[{"author": "Deb Cooley", "text": "

Happy Friday!

", "time": "2025-07-25T07:31:54Z"}, {"author": "Deb Cooley", "text": "

Any one interested in taking notes?

", "time": "2025-07-25T07:32:02Z"}, {"author": "Mike Ounsworth", "text": "

Ok. Consider my arm twisted.

", "time": "2025-07-25T07:33:25Z"}, {"author": "Deb Cooley", "text": "

yay, TYVM!!!

", "time": "2025-07-25T07:33:45Z"}, {"author": "Leif Johansson", "text": "

Like a phone?

", "time": "2025-07-25T07:34:05Z"}, {"author": "Quynh Dang", "text": "

there is a side meeting for NTRU after SAAG. Does someone know the room for it ? Thank you in advance.

", "time": "2025-07-25T07:34:37Z"}, {"author": "Deb Cooley", "text": "

@Quynh: there are only two options

", "time": "2025-07-25T07:35:15Z"}, {"author": "Mike Ounsworth", "text": "

@Quynh Dang The side-meeting schedule is here: https://trello.com/b/6kmZPwOx/ietf-123-side-meeting-scheduling

", "time": "2025-07-25T07:36:12Z"}, {"author": "Muhammad Usama Sardar", "text": "

@Quynh: It is in Segovia. https://trello.com/c/Tmn8Xymi

", "time": "2025-07-25T07:39:10Z"}, {"author": "Martin Thomson", "text": "

Looking for rapid unplanned disassembly of working groups

", "time": "2025-07-25T07:39:11Z"}, {"author": "Richard Barnes", "text": "

As opposed to the planned disassembly of HPKE

", "time": "2025-07-25T07:41:25Z"}, {"author": "Kathleen Moriarty", "text": "

Any of the former SecADs, including me, are more than happy to answer questions if interested in serving in this important role for the community. Stephen, Sean, Russ, and I are all in person. I am sure others would be okay for you to reach out to them as well!

", "time": "2025-07-25T07:41:33Z"}, {"author": "Mike Ounsworth", "text": "

@Nancy Cam-Winget what is the document you wanted to call out?

", "time": "2025-07-25T07:43:01Z"}, {"author": "Stephen Farrell", "text": "

@mike: scim architecture or something like that

", "time": "2025-07-25T07:43:50Z"}, {"author": "Deb Cooley", "text": "

scim use cases

", "time": "2025-07-25T07:44:06Z"}, {"author": "Nancy Cam-Winget", "text": "

@Mike Ounsworth the draft is https://datatracker.ietf.org/doc/draft-ietf-scim-device-model/ for interoperability and the other is https://www.ietf.org/archive/id/draft-correia-scimusecases-00.html

", "time": "2025-07-25T07:44:41Z"}, {"author": "David Benjamin", "text": "

I'm very pleased with the PLANTS backronym we ended up with. :-D

", "time": "2025-07-25T07:46:09Z"}, {"author": "David Benjamin", "text": "

(Slightly unclear if the list ended up being PLANT or PLANTS. If we accidentally lose the S, I guess s/Tree Signatures/Trees/, whatever.)

", "time": "2025-07-25T07:47:23Z"}, {"author": "Deb Cooley", "text": "

maybe only one tree?

", "time": "2025-07-25T07:47:41Z"}, {"author": "Daniel Gillmor", "text": "

Phillip, please take a look at https://github.com/autocrypt/autocrypt/pull/456 (folks working on OpenPGP certificates in vCards)

", "time": "2025-07-25T07:47:43Z"}, {"author": "Richard Barnes", "text": "

overachievers in LAMPS

", "time": "2025-07-25T07:48:02Z"}, {"author": "Stephen Farrell", "text": "

closr LAMPS:-)

", "time": "2025-07-25T07:48:15Z"}, {"author": "Richard Barnes", "text": "

what is a \"page\"?

", "time": "2025-07-25T07:48:25Z"}, {"author": "Daniel Gillmor", "text": "

@David, SETTLE ends in a word that doesn't start with an E also, don't feel bad

", "time": "2025-07-25T07:48:33Z"}, {"author": "Martin Thomson", "text": "

What does the L stand for again?

", "time": "2025-07-25T07:48:40Z"}, {"author": "Nicola Tuveri", "text": "

How many of those are Mike\u2019s fault?

", "time": "2025-07-25T07:48:44Z"}, {"author": "Mike Ounsworth", "text": "

Martin Thomson said:

\n
\n

What does the L stand for again?

\n
\n

\"Lots of\"

", "time": "2025-07-25T07:48:59Z"}, {"author": "Deb Cooley", "text": "

which Mike?

", "time": "2025-07-25T07:48:59Z"}, {"author": "Ben S", "text": "

Martin Thomson said:

\n
\n

What does the L stand for again?

\n
\n

Limitless

", "time": "2025-07-25T07:49:12Z"}, {"author": "Richard Barnes", "text": "

SETTLE should have been SAILOR ~ Secure Access to Internal / LOcal Resources

", "time": "2025-07-25T07:49:19Z"}, {"author": "David Benjamin", "text": "

Pffft, we needed almost no shenanigans with PLANTS. \"And\" just contributes two letters. (PKI, Logs, ANd, Tree Signatures)

", "time": "2025-07-25T07:49:28Z"}, {"author": "Richard Barnes", "text": "

@David Benjamin no \"Pffft\" was a different bof this week

", "time": "2025-07-25T07:50:06Z"}, {"author": "Nicola Tuveri", "text": "

@Deb the right Mike knows! :rolling_on_the_floor_laughing:

", "time": "2025-07-25T07:50:20Z"}, {"author": "Martin Thomson", "text": "

:potato:

", "time": "2025-07-25T07:50:27Z"}, {"author": "Richard Barnes", "text": "

i 100% came to secdir lunch just for the food

", "time": "2025-07-25T07:50:55Z"}, {"author": "Richard Barnes", "text": "

Hotel Secdir

", "time": "2025-07-25T07:51:12Z"}, {"author": "Robert Moskowitz", "text": "

Need hot food to get to hot topics?

", "time": "2025-07-25T07:51:13Z"}, {"author": "Deb Cooley", "text": "

I did request 'plants@ietf.org'.... so it is just a local error on the saag slides

", "time": "2025-07-25T07:51:38Z"}, {"author": "Martin Thomson", "text": "

Huh, I've somehow avoided SECDIR for the entire time I've been at the IETF. And that remains, despite chairing two SEC groups.

", "time": "2025-07-25T07:51:54Z"}, {"author": "Martin Thomson", "text": "

I didn't realize that chairing qualified

", "time": "2025-07-25T07:52:12Z"}, {"author": "David Benjamin", "text": "

Ah great. (Either would have been fine. Just wasn't sure which. :smile: )

", "time": "2025-07-25T07:52:15Z"}, {"author": "Deb Cooley", "text": "

we can add you :grinning:

", "time": "2025-07-25T07:52:18Z"}, {"author": "Deb Cooley", "text": "

if you want more work

", "time": "2025-07-25T07:52:25Z"}, {"author": "Daniel Gillmor", "text": "

what's the difference between \"not ready\" and \"serious issues\"?

", "time": "2025-07-25T07:52:28Z"}, {"author": "Martin Thomson", "text": "

Don't put yourself out Deb

", "time": "2025-07-25T07:52:30Z"}, {"author": "Martin Thomson", "text": "

March was great.

", "time": "2025-07-25T07:52:56Z"}, {"author": "Stephen Farrell", "text": "

@dkg: they're different buttons

", "time": "2025-07-25T07:52:59Z"}, {"author": "Deb Cooley", "text": "

@DKG: do you want that addressed at the mic?

", "time": "2025-07-25T07:53:05Z"}, {"author": "Daniel Gillmor", "text": "

meh :shrug:

", "time": "2025-07-25T07:53:32Z"}, {"author": "Paul Wouters", "text": "

dkg: it is kinda up to the reviewer. I agree there is some overlap there.

", "time": "2025-07-25T07:56:36Z"}, {"author": "Paul Wouters", "text": "

MT: We will fix that for you

", "time": "2025-07-25T07:57:11Z"}, {"author": "Dan Harkins", "text": "

I would say \"serious issues\" >> \"not ready\". A document can be not ready for reasons that might not be serious.

", "time": "2025-07-25T07:58:48Z"}, {"author": "Jim Fenton", "text": "

dig: I think of \u201cnot ready\u201d as meaning it needs more work, while \u201cserious issues\u201d implies it may be going in the wrong direction

", "time": "2025-07-25T07:58:55Z"}, {"author": "Paul Wouters", "text": "

Thanks Katheeln and other former SEC ADs for offering insights into the SEC AD role

", "time": "2025-07-25T07:59:14Z"}, {"author": "Richard Barnes", "text": "

image.png

\n
", "time": "2025-07-25T08:02:17Z"}, {"author": "Martin Thomson", "text": "

I'm struggling with this. The HTTP usage is not really consistent with HTTP generally. It seems like WebSockets is fine.

", "time": "2025-07-25T08:05:44Z"}, {"author": "Martin Thomson", "text": "

Thanks Dr Doolittle.

", "time": "2025-07-25T08:05:57Z"}, {"author": "Deb Cooley", "text": "

@MT do you have time to review?

", "time": "2025-07-25T08:06:35Z"}, {"author": "Martin Thomson", "text": "

See above.

", "time": "2025-07-25T08:06:43Z"}, {"author": "Deb Cooley", "text": "

TY

", "time": "2025-07-25T08:06:53Z"}, {"author": "Martin Thomson", "text": "

HTTP is a request response protocol. You can't just put requests and responses whereever you like.

", "time": "2025-07-25T08:07:29Z"}, {"author": "Martin Thomson", "text": "

I mean, you can, but you really shouldn't.

", "time": "2025-07-25T08:07:37Z"}, {"author": "Richard Barnes", "text": "

:potato: :potato: :potato:

", "time": "2025-07-25T08:07:45Z"}, {"author": "Martin Thomson", "text": "

I don't see why you can't POST (sets of) SETs in normal requests.

", "time": "2025-07-25T08:08:45Z"}, {"author": "Stephen Farrell", "text": "

I do think RFC 4086 could do with an update and that ought include what's in https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.1

", "time": "2025-07-25T08:09:52Z"}, {"author": "Martin Thomson", "text": "

Also, batching requests adds complexity. We have HTTP things for reducing overhead on multiple requests.

", "time": "2025-07-25T08:09:55Z"}, {"author": "Deb Cooley", "text": "

TY, I've added that to the notes (so I can find it again later)

", "time": "2025-07-25T08:10:54Z"}, {"author": "Daniel Gillmor", "text": "

https://www.rfc-editor.org/rfc/rfc9580.html#name-random-number-generation-an has more discussion in addition to referencing RFC 4086

", "time": "2025-07-25T08:10:57Z"}, {"author": "Martin Thomson", "text": "

4086 could be replaced with a much shorter note.

", "time": "2025-07-25T08:11:24Z"}, {"author": "Stephen Farrell", "text": "

could well be shorter nowadays

", "time": "2025-07-25T08:11:36Z"}, {"author": "Daniel Gillmor", "text": "

please also do not recommend /dev/random or /dev/urandom.

", "time": "2025-07-25T08:12:26Z"}, {"author": "Daniel Gillmor", "text": "

on modern unix systems there is a getrandom() syscall which is better

", "time": "2025-07-25T08:12:54Z"}, {"author": "Rich Salz", "text": "

Disagree strongly with Paul; this is not for the SEC area folks.

", "time": "2025-07-25T08:12:56Z"}, {"author": "Stephen Farrell", "text": "

I really would like it to reference dual-ec :-)

", "time": "2025-07-25T08:13:08Z"}, {"author": "Deb Cooley", "text": "

It is for security considerations.

", "time": "2025-07-25T08:13:12Z"}, {"author": "Dan Harkins", "text": "

@Stephen, if the points are generated using fixed strings and hash-to-curve, dual_ec would be great.

", "time": "2025-07-25T08:13:49Z"}, {"author": "Martin Thomson", "text": "

I'd like a document that makes it clear that the point of randomness is that it is unpredictable and that sometimes you can use a PRF or PRG if your reasons for seeking unpredictability is limited toward certain (other) entities

", "time": "2025-07-25T08:14:10Z"}, {"author": "Jim Fenton", "text": "

SP 800-90 has gotten a lot more complicated, with 800-90A, 800-90B, and 800-90C now

", "time": "2025-07-25T08:14:12Z"}, {"author": "Sean Turner", "text": "

Donald said he was willing to do he leg work so let's take him up on it!

", "time": "2025-07-25T08:14:18Z"}, {"author": "Martin Thomson", "text": "

This does not need to be a manual on how to build an RNG. It needs to be a manual for those seeking randomness.

", "time": "2025-07-25T08:16:12Z"}, {"author": "Deb Cooley", "text": "

exactly

", "time": "2025-07-25T08:16:23Z"}, {"author": "Sean Turner", "text": "

+1 to what MT said

", "time": "2025-07-25T08:16:27Z"}, {"author": "Stephen Farrell", "text": "

+1 mt

", "time": "2025-07-25T08:16:30Z"}, {"author": "Paul Hoffman", "text": "

+1 mt

", "time": "2025-07-25T08:16:40Z"}, {"author": "Daniel Gillmor", "text": "

+1 mt

", "time": "2025-07-25T08:16:44Z"}, {"author": "Tapio Sokura", "text": "

If RFC 4086 is badly out of date and not good advice anymore, it could just be marked historic now. No matter if an updated RFC ever comes out.

", "time": "2025-07-25T08:18:58Z"}, {"author": "Paul Hoffman", "text": "

A document that says \"you should be sure that $x\" where the reader can't be sure is actively harmful.

", "time": "2025-07-25T08:18:59Z"}, {"author": "Martin Thomson", "text": "

I think that I'd prefer obsolescence to making 4086 historic

", "time": "2025-07-25T08:20:06Z"}, {"author": "Tapio Sokura", "text": "

+1 mt

", "time": "2025-07-25T08:20:10Z"}, {"author": "Stephen Farrell", "text": "

the checkoway reference would also be a good one to add and maybe even synopsise in a para: https://eprint.iacr.org/2016/376.pdf

", "time": "2025-07-25T08:20:24Z"}, {"author": "Tapio Sokura", "text": "

The \"seeking randomness\" thing :)

", "time": "2025-07-25T08:20:34Z"}, {"author": "Stephen Farrell", "text": "

we need a ramdon mesh!

", "time": "2025-07-25T08:21:06Z"}, {"author": "Daniel Gillmor", "text": "

@phil, that's not always true. sometimes you publish your randomness. you don't want unguessability, you want unpredictability.

", "time": "2025-07-25T08:21:37Z"}, {"author": "Alan DeKok", "text": "

unguessability, unpredictability, and a good distribution?

", "time": "2025-07-25T08:22:09Z"}, {"author": "Deb Cooley", "text": "

and sometimes you just need it to be different - IVs

", "time": "2025-07-25T08:22:12Z"}, {"author": "Robert Moskowitz", "text": "

Modern operating systems may not be enough. Way back in IEEE 802.11i, we had to advise how to create randomness within an isolated component. We recommended a set of ring oscillators.

", "time": "2025-07-25T08:22:17Z"}, {"author": "Martin Thomson", "text": "

uniform distributions are almost always sufficient

", "time": "2025-07-25T08:22:28Z"}, {"author": "Martin Thomson", "text": "

though not for DP, sadly

", "time": "2025-07-25T08:22:44Z"}, {"author": "Rich Salz", "text": "

@Robert: I'm thinking \"modern\" is the past 10 years; when are you talking about?

", "time": "2025-07-25T08:23:02Z"}, {"author": "Thom Wiggers", "text": "

Please tell us about the animals

", "time": "2025-07-25T08:23:03Z"}, {"author": "Daniel Gillmor", "text": "

@Thom, this is the section where they let us out of the crate

", "time": "2025-07-25T08:23:19Z"}, {"author": "Deb Cooley", "text": "

that's my Hansel and Gretel. Hansel is the cat, who raised Gretel, the dog.

", "time": "2025-07-25T08:23:38Z"}, {"author": "Deb Cooley", "text": "

Gretel is now 3 YO and much larger.

", "time": "2025-07-25T08:23:50Z"}, {"author": "Deb Cooley", "text": "

She still defers to Hansel.

", "time": "2025-07-25T08:24:00Z"}, {"author": "Thom Wiggers", "text": "

More relevant to the \u201chow to do PRNG\u201d discussion there may be some things w can learn from how Jason Donenfeld cleaned up RNG in Linux

", "time": "2025-07-25T08:24:21Z"}, {"author": "Thom Wiggers", "text": "

Deb: <3

", "time": "2025-07-25T08:24:32Z"}, {"author": "Jeff Lombardo", "text": "

You can only defer to retractable sharpened claws

", "time": "2025-07-25T08:24:38Z"}, {"author": "Dan Harkins", "text": "

just what we need new legal requirements for doing security

", "time": "2025-07-25T08:24:47Z"}, {"author": "Rich Salz", "text": "

Can we get bellingcat to analyze Deb's picture? :)

", "time": "2025-07-25T08:25:44Z"}, {"author": "Ben S", "text": "

Can we nominate Hansel for Sec AD?

", "time": "2025-07-25T08:26:42Z"}, {"author": "Stephen Farrell", "text": "

it would be good if the sec ads tried find a victim^Wvolunteer willing to take part in that Eu thing (note: it won't be me:-)

", "time": "2025-07-25T08:26:53Z"}, {"author": "Deb Cooley", "text": "

he does already come to telechats

", "time": "2025-07-25T08:26:59Z"}, {"author": "Daniel Gillmor", "text": "

https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005

", "time": "2025-07-25T08:27:09Z"}, {"author": "Rich Salz", "text": "

I am confused about what the points are that Rudiger is trying to make.

", "time": "2025-07-25T08:27:41Z"}, {"author": "Stephen Farrell", "text": "

IIUC it's unpaid and from expereience requires filling in a lot of forms

", "time": "2025-07-25T08:27:45Z"}, {"author": "Robert Moskowitz", "text": "

@Rich, that was 23 years ago. But the point was the OS rand was not available to the MAC adapter code. It was the adapter firmware that needed the rand, so it needed its own source.

", "time": "2025-07-25T08:27:56Z"}, {"author": "Stephen Farrell", "text": "

@rich: the EU are forming some multistakeholder \"expert\" groups to advise about NIS2 details - not clear to me if it's a fig-leaf or not

", "time": "2025-07-25T08:28:26Z"}, {"author": "Rich Salz", "text": "

Tnx Bob/Stephen

", "time": "2025-07-25T08:28:41Z"}, {"author": "Stephen Farrell", "text": "

NIS2 in theory could've required anyone with a \"DNS server\" to register/do-stuff, then somene told 'em about stubs:-)

", "time": "2025-07-25T08:29:09Z"}, {"author": "Rich Salz", "text": "

Way to drive the analogy into the ground, Bas!!

", "time": "2025-07-25T08:29:41Z"}, {"author": "Robert Moskowitz", "text": "

Bye all. See you in Montreal!

", "time": "2025-07-25T08:30:09Z"}, {"author": "Henk Birkholz", "text": "

Bye Bob!

", "time": "2025-07-25T08:30:26Z"}]