[18:28:58] MAHESH-WXP joins the room [20:21:56] alange@jabber.org joins the room [20:48:00] MAHESH-WXP leaves the room [20:57:36] alange@jabber.org leaves the room [20:59:37] Work joins the room [21:06:30] alange@jabber.org joins the room [21:15:52] Work leaves the room [21:17:54] Work joins the room [21:18:04] Lars joins the room [21:19:47] Work leaves the room [21:20:09] dborman joins the room [21:20:52] jishac joins the room [21:21:05] MAHESH-WXP joins the room [21:22:08] mrichardson joins the room [21:22:17] jishac has set the subject to: TCP Maintenance and Minor Extensions WG [21:23:26] shep joins the room [21:26:43] MAHESH-WXP leaves the room [21:28:03] MAHESH-WXP joins the room [21:31:18] Is David far from the mike? [21:31:43] he was about 2 feet from the mic, now he's about 6 inches. [21:31:43] jpcerezo joins the room [21:32:50] Now it sounds much better. [21:33:11] gorryf joins the room [21:43:50] polk.tim joins the room [21:43:52] Eric Rescorla joins the room [21:43:52] magnus joins the room [21:43:56] lebobits joins the room [21:44:11] andrew: r u here in msp? [21:44:40] no, unfortunately [21:44:44] ahhh [21:44:53] on audio? [21:44:57] yup [21:45:19] very good [21:45:23] ;-) [21:46:12] lion joins the room [21:48:16] MUST / MUST - 3 implementors already support this. It's proven to be pretty easy in implementation. [21:48:40] And, should one get cracked, we can roll to the other easily. [21:49:20] Lars leaves the room [21:49:49] Lars joins the room [21:50:17] arifumi joins the room [21:51:38] jpcerezo leaves the room: offline [21:51:40] gorryf leaves the room [21:53:46] *raise hand* [21:54:02] *raise hand* [21:54:11] Due to audio delay you better say which you raise to [21:54:19] good point [21:54:28] just reinforcing my earlier point [21:54:58] I can live with a sufficiently strong SHOULD (SHOULD+) [21:55:26] mrichardson leaves the room [21:55:35] holy crud, ekr agreed to something [21:55:40] way to go ekr!!! [21:55:47] yes [21:55:51] that is correct [21:58:25] Lars leaves the room: Replaced by new connection [21:58:26] Lars joins the room [21:59:02] sandy joins the room [22:04:12] this pushes us in the direction of a new registry. We need a new registry to express a policy that shows a set of algorithms that the community has vetted. [22:08:03] The work load is minimal, updates will be infrequent. [22:09:24] But we still might WANT a registry [22:09:49] in order to show which algorithms the community feels are appropriate [22:10:16] Do you want this proxied to the mike, andrew? [22:10:56] I think we're headed in the direction of a registry, at this point, is that your feeling too? [22:11:09] for the key negotiation mechanism, if nothing else... [22:13:10] AL: if you want us to channel you, just prepend MIC: to your comment, k? [22:13:22] sounds good, thanks! [22:13:31] otherwise we'll assume it's jabber discussion [22:13:37] ;-) [22:13:56] okay. I'm usually there. ;-) Last meeting I missed was Vienna. [22:17:55] lion leaves the room: Computer went to sleep [22:18:28] lion joins the room [22:20:39] key ID's ought to be bi-directional, but there is a change-over period where the key-id may differ. [22:21:00] Agreed. [22:21:04] That's what we're trying to make work. [22:21:10] MIC: Misconfiguration comes in many forms. Having been there are 4am working with other ISP's trying to fix something, or find someone on the other side, who know what they are doing, can be difficult and time consuming. Having the ALG ID and options-include information is quite useful in these sorts of situations. [22:23:41] AL: I thought we went through that already, no? If you have the bit on the wire telling you waht algo you used, then, when it fails, you can tell that it was the algo mismatch. You still have to call the other guy to re-agree on the algo. So you still have to make the call. [22:24:00] so it buys nothing, and gives away info on the wire that we would prefer a hacker not have [22:24:41] we had come to that conclusion on the call a while back, but maybe consensus was not reached. [22:26:24] A couple of points -- one the cracker needs to be a man-in-the-middle for them to get the information -- a position which, for routing at least, is rare. Also, you don't have to call, necessarily, it can certainly be a case where, for example you've rebooted a local system, and the alg fell back to a different config, or they did the same, and you can see that something has changed. [22:27:01] MitM attack - agreed it's less common, but if we can address it without cost, why not? [22:27:35] also, if we have specific bits to represent algos, then people can't use private algos, if they so desire [22:27:48] that's exlusivity we need not enforce [22:29:02] why do we want to use private algos? Also -- we could reserve a range if need be, for the likes of the NSA or someone else who wants a private algo [22:29:06] why would the algo fall back in a reboot? That's a config item, not an executable, right? [22:29:28] "we" don't. But military and gov't do. They are our consumers too [22:29:45] i.e. the consumers of our standards [22:30:09] right, and our products sometimes -- we can reserve a range, like we do for most protocols. For example, what does IPSec do? [22:30:11] people do it with TLS and IPsec today [22:30:42] isn't there an option registry? [22:30:48] they send the info about algos chosen under protected (encrypted) packets in IKE [22:30:51] like the IKEv2 one? [22:31:09] we can do that once we get KMP, I promise, but not here on every packet of the transport, ok? [22:31:46] remember we have a roadmap here [22:32:06] the final product with KMP will have a troubleshooting mech, let's just not plop it on the wire of the transport [22:33:04] shikob joins the room [22:35:56] a bit on the wire for the key-id? Or the entire byte for the key-id? [22:36:37] don't need the bit in the header, do need the byte for the key-id, is the way I heard it. [22:36:55] same here, but I wasn't 100% sure. [22:37:40] arifumi leaves the room [22:37:42] which bit? The ALG-ID byte? (well, 7-bits in draft-bonica) [22:37:48] Yeah, that's the relevant bit [22:37:58] Brian is right about the never getting away from manual keying [22:38:18] someone will always want to do it. Although I agree a negotiation protocol is ideal. [22:38:23] we are convinced of that too... [22:38:49] it's a simple operation, it shouldn't be much effort to check. [22:38:50] never getting away from it, but fortunately we don't need to in many scenarios [22:39:05] that would be ideal. [22:39:41] except, when there are more than 2 ALG's -- there could be up to 256 - although, admittedly, not likely in the near term. [22:41:00] MIC: But we're already gaining 3 bytes versus MD5 [22:42:06] hope i didn't butcher that in presentation... [22:42:36] it was fine, thanks! [22:43:04] al: your vote? [22:43:39] keep the byte for ALG-ID [22:43:59] keep the T-bit [22:44:24] don't care about the K-bit: Only if it's useful for the people doing the negotiation protocol [22:44:46] Eric Rescorla leaves the room [22:44:49] shikob leaves the room [22:44:57] alange@jabber.org leaves the room [22:45:31] polk.tim leaves the room [22:45:37] lebobits leaves the room [22:45:38] lebobits joins the room [22:46:54] lebobits leaves the room [22:54:19] Eric Rescorla joins the room [22:57:46] scott.mansfield joins the room [23:01:40] scott.mansfield leaves the room [23:02:34] sandy leaves the room: Computer went to sleep [23:05:56] Lars leaves the room [23:06:01] dborman leaves the room: Computer went to sleep [23:06:28] shep leaves the room [23:07:10] Eric Rescorla leaves the room [23:07:46] lion leaves the room [23:08:08] jishac leaves the room [23:14:42] magnus leaves the room [23:15:21] MAHESH-WXP leaves the room [23:17:14] Eric Rescorla joins the room [23:26:37] Eric Rescorla leaves the room [23:30:37] Eric Rescorla joins the room [23:56:34] Eric Rescorla leaves the room [23:59:49] Eric Rescorla joins the room