ACME...
[21:46:39] Yoav Nir leaves the room
[21:46:39] Rolf E. Sonneveld leaves the room
[21:46:39] Satoru Kanno leaves the room
[21:46:39] Ned Freed leaves the room
[21:46:39] John Border leaves the room
[21:46:39] Lucas Pardue leaves the room
[21:46:39] Simon Pietro Romano leaves the room
[21:46:39] Kaoru Maeda leaves the room
[21:47:14] Christopher Wood leaves the room: Stream reset by peer
[21:49:35] whatdafuq leaves the room: Disconnected: closed
[21:50:13] craigt leaves the room
[21:50:14] meetecho leaves the room
[21:50:43] =JeffH leaves the room
[21:50:43] =JeffH joins the room
[21:53:32] Yoshiro Yoneya joins the room
[21:55:21] pyJOLIR8 leaves the room
[21:56:45] =JeffH leaves the room
[21:57:42] Yoshiro Yoneya leaves the room
[22:02:00] wseltzer joins the room
[22:02:48] Sean Turner joins the room
[22:04:55] Yoshiro Yoneya leaves the room
[22:06:55] Martin Thomson joins the room
[22:07:33] Barry Leiba joins the room
[22:09:07] Barry Leiba leaves the room
[22:09:37] craigt joins the room
[22:14:07] Christopher Wood joins the room
[22:14:12] richard.barnes joins the room
[22:14:55] =JeffH joins the room
[22:15:03] resnick joins the room
[22:15:44] =JeffH leaves the room
[22:16:39] Christopher Wood leaves the room
[22:22:31] Rich Salz joins the room
[22:23:57] richard.barnes leaves the room
[22:24:46] richard.barnes joins the room
[22:26:22] richard.barnes leaves the room
[22:30:07] Martin Thomson leaves the room
[22:50:35] richard.barnes joins the room
[23:11:02] Rich Salz leaves the room: Stream reset by peer
[23:35:12] richard.barnes leaves the room
[23:35:38] Sean Turner leaves the room
[23:35:59] resnick leaves the room
[23:40:14] craigt leaves the room
[23:40:37] Barry Leiba joins the room
[23:47:55] wseltzer leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!