2016-04-07 13:27:49-0300
------------------------

IETF 95 saag mtg
----------------

Note-taker: dkg
Jabber scribe: Yaron Sheffer
Agenda: https://tools.ietf.org/agenda/95/agenda-95-saag.html

WGs that still needed to send mails about IETF 95:

 * ace
 * oauth
 * OpenPGP
 * TLS WG

Stephen Farrell suggests that WGs should submit reports to datatracker
as well as mailing them to the list.

Paul Hoffman says that DBOUND is likely to end without forming a WG

Kathy: CIDR seems to be moving from routing issues to deployment
issues; wants feedback on whether security protocol should be
experimental or standard

three security drafts for NTP security

Bob Moskowitz: IEEE 802.15.9 (key management for) is at IEEE editor

Kyle Rose: tcpinc wants other implementations of tcpcrypt

Orit Levin: UTA shifting focus to e-mail: SMTP, POP, IMAP, Submission

Sara Dickinson: DPRIVE: dns-over-tls is approved as an RFC;
authentication draft and DTLS drafts underway.


Yaron Sheffer: LURK: lots of interest and participation and lack of
clarity; plans to meet in Berlin.

------------

Rich Salz: what hurdles does MTI crypto have to pass?

https://github.com/richsalz/draft-rsalz-drbg-speck-wap-wep

Paul Wouters asks: why don't we just expect the CFRG to review?

Martin Thomson says: TLS 1.3 ciphersuite "Y" column should require these hurdles.

Tim Polk: useful to say what *isn't* good enough, but positive
recommendations might be algorithm-specific.

Yoav Nir: a list of papers isn't going to provide unambiguous
approval: papers have caveats and drawbacks, and IETF still needs to
think through how those caveats apply to specific cases

Rich wants feedback sent to the github repo

-------------

Jan Vcelák: NSEC5:

--------

Tuomas Aura: Nimble out-out-of-band authentication for EAP

--------

Fernando Gont: numeric IDs

  Eliot Lear: this ties into a possible 3552bis

  Ted Hardie: publish the identified threats as informational, and
  then if we have specific mitigations that are BCP , they can be
  documented separately.

  Tim Shepard: this document has lots of good information, and it
  should be informational.

hum: BCP72: should we update RFC 3552?

  not overwhelming but present hum for "yes"
  no humming at all for "no"

--------

Eliot Lear: Challenges and Possibilities with IoT Security

Michael Beringer: ANIMA connectivity

Eliot Lear: details of how do we communicate these rules to the parties that can enforce them?

Hannes Tschofenig: a different approach: OMA LWM2M