09:18:54 <RRSAgent> RRSAgent has joined #strint
09:18:54 <RRSAgent> logging to http://www.w3.org/2014/02/28-strint-irc
09:25:30 <swb> swb has joined #strint
10:05:59 <moneill2> moneill2 has joined #strint
10:09:32 <moneill2> wselttzer, Hi Wendy - is there an audio channel?
10:28:24 <dka> dka has joined #strint
10:28:48 <Melinda> Melinda has joined #strint
10:51:02 <dka_> dka_ has joined #strint
11:04:36 <azet> azet has joined #strint
11:05:12 <azet> no ssl for non-w3 account holders :(
11:11:06 <moneill2> moneill2 has joined #strint
11:30:14 <hildjj> hildjj has joined #strint
11:30:21 <hildjj> hildjj has joined #strint
11:32:09 <jhildebr> jhildebr has joined #strint
11:32:36 <jhildebr> 
11:54:12 <bortzmeyer> While waiting for the workshop, an opinion about Internet governance (warning: high level of trollness) http://www.usnews.com/opinion/blogs/peter-roff/2014/02/25/will-obama-abandon-internet-freedom
12:05:07 <wjontof> wjontof has joined #strint
12:15:53 <moneill2> the specific plumbing may have been invented in the US, but Europeans (& public sector) invented the web
12:28:00 <bjoern> bjoern has joined #strint
12:30:05 <grothoff> grothoff has joined #strint
12:35:43 <sftcd> sftcd has joined #strint
12:39:28 <BenL> BenL has joined #strint
13:00:17 <bortzmeyer> bortzmeyer has joined #strint
13:28:22 <rigo> 'lut Stéphane, voulait dire "lots" mais mon N9 a raté un virage
13:43:27 <swb> swb has joined #strint
13:50:53 <hildjj> hildjj has joined #strint
13:57:55 <W577C> W577C has joined #strint
13:59:41 <hildjj> getting started
14:00:28 <Bert> Bert has joined #strint
14:01:23 <Ted_> Ted_ has joined #strint
14:01:40 <npdoty> npdoty has joined #strint
14:02:05 <npdoty> rrsagent, pointer?
14:02:05 <RRSAgent> See http://www.w3.org/2014/02/28-strint-irc#T14-02-05
14:02:47 <rigo> Stephen Farrell introducing the workshop
14:03:05 <swb> audio?
14:03:37 <wseltzer> Meeting: STRINT, Day 1
14:03:44 <bortzmeyer> RRSAgent: username and password required
14:03:44 <RRSAgent> I'm logging. I don't understand 'username and password required', bortzmeyer.  Try /msg RRSAgent help
14:03:57 <wseltzer> Date: 28 February, 2014
14:04:01 <rigo> rrsagent, set log public
14:04:07 <rigo> bortzmeyer: try again
14:04:15 <rigo> rrsagent, please draft minutes
14:04:15 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html rigo
14:04:25 <fluffy> fluffy has joined #strint
14:04:27 <mnot> mnot has joined #strint
14:04:33 <barryleiba> barryleiba has joined #strint
14:04:41 <bortzmeyer> rigo: "Sorry, Insufficient Access Privileges"
14:04:46 <coopdanger> coopdanger has joined #strint
14:04:58 <GregWood> GregWood has joined #strint
14:05:18 <rigo> bortzmeyer: reload
14:05:46 <bortzmeyer> rigo: it works. The NSA can now know what is aid
14:05:53 <dcrocker> dcrocker has joined #strint
14:05:56 <wseltzer> moneill2, audio will be at  http://nagasaki.bogus.com:8000/stream10
14:06:06 <MacroMan> MacroMan has joined #strint
14:06:39 <dcrocker> dcrocker has left #strint
14:07:05 <jphillips> jphillips has joined #strint
14:07:13 <dcrocker> dcrocker has joined #strint
14:07:14 <jphillips> jphillips has joined #strint
14:07:16 <barryleiba1> barryleiba1 has joined #strint
14:07:22 <wseltzer> wseltzer has changed the topic to: STRINT Agenda: https://www.w3.org/2014/strint/agenda.html (with participation details)
14:08:38 <jphillips> jphillips has joined #strint
14:08:42 <MacroMan> Does anyone know if the streaming audio is being recorded for later listening?
14:08:55 <sftcd> sftcd has joined #strint
14:09:01 <hhalpin> hhalpin has joined #strint
14:09:08 <rigo> 66 submissions, around 150 people having submitted thoughts, only 100 had place, apologies to the others
14:09:19 <cabo> cabo has joined #strint
14:09:46 <AndroUser> AndroUser has joined #strint
14:10:09 <rigo> scribenick: rigo
14:10:14 <rigo> scribe: rigo
14:10:24 <DThaler> DThaler has joined #strint
14:10:30 <kaie> kaie has joined #strint
14:10:34 <rigo> Hardware failure in the audio, under way to fix
14:10:54 <swb> audio is working on that url
14:11:06 <rigo> scribenick: ..
14:11:18 <MacroMan> Is it being recorded too?
14:11:40 <BenL> BenL has joined #strint
14:11:43 <BenL> BenL has joined #strint
14:11:50 <BenL> BenL has joined #strint
14:11:53 <pde> pde has joined #STRINT
14:12:11 <wseltzer> -> http://down.dsg.cs.tcd.ie/strint-slides/ Slide presentations
14:12:46 <JoeHallCDT> JoeHallCDT has joined #strint
14:13:08 <pde> a pity that this server doesn't accept secure connections from non-w3c members :)
14:13:16 <swb> +1
14:13:17 <npdoty> scribenick: npdoty
14:13:40 <smb> smb has joined #strint
14:13:43 <npdoty> larrymasinter: not sure where we talk about other applications
14:13:51 <wseltzer> pde, I'll send a sysreq
14:14:15 <npdoty> sfarrell: maybe in the metadata session to talk about what isn't sent, not just encryption
14:14:27 <swb> Is anyone acting as go-between, so we can possibly insert comments into the meeting?
14:14:33 <npdoty> dcrocker: expand scope beyond just SIP, Jabber, email
14:14:59 <Zakim> Zakim has joined #strint
14:15:05 <mcmanus> mcmanus has joined #strint
14:15:07 <npdoty> dgilmore: coordination deprecation of existing algorithms
14:15:14 <tara> tara has joined #strint
14:15:23 <npdoty> s/dgillmore/dgillmor/
14:15:38 <npdoty> kaplan: not just deprecating algorithms, but updating running software
14:16:15 <grothoff> When are we going to talk about deprecating TCP/IP?
14:16:19 <npdoty> elliotlear: if you're raising security questions, are you answering the generic security problem or just pervasive monitoring? please be specific
14:16:33 <kodonog> kodonog has joined #strint
14:16:45 <npdoty> farrell: a problem on perpass as well
14:17:17 <npdoty> @@: a lot of boxes out there, operational considerations; but also business model considerations, if the email provider needs to be able to read your email, that's probably not going to work
14:17:28 <dcrocker> small correction: i'm suggesting expanding scope beyond the bulltetd goals item for web architecture concerns, to cover the other major architectures/services/
14:17:44 <Ted_> brian trammel was the @@ speaker
14:17:44 <npdoty> ... some things we'll have to leave out for this workshop
14:18:03 <wseltzer> s/@@:/brian trammel:/
14:18:08 <npdoty> pde: good to start with some threat modeling, some problems are low-hanging fruit, encryption by default even if you're not protected against active attackers
14:18:15 <npdoty> ... should have been done long ago
14:18:23 <npdoty> ... next step would be detecting active attacks when they're happening
14:18:36 <MaryB_> MaryB_ has joined #strint
14:18:43 <npdoty> ... 1) encrypt everything; 2) detect MITM; 3) address service provider business models etc
14:19:24 <npdoty> @@@: choose different terminology than opportunistic encryption, instead focus on the specific technology
14:19:35 <DThaler> s/@@@/Orit Levin/
14:19:47 <npdoty> farrell: fix the different uses of that terminology, need to have a common understanding of that term, one goal for this workshop
14:20:15 <bortzmeyer> grothoff: we talk about strengthening the Internet, not replacing it by a new (GNU?) network
14:20:24 <dka> dka has joined #strint
14:20:52 <npdoty> phil: won't create a new technology right now or even in the next 6 months; traditionally security area has demanded perfection against attackers focused on a single person, current problem is less like that
14:21:10 <npdoty> @@@@: should separate threat model and suggested solutions
14:21:28 <swb> That's Steve Kent
14:21:30 <npdoty> JoeHallCDT: not a lot of thinking in IETF about anonymity and building that into protocols, we're going to be doing some work on that
14:21:36 <npdoty> s/@@@@/stevekent/
14:21:37 <grothoff> bortzmeyer: and I thought you were serious about addressing issues like PRISM and other NSA programs, not just verbally reassuring users.
14:22:04 <swb> wow, there's a lot of buffering in the audio. npdoty gets his comments out as the person starts talking :)
14:22:08 <npdoty> richardbarnes: it is important to come out with actionable stuff; areas where we need to work (like anonymity) that are fairly actionable
14:22:49 <npdoty> @@@: need to think about why a new proposal will be deployed when past solutions haven't been; understand the motivations of what determines deployment
14:22:56 <GregWood_> GregWood_ has joined #strint
14:23:03 <wseltzer> s/@@@/BernardAboba/
14:23:07 <npdoty> farrell: encourage deployers to speak up
14:23:07 <smb> The scribe is using the thiotimoline interface.
14:23:35 <npdoty> leon_kaplan: many organizations are just small organizations with a single sysadmin; they don't have the resources; we need to give some good advice they can copy and paste
14:24:47 <npdoty> @@_edps: european data protection supervisor; we could enforce some compliance theoretically; good things are there but not used or they are misunderstood and that isn't solvable by IETF/W3C
14:24:59 <npdoty> ... work on this with volunteers to see how this can be improved
14:25:07 <npdoty> ... look at technologies beyond encryption, like minimization
14:25:37 <npdoty> stevebellovin: should be looking for a 90% solution that just works, for 90-95% of people and businesses that don't have extraordinary threat models
14:25:51 <npdoty> ... shouldn't have to make a lot of strange choices between algorithms and key lengths
14:26:15 <npdoty> ... for the few organizations that have stronger enemies, they can afford experts
14:27:11 <josswr> josswr has joined #strint
14:27:15 <npdoty> moriarty: how can we create better connections within standards bodies (starting with authentication)? developer teams don't know who is using what, what's available, what the use cases are
14:27:38 <npdoty> ... would like something wiki-based as a starting point, and then reach out to standards bodies
14:27:52 <npdoty> ... references at wikipedia so that those other audiences will know where to go at IETF or W3C
14:27:58 <npdoty> ... our work would be promoted more
14:28:34 <JoeHallCDT> yeah, Wikipedia can be tedious for editors
14:28:45 <npdoty> alissacooper: define the areas that seem most fruitful, but also try to prioritize those areas -- which is low-hanging fruit and which comes later
14:28:54 <npdoty> ... also good to think about what not to work on
14:28:59 <swb> Any of us standards groups can host the wiki pages.
14:29:04 <masinter> masinter has joined #strint
14:29:20 <npdoty> ... ... for example, browser fingerprinting, decide in areas where smart people have been thinking about it and maybe we need to put it aside for a while
14:29:33 <npdoty> ... if there is consensus on priorities
14:30:13 <npdoty> kai: users must demand they want to be more secure; define what is easily surveillable or more difficult
14:30:23 <npdoty> ... can we define standards / metrics of protection levels?
14:30:51 <swb> That's going to be a good point later -- creating better security does no good without upkeep
14:31:00 <npdoty> hhalpin: a lot of people are familiar with ietf/w3c but not everyone, so worth outlining the WGs that are rechartering
14:31:23 <npdoty> ... Web Crypto is being rechartered, for example
14:31:31 <npdoty> ... a lot of people really do want better security (anecdote: Whatsapp/Telegram)
14:31:47 <hhalpin> And telegram rolled their own crypto, which is rather crazy at best.
14:31:59 <npdoty> phil: need to quantify work factor, know that NSA has a limited budget
14:32:05 <hhalpin> http://www.thoughtcrime.org/blog/telegram-crypto-challenge/
14:32:07 <MacroMan> hhalpin, +1
14:32:19 <JoeHallCDT> we can maybe estimate from black budget... not sure helpful
14:32:27 <npdoty> dcrocker: we should worry about real usability, who will deploy it, why they will, what is necessary for users to benefit in the real world
14:32:27 <hhalpin> We would really like folks to review the Web Crypto API, which is nearing Last Call and will also likely recharter by end of the year
14:32:33 <npdoty> rrsagent, please draft the minutes
14:32:33 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html npdoty
14:33:09 <npdoty> Topic: Threats
14:33:17 <hhalpin> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html (latest draft of Web Crypto API)
14:33:20 <sftcd> http://down.dsg.cs.tcd.ie/strint-slides/s1-threat.pdf
14:33:20 <npdoty> cullen: there's a ton of data being collected
14:33:38 <npdoty> ... what has raised the particular issue has been pervasive collection
14:33:46 <npdoty> ... IP address, MAC addresses, identifiers and content
14:33:57 <rigo> collected by lots of people
14:33:58 <npdoty> ... being collected not by any single organization, many governments
14:34:00 <npdoty> ... not new
14:34:11 <kodonog> * audio is up, but the quality is sketchy
14:34:25 <npdoty> ... collected at carrier level; collected at transport level; collected at cloud service providers
14:34:40 <npdoty> ... attacks are changing over time: not just passive attacks, but also active attacks
14:34:41 <bjoern> bjoern has joined #strint
14:35:07 <npdoty> ... come out of this session with a clear idea of the threat model and the attacks
14:35:16 <npdoty> ... make sure we're working on things that do address the threat model
14:36:04 <cabo> cabo has joined #strint
14:36:09 <npdoty> cullen: passive attacker can listen to communications or just correlate communications between alice and bob
14:36:14 <JoeHallCDT> EKR's?
14:36:19 <swb> http://down.dsg.cs.tcd.ie/strint-slides/
14:36:53 <npdoty> ... mitigations: don't send the data if you don't have to; encrypt data; anonymization
14:37:25 <npdoty> ... active attacker: not just observing, but also changing communications
14:37:49 <npdoty> ... active attacks may actually be quite easy for the pervasive attacker to mount
14:38:08 <npdoty> ... often in a good position to get themselves bogus credentials
14:38:34 <npdoty> ... mitigations: authentication; have more than one way to verify who you're talking to; improving trust models
14:39:12 <npdoty> cullen: collaborators who willingly or unwillingly reveal information out to the attacker
14:39:30 <Ted_> witting or unwitting, willing or unwilling
14:39:45 <npdoty> ... might be directly taking keys and hand them to the attacker; or I generated keys in a way that the attacker could find out
14:39:53 <Ted_> sorry, witting or unwitting, *not* willing or unwilling
14:40:20 <npdoty> ... static key exfiltration: attacker finds out a key that is long-lived
14:40:20 <wseltzer> s/willingly or unwillingly/wittingly or unwittingly/
14:40:44 <sftcd> nice logo on this one:-)
14:41:10 <npdoty> ... versus dynamic key exfiltration: where the attacker needs to obtain the keys for each communication
14:41:49 <npdoty> ... content exfiltration: taking the content rather than the keys during the communication
14:42:33 <npdoty> cullen: attackers will do all of these; we can increase the costs of these, so the attacker has to move to the more expensive attacks, or makes it more visible and increases the risk that the attacker will be 'caught'
14:42:50 <npdoty> ... this is just level-setting, would like to hear from the room
14:43:28 <npdoty> barnes: make a list of the attacks, so we can scope and prioritize work based on how it addresses these attacks
14:43:39 <fluffy> fluffy has joined #strint
14:44:00 <npdoty> stevekent: should include content in the pervasive passive attack
14:44:33 <npdoty> barnes: yes, passive definitely includes content, the metadata/correlation was what is new
14:45:14 <npdoty> stevekent: identifying classes of adversaries by their motivations and their capabilities, separate from just the threat model
14:46:10 <npdoty> wseltzer: a helpful framework; it should be part of the design process to ask and answer against which threats you are designing
14:46:27 <npdoty> ... it's fair to address only some threats as long as we don't tell people we're addressing more than we are
14:46:30 <swb> I don't think we can/should identify classes of adversaries -- we don't know enough yet. We can understand the threat model without understanding who is doing the threatening.
14:47:09 <JoeHallCDT> Dave, dave, Ed, Stuart, Pete
14:47:42 <jphillips> Two attacker classes: those with national security letters and those without?
14:47:50 <npdoty> DThaler: far easier to detect an active attack than a passive attack, anything that helps us move from passive to attack helps in multiple dimensions
14:48:13 <npdoty> dcrocker: increasingly sensitive to distinction between handling metadata and content metadata
14:48:56 <npdoty> ted: not sure how valuable it is to classify the motivations of an attacker
14:49:08 <npdoty> ... a rathole in describing the motivations, which may be controversial terms
14:49:43 <JoeHallCDT> NSLs are pretty retail, it seems
14:49:43 <JoeHallCDT> unless they come for keys, but legal minds disagree if they can get that through NSLs
14:49:53 <npdoty> stuartcheshire: glad active attacks are included -- not that hard to switch to active attacks, like airport wifi
14:50:05 <swb> which slide is on the screen right now?
14:50:12 <JoeHallCDT> summary
14:50:14 <cabo> cabo has joined #strint
14:50:30 <npdoty> ... very tempting to talking about encryption technologies and certificates as stopping attacks
14:50:42 <npdoty> ... but actually what they do is just make the attacks detectable
14:50:56 <npdoty> ... what we do is throw up a certificate warning
14:51:23 <npdoty> ... "that's how you know you're on the right site, because it always does that"
14:52:04 <plh> plh has joined #strint
14:52:21 <npdoty> crowd: the russian hacker would have had a good cert
14:52:46 <npdoty> stuartcheshire: not a scalable solution to complain about certificate problems
14:53:11 <npdoty> peteresnick: let's not throw things away because they're not immediately effective
14:53:31 <npdoty> ... the fact that a big cloud player starts encrypting (even if the attacker can do content exfiltration directly)
14:53:46 <npdoty> ... can move our infrastructure. might establish a basis for solving bigger problems down the road
14:53:48 <kodonog> kodonog has joined #strint
14:54:17 <npdoty> leon_kaplan: should add denial of service or jamming to encourage users to downgrade to unencrypted versions
14:54:34 <npdoty> ... some attackers will just slow it down massively, which looks innocent in a developing country
14:54:41 <Ted_> An adjunct to Pete's comment:  there may be more than one attacker.  Even if there infiltration by one, that's not the same result as cleartext, which is available to all attackers.
14:55:03 <npdoty> ... phishing is another attack, by intelligence agencies or others
14:55:33 <npdoty> barnes: figuring out when technologies get used, like HSTS
14:55:59 <npdoty> phil: need to think of actors not as monolithic groups -- for example, individual defectors within larger organizations
14:56:28 <npdoty> ... one consequence is loss of reputation, PR issues for organizations because of attacks on their users (Yahoo! in the news)
14:57:14 <npdoty> larrymasinter: don't see in the taxonomy attacks on services that are popular but don't require pervasive monitoring
14:57:39 <npdoty> ... application-level security might give traffic analysis more information rather than less
14:58:31 <npdoty> ... might be useful to categorize users: cognoscenti; vulnerable populations (children or elders) who might be abused;
14:59:19 <npdoty> @_johnson: there's an assumption that once you're encrypted, you're safe; we think there should be security and entanglement at the application layer as well
14:59:32 <npdoty> ... not sure where it fits within W3C / IAB / IETF mandate
14:59:57 <npdoty> @@@: not sure why we're not using public-key based routing
15:00:07 <hhalpin> +1 Harold Johnson: crypto does not equal security - the issue is data minimization (obsfucation)
15:00:11 <hhalpin> s/@@/HaroldJohnson
15:00:13 <npdoty> ... no way to MITM
15:00:42 <npdoty> s/@_johnson/HaroldJohnson/
15:00:58 <npdoty> @@@: just hold a public key qr code in front of a webcam and then there's no way to go to the wrong place
15:00:59 <BenL> BenL has joined #strint
15:01:06 <hhalpin> s/@@@/CarolVanLynx
15:02:03 <Ted_> s/CarolVanLynx/Carlo van Lynx/ ?
15:02:19 <npdoty> GeorgeDanezis: @@@@ [scribe couldn't hear/understand]
15:02:21 <grothoff> s/van/von/
15:03:03 <JoeHallCDT> Damezis was talking about subversion, actively frustrating attackers?
15:03:35 <npdoty> elliot: Ted asked if the motivations of the attacker are important; motivations are important for the user/administrator to understand how much money to spend to mitigate the attack
15:03:35 <npdoty> ... if I care, then I'll mitigate, otherwise I won't
15:03:47 <npdoty> ... at the end of the day, it will come down to implementers and users
15:04:34 <npdoty> farrell: how should we document the threat model so that it's understood by those designing / implementing / deploying?
15:04:41 <Ted_> For Eliot's point, not surprisingly, I fundamentally disagree.  A valid mitigation against one attacker will work against others with similar capabilities but different motivations.
15:05:23 <npdoty> joehildebrand: requirements for the threat model, interoperability is important and if we don't have that we have a denial of service attack
15:05:35 <hhalpin> s/@@@/We have now lots of known cases authentication systems are being subverted in order to fake, access routers being subverted as well.
15:05:37 <npdoty> ... has to be implementable by more than one group, so simplicity is a very important goal
15:06:06 <npdoty> barnes: interoperability serves a security function by making it testable
15:06:15 <swb> please remind people to state their names every time
15:06:29 <npdoty> pde: what do we do when we detect mitm? currently we show absurd error that trains people incorrectly
15:06:43 <npdoty> ... solution was called sovereign keys
15:07:02 <npdoty> ... bbc, eg, publishes a key in an append-only data structure
15:07:56 <npdoty> ... if the user sees a key that isn't the right one, the software uses a slower but safer technique
15:08:14 <npdoty> ... gave up on that for a sophisticated attacker / threat model based on China, but it might work for other models
15:09:04 <npdoty> kai: @@@@ [scribe didn't understand]
15:09:26 <npdoty> barnes: maybe not something for this workshop
15:09:45 <wseltzer> s/@@@@/Are compromised home network devices (CPE) in-scope?/
15:09:54 <npdoty> dcrocker: the reality is that this group is always going to go for solutions
15:10:08 <npdoty> ... think about higher-risk vs lower-risk solutions
15:10:42 <npdoty> ... object threats vs. venue threats: payload, payload metadata, transaction metadata vs link, support infrastructure, dns
15:11:14 <npdoty> @@@: rather than threat model, what is the risk model?
15:11:29 <wseltzer> s/@@@:/Doug_Montgomery:/
15:11:34 <npdoty> ... risks to performance, business models
15:11:43 <npdoty> ... risks of attacks vs. risks of successful deployments
15:12:19 <npdoty> barnes: what are the properties/ additional considerations beyond security: performance, business model
15:12:57 <barryleiba> barryleiba has joined #strint
15:12:58 <JoeHallCDT> as a physicist, it's probably "emanation" rather than radiation
15:13:23 <npdoty> @@@@@: in protocol level interactions, what do we know that we radiate vs. what do we not know that we radiate
15:13:46 <JMC> JMC has joined #strint
15:13:50 <npdoty> ... information radiation is important because even if we solve all encryption problems, there are patterns of bits on the wire
15:14:16 <Ted_> No, you can't remove it, but you can make the patterns much more expensive to see.
15:14:24 <wseltzer> s/@@@@@:/Trammell://
15:14:30 <jphillips> or make sense of.
15:14:37 <npdoty> hannes: is this taxonomy useful? to whom?
15:14:39 <swb> I'm not going to try to contribute, but for this group: there are so many things you can do with the pattern of bits on the wire!
15:14:59 <npdoty> ... in standards, try to develop abstract building blocks that will be used in a wide variety of contexts, so motivation doesn't matter
15:15:10 <npdoty> ... but does matter to the developer/deployer
15:15:57 <npdoty> ... so this list could be useful in a standards group, going through the list because confidentiality is otherwise considered expensive
15:16:24 <npdoty> leon_kaplan: useful to know how expensive is each attack and each defense
15:16:57 <Ted_> +1 to Dr. Fluffy
15:17:14 <npdoty> fluffy: impossible to get to the motivations of attackers in this case, anti-productive. could discuss capabilities in a broad context, which might provide the same information
15:17:47 <dougm> dougm has joined #strint
15:18:01 <swb> Eventually it'll be useful to get into motivations, but for now we know enough of them at a coarse level, and have plenty to do with what we already know about threats, regardless of motivation.
15:18:05 <npdoty> stevekent: describe classes of attacks and give them numbers so that protocol authors can describe which of the enumerated attacks they are resolving
15:18:38 <jphillips> Is there a list of attendees somewhere?
15:18:54 <npdoty> ... motivations can be done without being pejorative; motivations of intelligence agencies for passive attacks because they don't want to be detected is still valuable
15:19:01 <npdoty> barnes: cost model of the adversary is useful
15:19:46 <npdoty> rigo: at the moment we are one step behind, have to see what people did to install pervasive monitoring
15:19:59 <npdoty> ... attacker is sitting at large IXP
15:20:24 <npdoty> ... tells us where encryption can be helpful
15:20:53 <mcmanus> queue is closed - so irc can be my platform. We talk about driving up cost of attack as a defense - but driving up cost of mitigation is an attack itself because it will bifurcate the sol space
15:21:05 <swb> is that ekr?
15:21:12 <Ted_> Yes
15:21:30 <npdoty> ekr: centralization of cloud services creates a new locus of attack
15:22:00 <npdoty> ... places most secure from network attackers are least secure from attacks from government/lawful intercept
15:22:13 <npdoty> ... bring in new insights to inform protocol design
15:22:32 <JoeHallCDT> you got it, nick
15:22:59 <npdoty> @@: threat model is so wide/pervasive -- look at the relationship of those threats, where they might be a chain and a weakest link
15:23:10 <hhalpin> +1 EKR. We don't want decentralized services insecure from network attackers, or centralized servers that are easily compelled by govt. attackers. I'd prefer a federated, decentralized approach based on well-reviewed standards.
15:23:15 <dougm> The real issue is the relative RISK model.   What is the risk/ramification of a adversary exploiting a know vulnerability, vs the risk of deploying a solution.    Risk of solution includes, cost, complexity, fragility, new attack vectors, etc.
15:23:28 <JoeHallCDT> s/@@/Robachevsky/
15:23:28 <wseltzer> mcmanus, and then leave the demanders-of-greater-security part of a smaller anonymity set against traffic analysis
15:23:32 <npdoty> ... consider use cases to identify low-hanging fruit
15:24:07 <swb> Kathleen Moriarty
15:24:08 <JoeHallCDT> and risk to user, implementer, others?
15:24:23 <npdoty> moriarty: lots of instances of full-packet capture, analysts love it
15:24:48 <dougm> Yes the risk of both attack and risk of solution is viewed differently by different players in the ecosystem.
15:24:52 <npdoty> barnes: how will protections affect emergency response
15:25:13 <npdoty> DThaler: one audience is W3C/etc., another audience is deployment -- this document is focusing on the first audience
15:25:14 <pde> pde has joined #STRINT
15:25:30 <npdoty> ... what's the incentive for someone to actually deploy something, fund mitigations
15:25:56 <dougm> How much additional would you pay on your broadband bill to make PM more costly to highly resourced threats?
15:26:12 <npdoty> ... protecting data is one; protecting anonymity / reputation is another
15:26:28 <Jiangshan> Jiangshan has joined #strint
15:26:54 <npdoty> barnes: lots of useful comments for how we can make this document better
15:26:57 <wseltzer> [catalog the threats as incentives to appeal to different parts of the corporate user, implementer, and designer communigy]
15:27:13 <npdoty> ... will try to improve the draft in the next little while
15:27:27 <npdoty> ... what's the process for moving this forward? perpass list, etc.
15:27:55 <npdoty> farrell: need to figure out what to do with the perpass list in IETF, what are we going to do with this draft, maybe split it for the two audiences
15:28:04 <npdoty> ... needs an AD sponsor
15:28:07 <JoeHallCDT> what' stone relationship between the Barnes draft and Trammell draft?
15:28:08 <DThaler> protecting anonymity and protecting reputationare two different things.   My point is to cover such a list of things people who need to make a deployment change care about
15:28:14 <wseltzer> -> https://www.w3.org/2014/strint/papers/44.pdf The draft: Pervasive Attack: A Threat Model and Problem Statement
15:28:28 <JoeHallCDT> s/what' stone/what's the/
15:28:35 <npdoty> hannes: not sure this document can expand to cover this other audience
15:28:42 <swb> The perpass list should continue because we will need it for draft review -- see the Monday lunch meeting plan for example.
15:29:11 <npdoty> ... user-facing stuff is not in this document or in any others that I know of
15:29:25 <npdoty> barnes: I can be a central point for people who want to help on this document or related
15:29:42 <wseltzer> [break for 1/2 hour]
15:29:48 <wseltzer> rrsagent, generate minutes
15:29:48 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html wseltzer
15:29:53 <npdoty> < half hour break, start again at 4 o'clock >
15:31:53 <AndChat|372521> AndChat|372521 has joined #strint
15:33:03 <jphillips> Where are the logs for this channel?
15:48:29 <Alex_> Alex_ has joined #strint
15:50:17 <jphillips2> jphillips2 has joined #strint
15:52:01 <swb> jphillips: | RRSAgent  I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html
15:52:48 <xaviermarjou> xaviermarjou has joined #strint
15:53:10 <PHB> PHB has joined #strint
15:53:57 <Satoshi> Satoshi has joined #strint
15:54:39 <Satoshi> Testing
15:55:57 <mcmanus> mcmanus has joined #strint
15:57:45 <jphillips> Thanks swb
15:58:13 <wjontofs> wjontofs has joined #strint
15:58:53 <Jiangshan> Jiangshan has joined #strint
16:02:41 <dougm> dougm has joined #strint
16:02:56 <PHB> COMSEC
16:03:06 <fluffy> fluffy has joined #strint
16:03:16 <cabo> cabo has joined #strint
16:03:25 <hhalpin> hhalpin has joined #strint
16:03:29 <JoeHallCDT> JoeHallCDT has joined #strint
16:04:01 <PHB> PHB has joined #STRINT
16:04:08 <PHB> Minutes from me
16:04:11 <npd> npd has joined #strint
16:04:31 <PHB> Don't expect me to recognize you, I can't see you here
16:04:51 <PHB> It captures the thoughts??
16:04:55 <pde> pde has joined #STRINT
16:05:03 <PHB> The NSA must have given it to us
16:05:09 <DThaler> DThaler has joined #strint
16:05:15 <barryleiba> barryleiba has joined #strint
16:05:20 <donnelly> donnelly has joined #strint
16:05:30 <PHB> Ask to turn off the recorder for confidential stuff
16:05:41 <PHB> Hannes: Comsec1
16:05:43 <npd> thanks, rigo
16:05:50 <Benoit> Benoit has joined #strint
16:05:56 <PHB> This session we are looking at how to increase usage of current COMSEC tools
16:06:09 <tara> tara has joined #strint
16:06:11 <LeslieDaigle> LeslieDaigle has joined #strint
16:06:40 <sftcd> that doesn't sound like Hannes:-)
16:06:40 <PhilippeDeRyck> PhilippeDeRyck has joined #strint
16:06:52 <PHB> Hannes: Great standards of papers, but not everything is deployed
16:06:58 <PHB> HTTP:
16:07:03 <Ted_> Ted_ has joined #strint
16:07:37 <dka> dka has joined #strint
16:07:44 <PHB> HObservation from Eckersley #438, CAs infastructure
16:07:54 <DThaler> slides at http://down.dsg.cs.tcd.ie/strint-slides/s2-comsec.pdf
16:08:00 <PHB> % of websites using HTTPS is rather low still
16:08:13 <alfredo> alfredo has joined #strint
16:08:22 <klc> klc has joined #strint
16:08:53 <PHB> SIP issues (see slides for details)
16:09:16 <sftcd> "jon has an attitude problem" :-)
16:09:45 <PHB> SIP might have had an attitude issue, RTCWeb might be a chance to do it right because it is a different community
16:09:52 <PHB> (yes)
16:10:19 <wseltzer> i/COMSEC/scribenick: PHB
16:10:25 <SCRIBE> SCRIBE has joined #STRINT
16:10:36 <SCRIBE> Is this better?
16:10:44 <swb> :)
16:10:54 <wseltzer> scribenick: SCRIBE
16:11:08 <MacroMan> MacroMan has joined #strint
16:11:13 <SCRIBE> AAA: RADIUS and Diameter
16:11:31 <PaulWouters> PaulWouters has joined #strint
16:11:36 <SCRIBE> Invisible to end users, often installed by technical staff
16:11:49 <SCRIBE> Basice mechanisms are standardized but do people actually use them?
16:11:54 <SCRIBE> (end user can't tell)
16:12:14 <SCRIBE> (thanks Wendy)
16:12:26 <SCRIBE> What should be done
16:12:31 <swb> another factor is image: you don't tell people to use security measures because that means you have security problems
16:13:12 <SCRIBE> Solution strategies
16:13:23 <SCRIBE> Alternatives to CA system, opportunistic keying
16:13:44 <SCRIBE> Reducing operational cost, via profiles, or new key management techniques
16:13:52 <SCRIBE> Education problem
16:14:14 <SCRIBE> <Isn't requirement for education a problem in itself???>
16:14:34 <SCRIBE> Issue with deployment/vendor community
16:14:40 <SCRIBE> Bypassing
16:15:04 <SCRIBE> What are the low hanging fruits?
16:15:46 <SCRIBE> Bernard - operational requirements
16:16:07 <SCRIBE> Some things have been deployed, XMPP client server has benn server to server ahas not
16:16:25 <SCRIBE> SIO has not been deployed but it looks like XMPP, why not (too many options maybe??)
16:16:26 <dcrocker> dcrocker has joined #strint
16:16:36 <SCRIBE> People are going to DTLS
16:16:43 <kodonog> kodonog has joined #strint
16:16:57 <SCRIBE> Is (D)TLS the appropriate model or is SSH more likely to be successful?
16:17:30 <SCRIBE> (work at CERT) when a security issue, measure number of servers get patched
16:17:42 <SCRIBE> Usually get patches but usually this topps out at 50%
16:17:51 <smb> smb has joined #strint
16:17:53 <SCRIBE> after that updates stop happening
16:18:15 <SCRIBE> Does not help to point fingers, but what does help is a web site that will audit their connection and tell them if they are secure
16:18:21 <SCRIBE> Verification works
16:18:31 <JoeHallCDT> wasn't that "gameification"?
16:18:34 <hildjj> hildjj has joined #strint
16:18:38 <SCRIBE> Cullen>
16:19:01 <hildjj> BTW, we do what Aaron was asking for in the XMPP world: https://xmpp.net/
16:19:02 <SCRIBE> SIP security is widely deployed but does not use the SIPS scheme
16:19:14 <Ted_> The difficulty with that is that the attacks may not be against the client to server piece; the server-to-server piece may be the issue, and it is much less subject to gameifcation.
16:19:15 <SCRIBE> bigest problem has been getting certs easily into servers
16:19:19 <BenL> BenL has joined #strint
16:19:23 <SCRIBE> make it trivial to install cert into server
16:19:29 <GregWood> GregWood has joined #strint
16:19:35 <SCRIBE> click on a button and everything that needs to happen happens
16:19:41 <SCRIBE> possible and can be done
16:19:48 <SCRIBE> Brian:
16:19:54 <SCRIBE> What cullen said
16:20:10 <masinter> masinter has joined #strint
16:20:13 <SCRIBE> anecdote: Set up an XMPP server throw up a free certificate
16:20:20 <SCRIBE> gets an F because its a free cert
16:20:31 <fluffy> fluffy has joined #strint
16:20:37 <SCRIBE> If what we want is confidentiality need to make it easy for people to do
16:20:55 <SCRIBE> Should be certificate that does not make a representation about you
16:21:17 <SCRIBE> Steven Farrel: we have tried to do this many times and screwed it up
16:21:21 <SCRIBE> Stuart Cheshire
16:21:33 <SCRIBE> Is using TLS the problem?
16:21:41 <SCRIBE> Not if we tell users to just ignore it
16:22:12 <SCRIBE> User is smart enough to analyze security violations and decide which are benign and which are benevolent?? nah
16:22:30 <SCRIBE> Not good enough to choose good certs cos user is not empowered
16:22:37 <SCRIBE> they can't choose not to use the site
16:23:01 <SCRIBE> One thing hew would like to do is in unison IE Safaria, Chrome, give much scarier messages to users
16:23:10 <SCRIBE> (pictures of bleeding cats)
16:23:35 <SCRIBE> Offer to be on team to do that.
16:23:40 <dka> +1
16:24:11 <SCRIBE> Jari
16:24:22 <SCRIBE> was getting depressed because of little deployment
16:24:27 <wseltzer> [it would be great to get browsers willing to talk about UI for security, and consistency of that UI]
16:24:51 <SCRIBE> Engineers often look at deployment,
16:25:00 <MacroMan> Second ? on the board in David W
16:25:10 <SCRIBE> businesses tend to turn things on when there is need
16:25:17 <SCRIBE> When security is in the headlines
16:25:28 <SCRIBE> they will turn on everything they can
16:25:54 <SCRIBE> Reason to be optimistic
16:25:56 <SCRIBE> Allan?
16:26:07 <SCRIBE> Talked about sip in terms of voip and video
16:26:13 <SCRIBE> need to think addbout media privacy
16:26:19 <wseltzer> s/Allan?/Alan Johnson/
16:26:26 <SCRIBE> that is what this weeks Yahoo is all about SRTP was not used
16:26:33 <SCRIBE> one reason is protocol other is operational
16:26:45 <SCRIBE> all the providers use passive monitoring, using SRTP makes them blind
16:26:58 <SCRIBE> to turn on SRTP need to have a flag day is not a standard
16:27:03 <SCRIBE> for upgrade
16:27:14 <SCRIBE> Steve: is that true for WebRTC?
16:27:16 <SCRIBE> Max?
16:27:29 <SCRIBE> Looking as TLS / SSHE discussion
16:27:35 <SCRIBE> user based pining model
16:27:49 <SCRIBE> Here is a whole infrastructuree have to deploy
16:27:58 <SCRIBE> All the problems of getting keys
16:28:20 <SCRIBE> get away from what the user does look at vendors
16:28:32 <SCRIBE> Kai:
16:28:36 <SCRIBE> Enghet
16:28:42 <SCRIBE> Low hanging fruits
16:28:56 <SCRIBE> Large number of deployments upgrade systems too infrequently
16:29:11 <SCRIBE> Could make it harder to monitor with more frequently patched servers
16:29:40 <SCRIBE> These are also facts that we have servers supporting old servers because of older browsers
16:29:55 <SCRIBE> we need to patch more often more quickly an make it easier for servers
16:30:36 <SCRIBE> Many standards already in TLS
16:31:04 <alfredo> alfredo has joined #strint
16:31:22 <hildjj> s/Max/Max Pritikin/
16:32:13 <SCRIBE_> SCRIBE_ has joined #STRINT
16:32:22 <SCRIBE_> (lost connection)
16:32:38 <SCRIBE_> For SIP the lack of security is chosen by policy
16:32:43 <SCRIBE_> the people deploying have reasons
16:32:48 <SCRIBE_> which is why it is hard
16:33:00 <SCRIBE_> Rigo
16:33:14 <SCRIBE_> Ceritifcates triggering just OK
16:33:26 <SCRIBE_> The underground stops at the circle line
16:33:27 <jphillips> (OCSP is quite broken anyway: http://thoughtcrime.org/papers/ocsp-attack.pdf)
16:33:35 <SCRIBE_> Don't worry about the signalling system
16:33:54 <SCRIBE_> Certificate distribution is not a technical problem
16:33:59 <SCRIBE_> its a business problem
16:34:08 <SCRIBE_> Money machine is in the CA system
16:34:30 <tobie__> tobie__ has joined #strint
16:34:37 <SCRIBE_> Last time saw spooks really concerend was IPSEC, what happened
16:34:38 <SCRIBE_> ??
16:34:43 <SCRIBE_> EKR:
16:35:13 <SCRIBE_> Various levels of aggressivness about warnings
16:35:22 <SCRIBE_> Lots of reasons to override the dialogs
16:35:35 <SCRIBE_> Browser manufacturer has tradeoffs
16:35:43 <SCRIBE_> Chrome has moved their needle recently
16:35:51 <SCRIBE_> Find a way to make the cases less common
16:35:55 <sftcd> sftcd has joined #strint
16:36:31 <SCRIBE_> works when browsers know for a fact there is no valid reason to break
16:36:34 <SCRIBE_> pins work then
16:36:39 <npd> I don't understand why we need a scary message at all for a self-signed cert
16:36:46 <jakob> jakob has joined #strint
16:36:53 <LeslieDaigle> LeslieDaigle has joined #strint
16:37:17 <npd> ... As opposed to just showing it as an insecure/unauthenticated connection
16:37:42 <rigo> scribenick:rigo
16:37:47 <JoeHallCDT> the Laurie/Goldberg draft has an idea there (which I can't summarize without skimming it again)
16:37:52 <PhilippeDeRyck> self-signed certs should be installable upon first use (similar to SSH), as possible in firefox (but more difficult in chrome)
16:38:23 <rigo> PKI have a business model sustaining it, help people to deploy crypto
16:38:43 <PaulWouters> also prevents people from using it :P
16:38:44 <rigo> ... lets get certificates in software
16:39:11 <rigo> ... disappointed that we are not talking about SMTP could be done in 6 month
16:39:34 <rigo> sftcd: would it be worthwhile deploying crap CA service?
16:40:01 <rigo> PHB: they don't wnat to deal with the server
16:40:06 <BenL> BenL has joined #strint
16:40:31 <AndChat|372521> Responding to stephen farrell why ocsp actually helps. If today an intermediate ca gets abused and must be blocked, we can revoke it, but unless we require mandatory ocsp, today mitm can simply block connection to ocsp server
16:40:59 <rigo> scribe:PHB
16:41:10 <rigo> scribenick: SCRIBE_
16:41:29 <SCRIBE> SCRIBE has joined #STRINT
16:41:36 <SCRIBE> (got kicked out agin sorry)
16:41:42 <SCRIBE> Eckersley:
16:41:58 <SCRIBE> Do TLS scorecard for major email domains
16:42:04 <ldaigle> ldaigle has joined #strint
16:42:07 <SCRIBE> everyone in scorecard tries to do it
16:42:17 <SCRIBE> SMTPS
16:42:30 <SCRIBE> if people do opportunistic SMTPS people don't check certs
16:42:49 <SCRIBE> don't do all the cert chain validations that throw up noise warnings
16:43:10 <SCRIBE> Zero cost easy deployment for one set of users
16:43:12 <Zakim> Zakim has left #strint
16:43:21 <SCRIBE> Eliot Lear
16:43:31 <SCRIBE> Alternatives
16:43:44 <dcrocker> dcrocker has joined #strint
16:43:47 <SCRIBE> another workshop ITAB workshop
16:43:53 <SCRIBE> one transition has been DANE/NSSEC
16:44:01 <SCRIBE> incentives to get DNSSEC deployed
16:44:08 <SCRIBE> encourage group to read it
16:44:17 <SCRIBE> latency matters
16:44:22 <SCRIBE> especially for HTTP
16:44:29 <SCRIBE> latency is nonstarter
16:44:32 <Piers> Piers has joined #Strint
16:44:36 <SCRIBE> Browser based
16:44:48 <SCRIBE> think about problems as refrigerator based
16:44:57 <SCRIBE> have to account for embedded devices
16:45:00 <SCRIBE> Dave??
16:45:01 <pde> Speaking of latency, somebody mentioned DTLS as the future... which would be a pity.  I think mosh shows that we can do way better...
16:45:17 <SCRIBE> Misconfiguration aspect
16:45:27 <SCRIBE> misconfiguration is indistinguishable from attack
16:45:29 <azet> so,.. wanna do a raise of hands of who really trusts CAs? ;)
16:45:38 <SCRIBE> expired cert or cert using authority not from your set
16:45:39 <dcrocker> Query to Dave?  You mean Dave Thaler, speaking now?
16:45:49 <SCRIBE> IAB internal website mde clickthrough requirement
16:45:51 <azet> i mean the stuff that's in your browser, not company internal stuff
16:46:00 <SCRIBE> Put pressure on organizations to make a change
16:46:08 <SCRIBE> pt pain in the fact of the user
16:46:22 <SCRIBE> Things that are not alignedwith the user
16:46:46 <SCRIBE> Should put the pain in the right place - people who can change things
16:47:01 <SCRIBE> What is there was notice every time there was a clicktrhough
16:47:13 <SCRIBE> [PHB: yep have a solution for that]
16:47:14 <grothoff> That must be the first time that browser-based DDoS was sugggested as a SOLUTION.
16:47:19 <SCRIBE> Wendy Seltzer:
16:47:31 <SCRIBE> Need to put usability of security products into the threat model
16:47:40 <sftcd> @grothoff: nice:-)
16:47:45 <SCRIBE> an application that people fail to use securely is insecure
16:47:45 <npd> Do sites not know that their users are seeing these error messages?
16:47:57 <npd> Would reporting back to the server help?
16:47:57 <SCRIBE> Sometimes just want to get to a web site
16:48:02 <PhilippeDeRyck> a reporting feature like CSP might help ...
16:48:02 <SCRIBE> if https: great
16:48:08 <SCRIBE> other times going to a bank
16:48:15 <SCRIBE> want to make sure only connecting to a bank
16:48:34 <SCRIBE> Can we get more of the right people thinking about the usability questions
16:48:43 <dougm> dougm has joined #strint
16:48:48 <SCRIBE> Patrick
16:48:53 <SCRIBE> Mamannis
16:48:58 <SCRIBE> Wrt HTTPS
16:49:03 <SCRIBE> lots of talk about certs
16:49:14 <SCRIBE> Need to ask why there are lots of web properties
16:49:18 <wseltzer> s/Mamannis/McManus/
16:49:23 <SCRIBE> only use HTTPS to redirect back to HTTP
16:49:39 <SCRIBE> Cert isn't issue as to why they don't do that
16:49:55 <SCRIBE> Twitter says TECO does not use HTTPS
16:50:06 <SCRIBE> web load balancer does not have the information
16:50:11 <npd> s/TECO/t.co/
16:50:15 <SCRIBE> whole business model is to use it.
16:50:17 <Dacheng> Dacheng has joined #strint
16:50:22 <SCRIBE> Have made HTTPs a one stop shop
16:50:25 <wseltzer> s/the information/referer information/
16:50:29 <SCRIBE> is a very big upgrade for many
16:50:48 <Domenic__> Domenic__ has joined #strint
16:51:07 <SCRIBE> ???
16:51:20 <SCRIBE> Got an F because an untrusted cert
16:51:38 <SCRIBE> if you get an F you see what you would get if you passed
16:51:50 <SCRIBE> One of the goals is to make the network fully encrypted
16:52:09 <SCRIBE> DavidMakin?
16:52:15 <Ted_> Ted_ has joined #strint
16:52:21 <SCRIBE> Regardless of encryption
16:52:27 <coopdanger_> coopdanger_ has joined #strint
16:52:39 <SCRIBE> large number of servers run by people expected to be an expert in SIPS/HTTPS
16:52:41 <sftcd> David Wakelin (I think)
16:52:46 <SCRIBE> Too complex
16:52:59 <SCRIBE> Daniel Khan Gilmore
16:53:05 <SCRIBE> Address low hanging fruit
16:53:09 <MacroMan> sftcd, Yes
16:53:13 <SCRIBE> 1st item
16:53:18 <SCRIBE> pervasive passive monitoring
16:53:23 <SCRIBE> for HTTP only
16:53:33 <SCRIBE> RFC 2817 HTTP upgrade
16:53:37 <SCRIBE> could rool out
16:53:45 <npd> Open source and commercial software have made it easy to deploy servers that implement complicated protocols without the single sysop understanding all the details
16:53:49 <SCRIBE> web browser would support, not tell user that they are using it
16:53:56 <SCRIBE> web admins need to make no effort
16:54:07 <SCRIBE> Another:
16:54:25 <SCRIBE> Registry of which SMTP servers do offer startls so to avoind downgrade attack
16:54:33 <SCRIBE> Many tools allow browser fingerprinting
16:54:44 <SCRIBE> need to think about how to roll stuff out
16:54:54 <SCRIBE> not to make metadata issue worse
16:54:57 <SCRIBE> Ted Hardie
16:55:12 <SCRIBE> Stumbling block problem
16:55:28 <SCRIBE> end user cannopt tell difference between webtc protocol and a non Webrtc
16:55:39 <SCRIBE> so user can't tell whether it should be secure or not
16:55:48 <Jiangshan> Jiangshan has joined #strint
16:56:01 <SCRIBE> May be able to tell if it is javascript downloaded to a browser in a web environment
16:56:07 <SCRIBE> can't for an app
16:56:13 <SCRIBE> end user won't know
16:56:42 <SCRIBE> need to convince app providers to use standards or have means to tell user what categoty app falls into
16:56:46 <SCRIBE> Setve Bellovin:
16:56:57 <SCRIBE> How many people using VPNs?
16:57:34 <SCRIBE> Could encrypt all mail to ietf mailing list but don't
16:57:38 <SCRIBE> why not
16:57:48 <SCRIBE> why are you not using crypto
16:57:56 <SCRIBE> pain in the posterior to set up
16:58:25 <SCRIBE> Perry Metzeger, has 25 years as admin, took lot of effort to set up IPSEC for iPhone
16:58:29 <SCRIBE> This is a PROBLEM
16:58:39 <ln5> ln5 has joined #strint
16:58:44 <npd> smb, my hosting vendor makes it expensive and annoying to use https for my personal webpage
16:59:02 <SCRIBE> One set on by default
16:59:08 <SCRIBE> Steve Kent
16:59:29 <hej> hej has joined #strint
16:59:42 <hej> hello
16:59:46 <SCRIBE> Max observed earlier difference key management SSL vs TLS
16:59:53 <SCRIBE> SSH is used in closed environments
16:59:57 <SCRIBE> .
17:00:07 <SCRIBE> Less risky environments
17:00:09 <ln5> "do you use encryption in every place you can?" yes, i use tor. all the time.
17:00:12 <SCRIBE> not fair comparison
17:00:23 <SCRIBE> Larry Masinter
17:00:24 <Ted_1> Ted_1 has joined #strint
17:00:41 <SCRIBE> Low hanging fruit might be counterprodictive
17:00:48 <SCRIBE> very few browser vendors
17:00:57 <SCRIBE> don't sell the browser, sell something else
17:01:23 <SCRIBE> My VPN stops working once a day for security
17:01:28 <SCRIBE> (missed it)
17:01:33 <Ted_1> Not sure it is low-hanging fruit, but a fruit to care about is the work being BoFed in DNSE, which intends to provide confidentiality for DNS queries
17:01:34 <kodonog_> kodonog_ has joined #strint
17:01:41 <SCRIBE> Don't think there are anyl low hanging fruit
17:01:52 <masinter> masinter has joined #strint
17:02:09 <arobach> arobach has joined #strint
17:02:10 <SCRIBE> Onion routing one of the best ways to deal with an attack
17:02:15 <SCRIBE> not much ambition
17:02:32 <SCRIBE> Ambition: within the decade have onion routing in every browser
17:02:39 <SCRIBE> Cullen
17:02:46 <SCRIBE> Cullen Jennings:
17:03:05 <SCRIBE> What about IPSEX
17:03:08 <SCRIBE> IPSEC
17:03:24 <SCRIBE> O?S may have understood what is going on but the application did not
17:03:42 <SCRIBE> IETF criticism, only bothered by what is on the wire
17:03:53 <MacroMan> To be fair, easy typo
17:03:53 <SCRIBE> not in what happens elsewhere need to do a better job
17:03:59 <SCRIBE> Phil Zimmerman
17:04:08 <SCRIBE> Eduicating users is daunting
17:04:20 <DThaler> +1 to cullen, that's one of the things we were discussing during the break
17:04:26 <alfredo> alfredo has joined #strint
17:04:34 <SCRIBE> Like trying to educate people in pre litterate societies on germ theory of disease
17:04:54 <grothoff> IPSEC didn't happen because the NSA successfully botched the standardization process. Possibly the same reason why we talk about deploying TLS while the NSA uses NSLs and PRISM to get the data at the server.
17:05:13 <azet> the ipsec protocol is just incromprehensible
17:05:16 <azet> ...
17:05:22 <grothoff> That's how they made it fail.
17:05:30 <SCRIBE> Should try to avoid using pkis whenever possible
17:05:30 <azet> yes
17:05:31 <grothoff> Tons of options, insecure choices, etc.
17:05:39 <swb> audio?
17:05:45 <azet> best of all: downgrade attacks
17:05:47 <swb> oh there it is, buffered
17:05:52 <azet> null cipher et al
17:05:57 <swb> No, I just lost it again
17:06:31 <grothoff> Yes, but the point is that they had a hand in it, with the goal to make it fail.  Why are we talking about TLS, while activists have been killed or imprisoned due to CAs being hacked?
17:06:31 <swb> does anyone else have audio? I'm getting a 404 now.
17:06:37 <SCRIBE> Why can't we use more key continuity?
17:06:43 <grothoff> We should talk about eliminating TLS, not deploying it.
17:06:53 <azet> why no key contiunity? verisign can't profit of that
17:06:54 <azet> :(
17:07:09 <MacroMan> +1
17:07:23 <SCRIBE> ?? oop missed
17:07:26 <SCRIBE> Gamification
17:07:36 <SCRIBE> where people have that microscope
17:07:41 <swb> audio is back
17:07:41 <SCRIBE> how good is the encryption
17:07:43 <npd> Aaron Kaplan
17:07:45 <SCRIBE> do they have encryption
17:07:52 <SCRIBE> people need microscopes
17:07:58 <SCRIBE> how do we produce them
17:08:03 <SCRIBE> define tests
17:08:12 <jphillips> SSH is well-placed for TOFU because you're connecting to only one or two servers over and over again.
17:08:15 <SCRIBE> How should security be if works due to protocol
17:08:23 <SCRIBE> Define tests
17:08:34 <SCRIBE> Microsocope test slides
17:08:46 <jphillips> Might not work very well at all for e.g. HTTP, when surfing and jumping from site to site.
17:08:52 <azet> you can't replace CAs simply with a SSH-like protocol, but i think we should work on a distributed solution instead of hirachical CAs/WoT
17:08:55 <SCRIBE> Harold?
17:09:00 <azet> i mean i do not trust them, i used to 10yrs ago
17:09:07 <wseltzer> s/Harold?/Harry/
17:09:12 <SCRIBE> easy to convince a small group to change things that a large one
17:09:18 <azet> so why 1) pay for that 2) implement 300+ in browsers?!
17:09:19 <SCRIBE> Small group of browser vendors
17:09:23 <Ted_1> And mobile OSes as well.
17:09:31 <SCRIBE> Can get changes there
17:09:41 <SCRIBE> Browser test suites are effective for HTML5
17:09:47 <SCRIBE> Don't have test suites for security
17:09:51 <SCRIBE> competitive space?
17:10:16 <SCRIBE> Test suite to shame people might help
17:10:28 <SCRIBE> need a test suite to show what people should be working for
17:10:36 <SCRIBE> performance tends to outweight security
17:11:00 <SCRIBE> Stuart Bruyant cisco
17:11:10 <SCRIBE> Get DNS out of the equation
17:11:15 <SCRIBE> go back to hosts file
17:11:23 <azet> host files do not scale :)
17:11:24 <SCRIBE> EKR
17:11:32 <swb> boom!
17:11:33 <SCRIBE> 3 observations
17:11:38 <arobach> arobach has joined #strint
17:11:39 <rigo> general bad hums on host files
17:11:45 <SCRIBE> We do have test suites
17:11:58 <SCRIBE> sory do think important
17:11:59 <grothoff> German news reported today that the German security service (BND) was hacked by a Stuxnet-like Russian malware since 2011.  Sure that performance always beats security?
17:12:06 <SCRIBE> test sites are good but they have to be right
17:12:07 <jphillips> Distributed hosts file (Namecoin)?
17:12:11 <SCRIBE> they are often wrong
17:12:23 <SCRIBE> not helpful for the wrong script!
17:12:36 <SCRIBE> BEAST people said should use RC4
17:12:53 <SCRIBE> Opportunisitc http is contor
17:12:56 <azet> jphillips: DHTs?
17:12:58 <SCRIBE> Mark Nottingham
17:13:11 <SCRIBE> It is controversial
17:13:19 <SCRIBE> don't need to upgrade server on apache
17:13:25 <SCRIBE> low hanging fruits
17:13:35 <SCRIBE> requiring tls.12
17:13:42 <SCRIBE> requiring certain cipher suites
17:13:49 <SCRIBE> stumbling blocks
17:13:56 <SCRIBE> for encryption is horrific
17:14:08 <SCRIBE> on use side, user experience for security needs work
17:14:18 <SCRIBE> HTTP-BIS not appropriate
17:14:37 <SCRIBE> Randy Bush
17:14:52 <SCRIBE> Phil agree that PKI sux
17:15:02 <hhalpin> hhalpin has joined #strint
17:15:02 <SCRIBE> but don't throw tools away when have broken ??
17:15:06 <azet> car
17:15:11 <SCRIBE> Trying to paint security on ex post facto
17:15:17 <SCRIBE> beast with 300 moving pieces
17:15:35 <SCRIBE> Serious protocol work to do so DNS/http uses dane
17:15:38 <npd> I think lots of people are hesitant about standards for UX and for good reason. But in some cases the advantages might outweigh those concerns.
17:15:44 <hhalpin> ekr - as regards browser vendors, thanks Mozilla for hiring all barnes re Crypto API, because it appeared it was not being implemented.
17:15:44 <SCRIBE> so don't need pki
17:15:55 <SCRIBE> will not transport without privacy and authenticity
17:15:57 <hhalpin> That being said, Personae has been dropped and not being shipped anywhere to a standards body
17:16:01 <SCRIBE> not going to do it tomorro
17:16:06 <hhalpin> ditto the lack of cert pinning in Mozilla is rather urgent to be fixed
17:16:07 <SCRIBE> even if we beat stuart up
17:16:14 <SCRIBE> (still going to do that)
17:16:20 <hhalpin> In fact, we have no cross-browser security test-suites
17:16:32 <SCRIBE> Steve Kent
17:16:34 <mcmanus> mcmanus has joined #strint
17:16:42 <hhalpin> And attempts to harmonize UX has failed in standards bodies at W3C due to feeling that security UI was competitive
17:16:43 <rigo> hhalpin, browser? security?
17:16:52 <Ted_> Ted_ has joined #strint
17:16:58 <SCRIBE> As guy for IPSEC, has not succeeded because access control is a critical feature
17:17:12 <SCRIBE> have to configure whether you want plaintext or encryption or whatever
17:17:19 <SCRIBE> designed for administrator
17:17:21 <SCRIBE> not end user
17:17:24 <npd> hhalpin, but maybe we're coming around to it being too important not to?
17:17:37 <hhalpin> Previous attempt: http://www.w3.org/TR/wsc-ui/
17:17:40 <SCRIBE> Don't confuse WebPKI with PKI
17:17:49 <SCRIBE> CAs are authoritative for nothing
17:17:57 <hhalpin> Yes, I think WSC 2.0 with a test-suite around UI would make sense - if we had an agreement (help researchers and UX folks) on how to present security concerns to users
17:17:58 <SCRIBE> DANE is authoritative for Domains
17:18:09 <SCRIBE> Threat model or risk model
17:18:34 <SCRIBE> contentious is going to be whether encouraging widespread unauthenticated will encourage MITM
17:18:49 <SCRIBE> \Don't think it belongs in threat model, is a risk model thing
17:18:52 <SCRIBE> Milinda Shore
17:19:02 <SCRIBE> Eduaction problem,
17:19:08 <SCRIBE> largely true
17:19:15 <swb> s/Milinda/Melinda/
17:19:25 <SCRIBE> firewall travesal, is painful
17:19:43 <SCRIBE> inspecting traffic desired by admins,
17:19:45 <MaryB> MaryB has joined #strint
17:19:50 <Ted_1> Ted_1 has joined #strint
17:19:54 <SCRIBE> dismissive possibility of today
17:19:58 <SCRIBE> now people are worried
17:20:14 <SCRIBE> cisco
17:20:17 <SCRIBE> Max
17:20:22 <SCRIBE> Comment about TLS and SSH
17:20:53 <SCRIBE> TLS is designed for use across organizational boundary
17:20:58 <SCRIBE> used often inside organization
17:21:01 <dka> dka has joined #strint
17:21:08 <grothoff> People are not merely worried, they recognize that the Internet is a system for mass surveillance, and most are simply resigned to the fact that they cannot expect to communicate privately anymore. I think that's beyond "people are worried".
17:21:09 <SCRIBE> is a key management solution
17:21:14 <SCRIBE> otheres may be better
17:21:30 <SCRIBE> Gap between how SIP layer works and authe layer workd
17:21:33 <SCRIBE> sworks
17:21:43 <SCRIBE> turning it on has operational problems
17:22:01 <SCRIBE> scaling issue
17:22:03 <azet> grothoff: they still do not change their online behavoir w.r.t. what to write and what not to
17:22:08 <SCRIBE> handle the load
17:22:12 <SCRIBE> additional
17:22:13 <azet> grothoff: IMHO it's up to service providers to properly protect them
17:22:39 <grothoff> azet: true in many cases, but I think 90% just don't care/understand the implications of mass surveillance.  Others have changed their behavior, sometimes in subtle ways.
17:22:55 <grothoff> My aunt doesn't want to talk on the phone with me about certain topics anymore...
17:22:58 <SCRIBE> Lars Eggert:
17:23:02 <jphillips> OpenSSH is only easy to use because it leaves the key management to the users, who don't bother to do key management properly.
17:23:14 <SCRIBE> security is mandatory to implement but optional to use
17:23:16 <azet> grothoff: it's worrying if people do not care anymore
17:23:28 <azet> thats a social problem though
17:23:30 <SCRIBE> go to model where it is mandatory to implement but not to secure credentials
17:23:36 <azet> like the whole surveilance stuff in the first place
17:23:41 <grothoff> azet: service providers cannot protect them, as then they can be compelled.  We, the technical people, have to give everybody the tools that they can protect themselves with.
17:23:46 <SCRIBE> Farrel: i agree
17:23:54 <SCRIBE> Then do it, write a BCP
17:24:07 <ldaigle> ldaigle has joined #strint
17:24:31 <SCRIBE> ?? didn't hear
17:24:42 <SCRIBE> Apps that transport credentials
17:24:51 <SCRIBE> ones that are transporting user credentials
17:25:10 <ldaigle> Achim Klab…. (EU data protection)
17:25:11 <SCRIBE> most important apps are blocking cert errors
17:25:29 <azet> apps? it's still best practice for ruby and php coders to disable certificate validation
17:25:38 <azet> there are thousands out there
17:25:56 <azet> not even joking, do a github search
17:26:31 <wseltzer> phb: WebPKI was designed to allow people to spend money online
17:26:38 <wseltzer> ... with the same confidence they do so offline
17:26:46 <kenny> kenny has joined #strint
17:26:49 <wseltzer> ... If you're using it to protect other things, you're doing it wrong
17:27:20 <rigo> PHB: using clear credentials in a TLS session like some famous mail service is wrong
17:27:22 <SCRIBE> Peter Ekersley
17:27:30 <jphillips> Anecdote: Yaaic (Android IRC client) does no certificate checking (unless you use my version): no warning shown in UI, and nobody seemed to be bothered.
17:27:35 <SCRIBE> wouldn't it be nice if we could live in a world
17:27:52 <SCRIBE> where sysadmins can just turn on SSL could do it
17:28:05 <SCRIBE> What is a hack that could do that?
17:28:31 <SCRIBE> If the server has not had a cert before then just give it to them
17:28:55 <SCRIBE> Put giant lists of everything that has upgraded to the protocol in giant list in the sky
17:28:56 <kodonog> kodonog has joined #strint
17:29:00 <SCRIBE> David Wekin
17:29:02 <azet> is he aware of certificate-transparency?
17:29:03 <PhilippeDeRyck> hardcoding in the client is already done in chrome for HSTS
17:29:09 <SCRIBE> security on by default
17:29:17 <SCRIBE> (azet, yes)_
17:29:30 <SCRIBE> uneducated guys running one server for low usage
17:29:31 <DThaler> s/Wekin/Wakelin/
17:29:40 <SCRIBE> Eliot Lear
17:29:49 <SCRIBE> has been wide ranging discossuon
17:29:56 <SCRIBE> at risk of boiling the ocean
17:30:02 <SCRIBE> improving the webpki experience
17:30:12 <SCRIBE> ietf has shied away from UI
17:30:19 <SCRIBE> do we need to work with UI people
17:30:32 <SCRIBE> Daniel KG
17:30:34 <npd> +1 elliot
17:30:51 <SCRIBE> if people are as interested in testing defining tests
17:30:55 <SCRIBE> would be interested to ttalk to you
17:31:02 <ldaigle> ldaigle has joined #strint
17:31:25 <npd> Back in 15 minutes, be prompt!
17:32:09 <AndroUser2> AndroUser2 has joined #strint
17:32:13 <swb> The IETF has not "shied away" from UI. UI is not a protocol issue. The IETF intentionally stayed away from it.
17:35:44 <jphillips> But do complicated crypto systems tend to force tighter coupling between UI design and protocol design?
17:39:08 <jphillips2> jphillips2 has joined #strint
17:39:27 <swb> We have layering because it allows problems to be cut up and modularized. I don't think the answer is to add complexity to the UI, but rather to make the right thing be the default behavior.
17:39:32 <swb> but I don't know much
17:40:35 <AndroUser2> AndroUser2 has joined #strint
17:40:41 <AndroUser2> AndroUser2 has joined #strint
17:40:41 <jphillips> jphillips has joined #strint
17:43:53 <PhilippeDeRyck> PhilippeDeRyck has joined #strint
17:44:39 <mcmanus> mcmanus has joined #strint
17:45:27 <pde> pde has joined #STRINT
17:45:29 <tara> tara has joined #strint
17:45:57 <kodonog> kodonog has joined #strint
17:46:10 <kodonog> scribenick kodonog
17:46:21 <DThaler> DThaler has joined #strint
17:46:27 <ldaigle> ldaigle has joined #strint
17:46:31 <kodonog> rigo: starting policy session
17:46:42 <BenL> BenL has joined #strint
17:46:45 <npd> scribenick: kodonog
17:46:59 <kodonog> ... policies that are influecing passive monitoring
17:47:35 <kodonog> ... public perceptions of the users
17:47:58 <kodonog> ... Feb 2014 poll in France says 57% in favor of surveillance
17:48:07 <kodonog> ... most people think they are monitored anyway
17:48:14 <kenny> kenny has joined #STRINT
17:48:30 <dougm> dougm has joined #strint
17:48:39 <kodonog> ... why are they pessimistic
17:49:01 <kodonog> ... first were companies that monetized identities
17:49:12 <kodonog> ... companies that are monitoring users are successful
17:49:29 <kodonog> ... monitoring has become ambient
17:49:59 <Ted_> Ted_ has joined #strint
17:50:08 <kodonog> ... slippery slope of increasing laws related to surveillance...
17:51:46 <kodonog> ... no expectation of Privacy on the Internet anymore
17:52:01 <Benoit> Benoit has joined #strint
17:52:15 <kodonog> ... our role is to give them hope
17:52:35 <kodonog> Bernard Aboba: there are another series of laws and polices that are going in the other direction
17:52:54 <kodonog> ... HIPPA, Sarbanes Oxley, etc that are trying to address
17:53:00 <kodonog> ... may not have been effective
17:53:03 <Ted_1> Ted_1 has joined #strint
17:53:12 <swb> That's misdirected, we can't give them hope, since the final say is governmental policy and laws.
17:53:20 <kodonog> ... this a biased view of the policy
17:53:35 <swb> We can make hope technically possible, but cannot implement hope.
17:53:40 <Bert> -> http://www.lemonde.fr/technologies/article/2014/02/25/la-surveillance-d-internet-justifiee-pour-une-majorite-de-francais_4372732_651865.html poll shows the French think PM is justified [in French]
17:54:05 <kodonog> Rigo: turn the paradigm around
17:54:07 <jphillips> Now how #an
17:54:17 <kodonog> ... need tech changes and policy changes
17:54:22 <kodonog> ... need to work together
17:54:28 <swb> @Bert many people around the world think it's justified. cite Ben Franklin.
17:54:51 <jphillips> Now how many will think PM of private webcam images is justified?
17:55:00 <kodonog> Christine Runnegar: Policy ripples
17:55:08 <kodonog> ... what is the impact on the internet
17:55:16 <kodonog> ... what policies to we want made that will support
17:55:21 <swb> good point - they would like it in general and not like it in specific. (aside: the opposite of racism)
17:55:35 <kodonog> ... how do we ensure that policies and technologies are aligned...
17:55:46 <masinter> masinter has joined #strint
17:55:50 <kodonog> ... six categories (see slides as I missed them them
17:56:51 <kodonog> ... example policies and emerging efforts
17:57:11 <DThaler> slides at http://down.dsg.cs.tcd.ie/strint-slides/s3-policy.pdf
17:57:40 <kodonog> Rigo: GCHQ and Yahoo revelation, looking at peoples videos and living rooms
17:58:05 <kodonog> ... current complaint running at European Court of Human rights
17:58:23 <grothoff> Actually, UK minister of justice has already said it is above ECHR on a recent judgement over murder imprisonment.
17:58:25 <PaulWouters> PaulWouters has left #strint
17:58:53 <grothoff> So they'll just again say that human rights matter less in UK than in Russsia (the Russians have not taken the position that ECHR rulings do not apply to them).
17:59:37 <kodonog> Christine: legal action response to issue (appeal to EC on HR)
18:01:15 <kodonog> Rigo: ways for Europeans to cause US pain
18:02:07 <grothoff> Only pain ECHR can cause the UK is to throw them out of European Council.  So I do not think that ECHR is a good argument here.
18:02:58 <kodonog> ... ongoing Actions, suits
18:03:18 <grothoff> European treaties don't hold either, as national security concerns can be used, as EU is specifically excluded from interfering with national security issues.
18:04:20 <DThaler> confusingly similar to Extra-Terrestrial surveillance?
18:04:21 <kodonog> Christine: get back to the moral high ground with OECD and activities like that
18:04:34 <dougm> Just to be clear ... we are restoring hope to the 43% who were not in favor of surveillance?
18:04:38 <kodonog> ... need dialog between tech and policy communities
18:05:23 <grothoff> Spying on _Germany_ is not the same as spying on ordinary German citizens.  Even in the cold war, it would have been wrong to spy on ordinary Russian citizens.
18:05:38 <kodonog> Rigo: is privacy a human right and universal
18:06:37 <swb> Not for the IETF to decide. Maybe W3C :-).  This is one point where the technical and policy groups don't need to get together -- they should after the policy community decides.
18:06:44 <kodonog> Cullen Jennings: bullet saying those monitoring the most were the most successful
18:06:54 <kodonog> ... not sure that is true, if it is true this is all doomed
18:07:28 <kodonog> Eliot: what is for the IETF (and what is for the W3C), we are engineers, what should we be contributing
18:07:57 <ldaigle> ldaigle has joined #strint
18:08:01 <kodonog> David Rodgers: at Mobile World Congress this week, where these topics were also discussed
18:08:05 <swb> right
18:08:14 <kodonog> ... others things going in world
18:08:24 <kodonog> ... suggest ethics boards in standards bodies
18:08:26 <hildjj> We should totally have an ombudsperson.
18:08:39 <arobach> arobach has joined #strint
18:08:57 <kodonog> ... stuff going at the ITU
18:09:04 <swb> ombudsentity!
18:09:13 <kodonog> ... China proposed using DPI with mobile malware
18:09:27 <DThaler> @Cullen: my counter hypothesis is that the most economically successful entities are where the _risk of disclosure_ is highest.
18:09:33 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html Bert
18:09:47 <kodonog> ... proposal from Ukraine backed by Russia to put the IMI database in the ITU and maybe MAC addresses as well
18:10:04 <JMC> JMC has joined #strint
18:10:06 <kodonog> ... rationale is for countering conterfeiting
18:10:22 <kodonog> ... problem with ITU is that they have the power of regulation
18:10:40 <alfredo> alfredo has joined #strint
18:10:48 <swb> iiuc SIP URIs for 3G-connected phones already contain IMEIs.
18:10:58 <kodonog> ... at what point would we give up our privacy
18:11:33 <kodonog> Joe Hall (CDT): very aspirational and very hopeful, but what is actually happening is pretty depressing
18:12:16 <kodonog> .... a bunch of examples
18:13:06 <kodonog> PHB: I trust strong crypto more than I trust governments to protect privacy
18:14:14 <ldaigle> @scribe — Achim (EU data protection guy)
18:14:15 <kodonog> Achim: a lot of misinformation distributed in the US about the legal situation in Europe
18:14:42 <kodonog> ... paper #64 to bring policy together, less idealistic approach than what was in Rigo's slides
18:15:21 <grothoff> https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf
18:15:29 <kodonog> Alissa Cooper: for engineers in the IETF/W3C, it is useful to have conduits to what is going on in Policy land
18:16:02 <kodonog> ... if there are problems with how IETF/ISOC, we could draw down on this
18:16:11 <dougm> Do we have concerns about complicating legal/lawful intercept?
18:16:18 <kodonog> ... no what we are here today and tomorrow to do
18:17:02 <grothoff> German government can't protect its own NSA from the Russians, how can they protect their citizens against the NSA?
18:17:17 <kodonog> Phil Zimmerman: what can Germans do to try to limit US spying...
18:17:29 <alfredo> alfredo has joined #strint
18:17:42 <kodonog> ... we worked together to win the crypto wars 10 years, and now we need to do the same for surveillance
18:19:56 <kodonog> @@@@ UCL - we should no propagate the fiction that domestic law can solve this
18:20:25 <wseltzer> s/@@@@/George Danezis/
18:20:51 <kodonog> Dave Crocker: reference to regaining the moral high ground, has demonstrated why we should stay away from it
18:22:04 <kodonog> Dana (Oxford University): alot of lessons from the attempted criminalization from strong cryptography
18:22:30 <kodonog> ... second point, alot of what we need to counter surveillance is there but it doesn't have teeth
18:23:11 <kodonog> Jari Arkko: what of this belongs to organizations like IETF/W3C
18:23:36 <kodonog> ... what we say/do privately is different than what we do publicly
18:23:42 <kodonog> ... we have to inform people
18:23:44 <JoeHallCDT> JoeHallCDT has left #strint
18:23:50 <kodonog> ... sometimes we have to take a position
18:24:19 <kodonog> Stewart Bryant: assumption is that collection of metadata is a bad thing
18:24:21 <Jiangshan> Jiangshan has joined #strint
18:24:30 <kodonog> ... collection of telephone data has served us well
18:24:49 <kodonog> ... we need to find ways to enable that collection of metadata in a way that is safe and secure
18:25:39 <kodonog> Nick Doty: where we could make progress on the policy side, ask governments to non-interfere or non-sabatoge packs for our standards
18:25:53 <kodonog> ... we can make the technical and the moral case
18:26:06 <barryleiba> barryleiba has left #strint
18:26:12 <kodonog> Ted Hardie: no technical solution should depend on a policy approach
18:26:31 <kodonog> ... disagree that there is no moral good to be discussed here
18:26:51 <kodonog> ... anything that obstructs the ability to have open connection
18:26:59 <kodonog> ... needs to be seen in the harms humanity realm
18:27:27 <npd> +1 Ted
18:28:12 <kodonog> David ??? : should a government agency be able to influence <something>
18:28:24 <grothoff> s/???/Carlo von Lynx/
18:29:15 <kodonog> max: pirate party (missed comment - sorry)
18:29:49 <kodonog> Rico: need informed discussion...
18:29:52 <swb> Yes exactly. We make privacy _possible_
18:30:09 <kodonog> ... question your own role in the policy debate
18:30:15 <klc> klc has joined #strint
18:30:57 <kodonog> Christine: wrap up and beef
18:31:07 <kodonog> Stephen: what breakouts for tomorrow?
18:31:33 <ldaigle> ldaigle has left #strint
18:31:35 <kodonog> Dave Crocker: Certs without Certs
18:32:00 <kodonog> ... the problems with certificates that we are having now, simpler solutions
18:32:18 <kodonog> Aran: measuring and testing
18:32:36 <kodonog> Brian Trammel: some of the topics overlap should we combine
18:32:51 <kodonog> Larry Masinter: Aggregation of ?
18:33:09 <kodonog> @@@@ clean slate approach
18:33:32 <[bjoern]> [bjoern] has joined #strint
18:34:10 <DThaler> "What is research" sounds like a research question...
18:34:11 <kodonog> Kenny Patterson: Research break out - what research topics would be useful
18:34:26 <jphillips> Or philosophy…
18:34:38 <rigo> rrsagent, please draft minutes
18:34:38 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html rigo
18:34:45 <kodonog> Stewart Cheshire: displaying certificate errors doesn't empower the users, it empowers the administrator
18:35:06 <kodonog> ... causes error fatigue (see paper #47)
18:36:16 <kodonog> Stewart Cheshire: UI changes.. fix might not be UI changes...
18:36:19 <hillbrad> hillbrad has joined #strint
18:37:19 <kodonog> Stephen: poll on breakout choices
18:39:54 <mcmanus> mcmanus has left #strint
18:40:19 <rigo> rrsagent, please draft minutes
18:40:19 <RRSAgent> I have made the request to generate http://www.w3.org/2014/02/28-strint-minutes.html rigo
18:40:28 <rigo> rrsagent, bye
18:40:28 <wseltzer> scribe: kodonog
18:40:28 <wseltzer> i/COMSEC/Topic: COMSEC1
18:40:28 <wseltzer> i/rigo: starting policy session/Topic: Policy
18:40:28 <RRSAgent> I see no action items