Melinda Shore and Spencer Dawkins, IRTFOPEN Opening Remarks The IRTF Chair was unable to participate due to a family illness. In addition, a visa complication meant that only one of the two scheduled ANRP presenters was able to receive her award and give her talk. Stay tuned to irtf-announce for info ANRP presentations for IETF104 in Prague. The IRTF Chair's opening slide in absentia was to say: Thank you to Melinda and Spencer (and Mat Ford) for support of IRTF Chairing tasks during IETF 103 Melinda presents: https://datatracker.ietf.org/meeting/103/materials/slides-103-irtfopen-ietf-103-irtf-open-notewell-and-agenda-00 Applied Networking Research Prize Talk: Johanna Amann, ICSI/LBL/Corelight, "Mission Accomplished? HTTPS After DigiNotar" Slides: https://datatracker.ietf.org/meeting/103/materials/slides-103-irtfopen-johanna-amann-anrp-talk-mission-accomplished-https-after-diginotar-02 Ashutosh Singh: Is this reflective of only North America or wider? Did you also look into cert types and key sizes that EC certs are picking up and if RSA is still popular what key sizes? Amann: Mostly North America, we have some contributions from other places but I'm not at liberty to say from where. Regarding certifacte sizes, we could look at those parameters but have not recently. When I looked a year ago nearly everything was RSA. Ulrich Wisser: You presented 3 ways of showing an SCT proof - they are not mutually exclusive - any data on how many do more than one? Amann: Yes, but not sure I can remember the numbers now - I will have to look in the paper. From memory it's unusual for sites to simultaneously. If they do it simultaneously it is typically via TLS extension and via certificate. only two cases where OCP was used simultaneously with something else. Wes Hardaker: Fantastic work, my immediate reaction is how can we translate this into helping deployment. Did you look at other usages of TLS besides web, e.g. did you look for certs in other places? Amann: Yes - we attach ourselves to a few ports, in addition we have a regex that matches the beginning of every connection that should be able to catch every TLS connection - matched connections get passed to TLS analyser. We have written papers about TLS on other ports, e.g. at NDSS a couple of years ago for communication protocols like email - 2 years ago deployment was worse there than for https. WH: You may want to talk to Viktor Dukhovni from 2 Sigma who does a DANE survey for mail in particular and has a large quantity of hosts that you may want to query. He and I jointly publish a website stats.dnssec-tools.org that shows DANE usage - I suspect you could get a lot more data by talking to him. Christian Huitema: I like these measurements and I like the idea that you can measure deployment from traffic. Don't you have small problem with TLS 1.3 - a lot of the data that you analysed is in cleartext in TLS 1.2 and below and they are encrypted in TLS 1.3. Amann: I personally am a little bit sad about that because it makes my work more difficult but I do understand why it is being done and I take it as an opportunity. We do get to see onramp of a new protocol and also the stragglers over time - i.e. who doesn't update. Also we are looking at the TLS1.3 supported_versions extension. It is interesting what people stick in there - Google have their own values for example, suspect facebook also has some because we saw a bunch of them starting with FB. So you see interesting things. Arjuna Rutra: What is the risk factor of deploying these technologies mentioned in the slides? Amann: Risk factors are if you have something like HPKP misconfiguration or you lose access to the key that you specified you might lock yourself out of your own domain. Browsers would refuse to connect to your domain because the key of the cert you are serving doesn't match any more and you don't have access anymore. In theory you can cache for a year so lock out could last for a long time. With HSTS it's much lower risk because you only need a valid certificate. Yoav Nir: Former websec chair, we standardised HPKP - once browsers report that your key should be X, you're blocked for months if it isn't - the only way to change is to push changes to every browser - that's why it didn't catch on. Ashutosh Singh: HPKP and CTL are sort of competing programs and Google picked one and that's why CTL picked up and they decided to decommission HPKP. Mat Ford: I was surprised by your final point that you didn't expect that having more diverse measurement points would lead to greater insight or more divergence. I wonder if that tells us something about the way the network is being used. Amman: It's generally interesting when you compare passive measurements to active measurements - then you see a huge difference. Active measurements you see everything that exists on the Internet more or less - passive measurements you see what is being used. You might have noticed that we have 45 million certs in our passive data set now, when you do a full scan of the Internet you already get more certificates. The amount of sites that people actually access is much much lower than what is available. So if you just do an active scan you get a hugely skewed picture of what is going on on the Internet. If you do an active scan you find a lot of servers with not so good configurations or choosing cipher suites that are not great. Passive data shows 80-90% of connections use perfect security (from today's point of view) and then you have a lot of weird stragglers with very obscure parameters. So from a vantage point we have not seen a big difference, but the difference between active and passive measurements is striking with regard to what is going on in the ecosystem at the moment. Melinda: There will be a related presentation in maprg tomorrow. Any other business? No, then I think we're done. MEETING ENDS.