Note that the note well applies for remote participation too.
", "time": "2022-11-11T09:31:09Z"}, {"author": "Richard Barnes", "text": "Yay for virtual BoFs!
", "time": "2022-11-11T09:35:38Z"}, {"author": "Paul Wouters", "text": "is that the old wiki that needs migrating? :)
", "time": "2022-11-11T09:44:44Z"}, {"author": "Mark Donnelly", "text": "Each RADIUS request may go through weird routing as well. For instance, someone from South America may have to route through Asia at the IP level in order to get to the Europe servers.
", "time": "2022-11-11T10:07:27Z"}, {"author": "Olle Johansson", "text": "Thank you Margaret! Very interesting!
", "time": "2022-11-11T10:20:59Z"}, {"author": "Shigeya Suzuki", "text": "Thanks for operating eduroam.
", "time": "2022-11-11T10:21:19Z"}, {"author": "Deb Cooley", "text": "Nice 'eduroam enthusiast'
", "time": "2022-11-11T10:21:47Z"}, {"author": "Richard Barnes", "text": "it seems like usage of formal methods for non-security stuff might struggle to define what you're proving.
", "time": "2022-11-11T10:32:51Z"}, {"author": "Florence D", "text": "+1 to Joe's comment about justifying assumptions and writing down security properties
", "time": "2022-11-11T10:39:10Z"}, {"author": "Richard Barnes", "text": "fond memories of dkg noticing a vuln in QUIC crypto and agl being like \"there are three papers proving this secure!\"
", "time": "2022-11-11T10:41:35Z"}, {"author": "Richard Barnes", "text": "(related to relay and 0xRTT iirc)
", "time": "2022-11-11T10:42:01Z"}, {"author": "Deb Cooley", "text": "@rlb +1
", "time": "2022-11-11T10:42:21Z"}, {"author": "Deb Cooley", "text": "it is a tool in the toolbox.
", "time": "2022-11-11T10:42:38Z"}, {"author": "Deb Cooley", "text": "not the only tool
", "time": "2022-11-11T10:42:49Z"}, {"author": "Yoav Nir", "text": "\"X is secure\" is not an assertion that can be proven. \"Attack Y does not work on X\" is something that can potentially be proven, but that says nothing about attack Z.
", "time": "2022-11-11T10:43:29Z"}, {"author": "Richard Barnes", "text": "note that part of the way this work has been incentivized in the past was publications, which doesn't scale all that well
", "time": "2022-11-11T10:45:12Z"}, {"author": "Richard Barnes", "text": "@Yoav - Typical proofs are stronger than that, more like \"Key X is known only to Party A and Party B unless Assumptions X, Y, Z\"
", "time": "2022-11-11T10:46:00Z"}, {"author": "Richard Barnes", "text": "in other words, the proof shows that there are no attacks other than the known ones
", "time": "2022-11-11T10:46:28Z"}, {"author": "Henry Story", "text": "I am have been looking towards category theory to see what is available there.
\nSome discussions here on Category Theory Zulip https://categorytheory.zulipchat.com/#narrow/stream/229156-practice.3A-applied-ct
Agree completely with Leif on the comment regarding academics.
", "time": "2022-11-11T10:47:59Z"}, {"author": "Phillip Hallam-Baker", "text": "Thing with academics is that while they do need paying in 'credit' they represent a vast pool of potential labor looking for things to work on
", "time": "2022-11-11T10:49:24Z"}, {"author": "Richard Barnes", "text": "new 3-way handshake:1. CAN_YOU_HEAR_ME2. YES_WE_CAN3. OK_THANKS
", "time": "2022-11-11T10:49:24Z"}, {"author": "Richard Barnes", "text": "just going to amplify \"something in the middle\" -- we are not ready for any absolute requirements
", "time": "2022-11-11T10:51:32Z"}, {"author": "Henry Story", "text": "There is an interesting paper on man in the middle attacks (with one very interesting paragraph that is very humanly readable)
\nhttps://link.springer.com/chapter/10.1007/978-3-642-32784-1_11
@Roman Danyliw One thing that was said that you didn't capture in your summary: there is value even in \"semi-formal\" activities to get us to write down our security assumptions and security goals in a more rigorous way. We still get benefits from that even if no verification tools are used.
", "time": "2022-11-11T10:52:39Z"}, {"author": "Roman Danyliw", "text": "@Mike. Ack. Thanks for the reminder. I missed that.
", "time": "2022-11-11T10:53:06Z"}, {"author": "Richard Barnes", "text": "sounds a lot like canonicalization
", "time": "2022-11-11T10:56:19Z"}, {"author": "Phillip Hallam-Baker", "text": "@Richard, that is because it is C18N
", "time": "2022-11-11T10:56:41Z"}, {"author": "Henry Story", "text": "+1 yes
", "time": "2022-11-11T10:56:42Z"}, {"author": "Phillip Hallam-Baker", "text": "Why are we signing these messages again?
", "time": "2022-11-11T10:58:16Z"}, {"author": "Henry Story", "text": "Lots of reasons. Amazon does it apparently to sign messages internally coming from outside.
", "time": "2022-11-11T10:59:53Z"}, {"author": "Deb Cooley", "text": "but they call that SigV4
", "time": "2022-11-11T11:00:08Z"}, {"author": "Deb Cooley", "text": "no?
", "time": "2022-11-11T11:00:14Z"}, {"author": "Phillip Hallam-Baker", "text": "People have been doing it since 1995
", "time": "2022-11-11T11:00:42Z"}, {"author": "Henry Story", "text": "not sure. There is an Amazon person on the spec. They are using an older version of this (10 years old)
", "time": "2022-11-11T11:00:42Z"}, {"author": "Phillip Hallam-Baker", "text": "Thats what trailers are there for
", "time": "2022-11-11T11:00:51Z"}, {"author": "Phillip Hallam-Baker", "text": "Not my fault people decided to sabotage them
", "time": "2022-11-11T11:01:05Z"}, {"author": "Henry Story", "text": "I have an implementation in Scala https://github.com/bblfish/httpSig
", "time": "2022-11-11T11:01:29Z"}, {"author": "Henry Story", "text": "(that compiles to JS and Java) so it can work in browsers.
", "time": "2022-11-11T11:01:50Z"}, {"author": "Henry Story", "text": "Oh interesting that Mastadon uses an old draft1
", "time": "2022-11-11T11:04:04Z"}, {"author": "Kyle Rose", "text": "Yes
", "time": "2022-11-11T11:10:14Z"}, {"author": "Kyle Rose", "text": "I will read and review next week
", "time": "2022-11-11T11:10:19Z"}, {"author": "Kyle Rose", "text": "yw!
", "time": "2022-11-11T11:10:49Z"}]