Wednesday, July 28, 2021< ^ >
Jim Fenton has set the subject to: Virtual UTA "at" IETF 107
Room Configuration
Room Occupants

[14:03:44] Valery Smyslov_web_743 joins the room
[14:09:40] Valery Smyslov_web_743 leaves the room
[20:38:07] Yoshiro Yoneya joins the room
[21:08:58] Meetecho joins the room
[21:15:03] Hannes Tschofenig_web_190 joins the room
[21:15:03] Yoshiro Yoneya_web_127 joins the room
[21:17:23] Alessandro Amirante_web_675 joins the room
[21:17:37] Stephen Farrell_web_532 joins the room
[21:18:56] Stephen Farrell_web_532 leaves the room
[21:19:03] Stephen Farrell_web_795 joins the room
[21:19:11] Stephen Farrell_web_795 leaves the room
[21:19:15] Stephen Farrell_web_388 joins the room
[21:20:01] Sean Turner_web_432 joins the room
[21:20:20] sftcd joins the room
[21:21:27] Valery Smyslov_web_750 joins the room
[21:22:57] Meetecho has set the subject to: Virtual UTA "at" IETF 111
[21:23:44] Tim Hollebeek_web_709 joins the room
[21:23:47] stpeter joins the room
[21:24:37] Rebecca Guthrie_web_921 joins the room
[21:25:00] Yaron Sheffer_web_827 joins the room
[21:25:27] Chuck Lever_web_897 joins the room
[21:26:05] Korry Luke_web_616 joins the room
[21:26:14] Yoshitaka Aharen_web_718 joins the room
[21:26:50] Watson Ladd_web_983 joins the room
[21:26:55] Rich Salz_web_796 joins the room
[21:27:02] Peter Saint-Andre_web_443 joins the room
[21:27:15] Christopher Patton_web_457 joins the room
[21:27:43] Carlos Silva_web_619 joins the room
[21:27:52] meetecho-alexamirante joins the room
[21:28:11] Xavier de Foy_web_907 joins the room
[21:28:19] tim costello_web_226 joins the room
[21:28:28] Kenneth Murchison_web_990 joins the room
[21:28:43] <stpeter> Hey nice, I have _443 at the end of my Meetecho username so it must be secure. ;-)
[21:28:48] Florence D_web_769 joins the room
[21:28:54] Alison Becker_web_571 joins the room
[21:29:01] Roman Danyliw_web_580 joins the room
[21:29:10] Thomas Fossati_web_298 joins the room
[21:29:24] Renan Krishna_web_370 joins the room
[21:29:25] <Valery Smyslov_web_750> :-)
[21:29:27] <Alessandro Amirante_web_675> :lock:
[21:29:29] Kaitlin Pollet_web_438 joins the room
[21:29:31] Joseph Salowey_web_952 joins the room
[21:29:42] Steve Dickson_web_657 joins the room
[21:29:47] Rob Hamilton_web_385 joins the room
[21:29:49] Keith Bare_web_934 joins the room
[21:29:52] Jamey Sharp_web_194 joins the room
[21:29:54] Alexey Melnikov_web_848 joins the room
[21:29:54] Carrick_web_612 joins the room
[21:29:58] Carrick_web_612 leaves the room
[21:30:05] Carrick_web_356 joins the room
[21:30:06] Francesca Palombini_web_784 joins the room
[21:30:28] Marie-Hélène Bouchard_web_438 joins the room
[21:30:31] David Baldassin_web_454 joins the room
[21:30:40] Jeremiah Androscavage_web_609 joins the room
[21:30:54] Eric Orth_web_904 joins the room
[21:30:57] <stpeter> Ah, it seems things like _web_443 are obscured in the Meetecho interface, so they only show up in "native" Jabber.
[21:31:00] francesca joins the room
[21:31:06] Peter Campbell_web_403 joins the room
[21:31:15] David Hancock_web_222 joins the room
[21:31:16] Chi-Jiun Su_web_564 joins the room
[21:31:16] <francesca> hi all! :)
[21:31:26] <stpeter> ciao!
[21:32:03] Joseph Kalfa_web_310 joins the room
[21:32:08] Trent Adams_web_304 joins the room
[21:32:19] <francesca> Thank you Alexey and Hannes!
[21:32:28] Stephan Emile_web_656 joins the room
[21:32:31] <Joseph Kalfa_web_310> audio to the audio only option is not streaming yet
[21:32:32] <stpeter> I don't hear any audio via Meetecho, rejoining.
[21:32:37] <francesca> and thanks Rich
[21:32:40] Nicholas Gajcowski_web_769 joins the room
[21:32:51] Francois Ortolan_web_234 joins the room
[21:33:00] <Rich Salz_web_796> I'm jabber scribe.  If you want me to relay anything via the video meeting, preface your text with "MIC:" or ping me.
[21:33:04] Steffen Fries_web_333 joins the room
[21:33:14] Jonathan Lennox_web_834 joins the room
[21:33:40] Jim Fenton_web_842 joins the room
[21:33:45] David Benjamin_web_431 joins the room
[21:33:45] Peter Saint-Andre_web_443 leaves the room
[21:33:46] Hiroyuki Goto_web_592 joins the room
[21:34:14] Andrei Popov_web_980 joins the room
[21:34:20] Eric Kinnear_web_905 joins the room
[21:34:35] Corey Bonnell_web_210 joins the room
[21:35:00] Rolf Sonneveld_web_542 joins the room
[21:35:24] Peter Saint-Andre_web_732 joins the room
[21:36:02] Takahiro Nemoto_web_643 joins the room
[21:36:24] Viktor Dukhovni_web_854 joins the room
[21:36:30] Deb Cooley_web_737 joins the room
[21:36:40] fightingnemo joins the room
[21:38:26] Rob Hamilton_web_385 leaves the room
[21:38:53] <Joseph Kalfa_web_310> !! only is working now
[21:39:17] <Roman Danyliw_web_580> To be clear, I we saying drop text about CNs or explicitly say don't use CNs
[21:39:28] <Roman Danyliw_web_580> To be clear, are we ...
[21:40:50] Steven Fenter_web_801 joins the room
[21:41:17] Yoshiro Yoneya_web_127 leaves the room
[21:41:19] Ned Freed_web_888 joins the room
[21:41:20] <Alexey Melnikov_web_848> Roman: do you want to ask Rich directly?
[21:41:22] Yoshiro Yoneya_web_578 joins the room
[21:41:50] Burt Kaliski_web_997 joins the room
[21:42:01] <Watson Ladd_web_983> how about "X.509 Server Identification in Transport Layer Security"
[21:42:06] <Carrick_web_356> Just "Use the SAN"
[21:42:29] <stpeter> The shortname of 6125 was "Service Identity" and we could use that.
[21:42:35] Chi-Jiun Su_web_564 leaves the room
[21:42:37] Joseph Salowey_web_952 leaves the room
[21:43:02] <Roman Danyliw_web_580> PKIX is also in the abbreviation list (like TLS). We could drop it from the title too
[21:43:16] <Viktor Dukhovni_web_854> Go ahead
[21:43:17] <Sean Turner_web_432> @roman nice!
[21:43:21] <Sean Turner_web_432> let's do a poll! :)
[21:43:44] <Sean Turner_web_432> ah make those who object speak now :)
[21:44:06] <Viktor Dukhovni_web_854> Standard
[21:44:53] <Viktor Dukhovni_web_854> Drop pinning.
[21:45:28] <stpeter> Viktor Dukhovni_web_854: do you mean request advancement from Proposed Standard to Standard?
[21:45:28] <Carrick_web_356> Sean: no objection
[21:46:03] <Carrick_web_356> +1 Watson
[21:46:21] <sftcd> -1 watson: pinning helps avoid corporate mitm
[21:46:34] <sftcd> whether text here is good/bad is another question
[21:46:43] <Watson Ladd_web_983> Not trusting evil CAs avoids corporate MITM
[21:47:01] <sftcd> applications don't get that choice
[21:47:36] <Yaron Sheffer_web_827> sftcd: the "real" pinning specs had exceptions especially for enterprise MITM.
[21:47:47] <sftcd> yeah, pity that
[21:47:56] <Watson Ladd_web_983> applications should do what computer's admins tell them to. but this is a whole different issue
[21:48:16] <Jonathan Lennox_web_834> If there are "real" pinning specs, then presumably there shouldn't be a "fake" pinning spec here?
[21:48:52] Tim Hollebeek_web_709 leaves the room
[21:48:53] <Yaron Sheffer_web_827> "Real" pinning specs(including my own) never had traction.
[21:49:10] <sftcd> I don't think what Yaron referred to is really the "real pinning" that is really done in apps in app stores
[21:49:28] <Sean Turner_web_432> guarantee the IESG will debate that point for us ;)
[21:50:20] Shumon Huque_web_376 joins the room
[21:50:27] Yang Guo_web_923 joins the room
[21:50:27] Francois Ortolan_web_234 leaves the room
[21:50:39] Viktor Dukhovni_web_854 leaves the room
[21:51:43] Nimrod Aviram_web_995 joins the room
[21:52:15] <sftcd> is there much real usage of chacha in tls1.2?
[21:52:25] Steve Dickson_web_657 leaves the room
[21:52:34] Yang Guo_web_923 leaves the room
[21:52:38] <Watson Ladd_web_983> old Android
[21:52:50] <Rich Salz_web_796> cloudflare saw a BIG jump when they implemented it, but now everyone does 1.3
[21:53:48] <David Benjamin_web_431> But everyone doing 1.3 now comes from the clients upgrading. If your server is still at 1.2, you still want 1.2 chacha for those clients.
[21:54:11] <Watson Ladd_web_983> i can probably ask someone for numbers we see.
[21:54:15] <Thomas Fossati_web_298> also new Arm phones have better support for AES, so a sizeable chunk of Android has moved to AES
[21:54:52] <David Benjamin_web_431> Yeah, at this point most of our client base without AES hardware is old Windows rather than old Android.
[21:55:29] <Alexey Melnikov_web_848> Bigger RSA and DHE seem sensible
[21:56:04] <David Benjamin_web_431> But it's still the case that ChaCha is the right answer when one of client or server lacks AES hardware.
[21:56:12] <sftcd> increasing RSA size is certainly easier but question is whether it's worthwhile if there were a real quantum attack
[21:56:25] <Carrick_web_356> But the TLSWG might adopt a draft that deprecates DHE and RSA KX?
[21:56:30] <Deb Cooley_web_737> to be clear my draft does not address PQ.
[21:56:52] <sftcd> but anyway if there's discussion about each such change on the list that'll all work out fine
[21:57:01] <Deb Cooley_web_737> I thought large DHE w/known groups was still ok?
[21:57:09] <Carrick_web_356> Oh sorry yes
[21:57:18] <Deb Cooley_web_737> ok, ty
[21:57:21] <Watson Ladd_web_983> the problem is performance and how good is the GNFS really
[21:57:24] <Yaron Sheffer_web_827> @Carrick: we are closely following the TLS deprecation discussions.
[21:57:31] <Carrick_web_356> @Yaron great
[21:57:38] <Watson Ladd_web_983> want to understand why draft is saying use 3072 and 384
[21:57:58] <Watson Ladd_web_983> and if we're going to p384, would want X448
[21:59:07] <sftcd> MIC: has anyone looked at the docs referencing this BCP to check if there's anything we may break by accident? (sorry, can't send audio right now)
[21:59:10] Rolf Sonneveld_web_542 leaves the room
[21:59:15] Rolf Sonneveld_web_912 joins the room
[21:59:46] Rolf Sonneveld_web_912 leaves the room
[21:59:49] <Yaron Sheffer_web_827> @sftcd: there's a *huge* number of documents doing that, outside of IETF.
[21:59:50] Rolf Sonneveld_web_726 joins the room
[21:59:51] <Sean Turner_web_432> I tend to agree with PSA's thinking
[21:59:53] Stephen Farrell_web_388 leaves the room
[21:59:59] Stephen Farrell_web_934 joins the room
[22:00:35] <Carrick_web_356> +1 Rich
[22:00:47] <sftcd> @Yaron: yeah that's why I was wondering if anyone had taken a look
[22:00:59] <Yaron Sheffer_web_827> Nope.
[22:01:16] Viktor Dukhovni_web_491 joins the room
[22:01:43] <Rich Salz_web_796> hand back up btw
[22:02:57] <sftcd> @Rich: you're jabber scribe? did you see "MIC:" comment above?
[22:03:05] Christopher Patton_web_457 leaves the room
[22:03:29] <Rich Salz_web_796> oops, sorry, thanks.  and thanks Alexsey!
[22:03:46] <Rich Salz_web_796> And oh damn, Alexey no s
[22:04:19] <sftcd> no just generic worrying:-)
[22:04:23] <stpeter> heh ok
[22:04:25] Burt Kaliski_web_997 leaves the room
[22:04:55] Stephen Farrell_web_934 leaves the room
[22:04:59] Stephen Farrell_web_178 joins the room
[22:05:32] <sftcd> I kind of agree with Viktor
[22:05:36] <Watson Ladd_web_983> unfortunately a lot of CAs use p384 for signatures.
[22:06:41] <stpeter> What Viktor says makes some sense. We might want to point in the direction of larger key sizes for instance (and informatively reference the CNSA document), but not make that a SHOULD.
[22:06:54] <Roman Danyliw_web_580> Not raising the floor something because it's not PQ resistant doesn't motivate me.  We don't have enough fidelity into the PQ solution yet and we can't just freeze our evolution of improving classic recommendations
[22:07:31] <Roman Danyliw_web_580> Performance, etc is more compelling
[22:07:57] <Carrick_web_356> +1 Roman
[22:07:58] <Alexey Melnikov_web_848> Roman: _1
[22:07:59] <sftcd> @yaron: that's fair, I guess since we encouraged other IETF docs to refer to BCP195 and not RFC7525 we do owe 'em a bit of due diligence in cases where the bis RFC isn't the same as 7525  
[22:08:00] <Alexey Melnikov_web_848> +1
[22:08:25] <stpeter> sftcd: agreed
[22:09:10] Carlos Silva_web_619 leaves the room
[22:09:14] <stpeter> we kind of kept the WG open to work on 7525bis IIRC
[22:09:43] David Baldassin_web_454 leaves the room
[22:09:54] <Sean Turner_web_432> @stpeter agreed I was thinking post 7525bis publication
[22:10:11] <stpeter> yes, exactly
[22:10:17] Nimrod Aviram_web_995 leaves the room
[22:10:43] Rich Salz_web_796 leaves the room
[22:11:22] Naoya Kaneko_web_421 joins the room
[22:13:32] Jamey Sharp_web_194 leaves the room
[22:13:33] Jaime Jimenez_web_841 joins the room
[22:13:39] Jim Fenton_web_842 leaves the room
[22:15:36] <francesca> Thanks for the comments, I will talk with the SEC ADs and come back (once the time is right)
[22:15:38] <Alexey Melnikov_web_848> UTA's audience is a bit different
[22:15:39] <Watson Ladd_web_983> sorry, forgot that that isn't automatic
[22:16:53] <Sean Turner_web_432> definitely don't close it before 7525bis is published ;)
[22:16:58] <Watson Ladd_web_983> imho disconnecting design from applications invites problems.
[22:17:01] <francesca> ahah :D
[22:17:09] <Watson Ladd_web_983> +1 Sean
[22:17:14] <Sean Turner_web_432> I guess my point is somewhat like Roman's if there's recommendations coming great keep it open. If not ...
[22:17:32] Stephen Farrell_web_178 leaves the room
[22:17:46] Carrick_web_356 leaves the room
[22:17:47] <francesca> Thanks Valery!
[22:17:48] Hiroyuki Goto_web_592 leaves the room
[22:17:50] Steffen Fries_web_333 leaves the room
[22:17:50] David Benjamin_web_431 leaves the room
[22:17:51] Viktor Dukhovni_web_491 leaves the room
[22:17:51] Rebecca Guthrie_web_921 leaves the room
[22:17:51] Corey Bonnell_web_210 leaves the room
[22:17:51] <stpeter> I suspect we can close the UTA WG once we publish 6125bis and 7525bis
[22:17:51] Jeremiah Androscavage_web_609 leaves the room
[22:17:51] Watson Ladd_web_983 leaves the room
[22:17:52] <Hannes Tschofenig_web_190> Thanks!
[22:17:52] Florence D_web_769 leaves the room
[22:17:52] Chuck Lever_web_897 leaves the room
[22:17:52] Alison Becker_web_571 leaves the room
[22:17:53] Eric Orth_web_904 leaves the room
[22:17:53] Shumon Huque_web_376 leaves the room
[22:17:54] Renan Krishna_web_370 leaves the room
[22:17:55] Kaitlin Pollet_web_438 leaves the room
[22:17:55] Peter Campbell_web_403 leaves the room
[22:17:55] Roman Danyliw_web_580 leaves the room
[22:17:56] Marie-Hélène Bouchard_web_438 leaves the room
[22:17:57] Keith Bare_web_934 leaves the room
[22:17:57] Francesca Palombini_web_784 leaves the room
[22:17:58] Steven Fenter_web_801 leaves the room
[22:17:58] <Sean Turner_web_432> thanks everybody!
[22:17:58] Korry Luke_web_616 leaves the room
[22:17:58] David Hancock_web_222 leaves the room
[22:17:59] Yoshitaka Aharen_web_718 leaves the room
[22:17:59] Peter Saint-Andre_web_732 leaves the room
[22:18:00] Jonathan Lennox_web_834 leaves the room
[22:18:01] Yaron Sheffer_web_827 leaves the room
[22:18:02] Sean Turner_web_432 leaves the room
[22:18:03] Rolf Sonneveld_web_726 leaves the room
[22:18:03] Nicholas Gajcowski_web_769 leaves the room
[22:18:06] Naoya Kaneko_web_421 leaves the room
[22:18:09] Thomas Fossati_web_298 leaves the room
[22:18:18] Hannes Tschofenig_web_190 leaves the room
[22:18:26] Deb Cooley_web_737 leaves the room
[22:18:30] Alexey Melnikov_web_848 leaves the room
[22:18:49] Alessandro Amirante_web_675 leaves the room
[22:18:49] Valery Smyslov_web_750 leaves the room
[22:18:49] tim costello_web_226 leaves the room
[22:18:49] Kenneth Murchison_web_990 leaves the room
[22:18:49] Joseph Kalfa_web_310 leaves the room
[22:18:49] Trent Adams_web_304 leaves the room
[22:18:49] Stephan Emile_web_656 leaves the room
[22:18:49] Andrei Popov_web_980 leaves the room
[22:18:49] Xavier de Foy_web_907 leaves the room
[22:18:49] Eric Kinnear_web_905 leaves the room
[22:18:49] Takahiro Nemoto_web_643 leaves the room
[22:18:49] Ned Freed_web_888 leaves the room
[22:18:49] Jaime Jimenez_web_841 leaves the room
[22:18:49] Yoshiro Yoneya_web_578 leaves the room
[22:21:25] Yoshiro Yoneya leaves the room
[22:34:30] Meetecho leaves the room
[22:44:59] francesca leaves the room
[22:45:22] meetecho-alexamirante leaves the room
[23:06:19] stpeter leaves the room