[08:03:18] --- ray_atarashi has joined
[08:03:30] --- ray_atarashi has left
[08:09:33] --- hartmans has joined
[08:19:16] --- Mouse has joined
[08:20:46] --- toro_toro has joined
[08:20:55] --- toro_toro has left
[08:26:15] <Mouse> ANybody is taking Jabber notes?
[08:28:57] --- Mouse has left: Disconnected
[08:30:49] --- ray_atarashi has joined
[08:30:58] --- ray_atarashi has left
[08:32:36] <hartmans> No.
[08:32:44] <hartmans> Sorry, but I don't have bandwith to do so
[08:36:44] --- Mouse has joined
[08:37:33] <Mouse> Alright. At least you are there. As a favor I'll ask you to let me know afterwards how it went...
[08:38:05] <hartmans> Keep in mind that I'm coming from a security standpoint. My EAP knowledge is a year or so out of date
[08:48:55] --- dumdidum has joined
[08:49:17] --- dumdidum has left
[09:02:03] <Mouse> Sam, I'm Uri - my background in EAP is security-only.
[09:05:18] <hartmans> There has been a long discussion of the key framework document. Fairly sane comments on key lifetimes; there appears to be a master session lifetime from the AAA server and people seem to agree all other lifetimes are shorter than that lifetime, possibly negotiated down by various protococls.
[09:05:59] <hartmans> We're now discussing key naming. The working group is unsure why they need this concept; so am I. It seems to be a mess.
[09:08:11] <hartmans> I have not yet determined whether the names have security significance
[09:15:52] <Mouse> As long as key hierarchy is not affected - I don't think that names matter much. Unless they are obfusticating key purpose by a particularly weird name.
[09:17:16] <hartmans> But the key names appear in their protocol.
[09:17:28] <hartmans> It might matter for example if you can get a peer to use a key by naming etc.
[09:19:42] <Mouse> Yes. But I don't see it as security-impacting. There's saying in Russian "you may call me a pot as long as you don't put me in the stove".
[09:20:29] <hartmans> Assuming all the right things are authenticated it is not a security impact, yes.
[09:20:41] <Mouse> Oh of course!
[09:22:04] <hartmans> I can imagine protocols though where knowing the namie is part of the authentication of a different layer. In such protocols the name being random becomes critical
[09:23:34] <Mouse> Hmm... The "entity" name certainly is critical - in the sense that you at least must know whose key to use for authentication! Otherwise, outside of this - I can't imagine any significance in how you name the keys.
[10:09:10] --- Mouse has left: Logged out
[10:23:56] --- hartmans has left: Disconnected
[16:18:18] --- Mouse has joined
[16:18:26] --- Mouse has left