IETF
ace
ace@jabber.ietf.org
Monday, April 4, 2016< ^ >
Room Configuration
Room Occupants

GMT+0
[12:37:53] Meetecho joins the room
[12:58:35] Klaus Hartke joins the room
[12:59:17] Steve Olshansky joins the room
[12:59:29] Steve Olshansky leaves the room
[12:59:31] Erik Wahlström joins the room
[12:59:38] Steve Olshansky joins the room
[12:59:46] Ludwig Seitz joins the room
[13:00:51] Kathleen Moriarty joins the room
[13:01:25] Piers O'Hanlon joins the room
[13:01:32] <Kathleen Moriarty> Good morning!
[13:01:56] Ludwig Seitz_2306 joins the room
[13:02:03] <Erik Wahlström> Good morning! Or afternoon! :)
[13:02:36] Ludwig Seitz leaves the room: offline
[13:02:48] demir rakanovic joins the room
[13:03:03] <Ludwig Seitz_2306> Are we supposed to see the slides on the main screen of meetecho?
[13:03:06] <Erik Wahlström> Can't see the slides. Is it just me?
[13:03:14] <Erik Wahlström> Aaa :)
[13:03:19] <Meetecho> working on that
[13:03:28] <Ludwig Seitz_2306> Got it, thanks
[13:04:26] jimsch1 joins the room
[13:04:28] Carsten Bormann joins the room
[13:04:31] Börje Ohlman joins the room
[13:07:09] yone joins the room
[13:07:38] Robert Cragie joins the room
[13:07:48] demir rakanovic leaves the room
[13:07:52] Coordination Center joins the room
[13:08:13] demir rakanovic joins the room
[13:08:14] Sandeep Kumar joins the room
[13:08:46] Ludwig Seitz_2306 leaves the room
[13:08:58] Ludwig Seitz joins the room
[13:09:27] Coordination Center leaves the room
[13:10:15] Robert Cragie_1089 joins the room
[13:11:28] Borje Ohlman joins the room
[13:13:06] ken carlberg joins the room
[13:14:03] <Robert Cragie_1089> As usual, fallen down the priority list but I am still committed to review it
[13:14:11] Borje Ohlman leaves the room
[13:14:32] Robert Cragie leaves the room
[13:17:50] Michael Richardson joins the room
[13:18:38] <Michael Richardson> Morning!
[13:21:38] Thomas Watteyne joins the room
[13:22:06] <Ludwig Seitz> PoP = Proof of Posession in case someone wonders
[13:22:06] <Thomas Watteyne> good morning!
[13:23:08] Coordination Center joins the room
[13:31:42] <Ludwig Seitz> We are one slide too far
[13:34:23] Tom McGarry joins the room
[13:37:22] Tom McGarry leaves the room
[13:37:33] <Michael Richardson> what is the saving here?  Is it about bytes on the wire, or is it about removing the need to validate the credential again?  Presumeably this happens in the same secure channel?
[13:37:47] <Michael Richardson> I guess I'll save this for mic: later when we do that.
[13:38:04] <Ludwig Seitz> Bytes on the wire, we don't want to retransmit a certificate or public key
[13:43:08] Borje Ohlman joins the room
[13:43:19] <Michael Richardson> +1 on what Dave said.
[13:44:31] Deb Cooley joins the room
[13:46:02] Borje Ohlman leaves the room
[13:46:34] Dave Thaler joins the room
[13:46:52] Börje Ohlman leaves the room
[13:47:17] Paolo Saviano joins the room
[13:47:38] demir rakanovic leaves the room
[13:47:40] Paolo Saviano leaves the room
[13:48:04] demir rakanovic joins the room
[13:50:51] <Ludwig Seitz> How many constrained devices can generate good asymmetric keys?
[13:52:06] <jimsch1> They don't have to.  It can be pre-configured
[13:52:10] <Dave Thaler> the keys may be generated by another device and provisioned on the constrained device
[13:52:46] <Ludwig Seitz> Doesn't that give us the same problem as the RPK solution? There is a trusted third party that has the private key
[13:52:52] <jimsch1> Although that does present another database to be attacked
[13:52:54] <Erik Wahlström> +1 on Göran :)
[13:53:11] <Ludwig Seitz> I meant PSK
[13:55:03] <Dave Thaler> yes but the private key need not be in any *connected* database (it could be in the manufacturer's offline key generation system)
[13:55:07] sftcd joins the room
[13:55:17] <Ludwig Seitz> Point taken
[13:55:57] <Robert Cragie_1089> Many constrained devices can generate good random numbers, which is what is important.. There are often good sources of entropy based on e.g. radios, low power clocks etc.
[13:56:12] demir rakanovic leaves the room
[13:56:18] <jimsch1> One could also do it duruing provisioning and have "good" precedures for protection and destruction
[13:56:52] <Robert Cragie_1089> Agree secure storage is also important
[14:00:21] demir rakanovic joins the room
[14:00:41] <Robert Cragie_1089> +1 re splitting the document into framework plus additional profile documents
[14:01:37] Erik Wahlström leaves the room
[14:03:57] <Ludwig Seitz> There is actually a list of stuff for Token Transport as well ...
[14:04:38] <Ludwig Seitz> He means page 5 I think
[14:04:48] <Dave Thaler> glad to year there's a list of stuff for token transport as well
[14:04:52] <Dave Thaler> glad to hear
[14:05:33] Sandeep Kumar leaves the room
[14:05:54] Sandeep Kumar joins the room
[14:06:52] <Ludwig Seitz> Check the presentations from the interim meeting for the list of options for token transport
[14:07:13] <Dave Thaler> are there blue sheets for this meeting?
[14:09:09] <Ludwig Seitz> I signed a virtual blue sheet when I started meetecho
[14:09:59] resnick joins the room
[14:10:24] <jimsch1> A blue sheet passed me at the begining of the meeting
[14:10:34] <Michael Richardson> +5 om virtual time.
[14:11:03] R Wilton joins the room
[14:12:00] Darshak joins the room
[14:12:01] sftcd joins the room
[14:12:08] sftcd leaves the room
[14:14:16] Stefan Santesson joins the room
[14:14:29] <Dave Thaler> if anyone remote wants a mic relay please prefix comment with "mic:"
[14:15:49] sftcd joins the room
[14:16:08] sftcd leaves the room
[14:16:31] Randy Turner joins the room
[14:18:15] Gabriel Montenegro joins the room
[14:20:28] sftcd joins the room
[14:21:08] sftcd leaves the room
[14:21:33] demir rakanovic leaves the room
[14:21:57] <Ludwig Seitz> mic: Would a nonce-based solution require the constrained device to keep track of all nonces that have been used?
[14:22:13] <Dave Thaler> mic ack
[14:23:01] demir rakanovic joins the room
[14:23:03] Gabriel Montenegro leaves the room
[14:23:14] <Dave Thaler> (i think no)
[14:23:45] <Dave Thaler> i think hannes just answered, still want mic relay?
[14:23:56] <Ludwig Seitz> No need, thanks
[14:24:00] <Dave Thaler> ack
[14:24:29] <Dave Thaler> answer was if it's a seq number resource server just needs to store last one (not all)
[14:24:51] Thomas Watteyne joins the room
[14:25:39] Thomas Watteyne leaves the room
[14:26:51] <resnick> What slide deck are we looking at now?
[14:26:56] <R Wilton> Because if you just reply on the RS' view of time, you're at the mercy of an RS that is prepared to send you bogus timestamps.
[14:27:00] <resnick> https://datatracker.ietf.org/meeting/95/session/ace/
[14:27:02] <R Wilton> *rely
[14:27:07] ken carlberg leaves the room
[14:27:34] <Ludwig Seitz> The AS might not even be able to talk to the RS
[14:28:13] <resnick> And where is the speaker’s slide deck?
[14:29:05] <Dave Thaler> not online as far as I can tell
[14:29:17] Robin Wilton joins the room
[14:29:20] <resnick> :-/
[14:33:08] sftcd joins the room
[14:35:01] <R Wilton> (hand up for separate docs, by the way - sorry it's a late vote)
[14:35:33] Randy Turner leaves the room
[14:35:41] <Robert Cragie_1089> A challenge for proving the framework is to produce a DCAF profile on it
[14:35:50] Randy Turner joins the room
[14:36:12] <Dave Thaler> hand up noted
[14:36:37] <Dave Thaler> (Michael & R Wilton) noted in favor of split
[14:36:45] <Ludwig Seitz> Profile I'm interested in: 1. RS verifies locally, 2. Object Security, 3. RPK 4. POST to /authz-info 5. Sequence number based freshness 6. CoAP 7. CBOR/COSE
[14:37:06] <Robin Wilton> Thanks Dave - the R is for Robin, btw… I should have thought of that when registering) ;^\
[14:37:28] Toshio Tachibana joins the room
[14:37:45] ace joins the room
[14:38:12] <Ludwig Seitz> Hand for app. layer security
[14:38:14] <Michael Richardson> I have had a lot of difficulties understanding how the transport security works. I guess one winds exchanging bearer tokens through private channels, so essentially they are just long passwords which need to be transmitted securely, and stored securely.
[14:38:27] <Dave Thaler> counted you Ludwig
[14:38:44] Toshio Tachibana leaves the room
[14:39:28] <Dave Thaler> btw, hannes is back on the oauth slides that are online
[14:39:28] <Ludwig Seitz> Michael: You mean DTLS? We never intended to specify bearer tokens
[14:40:19] <Ludwig Seitz> Basically you would use the PoP-key in the DTLS protocol (e.g. as RPK or PSK)
[14:41:37] <jimsch1> I think you would still have the bearer token (i.e. JWT) with the key for the authorization.  It is then matched againist the DTLS key.  This might be a problem with proxies however.  Needs to be end to end DTLS
[14:42:41] <Robert Cragie_1089> Framework has to support both due to potential intermediaries between C and RS
[14:42:45] <R Wilton> Just out of idle curiosity: I wonder what the Venn is, of (constrained devices capable of supporting one end of a TLS session) and (constrained devices capable of securing a bearer token exchange at the application layer).
[14:42:46] ace leaves the room
[14:43:04] <Michael Richardson> mic: constrained devices are not always paired with constrained networks.
[14:43:05] Barbara Stark joins the room
[14:43:46] <Dave Thaler> mic ack
[14:43:47] <Ludwig Seitz> Yes
[14:44:00] <Ludwig Seitz> (to jim's question)
[14:44:11] <Ludwig Seitz> Introspection is about constrained clients
[14:44:38] sftcd leaves the room
[14:45:42] <Dave Thaler> counted you Ludwig
[14:46:43] Antonio Araujo joins the room
[14:46:43] <Robert Cragie_1089> mic: Are we trying to narrow the scope of the framework here or simply soliciting opinions on what might go into profiles?
[14:48:16] <Robert Cragie_1089> OK got it
[14:49:36] <Dave Thaler> counted Ludwig for RPK
[14:50:41] <Ludwig Seitz> mic: Ask if the POST should be part of the framework
[14:50:54] <Ludwig Seitz> I meant POST to /authz-info
[14:51:33] <Ludwig Seitz> Ok
[14:53:11] Antonio Araujo leaves the room
[14:53:11] <Dave Thaler> not sure how to count you on this one ludwig, the non-sync clocks? (you said sequence # based above)
[14:53:43] Deb Cooley leaves the room
[14:54:03] <Ludwig Seitz> non-sync
[14:54:10] Börje Ohlman joins the room
[14:54:14] <Dave Thaler> thanks, counted
[14:56:21] Stefan Santesson leaves the room
[15:01:17] <Robert Cragie_1089> I don't think CoAP vs HTTP is important
[15:01:42] <Robert Cragie_1089> on the black arrows, which is what we are considering here
[15:02:23] <Michael Richardson> mic: if HTTP client code is include in C or RS in order to speak to AS, then the code is there.  Okay, the server side of each could be omitted if we do CoAP only for C<->RS, but it seems like the AS can more likely support CoAP than the other way around.
[15:05:45] <Robert Cragie_1089> Was that Carsen volunteering to write the DCAF-based profile? :)
[15:07:44] Robert Cragie_1089 leaves the room
[15:09:13] <Dave Thaler> doing live editing, #2 matches Ludwig's
[15:09:42] <Dave Thaler> oops just changed ot not match
[15:10:46] <Ludwig Seitz> Hand raised
[15:12:00] <Dave Thaler> Hannes scribed on screen: Ludwig + Novo + Carsten
[15:12:37] <Dave Thaler> for non-synced clocks
[15:13:14] <Dave Thaler> which is separate from the strawman set of initial profiles on screen
[15:15:37] Garima Pandey joins the room
[15:16:39] demir rakanovic leaves the room
[15:16:39] <Dave Thaler> Ludwig note that neither profile 1 nor 2 matched your list, and he added 3 but didn't fill it in.  Your list was same as #2 but with non-synced clocks hence the separate question.
[15:17:13] <Garima Pandey> Hum
[15:17:29] <Dave Thaler> https://www.ietf.org/proceedings/95/slides/slides-95-ace-1.pdf
[15:18:38] demir rakanovic joins the room
[15:18:41] <Michael Richardson> I will look at it....
[15:20:00] demir rakanovic leaves the room
[15:20:13] demir rakanovic joins the room
[15:21:19] Börje Ohlman leaves the room
[15:22:03] <Kathleen Moriarty> Thanks, Michael
[15:24:49] Robin Wilton leaves the room
[15:24:59] Antonio Lima joins the room
[15:24:59] Robin Wilton joins the room
[15:25:26] Randy Turner leaves the room
[15:25:59] Thomas Watteyne leaves the room
[15:26:14] Antonio Lima leaves the room
[15:27:59] Thomas Watteyne joins the room
[15:29:34] yone leaves the room
[15:29:41] Steve Olshansky leaves the room
[15:29:47] Thomas Watteyne leaves the room
[15:30:08] <R Wilton> Thanks everyone - thanks HAnnes
[15:30:09] Carsten Bormann leaves the room
[15:30:14] sftcd leaves the room
[15:30:16] <R Wilton> *Hannes
[15:30:23] <Ludwig Seitz> Thanks Dave for Jabber scribing
[15:30:28] <R Wilton> Sorry not to be there in person - see you in Berlin, I hope.
[15:30:45] Sandeep Kumar leaves the room
[15:31:08] Barbara Stark leaves the room
[15:31:40] Michael Richardson leaves the room
[15:31:40] Ludwig Seitz leaves the room
[15:32:00] jimsch1 leaves the room
[15:32:05] <Garima Pandey> Authentication Options with Transport Security??
[15:33:07] Klaus Hartke leaves the room
[15:33:14] R Wilton leaves the room
[15:34:40] demir rakanovic leaves the room
[15:35:41] Meetecho leaves the room
[15:35:48] Robin Wilton leaves the room
[15:37:57] Coordination Center leaves the room
[15:37:57] Piers O'Hanlon leaves the room
[15:37:58] Kathleen Moriarty leaves the room
[15:37:58] Garima Pandey leaves the room
[15:39:58] Kathleen Moriarty joins the room
[15:40:22] resnick leaves the room
[15:44:41] Darshak leaves the room
[15:46:08] Dave Thaler leaves the room
[15:47:07] Carsten Bormann joins the room
[15:48:33] Steve Olshansky joins the room
[15:49:08] Steve Olshansky leaves the room
[15:52:51] yone joins the room
[15:55:40] yone leaves the room
[15:57:21] Dave Thaler joins the room
[15:59:34] jimsch1 joins the room
[16:12:38] jimsch1 leaves the room
[16:15:33] jimsch1 joins the room
[16:22:16] Dave Thaler leaves the room
[16:32:11] resnick joins the room
[16:37:16] Carsten Bormann leaves the room
[16:38:36] jimsch1 leaves the room
[16:53:36] resnick leaves the room
[16:55:46] Darshak joins the room
[16:56:16] Darshak leaves the room
[16:58:06] Darshak joins the room
[17:03:31] Carsten Bormann joins the room
[17:06:27] resnick joins the room
[17:17:22] Stefan Santesson joins the room
[17:24:07] Carsten Bormann leaves the room
[17:42:10] Darshak leaves the room
[17:52:53] Darshak joins the room
[17:53:22] Darshak leaves the room
[18:05:16] Kathleen Moriarty leaves the room
[18:30:24] Stefan Santesson leaves the room
[18:37:35] resnick leaves the room
[18:52:03] resnick joins the room
[18:59:48] Stefan Santesson joins the room
[19:43:02] resnick leaves the room
[19:50:57] resnick joins the room
[20:02:21] Stefan Santesson leaves the room
[20:42:10] Stefan Santesson joins the room
[21:40:42] resnick leaves the room
[22:34:03] Stefan Santesson leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!