SAAG Working Group review (summaries of other groups already sent): OAUTH: Core drafts ready working on RFCs, everything is hunky dory. DANE: Some discussion of email related things but still working on it and things will be done BOFs CertTrans: Discussion of current draft, proposal to fill in info for CAs, discussion of what other things might need to be in protocol. Adam Langley had not thought of all the things raised. Conclusion will go to an experimental with more things filled in, last call it, experiment and then things might happen which would probably mean another BOF like thing. WPKIOPS: Gist of it is web pki is broken, the proposal for the BOF is to document the ways in which it operates and enumerate its brokenness so those trying to interact with it have a better idea how to deal with it and might be used as basis for future proposals to make it less broken but that would be out of scope Stephen - that is ops area, not our decision. Other: KARP: Sam Hartman said most of the docs moving forward, key tables in last call and making really good progress merging all the key management proposals. It is slowly but steadily moving along. Presentations: - SSH and Host Key Management Problems Tatu Ylonen, 30 mins Dan Harkins: Remove keys no longer used should be a MUST, not a SHOULD Tim Shepherd: Things may be worse now than in the old days, wow this is a big hole. If we fix this we may do a lot of damage because this is being used for system administration. If people cannot get in that may be a worse problem, we have to navigate between two very bad places. Nico: These problems are not new, can patch SSH to add GSS API support. Some people do this now. Kerberos helps you a bit with authorization Paul Hoffman: Have any of the BCPs in security ever had more than this much effect, why are you proposing this here, why should we do it if our best security advice is ignored. Tatu : Willing to write the draft Stephen: would people be willing to review (lots of hands go up) - Review of CRIME/BEAST Yoav Nir, 20 mins Yoav : BEAST and CRIME how TLS was attacked EKR: Agree with analysis of CRIME attack, BEAST attack is due to ability to simultaneously control a bunch of stuff... (bitrate exceeded) unaware of any attack profile that means people should turn off CBC. Yoav: no but auditors have told people to disable everything but RC4. EKR: This was an issue for Web Sockets.. Sean Should we write a draft saying turning off CBC mode is silly EKR: Yes Yngve: In case people were interested.. (stats in jabber chat) [] Writing draft.. Do we need such a document PHB: Cookie problem Derek: Or just rekey the cookiee on every request Joe Solovay : We should check crime against other protocols Sean: Russ - When are we going to eat our own dog food? - Heads-Up: Securely Initializing Devices in LLNs etc Carsten Bormann, 10 mins SOLACE: Solace@ietf.org EKR: Think you are making this a lot harder than it has to be, most of the issues are already scoped out. EKR: see a lot of designs and analysis, will come back and find that there are only two ways to do it. PHB: There are more than two ways to do this. Always easier to scope out the solution... Want to avoid we know how to do a key management protocol when already had one. Paul Hoffman: We suck at this, problem is not that we have one we have more than one, can't pick. EKR: I think we are really bad at choosing between different compromises. We get stalled because we don't have one solution, people should suck it up and choose one that has a particular inconvenience or one or two. Prichard : I do not see a Nico : None of them fit the problem exactly. Don't want to create more frameworks either. - Heads-Up: Security and SDNs Margaret Wasserman, 5 mins http://tools.ietf.org/html/draft-hartman-sdnsec-requirements-00 http://tools.ietf.org/html/draft-mrw-sdnsec-openflow-analysis-00 Open Mike EKR: Umm, so, I am not sure wha to make of it but it is taking time to get new versions of TLS in the world and people couldn't work out what the problem was, but when we had Web Sockets and there was a problem and people sorted it and people fixed it pronto. Things are really easy to fix when people are not using them and really hard when nobody uses them Hoffman: Bruce Schneier and I are writing a draft 4270-bis how to use hashes in Internet protocols. Very interesting ones, deal with new attacks and describe why they are worse than the ones before and we are describing how to do collisions. Looking for feedback, review, references. Going to specify code points for NIST algs... Russ: Why give code points for things that are not going to be used? Hoffman: well depends on when things happen Russ: NIST assigned OIDs for SHA1 and SHA2, if they don't assign them for SHA3 then it would tell the community something. Hoffman: will discuss on SAAG Hartman: Need help in PCP if you understand siphers, EAP. Yoav: Current RFC says should for 3DES and MUST for AES, need to update because at current data rates have to rekey every 10 secs or so, where to go for a backup encryption cipher, some AES finalists may serve. Should maybe be discussed more generally, looking for guidance. Tim Polk: SHA3 final report is imminent, may even be ready tomorrow, for light reading on plane. Please read. OIDs will come in the FIPS.