Minutes of the Security Area Advisory Group (SAAG) Thursday, July 26, 1300-1500 CT Scribe: George Jones Area directors: Sam Hartman and Tim Polk Each working group and BOF that met during the week gave a brief report. For summaries of these meetings see the working group or BOF minutes. These minutes include discussion that happened during these reports. * S/MIME Tim Polk: There is concern that there are not free tools for recent versions of ASN.1. There is work underway to create a public complier that will be useful. * Internationalization and Security Presentation by John Klensin. * Originally started with an include everything unless there is a reason to exclude it strategy; this is problematic * Discovered that mappings need to be reversible. * IDNA-bis only plans to have word characters; much more restricted set * Critical: independence from Unicode version * You may not know what your OS has * Even if you do, nothing you can do about it. * Q&A * This sounds complicated. * There was a discussion of DNS and authentication and about what DNS is/is not good for * Sam Hartman expressed the concern that we need to find some way to generalize the lessons from IDNA and create tools useful within the security area. * John Klensin pointed out that ASCII encodings can be desirable in protocols because they work better if fonts are missing; cutting and pasting works even if the script is not legible. * Paul Hoffman notes that the IDNA-bis documents have not yet gone through any formal process. * There was a discussion of whether tables or rules should be used in categorizing what Unicode characters should be allowed. John points out that table tie you to a specific version of Unicode; others raise concerns about whether the rules can be good enough. * David Black encouraged us to focus on the important cases that actually come up in our protocols. What you allow and disallow need to be considered the same way as other security considerations. * Sam noted that one thing to consider carefully is to what extent our protocols have the same assumptions as DNS and when that is not the case what better options we have. John's documents make this clear although he did not emphasize this in his presentation * Presentation on desirability of a new GCM mode Presentation by Morris Dworkin of NIST GCM is very dependent on counters not being reused. If counters are reused, then an attacker can make modifications of the attackers choice and defeat the integrity mechanism. Fixes were proposed that would decrease the performance of GCM. NIST is not adopting these fixes, but is interested in whetherprotocol developers would find a mode with these fixes useful. Sam asked for a show of hands for people who would find the new mode useful in their protocols. There were no hands. Sam asked people who would find this useful to discuss on the list.