curdle minutes ============== administrivia, note well most of this meeting is probably going to be asking people to commit to reading the drafts. draft-ietf-curdle-pkix ====================== oid assignment - request iana arc to replace oids in current draft. Symantec had donated a short arc but the contact person disappeared. Yoav will sync up with IPSec folks. Prehash vs non-prehash: the consensus is to define only non-prehash, and the draft needs to state that clearly. Prehash needs to be removed as an algorithm identifier. Tomi volunteered to review. in wglc. draft-ietf-curdle-cms-eddsa-signatures ==================== Not much to say - only one review so far. Rich will get someone to review from OpenSSL team. in wglc. draft-ietf-curdle-cms-ecdh-new-curves ================== There have been three reviews in wglc. draft-ietf-curdle-rsa-sha2 =============== good shape, almost ready for wglc, two reviews so far and need more draft-ietf-curdle-ssh-ext-info ============ pretty much ready. Some changes submitted to the list. Need more review, particularly for clarity of language. Already widely deployed. draft-ietf-curdle-ssh-kex-sha2 ============ only adding a point or two. Please say that you agree to move this forward. draft-ietf-curdle-ssh-curves- ========== PHB: General ssh question: if you add a user key that isn't understood, will the client fall over? Answer: it tries user keys until it reaches maximum failures draft-ietf-curdle-ssh-modp-dh-sha2 ============ EKR: I'm surprised you're not using the ones we're standardizing in TLS. Rich: we're reflecting what's in the deployed base. DKG: Shouldn't use the same groups being specified for TLS, although we should use defined groups AGL: the draft is documenting reality, but why wouldn't you want to use the same groups? DKG: the rules for generating strong groups are well-understood, but you might not want to use them cross-domain. These are also same groups used by IKE. Rich: will encourage discussion on the list, we'll pollute IKE and TLS, too. Tero: these are the groups being used in IKE. Might be premature for last call, needs discussion Any other business? ========= We have a request for a GSS update, next draft coming. Russ: did we talk about draft-pkix? Did we talk about absent, null, or both? the asn1 structure allows the parameters field, when they converted to the newer syntax, the editor dropped the word "optional" in the algorithm identifier, so people added null as algo ID. some implementation insist on some parameter and Russ would rather not. Argument is pick one, not accept either one. AGL: strongly supports that view - doesn't care which, but pick one! Jim: document has picked one. It matters because standard Java provider can't deal with it. Tero: I think Java just needs to fix it. Absent breaks Java. Hum: choices are absent, null, or both. response: Nobody supports both, nobody supports null. Consensus is for absent. Jim: That's what it says now. Any other business? No. Last question about the use of PSS or PKSS in SSH . we would strongly like to move to pss. Jim: shoot 1.5 in the head. Yoav: there's no weakness known in pkss 1.5. if there's no weakness, why add new stuff? Tero: ipsec was using 1.5 also but recommended pss is the one they should use. AGL: pss would be nice but isn't the world moving away from rsa as a whole? Stephen: is anyone in the room implementing? No - then we shouldn't decide. Yoav: since it's going into tls 1.3 everybody's going to be implementing anyway. Nobody has any strong feelings, but why add something nobody's going to use?