- Wednesday, April 6, 2016

dprive@jabber.ietf.org

Wednesday, April 6, 2016< ^ >

Ted.h has set the subject to: DPRIVE

Room Configuration

Room Occupants

GMT+0
[12:46:19] Meetecho joins the room
[12:51:02] Olafur Jabber scribe joins the room
[12:57:54] DanYork joins the room
[12:59:25] john bond joins the room
[13:00:07] Andrew McConachie joins the room
[13:00:14] Pieter Lexis joins the room
[13:00:26] Toshio Tachibana joins the room
[13:00:29] Mike Bishop joins the room
[13:01:39] <Olafur Jabber scribe> Meeting is starting
[13:01:40] Dan Wing joins the room
[13:01:54] <Olafur Jabber scribe> meeting will last for 60 minutes or less
[13:01:54] scott_rose joins the room
[13:02:51] <Olafur Jabber scribe> document status Agenda slides #3
[13:03:20] <Olafur Jabber scribe> dns-over-tls + edns0-padding in RFC editors queue
[13:03:42] Hugo Salgado joins the room
[13:04:02] <Olafur Jabber scribe> First talk : Dan wing on https://tools.ietf.org/html/draft-wing-dprive-dnsodtls-01
[13:04:02] Joseph Hall joins the room
[13:04:08] <Olafur Jabber scribe> slide #2
[13:04:09] tale joins the room
[13:04:10] Pieter Lexis 2 joins the room
[13:04:28] <Olafur Jabber scribe> Dan says they need WGLC ASAP,
[13:04:49] Pieter Lexis leaves the room
[13:05:00] Douglas Stamper joins the room
[13:05:03] Joe Hall joins the room
[13:05:32] <Olafur Jabber scribe> SaraD: at mic saying session handling is sloppy and document needs to align with the DNS over TCP document
[13:05:54] Joseph Hall leaves the room
[13:06:06] Alexander Mayrhofer joins the room
[13:06:06] Tim Wicinski joins the room
[13:06:29] Dave Crocker joins the room
[13:06:30] <Olafur Jabber scribe> Reorg document to either be in same order as TCP document or inherit from TCP document and list diff
[13:06:40] Joseph Hall joins the room
[13:07:07] Dan Wing leaves the room
[13:07:19] <Olafur Jabber scribe> Sara wants more implementation experience, Dan wants RFC
[13:07:40] bortzmeyer joins the room
[13:07:52] Tim Wicinski leaves the room
[13:08:01] Dan Wing joins the room
[13:08:03] Tim Wicinski joins the room
[13:08:03] <Olafur Jabber scribe> Paul Hoffman: wants same order as TCP document
[13:08:30] <Olafur Jabber scribe> PH: not sure if we can wait for implementations
[13:09:06] <Olafur Jabber scribe> Ted Hardie: saying lots of people are using DTLS
[13:09:06] Alexander Mayrhofer_3905 joins the room
[13:09:15] Alexander Mayrhofer leaves the room
[13:09:27] nllz joins the room
[13:09:51] Ralf Weber joins the room
[13:09:53] <Olafur Jabber scribe> If anyone wants to anything relayed to microphone let me know by putting mic: in front of your comment
[13:10:10] <Olafur Jabber scribe> Warren: Says WGLC starts soon
[13:10:33] Dan Wing leaves the room
[13:10:45] Dan Wing joins the room
[13:10:48] sftcd joins the room
[13:10:57] <Olafur Jabber scribe> Sara D: talking about https://tools.ietf.org/wg/dprive/draft-dgr-dprive-dtls-and-tls-profiles/
[13:11:06] <Olafur Jabber scribe> slide 2
[13:11:14] Werner Koch joins the room
[13:11:36] naptee joins the room
[13:12:00] Dave Crocker leaves the room
[13:12:45] <Olafur Jabber scribe> Slide 3
[13:12:53] bruce jaxi joins the room
[13:13:35] <bortzmeyer> Olafur Jabber scribe:  the draft is now draft-ietf-dprive-dtls-and-tls-profiles
[13:13:49] Werner Koch leaves the room
[13:13:50] <Olafur Jabber scribe> slide 4
[13:14:19] <Olafur Jabber scribe> correction: https://tools.ietf.org/html/draft-ietf-dprive-dtls-and-tls-profiles-01
[13:14:48] <Olafur Jabber scribe> https://www.ietf.org/proceedings/95/slides/slides-95-dprive-2.pdf
[13:15:14] <Olafur Jabber scribe> slide: Usage Profile: No Privacy
[13:15:37] <Olafur Jabber scribe> Note to presnters put a # on each slide
[13:15:51] <Olafur Jabber scribe> slide: Detecting attacks
[13:16:51] <bortzmeyer> Olafur Jabber scribe: but the accent on the name of the WG is nice (in french: PRIVÉ == private)
[13:17:56] <Olafur Jabber scribe> Ted H: suggesting that the terms are not good but does not know better terms
[13:19:07] <Olafur Jabber scribe> Sara: says lots of confusion lead them to update the doc to strongly recommend strict
[13:19:20] Toshio Tachibana leaves the room
[13:21:04] <Olafur Jabber scribe> CristianH; confused about usage model, wondering about server selection
[13:22:00] <Olafur Jabber scribe> Sara: you choose if you want to do Strict or not you select server based on that
[13:23:13] <Olafur Jabber scribe> CH: the document the usage model and then talk about how the profiles match the usage models
[13:23:54] <Olafur Jabber scribe> CH: assumed that document was about computer that is running a resolver, rather than stub resolver
[13:24:48] <Olafur Jabber scribe> Ted Lemmon: confusion about oppertunistic profile ==> the definition is broken
[13:25:13] <Joe Hall> strict, non-strict?
[13:26:08] <Olafur Jabber scribe> Stuart Chesire: confusion about what DNS server is the source of the confusion, use the words resolver and auth servers
[13:26:49] <sftcd> opportunistic isn't so much an end-state we want to be in, but more an intermediate deployment state that'll help us get to strict, I'm not sure the draft is getting that right
[13:26:50] john bond leaves the room
[13:27:09] <Olafur Jabber scribe> Christian H: no user interface to DNS resolution so he can not see how user can make any decision on which profile to use
[13:28:05] Pieter Lexis 2 leaves the room
[13:28:35] john bond joins the room
[13:29:17] <Joe Hall> @sftcd: trying to think of a word for the good kind of a slippery slope, where strict secure is at the bottom :)
[13:29:31] <Olafur Jabber scribe> StephaneB: there are many usage models, document  only few profiles, there are many different ways to interact with  users IEFT bad at UI so do not do it
[13:30:21] <Olafur Jabber scribe> No back to Usage Profile: Strict
[13:30:48] <Olafur Jabber scribe> corretion: NO —> NOW
[13:30:55] <sftcd> @joe: that's oppo I think, but a more specific DNS term might be useful maybe
[13:31:03] <Olafur Jabber scribe> Profile: relaxed
[13:31:05] <Joe Hall> chair whispering is coming across the remote link, FYI
[13:31:31] <Olafur Jabber scribe> Slide: AUth mech
[13:31:56] <Olafur Jabber scribe> going fast through slides
[13:34:25] <Olafur Jabber scribe> Slide: (D)TLS profile
[13:34:43] <Olafur Jabber scribe> Slide: Implementation status
[13:35:41] <Olafur Jabber scribe> Paul Hoffman: says that Dprive by domain name by domain names  is a mistake
[13:36:08] Francis Dupont joins the room
[13:36:37] <Olafur Jabber scribe> <long line>
[13:37:05] <Olafur Jabber scribe> PH: DHCP option should be a different draft
[13:37:13] ted.h joins the room
[13:37:37] <ted.h> I had to look this up too: 8.8.8.8.in-addr.arpa.    86207    IN    PTR    google-public-dns-a.google.com.
[13:37:48] <Olafur Jabber scribe> CH: what happens when you are on the enterprise network? you must follow your ENT policy.
[13:38:24] <Olafur Jabber scribe> SD: this is a policy and we should not document it
[13:38:26] Hugo Salgado leaves the room
[13:38:32] <Olafur Jabber scribe> in this document
[13:39:35] <Olafur Jabber scribe> CH: we need a document on multiple connection issuses and agrees to send in a draft
[13:40:00] <Olafur Jabber scribe> SB: is is possible to get a cert for an Address
[13:40:09] safa almalki joins the room
[13:40:15] <Olafur Jabber scribe> PHB: the answer you should be able to but you can not
[13:40:49] <Olafur Jabber scribe> PHB: all privacay DNS services should be by name not numbers
[13:41:30] <Joe Hall> 8.8.4.4
[13:41:31] <Joe Hall> heh
[13:41:38] <Olafur Jabber scribe> DKG:  agrees with PHB, as other than 8.8.8.8 noone knows ipaddress of resolvers
[13:41:54] <DanYork> This particular group is perhaps the wrong the group to ask if everyone knows certain IP addresses...
[13:42:04] <Joe Hall> this is EKR
[13:42:07] <Joe Hall> obvs
[13:42:15] <DanYork> indeed
[13:43:10] <bortzmeyer> My favorite public resolver is 114.114.114.114
[13:43:49] <Olafur Jabber scribe> EKR: not DKJ  only thing that will work is to issue address and key material together to create binding can not depend on DNS lookups
[13:44:37] <Olafur Jabber scribe> PHB: we do not want to depend on numbers see Turkey 8.8.8.8 example and subsequent blocking
[13:45:40] <Olafur Jabber scribe> WK: agenda items done has some questions for the WG
[13:46:17] <bortzmeyer> 8.8.8.8 was not blocked in Turkey but hijacked. It shows why authentication is important.
[13:46:25] <Olafur Jabber scribe> WK: google DNS-over-HTTPS is not supposed to compete with this WG effort
[13:46:33] <bortzmeyer> http://www.bortzmeyer.org/dns-routing-hijack-turkey.html
[13:46:40] <Olafur Jabber scribe> DKG: talking no slides
[13:46:53] naptee leaves the room
[13:47:05] <ted.h> Recent email salient, so looking at that may help follow this.
[13:47:16] <ted.h> (His recent email…)
[13:47:17] <Olafur Jabber scribe> Relationship between DNS over DTLS and TLS 1.3 0RTT mode
[13:47:48] <Olafur Jabber scribe> 0RTT is about being able to send data on session resumptions
[13:48:11] bruce jaxi leaves the room
[13:48:42] <Olafur Jabber scribe> 4 differences: 1) can not do client authenticion
[13:48:50] <Olafur Jabber scribe> 2) no forward security
[13:48:53] <Olafur Jabber scribe> 3)
[13:49:39] <Olafur Jabber scribe> #2 limited forward security is not a concern
[13:49:58] Jim Galvin joins the room
[13:50:14] <Tim Wicinski> a) no client authentication
b) limited forward secrecy
c) no replay protection
d) client linkability
[13:50:21] <Tim Wicinski> that is from his email this moring
[13:50:23] <Olafur Jabber scribe> Thanks Tim
[13:51:01] Alexander Mayrhofer_3905 leaves the room
[13:51:56] <Olafur Jabber scribe> EKR: forward security issue is not a concern, this is an oppertunity if you keep state
[13:53:35] <Olafur Jabber scribe> #3 Reply protection: no story on how to defend against RP in 0RTT ==> attacker can repay the query and monitor what queries the resolver issues after the cache expires
[13:54:18] <Olafur Jabber scribe> can also be used against different Anycast data centers
[13:54:43] Toshio Tachibana joins the room
[13:54:51] <Olafur Jabber scribe> TedH: you can put a timestamp inside the queries to limit the vulnerabilty period
[13:55:29] <Joe Hall> @meetecho: should remotes change to the openpgp room in 5 minutes? or stay on this stream? (easy to change IRC, not so much with stream)
[13:55:45] <Olafur Jabber scribe> PaulH: correction q? only the first query in a stream,?
[13:56:00] <Olafur Jabber scribe> DKG: all queries until the full session resumption is done
[13:56:08] <Meetecho> that depends on when DPRIVE will end
[13:56:14] <Joe Hall> kk ty
[13:56:14] naptee joins the room
[13:56:17] <Meetecho> as for a different room we'd need time for a switch
[13:56:37] <Tim Wicinski> We should be wrapping up 'soon'
[13:57:01] <Meetecho> if the interval between DPRIVE and OPENPGP is really short, I'd rather keep this session alive and bring OPENPGP users here
[13:57:11] <Joe Hall> sounds good, ty
[13:57:21] <Olafur Jabber scribe> #4/d client linkability: in this case the stub resolver can be tracked in movement when it goes to new network and then does a session resumption
[13:57:41] <Olafur Jabber scribe> guidance: do not resume when you move
[13:58:34] <Olafur Jabber scribe> Area Dictator SF: can this be implmented in DNS servers
[13:59:26] Toshio Tachibana leaves the room
[13:59:39] <Olafur Jabber scribe> DKG: in TLS1.3 if session resumption is limited to once then only resovler can track a client not an observer
[13:59:51] safa almalki leaves the room
[14:00:08] <Olafur Jabber scribe> CH: TLS priviacy issues should be in TLS working group
[14:00:33] <Olafur Jabber scribe> CH: do not do something you do not understand (laughter)
[14:01:27] Derek Atkins joins the room
[14:01:40] DanYork leaves the room
[14:01:41] derek joins the room
[14:02:00] <Olafur Jabber scribe> TedH: if we can use the session resumption once on a new network that is good thing
[14:02:25] <Olafur Jabber scribe> DKG: <donating time from his OpenPGP meeting to DPRIVE>
[14:02:51] naptee leaves the room
[14:03:04] <Olafur Jabber scribe> EKR: there no way to uses multiple session resumptions that are not linkable
[14:03:22] Werner Koch joins the room
[14:03:24] <Olafur Jabber scribe> DKG: TLS 1.2 there is no way to not create linkable resumptions
[14:03:44] <sftcd> ekr's point was about TLS1.2 and that TLS1.3 is better
[14:04:12] <Joe Hall> ha
[14:04:14] <Olafur Jabber scribe> Alison Mankin: asking if the current documents should cover this
[14:04:22] Jorge Cano joins the room
[14:04:28] <Olafur Jabber scribe> Terry Mendelson AD: wants new document
[14:04:43] <bortzmeyer> Is it really a DPRIVE-specific issue? It seems to me warnings should be in TLS documents, not ours
[14:05:15] <Olafur Jabber scribe> PHB: ideas on TLS 1.3 session resumptions
[14:05:24] <Olafur Jabber scribe> DKG: out of scope here
[14:05:43] <Joe Hall> @bortzmeyer: well, is a statement "don't design against TLS 1.3 if it can be a footgun when used against 1.2" more appropriate in DPRIVE or TLS?
[14:05:43] Jim Galvin leaves the room
[14:05:44] <Olafur Jabber scribe> End of meeting
[14:05:57] Joe Hall leaves the room
[14:06:08] Francis Dupont leaves the room: Computer went to sleep
[14:06:11] <Meetecho> FYI, we'll be using the DPRIVE Jabber (and Meetecho) room for OpenPGP as well
[14:06:16] ted.h leaves the room
[14:06:16] Olafur Jabber scribe leaves the room
[14:06:37] Mike Bishop leaves the room
[14:06:48] Tim Wicinski leaves the room
[14:06:57] Douglas Stamper leaves the room
[14:06:59] werner joins the room
[14:07:12] Derek Atkins leaves the room
[14:07:27] Joe Hall joins the room
[14:07:46] Joe Hall has set the subject to: openpgp
[14:08:18] Ned Freed joins the room
[14:09:37] Ned Freed leaves the room
[14:10:10] Jorge Cano leaves the room
[14:10:14] <Joe Hall> <3 DKG
[14:10:32] john bond leaves the room
[14:11:12] scott_rose leaves the room
[14:11:16] richsalz joins the room
[14:11:24] Ned Freed joins the room
[14:12:21] Dan Wing leaves the room
[14:12:50] <richsalz> @nilz said: Notes are here: http://etherpad.tools.ietf.org:9000/p/notes-ietf-95-openpgp
[14:13:50] <sftcd> diff from 4880 is https://tools.ietf.org/rfcdiff?url1=rfc4880&url2=draft-koch-openpgp-rfc4880bis-02.txt
[14:14:23] Derek Atkins joins the room
[14:15:19] <Derek Atkins> mic: when should we expect the integration of the EdDSA I-D?
[14:15:40] wu teng joins the room
[14:15:52] <richsalz> "last week"
[14:15:55] <Derek Atkins> Ah, thanks.  I didn't look in the last week.
[14:15:58] <Joe Hall> mic: do we need solid commitments from folks to read/review before adopt?
[14:16:08] <Joe Hall> ok, that works
[14:16:08] scott_rose joins the room
[14:16:12] <Joe Hall> no mic needed there
[14:16:15] <richsalz> got it
[14:16:29] <Derek Atkins> (I thnk the last time I looked was ~2-3 weeks ago)
[14:18:02] wu teng leaves the room
[14:22:19] <werner> sorry I was away for few minutes
[14:22:33] <Joe Hall> argon s2k PR, good?
[14:22:46] <werner> Okay.
[14:23:17] bortzmeyer leaves the room
[14:24:19] Steve Olshansky joins the room
[14:24:47] <nllz> Who is speaking?
[14:24:54] <Joe Hall> phb
[14:25:03] <nllz> full name for notes?
[14:25:06] <richsalz> Phil-Hallam Baker
[14:25:10] <Joe Hall> phil hallam-baker
[14:25:18] <nllz> tx!
[14:25:21] <richsalz> er, yeah, i got the - and space transposed :)
[14:26:56] <Joe Hall> but is a key generation timestamp crucial for fpr uses? I'm not sure I see it.
[14:27:19] <nllz> Bryan Ford, right?
[14:27:20] <Joe Hall> ah, Bryan get's to the quick
[14:27:25] <werner> The timestamp as part of the fpr is annoying.
[14:27:25] <Joe Hall> yeah
[14:27:36] <richsalz> yes, Bryan.
[14:27:58] <Joe Hall> ah, context as an attack, love it
[14:27:58] Juan Janczuk joins the room
[14:28:18] <Joe Hall> reminds me of https://evil32.com/
[14:30:37] <Joe Hall> phb again, @nllz
[14:31:19] <Joe Hall> omg
[14:31:46] <Joe Hall> entirely unconvincing to me
[14:32:55] <werner> FWIW: For ECDH we need a fingerprint truncted to 20 bytes.
[14:32:58] <Joe Hall> you could imagine a  SHAKE-like structure but even that seems crazy for this
[14:34:51] <richsalz> werer -- should i say that?  seems important
[14:35:39] Steve Olshansky leaves the room
[14:35:48] <werner> I don't think it is that important: we can always truncate it to 20 bytes.  Or does PHB suggest to have shorter fprs?
[14:36:01] <richsalz> he's at the mic, we'll find out :)
[14:36:52] <werner> Fingerprints are used a) by the protocol and b) for human inspection.  For the latter truncation makes sense
[14:37:16] <Joe Hall> that sounds very useful
[14:37:17] <Joe Hall> +1
[14:37:27] <Joe Hall> (the what is an fpr for doc)
[14:37:48] bruce ng joins the room
[14:39:22] <Joe Hall> and for openpgp and not ssh, but we'll get there
[14:39:58] Peter Koch joins the room
[14:42:14] <Joe Hall> mic: is the "unclear if there are other IP claims" on AES-OCB here things other than Rogaway
[14:42:59] <werner> There a lot of unclear patented things in ECC implementations too.
[14:43:43] <richsalz> yes, Virgil Kligor/IBM and some others might read against OCB
[14:44:31] <Joe Hall> ah, thanks mucho
[14:45:26] Jim Galvin joins the room
[14:45:30] <richsalz> Aaron Zauner (sp?) did work to track things down, if you want to rummage through the IETF IPR pages.
[14:45:31] Jim Galvin leaves the room
[14:45:40] <Joe Hall> that's a great point, spt
[14:46:28] Andrew McConachie leaves the room
[14:46:44] <werner> Yes, a pacth would be good.
[14:47:21] <Derek Atkins> mic: I plan to review
[14:47:36] <Derek Atkins> you're welcome
[14:47:41] <richsalz> :)
[14:48:11] <Derek Atkins> I also have another patch to reserve some *OPTIONAL* crypto algorithms.
[14:49:35] <werner> There are the 4(?) magic bytes which are hash with the plaintext.
[14:50:52] <richsalz> do you know off-hand what the values are?
[14:51:25] <sftcd> seems like a fine idea to prepend purpose-specific strings to to-be-signed|mac'd data
[14:51:50] <Joe Hall> and that functions as essentially a strange kind of prefix here for openpgp, @werner?
[14:51:53] <werner> Not very OpenPGP specific:
  buf[0] = sig->version;
  buf[1] = 0xff;
  buf[2] = n >> 24;         /* (n is only 16 bit, so this is always 0) */
  buf[3] = n >> 16;
  buf[4] = n >>  8;
  buf[5] = n;
[14:51:53] Peter Koch leaves the room
[14:51:56] <Joe Hall> ah
[14:52:08] Peter Koch joins the room
[14:54:08] <werner> I never seen that used, though
[14:57:12] Ralf Weber leaves the room
[14:57:15] <Joe Hall> thanks scribes and DKG chairing!
[14:57:20] <Derek Atkins> thanks DKG!
[14:57:21] Tim Wicinski joins the room
[14:57:23] sftcd leaves the room
[14:57:29] richsalz leaves the room
[14:57:31] <werner> Thanks Niels, too.
[14:57:53] Joseph Hall leaves the room
[14:58:02] <Derek Atkins> werner: I plan to send you another patch in a week or two...
[14:58:10] Peter Koch leaves the room
[14:58:11] <Derek Atkins> (to reserve some protocol numbers)
[14:58:17] Joe Hall leaves the room
[14:58:23] <werner> Send it to the ML - I read it ;-)
[14:58:49] Juan Janczuk leaves the room
[14:58:49] Derek Atkins leaves the room
[14:58:49] Werner Koch leaves the room
[14:58:50] Ned Freed leaves the room
[14:58:50] bruce ng leaves the room
[14:59:12] <derek> werner: will do :)
[14:59:23] <derek> TTYL
[14:59:29] derek leaves the room
[15:04:01] werner leaves the room
[15:06:48] Steve Olshansky joins the room
[15:10:43] scott_rose leaves the room
[15:14:00] Steve Olshansky leaves the room
[15:14:10] Tim Wicinski leaves the room
[15:20:32] Meetecho leaves the room
[15:22:08] nllz joins the room
[15:22:13] nllz leaves the room
[15:25:13] nllz leaves the room
[15:28:49] tale leaves the room
[15:31:48] nllz joins the room
[15:31:58] bortzmeyer joins the room
[15:38:36] Tim Wicinski joins the room
[16:34:25] nllz joins the room
[16:34:43] nllz leaves the room
[16:50:43] nllz leaves the room
[16:54:27] nllz joins the room
[16:54:54] tale joins the room
[17:07:15] nllz leaves the room
[17:21:46] Tim Wicinski joins the room
[17:22:51] Tim Wicinski leaves the room
[18:18:01] Tim Wicinski leaves the room
[18:19:51] Tim Wicinski joins the room
[18:26:49] Tim Wicinski leaves the room
[18:31:41] DanYork joins the room
[19:06:57] tale leaves the room
[19:07:09] DanYork leaves the room
[19:16:26] bortzmeyer leaves the room
[19:17:57] bortzmeyer joins the room
[19:18:12] Tim Wicinski joins the room
[19:21:11] DanYork joins the room
[19:21:40] tale joins the room
[20:22:26] tale leaves the room
[20:22:37] DanYork leaves the room
[20:22:41] Tim Wicinski leaves the room
[20:23:16] Tim Wicinski joins the room
[20:23:24] Tim Wicinski leaves the room
[20:24:44] bortzmeyer leaves the room
[20:37:21] DanYork joins the room
[20:47:36] bortzmeyer joins the room
[20:58:20] tale joins the room
[21:22:04] bortzmeyer leaves the room: Replaced by new connection
[21:22:04] bortzmeyer joins the room
[21:30:51] Tim Wicinski joins the room
[21:32:33] Tim Wicinski joins the room
[21:32:33] Tim Wicinski leaves the room
[21:34:36] Tim Wicinski joins the room
[21:34:36] Tim Wicinski leaves the room
[21:36:22] Tim Wicinski leaves the room
[23:09:28] tale leaves the room
[23:36:09] DanYork leaves the room
[23:45:46] tale joins the room
[23:49:51] bortzmeyer leaves the room

Powered by ejabberd - robust, scalable and extensible XMPP server