[01:02:06] --- pguenther has become available
[01:02:11] --- pguenther has left
[01:27:27] --- pguenther has become available
[01:28:00] --- cnewman has become available
[01:28:54] --- Ted_Hardie has become available
[01:29:27] --- lisa has become available
[01:29:33] <lisa> Bonjour
[01:29:51] --- hartmans has become available
[01:30:17] --- nov has become available
[01:30:40] --- nov has left
[01:31:02] --- eric_allman@jabber.org has become available
[01:31:24] --- eric_allman@jabber.org has left
[01:31:42] --- eric has become available
[01:31:46] --- nov has become available
[01:31:51] --- nov has left
[01:34:35] --- amarine has become available
[01:36:03] --- Barry Leiba has become available
[01:37:11] --- RandyG has become available
[01:37:25] --- resnick has become available
[01:37:57] <resnick> CALSIFY is meeting as a WG
[01:38:35] <resnick> SLRRP is asking for a WG. Pushback from industry consortium. Talking to O&M
[01:39:00] <resnick> Bert is shepharding. IESG hasn't decided yet.
[01:39:16] <Ted_Hardie> EPCGlobal is the forum name.
[01:39:21] --- hartmans has left: Replaced by new connection
[01:39:32] --- StrUk has become available
[01:39:40] <resnick> Remote UI BOF is meeting. Vlad blows off appsarea
[01:40:01] <Ted_Hardie> Is dean willis in the physical room? He's the other co-chair.
[01:40:02] --- hartmans has become available
[01:40:07] --- hartmans has left: Replaced by new connection
[01:40:46] <resnick> Bill Fenner blows us off too.
[01:41:01] <resnick> James Seng talks about i181n of e-mail addresses.
[01:41:13] <resnick> based on IDN stuff.
[01:41:56] <resnick> draft-lee-jet-ima-00.txt
[01:42:25] <resnick> JET == Joint Engineering Team
[01:42:50] <Ted_Hardie> bill fenner is here.
[01:43:22] <resnick> "He likes us......he really likes us!"
[01:43:41] <Ted_Hardie> You're soooo Sally Fields. I wonder that i never saw it before.
[01:44:13] <resnick> James doesn't realize that's it's port 587, not 586. But we forgive him.
[01:44:41] <resnick> Lots of simplified chinese characters appear on the screen and Pete is amazed.
[01:45:25] <resnick> MDA does processing so that it can handle sub-addressing parsing.
[01:45:38] * resnick thinks that's an odd choice.
[01:46:42] <resnick> klensin: Proposal disables subaddresses unless you use these special MDAs.
[01:47:14] <resnick> klensin: Fixable, but we need to be careful.
[01:47:17] * resnick nods
[01:49:04] --- anewton has become available
[01:49:40] <jlcjohn> I'm having no luck getting the audio. Is anyone having better luck?
[01:50:39] * resnick comes back from doing other things.
[01:51:11] * resnick misses the opportunity to copy down Bill's draft name
[01:53:07] <resnick> Bill Fenner talks about textual representation of scoped ipv6 addresses
[01:53:17] --- avri has become available
[01:53:28] <resnick> [v6.fe80::cafe:f00d_de9]
[01:56:30] --- Jeffrey Altman has become available
[01:57:20] <resnick> Some "HIP"ie talking about HIP.
[01:57:50] * resnick parallel processes and hopes someone else takes up typing in the chat room
[01:58:14] * Jeffrey Altman has changed the subject to: HIP
[01:58:16] --- falk has become available
[02:00:22] --- falk has left
[02:02:40] --- raeburn@jis.mit.edu has become available
[02:05:07] <eric> quick dump of my notes:
[02:05:09] --- raeburn@jis.mit.edu has left
[02:05:11] <eric> F. Native Host Identity Protocol APIs 1. Andrei Gurtov 2. HIP is shim layer between IP and transport layer a. authenticated DH ke exchagne b. extensions include rendezvous, mobility, and multihoming c. inttroduces wedge layer between transport and network layers 3. Terms a. HI host identifier b. HIT host identity tag c. LSA local scope identifier d. resolver maps host names to addresses 4. Legacy APIs a. suitable for legacy HIP apps b. modified resolver gives app an LSI or HIT instead of IPv4 or IPv6 addr i mapping to routable IP addr is sent to HIP software module c. connecting directly to a hip: XXX 5. Native HIP API a. suitable for new apps b. introduces a new socket family: PF_HIP i easy detection of HIP support in the localhost ii can be used for communicating user or app specified HIs c. introduces new socket addr struct with new identifier: Endpoint Descriptor (ED) i similar to FD: only local significance 6. code example of API a. getaddrinfo -> getendpointinfo b. something else I missed c. struct endpoint *endpoint; d. struct sockaddr_ed my_ed; e. struct endpointinfo hints, *res = NULL; f. locad_lup_endpoint_pem(user_priv, key, &endpoint) g. setmyeid() h. x.ei_socktype i. ei_familiy j. getendpointinfo(“www.host.org”, “echo”, &hints, &res)
[02:05:32] --- Ken Raeburn has become available
[02:08:45] * Jeffrey Altman has changed the subject to: time passes, security changes ....
[02:13:38] <eric> G. Application-Level Security Vulnerabilities 1. Time Passes, Security Changes a. Christian Huitema 2. 1 uSec --- can compute MD5 checksum on laptop (used to be slow) 3. Dictionary attacks: a. (using standard C-R protocol) b. how many guesses before the observer can crack the challenge? c. do you trust users to generate “good enough” passwords? d. in a few seconds you can crack lots of passwords 4. 10 cents; rumored cost of a “zombie” PC on the underground market 5. Crack cost a. simple password, 24 bits, cost essentially zero b. strong password, 32, <$0.01 c. pass phrase, 40, < $0.20 d. 7 random chars, 47, < $50 e. 8 random chars, 54, < $5k f. 64 random bits, 64, > $3m
[02:14:48] <eric> 6. Are passworrds obsolete? a. basic rules: i if generated by the user, it can be cracked ii if memorable by user, it can probably be cracked b. Exception: i if password is exchanged over a protected connection (SSL, TLS, IPSEC) ii if the c/r mechanism designed to resis dictionary attacks
[02:16:42] <eric> 7. Free Internet! a. average user will happily connect to a “free Internet” hotspot b. man in the middle attacks i intercept DNS requests ii insert a proxy iii listen to the data (a) names, addresses, passwords, challenges iv hijack connections v spam, ads vi buffer overflows
[02:18:09] <eric> 8. Hidden SSID? a. practice of “hiding the SSID” facilitates the “evil twin” attack b. client sees no name available, tries its home SSID c. bad guy agrees and then connects
[02:18:22] <eric> (do people want to see this?)
[02:18:46] <resnick> It's probably good to have it in the archive.
[02:19:01] <resnick> And remote people will find it useful.
[02:19:54] --- ludomp has become available
[02:21:41] <eric> 9. Evil twins rewards: a. exploit auto connection b. auto “man in the middle” attack i register names, paswords ii store challenge for off-line crack c. quick and silent i disconnect after a few secs ii hardly any notification to user 10. Recommendations a. don’t rely on C-R i hardly better than a clear-text password b. Identify the server i prevent man in the middle attacks ii beware of PKI tricks! c. Encrypte the session i protect id exchange ii prevent session hijacking d. Use secure framework i IPSEC, SSL, secure RPC, web services, ...
[02:26:46] --- torus has become available
[02:28:32] --- resnick has left
[02:28:34] --- bhoeneis has become available
[02:30:14] <eric> some especially lousy notes:
[02:30:14] <eric> H. Current State of URI Work 1. Larry Masinter 2. internationalized: proposed standard (after 9 years) 3. general goals a. move specs along standards track i proposed -> draft, standard ii info, BCP to actual “best current practice” b. tidy RFC series 4. current docs a. draft-hansen-2717bis-... b. draft-hoffman-uri- 5. hard cases: “file:”, “ftp:”, “news:”
[02:30:35] <eric> Dave Crocker doing a summary of/plug for MASS (Thursday BOF)
[02:31:06] <eric> (this is in open mike)
[02:31:37] <eric> Keith Moore: concern that we are doing harm to the mail system
[02:32:13] --- anewton has left
[02:32:14] <eric> APPs should work on a framework that doesn’t hurt the system
[02:32:23] <eric> and the meeting closes....
[02:32:40] --- Ken Raeburn has left: Disconnected
[02:32:53] --- Jeffrey Altman has left
[02:33:14] --- StrUk has left
[02:33:52] --- RandyG has left: Logged out
[02:34:05] --- becarpenter has become available
[02:34:29] --- becarpenter has left
[02:35:27] --- Ted_Hardie has left: Logged out
[02:35:34] --- torus has left
[02:36:12] --- amarine has left
[02:38:18] --- avri has left: Logged out
[02:40:03] --- lisa has left
[02:41:13] --- malamud has become available
[02:41:24] --- ludomp has left
[02:44:02] --- malamud has left
[02:45:51] --- Jeffrey Altman has become available
[02:48:48] --- Jeffrey Altman has left: Disconnected
[02:50:00] --- bhoeneis has left: Disconnected
[02:50:51] --- Barry Leiba has left
[02:52:38] --- Ken Raeburn has become available
[02:54:12] --- eric has left: Logged out
[03:04:01] --- Ken Raeburn has left
[03:09:01] --- pguenther has left
[03:09:58] --- ma-kun has become available
[03:15:01] --- cnewman has left: Disconnected
[03:19:12] --- ma-kun has left
[03:21:20] --- tonyhansen has become available
[03:29:19] --- lisa has become available
[03:33:54] --- tonyhansen has left: Disconnected
[03:45:21] --- lisa has left
[03:59:22] --- cnewman has become available
[03:59:33] --- cnewman has left
[04:31:19] --- tonyhansen has become available
[05:00:33] --- tonyhansen has left
[07:00:07] --- jlcjohn has left