IETF
uta
uta@jabber.ietf.org
Tuesday, July 22, 2014< ^ >
Room Configuration
Room Occupants

GMT+0
[10:47:16] nmagaia joins the room
[10:47:46] nmagaia leaves the room
[12:28:59] Lorenzo Miniero joins the room
[12:41:34] kohei.kasamatsu130 joins the room
[12:51:43] Scott Brim joins the room
[12:52:40] <Scott Brim> Good morning
[12:54:07] stpeter joins the room
[12:54:24] Nik Tomkinson joins the room
[12:55:12] Doug Turner joins the room
[12:56:41] stpeter joins http://www.meetecho.com/ietf90/uta
[12:56:53] John Doe joins the room
[12:57:05] John Doe leaves the room
[12:57:26] <Lorenzo Miniero> good choice! :)
[12:57:36] Yaron Sheffer joins the room
[12:57:37] Peter Saint-Andre joins the room
[12:57:53] cw-ietf joins the room
[12:58:48] stpeter finds a small Meetecho bug
[12:58:51] <stpeter> ;-)
[12:59:18] <Lorenzo Miniero> if you just found one, you're lucky!
[12:59:23] <Lorenzo Miniero> jokes apart, what's wrong?
[12:59:34] <Lorenzo Miniero> (apart the /me we're apparently not handling anymore!)
[12:59:50] <Lorenzo Miniero> Slide 1: Using Applications with TLS
[12:59:52] <Lorenzo Miniero> Current presenter: Chairs
[12:59:53] <Lorenzo Miniero> Slide 1: Using Applications with TLS
[13:00:05] Doug Turner leaves the room
[13:00:06] <stpeter> the appication didn't like an organization name of "&yet" (which it thought was empty), but "AndYet" was fine
[13:00:55] <Lorenzo Miniero> thanks for the info, we'll look into that
[13:01:09] Yaron Sheffer leaves the room
[13:01:10] <Lorenzo Miniero> Slide 2: Important Links
[13:01:13] Ken Murchison joins the room
[13:01:14] <Lorenzo Miniero> Slide 3: Note Well
[13:01:17] <stpeter> Lorenzo Miniero: I like the typing indicators in the chatroom!
[13:01:30] metricamerica joins the room
[13:01:43] satoru.kanno@jabber.org joins the room
[13:01:47] <Lorenzo Miniero> :)
[13:01:48] Tony Hansen joins the room
[13:02:00] <Scott Brim> Is there a /me equivalent?
[13:02:24] <Lorenzo Miniero> actually we did support it, I guess something went lost when refactoring the UI look
[13:02:30] <Lorenzo Miniero> we'll fix that as well
[13:02:32] hildjj joins the room
[13:02:35] <Scott Brim> and how about a facepalm?
[13:02:44] Barry Leiba joins the room
[13:02:57] <Lorenzo Miniero> that would be apt right now :)
[13:03:07] <stpeter> reviews++
[13:03:07] yoav.nir joins the room
[13:03:30] Joe Hall joins the room
[13:03:36] <Lorenzo Miniero> Slide 4: Agenda
[13:03:57] <yoav.nir> Hi. I’ll be channeling the Jabber room. If you want anything read at the mic, please prefix with “mic:”.
[13:04:49] rsalz joins the room
[13:05:00] <yoav.nir> Also, if you’re connecting to Jabber through meetecho, please also type your name, because your user looks like a jubmleofletters.ontario.conf.meetecho.com
[13:05:40] <stpeter> yoav.nir: thanks for channeling
[13:06:05] Dan York joins the room
[13:06:12] <Scott Brim> +1
[13:06:19] <Lorenzo Miniero> yoav.nir actually that shouldn't be happening, the display name should be ok: http://www.ietf.org/jabber/logs/uta/2014-07-22.html
[13:06:23] Doug Turner joins the room
[13:06:50] <hildjj> can someone paste the meetecho url, please?
[13:06:58] <stpeter> http://www.meetecho.com/ietf90/uta
[13:07:04] <hildjj> tx
[13:07:06] resnick joins the room
[13:07:18] <yoav.nir> I’m using Messages.app on Mac OS. I’ll try to download Psi
[13:07:32] Joe Hildebrand joins the room
[13:07:40] <stpeter> actually I'm not in Toronto this week :-) I did register as a remote participant, however
[13:07:52] <hildjj> i can't quite see the slides from inside the room. :)
[13:08:03] <Lorenzo Miniero> :D
[13:08:51] Doug Turner leaves the room
[13:09:00] <Lorenzo Miniero> Presentation stopped
[13:09:08] azet joins the room
[13:09:12] <Lorenzo Miniero> Slide 1: TLS Attacks and TLS BCP Drafts
[13:09:17] <Lorenzo Miniero> Current presenter: Yaron Sheffer
[13:09:18] <Lorenzo Miniero> Slide 1: TLS Attacks and TLS BCP Drafts
[13:09:27] Doug Turner joins the room
[13:10:04] Yoav Nir joins the room
[13:10:12] yoav.nir leaves the room
[13:10:29] <Lorenzo Miniero> Yaron, are you in Meetecho? slides should be up
[13:10:33] <Yoav Nir> Using Psi now. Looks like I see everybody's names
[13:11:09] <Yoav Nir> We're not seeing the slides in the room either.
[13:11:13] <Yoav Nir> Oh, that's better
[13:11:33] loreto.salvatore joins the room
[13:11:37] <Lorenzo Miniero> Slide 3: TLS BCP: Last Revision
[13:12:21] <Lorenzo Miniero> Slide 4: TLS BCP: Next Revision
[13:12:55] wseltzer joins the room
[13:13:37] sftcd joins the room
[13:13:41] Doug Turner leaves the room
[13:14:15] <Joe Hildebrand> /clear
[13:14:18] <Joe Hildebrand> doh.
[13:14:48] <Lorenzo Miniero> another feature to add... ;)
[13:14:53] <Joe Hildebrand> yes, please.
[13:14:58] <Yoav Nir> Sean said that the TLS WG is moving EC to std track. So 4492 will be updated
[13:15:05] <Yoav Nir> What do you think of this
[13:15:06] <Yoav Nir> ?
[13:15:14] <stpeter> that would be http://tools.ietf.org/html/rfc4492
[13:15:26] <Yoav Nir> Yeah. That would be a -bis of RFC 4492
[13:15:46] <stpeter> why are we using Skype instead of Meetecho? ;-)
[13:15:51] Ben Kaduk joins the room
[13:15:58] <Yoav Nir> Yaron: I'm repeating for your sake
[13:17:14] <stpeter> ok, good about not delaying - this document was supposed to be a quick win, updated as needed when conditions change on the ground
[13:17:30] <Lorenzo Miniero> Slide 5: Opens: 128-bit vs. 256-bit Ciphers
[13:17:34] <sftcd> @psa: yep informative references all the way
[13:17:43] Hervé joins the room
[13:17:46] <Yoav Nir> Oh, just noticed that Yaron is not in the room.
[13:19:23] <Scott Brim> Y'know, in 1993 I tried to do a remote presentation (Amsterdam IETF, re multicast routing). It worked as well as this.
[13:19:54] Ben Kaduk leaves the room
[13:20:16] <Yoav Nir> Progress!
[13:20:17] <Lorenzo Miniero> Slide 6: Opens: Fallback to Earlier Versions
[13:21:27] <Yoav Nir> The sad thing is that the thing that works best for remote presentation is still a phone on speaker with a microphone aimed at the speaker.
[13:21:50] <Lorenzo Miniero> Slide 7: Opens: Mention Other Bad
[13:22:43] <stpeter> BCP != Bad Current Practices :-)
[13:23:07] <Lorenzo Miniero> Slide 5: Opens: 128-bit vs. 256-bit Ciphers
[13:23:22] <azet> btw: alexa top 1mio scans indicate TLS1.0 only as somewhere on the order of 0.3% of servers
[13:23:41] <sftcd> why are anon ciphersuites "bad" - they're not, but are often things to avoid; also, widely implemented != widely used is relevant here
[13:23:43] <stpeter> azet: got URL?
[13:23:47] <azet> working on internet-wide scanning myself
[13:24:01] <azet> stpeter: http://securitypitfalls.wordpress.com/2014/06/24/rc4-only-servers-fall-below-1-june-2014-scan-results/
[13:24:10] <stpeter> azet: thanks!
[13:24:20] <azet> (he used https://github.com/jvehent/cipherscan)
[13:24:42] Steffi joins the room
[13:25:50] <stpeter> azet: that seems a bit misleading - the report says "TLS 1.0 only", presumably that means also not SSLv3
[13:25:53] <Joe Hildebrand> Lorenzo: you also need to check your URL regex
[13:26:13] <Yoav Nir> Yes, for SSLv3 or TLS1 only it stands at 41.54%
[13:26:38] <Yoav Nir> IOW only 54% support TLS 1.1 and 57% support TLS 1.2
[13:26:57] <stpeter> sftcd: sure - that gets into the topic of unauthenticated encryption
[13:27:50] <Lorenzo Miniero> wil ldo that as well (plenty of feedback today! :) )
[13:28:04] <Yoav Nir> SSLv3 only is just under 1%
[13:28:06] <stpeter> FWIW, as a co-author I think Yaron's proposed text change is fine on bits of security
[13:28:06] cabo joins the room
[13:28:20] <azet> hmm, these numbers are indeed a bit strange
[13:28:56] scott.brim joins the room
[13:29:15] <Yoav Nir> I'm wondering if it's correct to recommend 256 over 128.
[13:29:43] <stpeter> +1 to Chris
[13:29:44] <metricamerica> is it clear that there are conditions under which fallback to ssl 3 will work, where retrying tls 1.0 won't?
[13:29:57] =JeffH joins the room
[13:30:08] <Lorenzo Miniero> Slide 6: Opens: Fallback to Earlier Versions
[13:30:17] =JeffH leaves the room
[13:30:29] g.e.montenegro joins the room
[13:30:44] <Yoav Nir> It will work with servers that are intolerant of extensions. You usually can get by with TLS 1.0 without extensions, but browsers don't want to try over and over again too many times.
[13:31:37] <metricamerica> thanks, that's helpful.
[13:32:01] <azet> ack on kenny
[13:32:21] <azet> TLS1.0 is basically as bad as SSLv3
[13:32:39] yohba727 joins the room
[13:32:47] <stpeter> "Implementations SHOULD NOT negotiate TLS version 1.0" seems a pretty clear recommendation that it's not the future
[13:33:33] <sftcd> @psa: yes, do you want that at the mic? (or are you here;-)
[13:33:43] <stpeter> sftcd: I'm at home in Denver
[13:33:49] <azet> stpeter: yes
[13:33:55] <sftcd> good for you, bad for us, I'll go to mic
[13:34:07] <stpeter> thanks sftcd
[13:34:29] <sftcd> I delegated:-)
[13:34:33] <stpeter> heh
[13:34:35] m&m joins the room
[13:35:04] <Yoav Nir> Reminder: if you want me to say it in the room, preface with "mic:"
[13:35:12] semery joins the room
[13:35:52] <stpeter> (the text I quoted is what's in the document right now)
[13:36:38] Anders Lindgren joins the room
[13:37:49] =JeffH joins the room
[13:38:50] Anders Lindgren leaves the room
[13:39:33] Alessandro Arrichiello joins the room
[13:39:34] <Yoav Nir> I guess it depends on what we mean by "application". If we are specifying a BCP for one side (say, the client), it has to be able to live with the servers that are out there. If we consider "application" to be something that we're designing both sides of, we can specify the best thing that's mostly available.
[13:41:06] <Lorenzo Miniero> Slide 7: Opens: Mention Other Bad
[13:42:17] <stpeter> Yoav Nir: IMHO application is application protocol - SMTP or XMPP might recommend something different from HTTP
[13:42:26] <Yoav Nir> There's no limit to "bad practices". Setting all of the client and server random to zeros is also NOT RECOMMENDED
[13:43:13] scott.brim nods to StPeter. I suppose the best thing for the IETF to do is to characterize the choices, including strengths and weaknesses, so that app developers can make better choices.
[13:43:51] <Yoav Nir> stpeter: Sure. HTTPS has to deal with 10 and 15 year old implementations that are out there. SMTP - probably also. If we were defining some new Foo over TLS, we can specify TLS 1.2 with an AEAD.
[13:43:56] <Yoav Nir> Like HTTP/2 are doing.
[13:45:18] <stpeter> yep
[13:45:42] <Lorenzo Miniero> Slide 2: TLS Attacks
[13:45:45] <stpeter> to Orit's point, yes, we can add some further text on the rationales
[13:46:00] yohba727 leaves the room
[13:46:34] <Lorenzo Miniero> Slide 3: TLS BCP: Last Revision
[13:46:37] <Lorenzo Miniero> Slide 2: TLS Attacks
[13:46:48] <stpeter> sorry, I need to drop off, I'll listen to the recording
[13:46:50] stpeter leaves the room
[13:47:48] <azet> i'm up to review, but currently very busy
[13:47:53] <azet> (aaron zauner)
[13:47:55] Peter Saint-Andre leaves the room
[13:53:36] <Lorenzo Miniero> Presentation stopped
[13:54:00] <Lorenzo Miniero> Slide 1: TLS Server Identity verification
[13:54:05] Alessandro Arrichiello leaves the room
[13:54:18] <Lorenzo Miniero> Current presenter: Alexey Melnikov
[13:54:19] <Lorenzo Miniero> Slide 1: TLS Server Identity verification
[13:54:23] Yaron Sheffer joins the room
[13:54:53] <Lorenzo Miniero> Slide 2: Changes since 01
[13:56:08] <Lorenzo Miniero> Slide 3: What's next?
[13:57:30] Yaron Sheffer leaves the room
[14:00:17] Yaron Sheffer joins the room
[14:00:52] azet raises hand
[14:02:23] <Lorenzo Miniero> Presentation stopped
[14:02:36] <Lorenzo Miniero> Slide 1: IETF 90 UTA
[14:02:43] <Lorenzo Miniero> Current presenter: John Mattsson
[14:02:44] <Lorenzo Miniero> Slide 1: IETF 90 UTA
[14:02:49] <Lorenzo Miniero> Slide 2: Motivation
[14:03:39] Naercio Magaia joins the room
[14:04:01] <Lorenzo Miniero> Slide 3: TLS OVERHEAD ANALYSIS
[14:04:46] <Lorenzo Miniero> Slide 4: TLS HANDSHAKE
[14:06:05] <Lorenzo Miniero> Slide 5: TLS CIPHERS IN USE
[14:06:25] Naercio Magaia leaves the room
[14:11:12] <Lorenzo Miniero> Slide 6: TLS CIPHER TRAFFIC OVERHEAD
[14:11:29] yohba727 joins the room
[14:12:57] <Lorenzo Miniero> Slide 7: PROCESSING OVERHEAD
[14:13:13] kohei.kasamatsu130 leaves the room
[14:15:05] <Lorenzo Miniero> Slide 8: CONCLUSIONS
[14:15:33] schuki joins the room
[14:17:59] loreto.salvatore leaves the room
[14:18:22] Scott Brim leaves the room
[14:19:08] scott.brim leaves the room
[14:23:39] kohei.kasamatsu130 joins the room
[14:23:45] semery leaves the room
[14:23:52] <Lorenzo Miniero> Presentation stopped
[14:24:19] <Lorenzo Miniero> Slide 1: Binding Security Tokens to
[14:24:37] <Lorenzo Miniero> Slide 2: The Problem: Bearer Tokens
[14:26:04] <Lorenzo Miniero> Slide 3: Establishing a TLS Channel
[14:28:03] <Lorenzo Miniero> Slide 4: Preventing Token Theft
[14:28:28] <Lorenzo Miniero> Slide 5: Token Binding Protocol
[14:29:15] <Lorenzo Miniero> Slide 6: Token Binding Protocol
[14:30:29] <Lorenzo Miniero> Slide 7: TLS Handshake And Token Binding Protocol
[14:31:52] <Lorenzo Miniero> Slide 8: Links And Contact Information
[14:32:42] <Yoav Nir> yet another cookie replacement / session management proposal
[14:35:25] loreto.salvatore joins the room
[14:35:32] kohei.kasamatsu130 leaves the room
[14:36:54] <=JeffH> wrt terminology see: https://www.google.co.uk/search?output=search&sclient=psy-ab&q=%22tls+channel%22+rfc+site:ietf.org&btnG=&gbv=1&sei=lHTOU4-GBY7T7AailYDgBA
[14:49:38] <=JeffH> srt any questions wrt FIDO please see fidoalliance.org, and/or tug my sleeve either virtually or in person
[14:49:46] <=JeffH> s/srt/wrt/
[14:53:57] <Yoav Nir> I think the question of what WG handles this should be left to ADs and in the long run doesn't even matter.
[14:54:18] <Yoav Nir> (and JeffH said it at the mike as I was typing...)
[14:54:31] schuki leaves the room
[14:54:50] sftcd leaves the room
[14:54:50] <Lorenzo Miniero> Presentation stopped
[14:54:51] metricamerica leaves the room
[14:54:55] <Yoav Nir> And we're done...
[14:54:56] g.e.montenegro leaves the room
[14:55:00] Yoav Nir leaves the room
[14:55:21] <Lorenzo Miniero> meeting's over! a recording will be made available soon on http://ietf90.conf.meetecho.com
[14:55:38] Joe Hall leaves the room
[14:55:57] yohba727 leaves the room
[14:56:06] Yaron Sheffer leaves the room
[14:56:24] Tony Hansen leaves the room
[14:56:26] Joe Hildebrand leaves the room
[14:57:00] satoru.kanno@jabber.org leaves the room
[14:57:18] Ken Murchison leaves the room
[14:57:19] Barry Leiba leaves the room
[14:57:20] Nik Tomkinson leaves the room
[14:57:31] massimiliano.pala joins the room
[14:57:31] Lorenzo Miniero leaves the room
[14:58:03] azet leaves the room
[14:58:14] schuki joins the room
[15:00:03] Hervé leaves the room
[15:01:45] Joe Hall joins the room
[15:02:10] Joe Hall leaves the room
[15:02:12] massimiliano.pala leaves the room
[15:02:54] wseltzer joins the room
[15:03:41] m&m leaves the room: Disconnected: connection closed
[15:03:43] m&m joins the room
[15:08:00] hildjj leaves the room
[15:08:00] cw-ietf leaves the room
[15:09:44] yohba727 joins the room
[15:10:09] Steffi leaves the room
[15:12:38] resnick leaves the room
[15:14:00] wseltzer leaves the room
[15:18:55] yohba727 leaves the room
[15:19:09] =JeffH leaves the room
[15:19:47] rsalz leaves the room
[15:22:11] Abdussalam Baryun joins the room
[15:22:30] wseltzer leaves the room
[15:23:52] loreto.salvatore leaves the room
[15:25:31] Abdussalam Baryun leaves the room
[15:27:39] loreto.salvatore joins the room
[15:28:08] Dan York leaves the room
[15:30:13] loreto.salvatore leaves the room
[15:32:46] sftcd joins the room
[15:35:41] schuki leaves the room
[15:37:26] schuki joins the room
[15:41:42] schuki leaves the room
[15:43:00] cabo leaves the room
[15:43:23] cabo joins the room
[15:45:58] m&m leaves the room: Disconnected: connection closed
[15:46:53] wseltzer joins the room
[15:51:49] Tony Hansen joins the room
[15:52:17] hildjj joins the room
[15:56:50] Joe Hall joins the room
[15:57:42] Joe Hall leaves the room
[16:06:30] wseltzer leaves the room
[16:16:20] loreto.salvatore joins the room
[16:23:01] cabo leaves the room
[16:27:53] Tony Hansen leaves the room
[16:29:47] sftcd leaves the room
[16:36:31] hildjj leaves the room
[16:36:59] hildjj joins the room
[16:44:25] yohba727 joins the room
[16:50:29] Barry Leiba joins the room
[16:50:34] Barry Leiba leaves the room
[16:56:33] satoru.kanno@jabber.org joins the room
[16:57:34] yohba727 leaves the room
[16:59:12] loreto.salvatore leaves the room
[17:01:43] Tony Hansen joins the room
[17:01:45] yohba727 joins the room
[17:02:57] satoru.kanno@jabber.org leaves the room
[17:03:23] Tony Hansen leaves the room
[17:03:38] loreto.salvatore joins the room
[17:04:01] loreto.salvatore leaves the room
[17:06:32] cabo joins the room
[17:11:10] rsalz joins the room
[17:17:22] Hervé joins the room
[17:17:26] Hervé leaves the room
[17:17:37] Hervé joins the room
[17:28:30] yohba727 leaves the room
[17:31:41] schuki joins the room
[17:47:16] cabo leaves the room
[17:48:44] rsalz leaves the room
[17:51:05] yohba727 joins the room
[17:58:41] Hervé leaves the room
[17:59:42] yohba727 leaves the room
[18:01:01] schuki leaves the room
[18:06:22] wseltzer joins the room
[18:06:34] wseltzer joins the room
[18:08:28] Hervé joins the room
[18:12:12] yohba727 joins the room
[18:18:47] yohba727 leaves the room
[18:19:34] schuki joins the room
[18:19:59] Hervé leaves the room
[18:21:57] m&m joins the room
[18:22:02] wseltzer leaves the room
[18:22:37] loreto.salvatore joins the room
[18:34:13] wseltzer joins the room
[18:47:32] wseltzer leaves the room
[19:10:03] hildjj leaves the room
[19:10:09] hildjj joins the room
[19:25:00] m&m leaves the room
[19:30:03] hildjj leaves the room
[19:32:05] hildjj joins the room
[19:35:03] hildjj leaves the room
[19:42:24] hildjj joins the room
[19:44:29] hildjj leaves the room
[19:47:44] schuki leaves the room
[19:53:59] schuki joins the room
[20:03:53] loreto.salvatore leaves the room
[20:05:30] loreto.salvatore joins the room
[20:08:52] loreto.salvatore leaves the room
[20:23:07] schuki leaves the room
[20:28:10] yohba727 joins the room
[20:30:31] yohba727 leaves the room
[20:32:04] wseltzer leaves the room
[20:34:30] yohba727 joins the room
[20:47:21] wseltzer joins the room
[20:51:28] schuki joins the room
[20:58:33] loreto.salvatore joins the room
[20:59:53] loreto.salvatore leaves the room
[21:07:35] loreto.salvatore joins the room
[21:21:21] loreto.salvatore leaves the room
[21:32:25] schuki leaves the room
[21:45:49] yohba727 leaves the room
[22:10:26] loreto.salvatore joins the room
[22:10:26] schuki joins the room
[22:19:30] schuki leaves the room
[22:21:05] loreto.salvatore leaves the room
[22:26:32] loreto.salvatore joins the room
[22:30:47] schuki joins the room
[22:46:05] wseltzer leaves the room
[23:42:21] schuki leaves the room
[23:48:19] loreto.salvatore leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!