IETF 89 - SAAG Minutes ====================== Location: London, England Room: Blenheim (Hilton Metropole) Time: Thursday March 6th 2014, 1300 - 1500 Area Director: Stephen Farrel Area Director: Sean Turner (outgoing) Area Director: Kathleen Moriarty (incoming) Scribes: Shawn Emery, Tim Moses Agenda - no bashing thereof Security Area Status -------------------- sacm - accepting proposals to meet use cases. dane - running code for various applications. websec - has one document in final stages. Hoping it gets done soon. httpbis - security hpac?, design of minimal information, to what extent to allow over https, web security vs compression, etc. karp - automatic key management protocol, support for BGP. Looking for security help. Mostly authors at this point. Contact Brian Campbell for help. cidr - correction to draft to OID that is not a required for CMS. Certficate validity was also discussed. Improve resielincy against errors. More mechanisms for hierarchy checks. Testing of rsync and vulnerabilities of resync were discussed. wpkops: looking for volunters to document for pki. Using TLS in applications - interoperability probelms, best practices for applications. DNS is one such application that can take advantage of TLS. tcpm - tcpcrypt - to turn on encryption and authenticate. Not just focusing on tcpcrypt. cfrg - focus on a small set of ECC curves: Edwards, etc. PAKE proposals. Signature in post quantum computer world. ChaCha + Poly1035 discussions. Was winner of estream contest. Doesn't compare to AES. Suggestion to run a contest similiar to AES. David suggested a interim meeting to get more cryptographers. DNSE: encryption to DNS requests for confidentiality. ACE: AuthZ and AuthN for constrained devices. Presentations: -------------- Stephen Farrell presents STRINT workshop 100 people. There's will be a report. Minutes are available. Crypto works, but middle boxes are a reality. Discussion of traffic analysis. UI is in-scope. bettercryto.org. Cut and paste config for apache. W3C discussion on world-something day to explore browser hardening. But browsers have not committed to do anything along those lines. -------------- Russ Housley presents Guidelines for Cryptographic Algorithm Agility RH: algorithm agility. IAB security program. BCP. Recommend using the IANA registry for identifiers. Also define a mandatory to implement set. Must be able to transition from one mandatory to another. Maybe put the algorithms in a separate RFC. No easy way to tell when the new algorithm is sufficiently deployed. Eventually you have to refuse the weak algorithm. Some past attempts at agility have not been successful. Frameworks may support negotiation of key management approach. Complicates analysis. Security ADs will shepherd the BCP. Stefan: need an IETF-wide doc to specify mandatory to implement documents. RH: some protocols use suites, others use a Chinese menu of algorithms for each key usage. Hash agility is included. This document does not create the IANA registry. Question about how quickly vendors deploy support for new algorithms. PHB: modes of operation complicate the situation. Similarly for padding in RSA. Algorithm implementations are in the platforms, not in the protocol layer. Better security comes from rejecting bad algorithms, as opposed to supporting good algorithms. SF: Discussion will be on the SAAG list. --------------- Matt Miller presents Securing XMPP End-to-End Matt Miller (XMPP): off the record (OTR). Problems: finding a stable reference for OTR. Only covers normal fonts, invents new crypto. Support lacking for multiple devices on-line simultaneously. Paul: document is nearly stable. XMPP end to end. Protects whole stanzas. Works with multiple devices on-line at the same time. Reuses JOSE. Issues: PFS undefined. No support for store and forward (i.e. when other party is off-line). Need security input and review. Open to ideas. Peter St Andre: XMPP designed for more than IM. So, ability to protect more than just the typed text is important. Hildebrand: non-normal fonts are not protected (e.g. Boldface). If helpers don't participate then this aspect will not be addressed. MM: there are drafts that attempt to protect everything. SF: suggest address a practical subset of all problems. DKG offers to help with protecting time and similar components. He also mentioned that the currently-defined algorithm is insufficiently secure. Paul: Don't want a complicated list of algorithms for users to choose from. RH: asking about support for agility. Paul: planning to implement new algorithms with a version change. Hannes: interesting to observe that some prefer software update mechanism for agility. Paul: algorithms are identified by number to support negotiation and agility. Peter SA: the community is quite tight, so it is practical to implement agility this way. PHB: algorithms don't break catastrophically. Steve Kent: presence procedure could announce algorithm support. Tim Polk: pull-downs are needed only when support still exists for weak algorithms. ---------------- Open Mic Open mic: PHB: two SSL libraries died recently. In the past people responded by saying let's get rid of the CAs, we need an open-source test suite for certificate stack behaviour. BCS Open Source group just needs a spec. Similar issues discovered in DANE. NIST has a set of certs with various characteristics. TP: large number of test cases, directory service to provide CRLs. He will send pointer to SAAG list. Dan: Trying to do the same thing for DANE. SF: could make a mail list for this topic. BCS open source group. App sensor, there may be synergies. CFRG: DOS and DDOS impacted by a questionable SUN patent, which is holding up advancement. Looking for help. Best approach is to share information. PHB: working on new email approach. Small problems with current specs. He has code on sourceforge. Looking for help. Chris Newman: big problem is key management. User must not even see it happening. Address book replication creates an opening. Still a lot of work required.