[{"author": "Christopher Inacio", "text": "sure
", "time": "2022-03-25T09:01:05Z"}, {"author": "Yaron Sheffer", "text": "Thanks!
", "time": "2022-03-25T09:01:19Z"}, {"author": "Christopher Inacio", "text": "hot mic
", "time": "2022-03-25T09:04:24Z"}, {"author": "Christopher Inacio", "text": "@meetecho hot mic
", "time": "2022-03-25T09:04:32Z"}, {"author": "Meetecho", "text": "Better now?
", "time": "2022-03-25T09:05:22Z"}, {"author": "aaronpk", "text": "no, maybe justin should step back from the mic a bit? it\u2019s still distorted
", "time": "2022-03-25T09:05:38Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Wow, Justin is overdriving the mic (at least from here)
", "time": "2022-03-25T09:05:51Z"}, {"author": "Yaron Sheffer", "text": "Same here
", "time": "2022-03-25T09:06:00Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Yeah, step back sounds good
", "time": "2022-03-25T09:06:01Z"}, {"author": "aaronpk", "text": "now it\u2019s distorted but quiet
", "time": "2022-03-25T09:06:10Z"}, {"author": "Meetecho", "text": "But is it too loud in the room too? Or just for remotes?
", "time": "2022-03-25T09:06:13Z"}, {"author": "jhoyla", "text": "Sounds fine in the room
", "time": "2022-03-25T09:06:53Z"}, {"author": "Meetecho", "text": "Ack, looking into it
", "time": "2022-03-25T09:07:05Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "jhoyla: did you sign the blue sheets?
", "time": "2022-03-25T09:07:09Z"}, {"author": "jhoyla", "text": "@Kaduk I did now \ud83d\ude05
", "time": "2022-03-25T09:08:48Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "@meetecho something helped
", "time": "2022-03-25T09:09:35Z"}, {"author": "Yaron Sheffer", "text": "Audio fixed, thanks!
", "time": "2022-03-25T09:09:36Z"}, {"author": "Meetecho", "text": "It should sound better now
", "time": "2022-03-25T09:09:37Z"}, {"author": "aaronpk", "text": "that sounds much better thanks
", "time": "2022-03-25T09:09:42Z"}, {"author": "Christopher Inacio", "text": "a lot better, thanks
", "time": "2022-03-25T09:09:46Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Yes, thank you meetecho!
", "time": "2022-03-25T09:10:03Z"}, {"author": "Yaron Sheffer", "text": "Total bikeshedding, but I still like \"redirect\".
", "time": "2022-03-25T09:18:21Z"}, {"author": "Kathleen Moriarty", "text": "Yaron, I'm ok with redirect too as the user gets a URL to go to
", "time": "2022-03-25T09:24:00Z"}, {"author": "jhoyla", "text": "So I haven't read any of the drafts or anything, but with the confusion attacks, would it be possible to have a master key and then use a KDF to produce an independent key for each AS?
", "time": "2022-03-25T09:25:50Z"}, {"author": "George Fletcher", "text": "That's the last slide :)
", "time": "2022-03-25T09:27:16Z"}, {"author": "aaronpk", "text": "i\u2019ll try a live demo too :)
", "time": "2022-03-25T09:30:23Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "tempting fate, eh?
", "time": "2022-03-25T09:31:19Z"}, {"author": "jhoyla", "text": "Make your sacrifices to the demo gods now :P
", "time": "2022-03-25T09:32:02Z"}, {"author": "jhoyla", "text": "I wonder if making the signing functions too generic leaves you open to being used as an oracle.
", "time": "2022-03-25T09:37:17Z"}, {"author": "jhoyla", "text": "I guess not if you have a different key for each AS.
", "time": "2022-03-25T09:37:45Z"}, {"author": "Yaron Sheffer", "text": "A signing *library* needs to be generic by definition, and people will be using libraries.
", "time": "2022-03-25T09:38:17Z"}, {"author": "jhoyla", "text": "@Yaron, but you could have a manadatory field like \"intended protocol\" or something, such that some library wired up to the network would always add \"GNAP\" as a string into the signature.
", "time": "2022-03-25T09:39:49Z"}, {"author": "jhoyla", "text": "For example.
", "time": "2022-03-25T09:39:57Z"}, {"author": "Yaron Sheffer", "text": "That's a great idea, and the spec doesn't have it (yet).
", "time": "2022-03-25T09:40:39Z"}, {"author": "Yaron Sheffer", "text": "Please raise it at the mike.
", "time": "2022-03-25T09:41:26Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Yeah, adding protocol context to what is signed sounds like a great
plan (since we don't have any existing ecosystems lacking such a
context that we have to cope with)
", "time": "2022-03-25T09:41:35Z"}, {"author": "jhoyla", "text": "I'll bring it up when we get to questions.
", "time": "2022-03-25T09:41:54Z"}, {"author": "jhoyla", "text": "@Yaron Your audio was pretty rough, maybe put something in chat that can be relayed at the mic locally?
", "time": "2022-03-25T09:54:11Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "I think I got the gist of Yaron's remarks:
", "time": "2022-03-25T09:54:34Z"}, {"author": "Yaron Sheffer", "text": "Yep, sorry. I was comparing your idea to the JWT \"@typ\" field.
", "time": "2022-03-25T09:54:47Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Right. And we have a chance to make its use mandatory from the start,
unlike in JWT :)
", "time": "2022-03-25T09:56:57Z"}, {"author": "Yaron Sheffer", "text": "!!
", "time": "2022-03-25T09:57:09Z"}, {"author": "jhoyla", "text": "That was v. cool
", "time": "2022-03-25T10:01:46Z"}, {"author": "George Fletcher", "text": "clap+
", "time": "2022-03-25T10:02:00Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "For future reference, what was the sacrifice to the demo gods?
Need to replicate for next time...
", "time": "2022-03-25T10:02:01Z"}, {"author": "Samuel Weiler", "text": "(Yes, I stepped away.)
", "time": "2022-03-25T10:02:04Z"}, {"author": "aaronpk", "text": "almost flawless demo, minus chrome screen sharing permissions issue which i still don\u2019t know why it got reset \ud83d\ude0a
", "time": "2022-03-25T10:02:33Z"}, {"author": "jhoyla", "text": "Are people going to call GNAP \"OAuth\" for the next 25 years, \u00e0 la TLS?
", "time": "2022-03-25T10:04:35Z"}, {"author": "aaronpk", "text": "\ud83d\ude02
", "time": "2022-03-25T10:05:36Z"}, {"author": "Yaron Sheffer", "text": "mic: I was going to ask if the protocol is ready to freeze, to allow researchers to focus on proofs/attacks. But if we're still changing the state machine, we're not ready. To be clear: I am supportive of that.
", "time": "2022-03-25T10:07:42Z"}, {"author": "jhoyla", "text": "Yeah, the state machine is the first bit of FA for me.
", "time": "2022-03-25T10:09:08Z"}, {"author": "jhoyla", "text": "Although cyclic state machines are always a pain to resolve.
", "time": "2022-03-25T10:09:45Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "You can have extensions be optional by default but with an explicit
indication when a given extension is critical to comprehend
", "time": "2022-03-25T10:14:38Z"}, {"author": "Christopher Inacio", "text": "Can someone voice Ben's question if desired? Ben, should I drop that in the notes?
", "time": "2022-03-25T10:23:58Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Um. I'm pretty sure Justin knows it, but probably worth putting it in
the notes regardless.
", "time": "2022-03-25T10:24:37Z"}, {"author": "Christopher Inacio", "text": "then I won't take it out of the notes. ;)
", "time": "2022-03-25T10:25:02Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "(alongside the bits about \"defining the semantics of an extension
mechanism is not as straightforward as you might think\")
", "time": "2022-03-25T10:25:15Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Ah, excellent :)
", "time": "2022-03-25T10:25:22Z"}, {"author": "Christopher Inacio", "text": "quote of the day (in the notes) \"no one ever runs a security protocol for the sake of running a security protocol\"
", "time": "2022-03-25T10:27:45Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "What about \"it's a security protocol, so you click a button, and it
works\"? ;)
", "time": "2022-03-25T10:28:24Z"}, {"author": "Christopher Inacio", "text": "yeah, that was pretty good too.
", "time": "2022-03-25T10:28:56Z"}, {"author": "Christopher Inacio", "text": "I didn't put that in the notes, it would be something like \"buried in wall of text, <quote>, buried in more wall of text\"
", "time": "2022-03-25T10:29:49Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Yeah, makes sense
", "time": "2022-03-25T10:30:00Z"}, {"author": "Christopher Inacio", "text": "<bold>test</bold?
", "time": "2022-03-25T10:30:21Z"}, {"author": "Christopher Inacio", "text": "interesting, does the meet echo chat just strip '<' '>' tokens and ignore them, or are there things you can with that???? Hmmm
", "time": "2022-03-25T10:31:21Z"}, {"author": "jhoyla", "text": "From a Formal Analysis perspective this makes me sweat. It's not necesarrily insecure, it's just _super_ hard to reason about.
", "time": "2022-03-25T10:31:22Z"}, {"author": "jhoyla", "text": "@Christopher you should be able to get bold text.
", "time": "2022-03-25T10:32:01Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "<a href=\"https://www.youtube.com/watch?v=dQw4w9WgXcQ\">maybe you can
link to things...</a>
", "time": "2022-03-25T10:32:56Z"}, {"author": "Christopher Inacio", "text": "I more often use a separate jabber client, and I've not bothered too much with the meet echo - so there's all new hijinks here. <b>bold</b>
", "time": "2022-03-25T10:33:16Z"}, {"author": "jhoyla", "text": "This sounds like a 10-year FA research project.
", "time": "2022-03-25T10:33:49Z"}, {"author": "Christopher Inacio", "text": "@Jonathan - a couple of quick tests and it seems to just drop them
", "time": "2022-03-25T10:34:01Z"}, {"author": "Yaron Sheffer", "text": "@jhoyla: mixed protocols or \"bold\" in Meetecho?
", "time": "2022-03-25T10:34:29Z"}, {"author": "Christopher Inacio", "text": "this embedding feels like a pandora's box
", "time": "2022-03-25T10:35:36Z"}, {"author": "jhoyla", "text": "@Yaron mixed protocols. I'm pretty sure we can figure out Meetecho in the course of a hackathon. Maybe by embedding a Markdown post-processor.
", "time": "2022-03-25T10:35:36Z"}, {"author": "Yaron Sheffer", "text": ":-)
", "time": "2022-03-25T10:35:51Z"}, {"author": "jhoyla", "text": "Actually, thinking on this, this sounds like a case where you need Exporters and Importers
", "time": "2022-03-25T10:36:47Z"}, {"author": "jhoyla", "text": "I think giving GNAP an RFC 5056 style API would give you an answer without having to put to much effort in.
", "time": "2022-03-25T10:41:46Z"}, {"author": "jhoyla", "text": "too much*
", "time": "2022-03-25T10:42:45Z"}]