------------------------------------------ IETF77 CSI WG meeting agenda ------------------------------------------ MONDAY, March 20, 2010 1740-1940 Afternoon Session III ------------------------------------------ Agenda bashing, note takers All - 5 min Gunther on bakeoff: will try again next IETF in Maastricth WG status Chairs - 5 min Pretty much done with all deliverables except crypto agility. Hash Analysis and Proxy Send Problem statement - in IESG past WG Cert work - thru LC DHCP CGA interaction - WG LC to be issued soon Only remaining work: PK agility Crypto Agility Tony - 15 min Signature agility draft-cheneau-send-sig-agility and draft-cheneau-ecc-agility ECC/ECDSA and advantages thereof, the usual ECC goodness removed csi-cga-pk-agility - M-CGA was too complex removed mention in sig-agility hosts: * generate either RSA/SHA1 (legacy) or ECC/SHA256 * ability to talk to RFC 3971 hosts * ability to verify certs other than that used for the signature router: * verify more than one signature type * different CGAs lead to different cert paths, behave as different entities supported sig alg options (SSA) in ND message * per alg: sign and verify or verify only * ECC values follow IKEv2 registry values universal signature option (USO) * compatible with RSA sign option when key id = 0 (legacy) 3971 nodes will ignore SSA and USO and just reply with their legacy sig new nodes can verify and sign diff signature families. * or not, but it is clear and will respond accordingly implementation being done but need more expert review Implementation report Tony - 10 min implementation within the MobiSEND project in France modified SCAPY6 (tool for packet generation) for SeND * mostly in user space * must run as root to be added: * sign agility support * CRL check * rate limiting * in-kernel CGA generation not production but proof-of-concept Thomas: what is the diff between your and docomo's implementation? Tony: This is a re-implementation. for improved deployability and stability as well as extensibility Next steps with crypto agility All - 15 min energy problem in the group. specially worrisome with this agility work * it would modify base spec * insufficient review Thomas: would be good to try to obtain good review about this, or publish as experimental Jari: if it has been tried and nothing has happened, it is better to let it expire, not to publish it marcelo: if no change, we will close as soon as we finish up the other drafts. If there's energy we will continue.