10:37:41 RRSAgent has joined #onbydefault 10:37:41 logging to http://www.w3.org/2014/03/01-onbydefault-irc 10:45:49 xnyhps has joined #onbydefault 11:07:22 jphillips has joined #onbydefault 11:09:59 steffi has joined #onbydefault 11:11:36 cabo has joined #onbydefault 11:17:19 drogersuk has joined #onbydefault 12:16:42 jphillips has joined #onbydefault 12:53:31 jphillips has joined #onbydefault 13:05:51 cabo has joined #onbydefault 13:09:44 drogersuk has joined #onbydefault 13:50:03 drogersuk has joined #onbydefault 14:22:30 cabo has joined #onbydefault 14:26:26 jphillips has joined #onbydefault 14:29:22 jphillips2 has joined #onbydefault 14:32:42 cabo has joined #onbydefault 14:33:29 hildjj has joined #onbydefault 14:34:31 dacheng has joined #onbydefault 14:37:50 JoeHallCDT has joined #onbydefault 14:38:27 scribe is me 14:38:35 drogersuk has joined #onbydefault 14:38:42 on by default, more than MTI, something other than certs 14:38:58 arobach has joined #onbydefault 14:38:59 Sean: we can have religious wars about things… 14:39:02 azet has joined #onbydefault 14:39:23 … whatever it is in the area that you're going to try to bind a key to a container, just do it 14:39:57 more than certs: don't care, religious argument, moving on 14:40:20 Sean: on by default, and more than MTI are subtely the same thing 14:40:32 Jon P. more than MTI means something about how IETF process works 14:40:56 … on by default is slightly different from there is no encryption optoin 14:41:08 Culen: and a third is "there's no way to turn encryption off" 14:41:17 Sean: we can say MTI is great but we can say MTU 14:41:28 … we can eat our own dogfood and not do kabuki theatre 14:41:43 donnelly has joined #onbydefault 14:41:44 … turning it off in walled garden doesn't work 14:42:06 Bernard aboba: complaints I've heard about difficulut in using security, is because of lack of implementation experience 14:42:18 … when dev team is not able to do their work, bugs get fixed 14:42:36 Cullen: negotiating security options has been difficult, the fewer options the easier it is 14:42:49 Joe H: we have a history of no adequately dealing with downgrade attacks 14:43:00 Sean: new attacks have made it obvious that we made the wrong choice 14:43:20 Eliot: what is it? encryption 14:43:34 … well there is another room over there that talks about if you have a cert 14:44:12 Andrea: encryption on by default is what we want for sure, auth by default is hard to do by default… what do we use? 14:44:25 Russ: you can't get authentication with nothing 14:44:42 Andrea: why haven't we been using TLS all these years? maybe not the encryption but the cert auth. 14:45:07 … the fact that you can get the encryption without dealing with auth is a good thing 14:45:30 Jon: are we talking about making a process change to IETF specs? or creating guidelines (BCP) that we think you should do x? 14:45:56 … what we don't want, is IPSec, tcpcrypt, TLS, CMS to be MTI and then we have bloat bloat bloat 14:46:27 woman from cisco: if it's on by default, you can still turn it off 14:46:35 Coop: what are the different choices that we're talking about? 14:46:45 … building a protocol and design is different from process 14:46:53 Russ: it's more about will the IESG send it back? 14:47:07 Jon: what process change do we want? because we're not buidling a protocol here. 14:47:35 McManus: layers and switches create a market problem where people deploy them in the easiest way possible. 14:47:42 … if crypto is baked in, that can be a win 14:47:55 Sean: want to get to where it's on, it's secure and the user doesn't have to check 14:48:33 some guy: on by default catches a minor subset of people that don't 14:48:38 kaie has joined #onbydefault 14:48:41 … no one has the MTU scope 14:48:58 … so if there is not insecure version defined, that's how we get to MTU at IETF 14:49:18 Dave Crocker: if there is no alternative than MTU than folks will just work around it. 14:49:23 … have to make it more deployable. 14:49:50 some guy: can't have utopian view… his enterprise depends on DPI and stuff 14:49:57 … not going to turn it off due to other concerns 14:50:20 Rogers: some of these blocks of companies and countries will swing the pendulum the other way... 14:50:30 and ban businesses if they don't do things this way 14:51:02 s/some guy/Doug Montgomery/ 14:51:39 Rogers: real world user problem is that there is a lot of crap in the pipe 14:52:00 Cullen: don't see why you need DPI to do these things. 14:52:08 Jon: middleboxes are used to do those things, so... 14:52:24 Dave Crocker: some organizations have made decisions to look at stuff in the middle... 14:52:39 … the other problem is stuff is hard to deploy… maybe we want "easier to implement" 14:52:48 … these are separate topics 14:53:01 Rogers: in WebCrypto… there is a bit of crypto snobbery going on 14:53:13 … my requirement as a developer is to "just be secure" 14:53:32 … but people implement all the options in the wrong manner 14:53:43 … we're also thinking in a browser context 14:53:52 maxpritikin has joined #onbydefault 14:54:07 … defacto expectation that in the mobile context SSL is mandatory 14:54:41 Joe H. we're forcing developers to use the same mechanisms as attackers 14:55:04 some guy2: when we get a real IoT, there will be law enforcement pressure to snoop 14:55:25 Joe H.: may be that we force them to use attackers' methods 14:55:44 … anything less than that 1) we have the "IETF is trying to break security" blow up... 14:55:53 … and 2) can't tell if the attacker is good or bad 14:56:08 Melinda: exentsive work on firewall/NAT traversal 14:56:21 … some of which include explicit signaling about ports and such 14:56:28 … no deployment due to burden 14:56:40 … people rely on STUN and TURN and ICE that are in some sense an attack 14:56:53 Jon: doesn't agree at all 14:57:23 Joe H.: is there a problem that we think we can solve if we can't be explicit or implicit? 14:57:42 McManus: passive agressive 14:57:55 Jon: on by def, MTI/MTU… 14:58:03 … we're exploring implications of actually doing this 14:58:27 Dave Crocker: if we just decide to make this requirement then we're done... 14:58:42 … of course, we're not because that's far from implementation reality 14:58:53 some guy3: we want to make downgrade detectable 14:59:06 Joe H.: how to you tell who downgraded? 14:59:36 Rogers: we don't want a warning triangle permanently 14:59:44 Jon: let's talk about IPSec for a minute 15:00:13 rogers: in mobile, we have an error interface to the small cell, then IPSec tunnelling back to the core network 15:00:20 … and you can just grab the keys 15:00:48 Alissa: one protocol at a time is going to come through and the decision has got to get made 15:01:01 Berndard: the distinction is not something that hasn't been on and turning it on... 15:01:14 … if you turn IPSec on in some organizations, all hell will break loose 15:01:15 air interface encryption, not error interface 15:01:34 … but for clean slate, that's easier as there's no path dependence 15:01:39 box is a weak point, physical access and so on 15:01:51 some guy4: on by default is only one option 15:02:12 … IPSec on by default, how do we do that? 15:02:25 Lear: at different levels, the answers come out differently 15:02:32 ln5 has joined #onbydefault 15:02:33 … esp. deployed vs. green field 15:02:45 hildjj has joined #onbydefault 15:02:45 … the Cooper draft [something] 15:03:08 … from an enterprise security perspective, I ask will that be a conduit for something getting out 15:03:35 … what is the risk of on by default? 15:03:54 Cullen: what is on by default? we're talking about mandatory to use? 15:04:18 Russ: we're trying to figure out for legacy stuff, changing the defaults and for new things, shipping it by default 15:04:50 McManus: is mandatory to offer a twist on this disucssion? 15:05:02 Dave Crocker: this implies and active decision by the user 15:05:11 Mnot: well, it could be that the product choice makes the decision 15:05:29 … this came up in Berlin… can we correct this? 15:05:49 Lear: there are some working groups that are going to on by default and MTU… e.g., SKIM (sp?) 15:06:12 some guy3: great example there… what are you going to do when people implement something different? 15:06:21 wendyg has joined #onbydefault 15:06:25 Alissa: if you can't interoperate, then you have a problem 15:06:53 some guy3: but interoperability is across organization and firm… that may not be particularly relevant for certain services 15:10:02 Cullen: in the case where it is on by default but the off button exists... 15:10:14 … the discussion will get interesting 15:10:45 Lear: if something can be made mandatory (passes the sniff test), common sense dictates that this is what you do 15:11:01 … on other extreme, if existing toolset doesn't support it, you can't do it 15:11:09 … so we can document things like this and these boundaries 15:11:17 … suppose we're going to mandate client certs for everything 15:11:27 … preposterous, but we can ask how do we get there? 15:11:38 … what engineering-wise can we do to raise those bars 15:11:59 Andrea: wants to bring back the layering discussion 15:12:13 … OBD is great, but must be backwards compatible 15:12:32 … sure client certs would be a disaster… unless it were very very easy to do 15:12:55 … that was what was behind the Session ID in tcpcrypt 15:13:07 … can be used for things like client certs when we get there as a society 15:13:26 Crocker: let's take eliot's point and look at the highest point of departure... 15:13:45 … it would have to have benefits for this meeting, we know it has problems being more widely deployed 15:14:02 … if we can get wider deployment, it's easier to say this needs to be used all the time 15:14:40 (discussion as if that's technical work) 15:15:06 Rogers: a lot of people are using the technical excuse (blame the techies) for bad business decisions 15:15:36 Doug Montgomery: in the extreme that you don't design an insecure mode... 15:15:46 … has to be painless or there will be no deployment 15:15:55 … has to be dead easy, scales and robust or it won't get deployed 15:16:04 Sean: put your money where your mouth is 15:16:26 DM: the things that we're deciding to secure and lock up are used by businesses 15:16:50 … you have to raise the perceived value of security, 15:16:59 … risk is a local perception 15:17:13 … who's risk? enterprise vs. the individual are very different 15:17:48 Jon: pervasive monitoring is an attack. full stop. 15:18:37 Rogers: do we cut off things that might help millions of people 15:19:03 some guy3: it's about context… contexts are different 15:19:14 … but the controls should be there to choose to do things 15:19:31 Jon: always-on-TLS can be always-on with a null cipher! 15:20:17 Andrea: programmers find security to be hard bc of auth… it's hard and far from generic 15:20:33 … if we could decide what is the always-on, we can get far 15:21:23 Cullen: on by default means "secure by default" 15:21:55 Jon: what do you think WebRTC is? 15:22:05 Cullen: hmmm… doesn't have security without IdP 15:22:50 Jon: opportunistic confidentiality is a non-trivial improvement 15:24:18 Cullen: what's going to make a difference? 15:24:29 … what would make a difference is not designing the protocol to not support insecure shit 15:24:37 arobach has joined #onbydefault 15:24:53 … is the bottom opportunistic encryption, and auth enc is higher 15:25:07 lear: [missed that] 15:25:19 cullen: there are old protocols and new protocols, two classes 15:25:29 Alissa: other is chance of deployment given a change 15:25:36 … no clear way to figure that out 15:26:08 lear: probably circumstances where the high bar doesn't need to be auth enc… what meets that bar? 15:26:14 … when key mgmt can be solved 15:26:33 … when we know that can't be solved, that's a problem 15:27:19 Russ: maybe what you said is: in the negotation… if you can reach auth enc, do it… if you can't fall back to OE 15:27:34 Bernard: this gaurantees that unauth enc will be used 15:27:52 crocker: tone in the room doesn't seem to be concerned with real world problems in deployment 15:32:18 (going to slow down scribing due to hands that hurt) 15:34:29 hildjj has joined #onbydefault 15:35:04 some guy3: don't be afraid of authenticated or unauthenticated encryption 15:35:43 Mike P: how do you decide to drop from AE to OE? 15:42:13 (stop scribing, sorry) 15:47:38 azet has left #onbydefault 15:52:56 hildjj has joined #onbydefault 15:55:19 cabo has joined #onbydefault 16:07:20 RRSAgent, make minutes 16:07:20 I have made the request to generate http://www.w3.org/2014/03/01-onbydefault-minutes.html wseltzer 16:07:30 RRSAgent, make logs public 16:08:53 Meeting: STRINT breakout, On By Default 16:08:59 RRSAgent, make minutes 16:08:59 I have made the request to generate http://www.w3.org/2014/03/01-onbydefault-minutes.html wseltzer 16:10:28 drogersuk has joined #onbydefault 16:14:30 hildjj has joined #onbydefault 18:27:06 cabo has joined #onbydefault 19:22:40 cabo has joined #onbydefault 22:47:54 cabo has joined #onbydefault 23:34:47 hildjj has joined #onbydefault