Minutes IETF98: saag

Meeting Minutes Security Area Open Meeting (saag) AG
Title Minutes IETF98: saag
State Active
Other versions plain text
Last updated 2017-03-31

Meeting Minutes

Meeting started right on time - 15:20

Showed Note Well ; thanked Stephen Farrell

Going through working group reports. Most had been sent to the list.

Going through related working groups.  Paul Hoffman talked for a bit
about DPrive.  Karen talked about NTP. Wendy sent a message to the
list about W3C

Hannes talked about the TEEP BoF. Half the room didn't understand what
they were trying to do. Thinking about what to do next.


*** Hannes about "EEMBC IoT Security Benchmarks"
Hannes's slides:
Even lightweight devices can do crypto.

*** David Mazieres "Internet Level Consensus is Practical"
David's slides:
Note that there is an IETF mailing list for this subject: 
https://www.ietf.org/mailman/listinfo/ilc [slide 15] Ted Hardie: A node can
select more than one slice? David: Yes, for redundancy. Ted: How can it get a
super-set if there's more than one? David: Needs to be a super-set of one? Ted:
Does is work if there's only one? David: Yes, but if one member of the slice is
down, you can't get a quorum and thus no consensus.

* Bar BoF tonight, 7:30pm–9:00pm

MCR: You talked about CAs and public knowledge. Financial transactions are not
public knowledge. How is that handled? David: The log is public, but there are
ways that people who don't know the transactions to not get this. It's on a
different layer. Melinda Shore: This is a distributed computing problem more
than security. We have a long history of kicking those down the road. Homenet,
Trans are publishing consensus protocols. Christian Huitema: Sybil attack?
(https://en.wikipedia.org/wiki/Sybil_attack) question about who is allowed to
be on the tier of trusted nodes. David: decided by consensus. transitive trust.
You might choose, e.g., 30 CAs + locally trusted org Kyle Rose: How do you
converge if there is disagreement on timestamp David: You'll converge on a set
of nominated values. Challenge depends on the usage. In markets, concerned
about front-running, more of a concern than in software transparency Tim
Sheppard: the problem of deciding who the roots of the CA us is solved? David:
We'll have people decide for themselves. If there's enough overlap it will work.

*** Sharon Goldberg on "Verifiable Random Function"
Sharon's slides:
Ben Kaduk: Is there a way to verify that the hasher is not denying things in
the data structure? Sharon: That is proved by the structure of the data
structure itself. If something is absent the data structure will show it. The
hasher cannot deny that something is present or absent. Richard Barnes: Trying
to figure out what you can build on top of this. Are all VRFs of this form
(hash + signature)? Sharon: (slide 17) - the signature is the proof. The
signature needs to be deterministic, so you can't use ECDSA (which is
non-deterministic). In EC-VRF we use the X coordinate of gamma for "hash".
Phil???: Sharon: these are all VRFs in the ROM. Don't know what it says about
post-quantum (?) Wes Hardaker: If I were able to collect a bunch of proofs over
time, I could do dictionary attacks? Sharon: When you see a proof, you can
verify it if works for an input. Wes: and it would be a strange protocol where
I couldn't see the inputs but could see the proofs

*** Phillip Hallam-Baker on "JSON implementation of Mesh/Remesh"
PHB's slides:
 (just one slide) (no questions)

*** Open Mic
Ingo Stieglitz : Thank you. You are all awesome. Is there any work here on ICMP
NATing Kathleen: Recommend you ask in Ops Yoav Nir: A couple IETFs ago, started
to discuss 3552bis, what should go into security considerations. I did a first
transposition, called for comments, and got nothing. We shouldn't send the
message that there's nothing to add since 2003 [by publishing a new unchanged
document]. We need people to propose text and ideas. Hannes: We asked for
update without knowing what the update would be. What is the target audience?
What should the recommendation be? Yoav: 3552 and bis, target audience is
people who write RFCs. Security Considerations sections target the same
audiences as the RFCs themselves. Hannes: this isn't the way people write
security considerations. they cut-and-paste from existing documents. Kathleen:
At SecDir, not everyone is comfortable with privacy; we might do better on
those reviews if we got more info into the bis. Paul Hoffman: One problem with
the original document is its length: 40 pages. Mix of good examples, etc. but
many people don't want to read that long. A shorter document would be better
for doc authors. Matt Mathis: speaking as an author in other WGs, the presence
of Security Considerations section has caused us to take things out of
documents; that the review doesn't pick thnigs up doesn't mean it hasn't
helped. David Black: Example in Ops: appendix with a list of questions an ops
reviewer should ask. (Appendix A of RFC 5706) Kathleen: How many people
interested in an update? [about 20 hands]. Please discuss on SAAG list.

And we're done (16:48)