# Agenda Bashing None Slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-saag-chair-slides-01 # WG reports (not sent to saag@ietf.org) DOTS - meeting next. Close on all informational drafts. On the protocol drafts were goign to WGLC both documents; one for the second time. LAMPS - WG rechartered and getting started on new work. TOKINBIND: Meeting Friday - drafts on their way or through IESG review. TRANS: Discussed some issues on the bis draft. Spin new WG or drop if not fitting. # Related WGs relpace: SIDR with SIDROPS W3C is having a workshop about user consent: https://www.w3.org/Privacy/permissions-ws-2018/cfp.html # BOFs DRIU (no WG forming): How do you get DOH over DHCP. # Presentations ## Automated Crypto Validation Protocol Slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-saag-acvp-00.pdf Paul Hoffman: Sounds great. FIP140 kinda sucks. Can yon tie them more closely together? Answer: Working on some vendors on modules. Paul Hoffman: ICANN seemed to kick off a buying spree on L4 though others didn't need it. Yaron Sheffer: What's the scope? Longer term are you looking at general purpose crypto testing? Answer: We recognize that we only cover a portion of crypto-tech. We're just starting and there are ways to extend it to do other algorithms. You can also take the code and do what you like with it. David Mcgrew: It would be good to add those other algs in. Chris Wood: Are test vectors standardized? (Wycheproof) Answer: Working on it. Martin Thomson: Where are the specs? Need more help. There's a side meeting at 7:30. ## Cluster of Re-Used Keys Slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-saag-clusters-of-re-used-keys-00 Daniel Francke: If you were to study clients rather than servers you'd find reuse of TLS and SSH keys. OpenSSH supports PKCS#11, but it's not great. Better to swap it and use TLS. Wes Hardaker: Did you try to make them aware of larger clusters that one compromise is really bad. Answer: It's hard got people who do it better. Omit: Are there are cases where peoeple were look for heys on GH? Can we check that those keys are there or not? Answer: Need an API to scan. DKG: Scan is not complete (I've got a server that resuses SSH and TLS). Is CT a mechanism for this? Answer: CT might help, but I didn't do it. Wes Haraker: One thing that we had to do was break config because shit passwords are in some default configs. Look at DNS too. Answer: Sure. Tim H: Unfortunately, CAs support it, but it would make CAs less competive. DKG: I think maybe you misunderstand, it's about the same key for different identities. TimH: That has a better chance of passing at CABF. PaulH: Provide better errors to help. Yoav - CA can kick it out with a bad CSR. PHB: If you're doing EC stuff you can use collaborative techniques. Benjamin D: Seems like this is an abject failure. Rich Salz: Confused by what was found? Answer: Every crazy think happened. ## Cyber Defense Slides: https://datatracker.ietf.org/meeting/102/materials/slides-102-saag-cyber-defence-00 Pete Resnick: Like the idea of an IRTF RG. DKG: Thanks for the data. What kind of things could we do to help. Answer: We do use die-die-die drafts, but we can always use more. Yoshiro: Thanks for this. Have you talked to other countries cyber security orgs? Answer: We have to some, but more is better. Roman: There's like 90 and we're peers. It's good to have this data. Stephen: The more open the better. There's called MAP RG is a measurement RG and that might be a place to go. Ron (Last Name?) (UT North Texas): Can you share info on voice spam. Answer: Nope. Carsten: Remote services attestation somewhere in Square Dorchester.