IETF
dane@jabber.ietf.org
Wednesday, November 12, 2014< ^ >
stpeter has set the subject to: DANE WG | http://tools.ietf.org/wg/dane/
Room Configuration
Room Occupants

GMT+0
[02:10:29] massimiliano.pala joins the room
[02:10:32] massimiliano.pala leaves the room
[02:52:20] ilari.liusvaara joins the room
[18:49:47] ilari.liusvaara leaves the room
[18:49:58] ilari.liusvaara joins the room
[20:45:29] vdukhovni@gmail.com joins the room
[20:47:44] viktor_dukhovni@hardakers.net joins the room
[20:50:35] vdukhovni@gmail.com leaves the room
[20:51:13] <viktor_dukhovni@hardakers.net> Testing…
[21:49:07] Meetecho RAV joins the room
[22:34:08] yone joins the room
[22:34:39] yone leaves the room
[22:34:57] Yoshiro Yoneya joins the room
[22:38:45] jimsch1 joins the room
[22:42:53] bortzmeyer joins the room
[22:50:46] DanYork joins the room
[22:53:57] =JeffH joins the room
[22:55:19] sftcd joins the room
[22:55:19] Meetecho RAV leaves the room
[22:56:02] <DanYork> Good afternoon! (or morning or evening)
[22:56:07] <DanYork> This is DANE WG at IETF 91
[22:56:12] <DanYork> Agenda at http://tools.ietf.org/wg/dane/agenda?item=agenda-91-dane.html
[22:56:50] Meetecho joins the room
[22:57:30] shoji joins the room
[22:57:53] sftcd x joins the room
[22:58:28] Jakob Schlyter joins the room
[22:58:44] Dictator joins the room
[22:58:45] Dave Crocker joins the room
[22:59:36] <sftcd> all nice and loud here in remote-land
[22:59:42] <Dave Crocker> +1
[23:00:12] Phill joins the room
[23:02:50] Viktor Dukhovni joins the room
[23:02:53] naoki joins the room
[23:03:05] Sean Turner joins the room
[23:03:09] <DanYork> Agenda at http://tools.ietf.org/wg/dane/agenda?item=agenda-91-dane.html
[23:03:20] shinta joins the room
[23:03:22] Francis Dupont joins the room
[23:03:31] <DanYork> Slides: http://tools.ietf.org/agenda/91/slides/slides-91-dane-0.pdf
[23:03:36] jtrentadams@gmail.com joins the room
[23:03:45] shollenbeck joins the room
[23:03:46] <DanYork> Slide 3 - Note Well
[23:03:56] <DanYork> Slide 4
[23:04:01] <DanYork> Slide 5
[23:04:08] dblacka joins the room
[23:04:27] <DanYork> Slide 6 - Plan!
[23:04:46] <DanYork> Slide 7 - Opportunities!
[23:05:01] resnick joins the room
[23:05:16] zwicky joins the room
[23:05:35] Hugo Kobayashi joins the room
[23:05:55] tony hansen joins the room
[23:06:04] Craig Taylor joins the room
[23:06:18] c joins the room
[23:06:38] Suz joins the room
[23:07:21] <bortzmeyer> DanYork: "WG chairs need YOU to write documents (which currently don't even exist)"
[23:07:31] <DanYork> bortzmeyer: Hahaha
[23:07:40] <DanYork> Paul Wouters at mic
[23:08:15] Antoin Verschuren joins the room
[23:08:16] PaulWouters joins the room
[23:08:24] satoru.kanno@jabber.org joins the room
[23:08:31] <DanYork> Eric Osterweil presenting http://tools.ietf.org/agenda/91/slides/slides-91-dane-1.pdf
[23:08:37] jlatour joins the room
[23:09:02] Satoru Kanno joins the room
[23:09:07] <DanYork> Slide 2 - Prototype Goals
[23:09:15] c leaves the room: Replaced by new connection
[23:09:17] c joins the room
[23:09:19] Jakob Schlyter leaves the room: Replaced by new connection
[23:09:29] Jakob Schlyter joins the room
[23:09:47] <DanYork> REMOTE ATTENDEES - if you want something relayed to the mic please preface it with "MIC" - otherwise I will assume it is just standard backchannel chatter
[23:09:47] zwicky leaves the room
[23:09:50] zwicky joins the room
[23:10:04] safa almalki joins the room
[23:10:10] <DanYork> Slide 3 - SMIMEA aspects
[23:10:41] Dan Timpson joins the room
[23:10:50] ulrich joins the room
[23:10:55] <DanYork> Slide 4 - Encryption and Sending
[23:11:21] <DanYork> (Verisign is looking to open source the work they have done on Thunderbird)
[23:11:43] <sftcd> @dan: did they do more than this on TB?
[23:12:32] <DanYork> Slides 5, 6 and now on 7
[23:12:37] bortzmeyer leaves the room
[23:12:57] <DanYork> sftcd - ?  Not sure what you mean
[23:13:13] <DanYork> Slide 8 and 9
[23:13:16] Craig Taylor leaves the room
[23:13:20] <sftcd> thought you bracketed comment was you adding more background
[23:13:24] <sftcd> if not that's fine
[23:13:24] <DanYork> Daniel Gillmor on mic
[23:13:29] jazzgroove joins the room
[23:13:50] jazzgroove leaves the room
[23:13:53] <Dave Crocker> MIC:  DANE is domain-based and S/MIME is user-based.  Is this using domain-level granularity?  If so, that means all recipients share the private key.  If not, then how is key management done?
[23:13:56] Dan Timpson leaves the room
[23:14:05] ebersman joins the room
[23:14:07] <DanYork> sftcd - Ah.  I was just paraphrasing what Eric was saying.
[23:14:10] bortzmeyer joins the room
[23:14:24] <DanYork> Dave - okay, n line
[23:14:25] Dan Timpson joins the room
[23:14:30] <sftcd> crap, I guess that means I'm not listening (properly:-)
[23:14:42] Craig Taylor joins the room
[23:14:46] <jimsch1> The S/MIME version of DANE is user based not domain based
[23:14:57] Antoin Verschuren leaves the room
[23:14:58] <DanYork> If anyone else remote has questions for the mic, now would be a really good time
[23:15:04] <sftcd> @dkg: yes please do make enigmail better:-)
[23:15:30] ulrich leaves the room
[23:15:50] Antoin Verschuren joins the room
[23:15:50] kivinen joins the room
[23:16:02] m&m joins the room
[23:16:15] Kurt Andersen joins the room
[23:16:18] Peter Koch joins the room
[23:16:38] <Dave Crocker> MIC: I don't see per-user key labeling in the DANE/SMIME spec.
[23:16:45] Catherine Dibble joins the room
[23:16:48] <DanYork> Rick Lamb at mic
[23:16:51] <jimsch1> That is the hash field that is in the sepc
[23:17:12] Aaron Zauner joins the room
[23:17:23] <jimsch1> Dave: Look at step #1 in section 3
[23:17:23] Aaron joins the room
[23:17:39] <Dave Crocker> ack. tnx.
[23:17:42] <DanYork> PHB at mic
[23:17:49] <PaulWouters> sha224(username)._whatever.domain.com
[23:17:55] <sftcd> @dave: I think it was the sha224 stuff - that's done on the LHS of the email addr
[23:18:06] <PaulWouters> which is used for both smime and openpgpkey
[23:18:22] safa almalki leaves the room
[23:18:26] <sftcd> @PHB: RFC6920:-)
[23:18:46] <DanYork> Russ Housley at mic
[23:18:49] <bortzmeyer> PaulWouters:  and no salt? (Thinking about privacy of qnames)
[23:19:07] naoki leaves the room
[23:19:11] Stefan Santesson joins the room
[23:19:29] <sftcd> @stephane: good point, but how to find given an email addr?
[23:19:30] <DanYork> George Michaelson at mic
[23:19:55] <DanYork> George pointing out that you can deprecate keys easily
[23:19:56] naoki joins the room
[23:20:22] Marco Davids (SIDN) joins the room
[23:20:27] <DanYork> Jakob Schlyter presenting http://tools.ietf.org/agenda/91/slides/slides-91-dane-4.pdf
[23:20:34] <bortzmeyer> sftcd: in another DNS record :-)
[23:20:46] <DanYork> Slide 2 - Status
[23:20:54] <DanYork> Slide 3 - Proposals
[23:21:04] <Marco Davids (SIDN)> i feel stupid, because I don't understand why we can't use rfc4398 for this SMIMEA stuff
[23:21:06] <sftcd> @stephane: one to ponder, it would be nice to not expose via qname, not sure if doable
[23:21:07] <DanYork> Slide 4 - Next: Use Case Document
[23:21:37] <bortzmeyer> sftcd: selfishly, I approve, because the current draft is a strong argument for my DNS privacy draft :-)
[23:21:57] <DanYork> Slide 5 - Next: Coordination
[23:21:58] <sftcd> heh
[23:22:00] <DanYork> Paul Wouters at mic
[23:22:47] Aaron Zauner leaves the room
[23:22:53] <DanYork> Paul Hoffman at mic
[23:23:00] <Dave Crocker> @sftcd: thanks for the followup.  Finally located the relevant text in the spec.  In documentation terms the fact that it's doing per-user keys is a bit obscure.
[23:23:04] Aaron Zauner joins the room
[23:23:18] <sftcd> @dave: fair point
[23:23:48] Antoin Verschuren leaves the room
[23:23:50] <Dave Crocker> @sftcd:  In 'syntactic' terms, deletion of the at-sign construct means that there coould be a naming collision, since the hash-that-is-local-part could be a legitimate domain name part.
[23:24:09] <DanYork> Scott Rose presenting http://tools.ietf.org/agenda/91/slides/slides-91-dane-5.pdf
[23:24:10] Franck Martin joins the room
[23:24:19] <DanYork> And it's all of one slide... so there you are.
[23:24:25] <jimsch1> I don't believe that to be true because of the "_smimecert" string
[23:24:48] Kurt Andersen leaves the room
[23:24:49] <resnick> @dave: At least in theory. In practice....not so convinced.
[23:24:52] Kurt Andersen joins the room
[23:24:53] <Dave Crocker> the underscore part is higher in the naming sequence.  
[23:24:59] <jimsch1> However there are problems with people who do not know the correct capitalization of the user name part of the address.
[23:25:12] Antoin Verschuren joins the room
[23:25:13] sftcd happy to let syntactically more mature folks sort it out
[23:25:16] <jimsch1> The difference between John@example.com and john@example.com
[23:25:21] <Dave Crocker> as for theory vs. practice, sure.  one can always take a statistical approach for ignoring collision potential.
[23:25:40] m&m leaves the room: Disconnected: session closed
[23:25:44] m&m joins the room
[23:26:28] Dan Wing joins the room
[23:26:34] <DanYork> IS THERE ANYONE WHO CAN TAKE OVER AS JABBER SCRIBE WHEN I PRESENT AT THE END OF THE AGENDA?   (said in caps because there is a discussion going on)
[23:26:35] <sftcd> US federal id cards and "nice easy" in one sentence?
[23:26:43] Dan Wing leaves the room
[23:27:01] Dan Wing joins the room
[23:27:12] doug.otis joins the room
[23:27:50] <Dave Crocker> Crap.,  Sorry.  Just realized that the model is hash._smimecert.regular.domain.  So yeah, _smimecert serves as the at-sign separation, as well as the dane 'signal'.
[23:28:27] <DanYork> Sean Turner at mic
[23:28:59] <sftcd> +1 to sean (but s/certs/keys/ for me as a matter of taste:-)
[23:29:08] Aaron Zauner leaves the room
[23:29:17] <DanYork> Paul Wouters at mic
[23:29:23] Franck Martin joins the room
[23:29:27] Aaron Zauner joins the room
[23:29:33] <sftcd> @paul W: I think that may be beyond charter for dane though, but see endymail@ietf.org
[23:29:40] <DanYork> Paul Hoffman at mic
[23:29:53] <DanYork> sftcd - was that for relay or just here?
[23:29:53] Franck Martin leaves the room
[23:30:06] <Sean Turner> @sftcd: I'm good with keys or certs too ;)
[23:30:15] <DanYork> Daniel Gillmor at mic
[23:30:18] <sftcd> here, assunming paul W is in jabber, or sure for mic if he's not
[23:30:32] <sftcd> but paulW is in jabber so that's fine
[23:30:50] <sftcd> @sean: yeah I know, but I have to pick some nit sometime:-)
[23:30:52] <DanYork> Mark Andrews at mic
[23:31:03] <viktor_dukhovni@hardakers.net> Plus the user addresses are hashed.
[23:31:05] <DanYork> dkg back at mic
[23:31:48] <DanYork> Paul Hoffman at mic
[23:32:21] naoki leaves the room
[23:32:24] <DanYork> (for instance... using your favorite search engine to find someone's address)
[23:33:38] <viktor_dukhovni@hardakers.net> I had proposed a salt some time back, to frustrate rainbow tables, at the time the salt was the domain, but folks objected to barriers to use of DNAMEs.
[23:33:48] doug.otis leaves the room
[23:33:50] <DanYork> viktor - for relay?
[23:33:54] <viktor_dukhovni@hardakers.net> SUre.
[23:33:55] <DanYork> Daniel Gillmor at mic
[23:34:57] <PaulWouters> and we still do :)
[23:35:26] naoki joins the room
[23:35:57] <tony hansen> i support use of a salt
[23:35:58] naoki leaves the room
[23:36:17] <DanYork> Eric Osterweil at mic
[23:36:19] <tony hansen> another alternative is to use domain name as key for hmac
[23:36:24] <sftcd> how would salt work on lookup?
[23:36:28] <viktor_dukhovni@hardakers.net> The salt could be explicit, rather than derived from the domain, then it would not interfere with DNAMEs.
[23:36:44] <DanYork> Paul Hoffman at mic
[23:37:13] <viktor_dukhovni@hardakers.net> The salt would be published as a special record for the domain (and its DNAMEs), but likely this won't be popular...
[23:37:26] <viktor_dukhovni@hardakers.net> Not for relay unless there's interest.
[23:37:56] <DanYork> Paul Wouters at mic
[23:38:05] <sftcd> so one salt per domain viktor?
[23:38:36] Suz leaves the room
[23:38:41] <DanYork> Andrew Sullivan at mic
[23:39:33] Andrew Sullivan joins the room
[23:39:39] resnick leaves the room
[23:39:45] <DanYork> Brian Haberman at mic
[23:40:34] Suz joins the room
[23:40:45] resnick joins the room
[23:41:02] <sftcd> as responsible-AD, and in case it helps: "what Brian said"
[23:41:20] <resnick> As irresponsible AD,+1.
[23:41:55] <DanYork> Paul Hoffman at mic
[23:42:19] <Suz> @resnick, are there really only two states? Can't you be the semi-responsible AD?
[23:42:30] nico joins the room
[23:42:53] Aaron Zauner leaves the room
[23:42:58] <DanYork> Jakob at mic
[23:43:06] Kurt Andersen leaves the room
[23:43:06] <DanYork> PHB at mic
[23:43:15] <sftcd> @suz: there's the dontgiveacrap-AD too:-)
[23:43:20] Sean Turner joins the room
[23:43:48] Sean Turner leaves the room
[23:44:09] <DanYork> Burt Kaliski at mic
[23:44:19] <DanYork> Andrew Sullivan at mic
[23:44:25] <Dave Crocker> FWIW:  I've sent to the dane list some suggested changes to Section 3 of the -dane-smime draft, given the confusions I had reading it.
[23:44:30] <sftcd> the IAB is here to help!
[23:45:57] <Dave Crocker> Paul is making legal assurances???
[23:46:21] Kurt Andersen joins the room
[23:46:39] <Phill > What the minion are we talking about already?
[23:47:01] <DanYork> Allison Mankin at mic
[23:47:01] <sftcd> @PHB: storm in teacup
[23:47:05] <Phill > OH I GET TIT we are talking in code
[23:47:06] <m&m> I think this needs more rum
[23:47:12] <Phill > Get IT
[23:47:22] Aaron leaves the room
[23:47:53] <sftcd> virtual interim is approved:-)
[23:48:23] Satoru Kanno leaves the room
[23:48:23] Chris Grundemann joins the room
[23:48:26] <DanYork> Danny McPherson at mic
[23:48:33] Chris Grundemann leaves the room
[23:48:35] <Andrew Sullivan> @sftcd: I guess I shoulda been clear that I didn't intend to speak as an IAB member, but as a person who sat through an aimless and insane trainwreck of a discussion in another WG today already
[23:48:46] <DanYork> Andrew Sullivan: :-)
[23:48:57] Chris Grundemann joins the room
[23:49:12] <sftcd> @andrew: isn't that the same as the IAB?
[23:49:26] <DanYork> Matt Miller presenting DANE SRV - http://tools.ietf.org/agenda/91/slides/slides-91-dane-2.pdf
[23:49:26] satoru.kanno@jabber.org leaves the room
[23:49:28] sftcd only kidding, just in case
[23:49:42] Tomofumi Okubo joins the room
[23:49:45] Chris Grundemann leaves the room
[23:49:46] Chris Grundemann joins the room
[23:50:01] <Andrew Sullivan> There is merit in what you say!
[23:50:05] <DanYork> Slide 2
[23:50:27] <DanYork> Slide 3
[23:50:45] <Suz> @sftcd: I think IAB's cover is now blown….
[23:50:46] Aaron joins the room
[23:50:51] <DanYork> REMINDER - need someone else to jabber scribe when I go up next... :-)
[23:51:18] <viktor_dukhovni@hardakers.net> Relay: What about the OPS document
[23:51:50] <viktor_dukhovni@hardakers.net> Relay: Also ready and SMTP references it…
[23:51:57] satoru.kanno@jabber.org joins the room
[23:52:42] Peter Koch relays
[23:53:14] m&m leaves the room: Disconnected: session closed
[23:53:16] m&m joins the room
[23:53:19] dblacka leaves the room
[23:53:24] dblacka joins the room
[23:53:26] Mankin, Allison joins the room
[23:53:41] Geoff Huston joins the room
[23:53:55] <=JeffH> 1:2
[23:54:05] <Dictator> Reviewers: PaulH, JeffH, AlexanderM
[23:54:17] <sftcd> what size cookies?
[23:54:26] <=JeffH> oh i thought i was going to help with jabber scribe….
[23:54:29] <sftcd> african or european swallow?
[23:54:34] <Sean Turner> haha
[23:54:51] <m&m> slide 5: DANE Success Stories
[23:54:57] <Sean Turner> Béarnaise sauce <http://en.wikipedia.org/wiki/B%C3%A9arnaise_sauce>
[23:55:01] <nico> can we take the broccoli supplement?
[23:55:07] <Dictator> Reviewers: + Sean Turner
[23:55:18] <resnick> @jeff: The more the merrier.
[23:55:31] <=JeffH> dan york talking about -york-dane-deployment-observations
[23:55:42] <Sean Turner> yep I did agree to review
[23:55:50] <m&m> Slide 7: Keeping in mind ...
[23:56:05] <m&m> Slide 8: Potential Outcomes Today
[23:56:54] <m&m> Slide 9: Observations in (-york-dane-deployment-observations) -00 draft
[23:57:51] <m&m> Slide 10: Additional Observations
[23:58:34] <m&m> Slide 11: Additional Observations (2)
[23:58:56] <nico> the 1024-bit RSA root key is not a big deal -- it's a problem today, but it can be changed
[23:59:05] <m&m> Slide 13: Potential Actions
[23:59:20] <m&m> nico: do you want that relayed?
[23:59:42] <viktor_dukhovni@hardakers.net> Relay: In Germany DANE is getting good press, and is being promoted by a community of implementor evangelists.  Similar efforts would be useful in other jurisdictions.
[23:59:45] <m&m> Slide 14: Questions for Discussion
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!