Tim Polk | 3 Jun 16:11 2009

Request for agenda items

Folks,

Pasi and I are working on the agenda for saag at IETF 75.  We would  
like to post the draft agenda on or around the 18th, so we would  
appreciate suggestions by the 12th.

Thanks,

Tim Polk
Pasi.Eronen | 9 Jun 09:58 2009
Picon

Recruiting co-chair for ISMS WG

The ISMS (Integrated Security Model for SNMP) working group has
been chaired by Juergen Schoenwaelder, and it recently completed
its major deliverables for securing SNMP with SSH. The group is 
now planning to take on new work, including obtaining VACM
authorization information via RADIUS, and specifying TLS/DTLS 
based transport for SNMP.

However, Juergen will not be able to attend at least IETF76 and
IETF77, and we're looking for a co-chair.

If you would like to be considered for this position, or know
someone you think would be interested, please contact Tim and me
directly.  We are also open to considering new blood; i.e., someone
who hasn't been a WG chair before. Co-chairing a WG is a great way
to learn new things and serve the IETF community -- so please 
volunteer!

Best regards,
Pasi & Tim

Basil Dolmatov | 13 Jun 10:29 2009
Picon

GOST algorithms descriptions

Hello,

the fact that the GOST cryptography algorithms descriptions are not 
easily accessible in English was repeatedly mentioned when discussing 
related subjects.
Now, these descriptions are posted as I-Ds, we hope that will serve the 
community to get acquianted more closely with these sets of widely used 
algorithms.

http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost341194-00.txt

http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost34102001-00.txt

Comments are welcome vie e-mail or in the maillists.

dol <at> 

Blumenthal, Uri | 15 Jun 00:14 2009
Picon

Re: GOST algorithms descriptions

Nice work with the drafts - thank you! (Some technical questions may come later.)

This CFRG discussion mentioned attacks against GOST hash (which are not applicable to SHA-2, for
example). When there's no shortage of hash algorithms, why choose one that has demonstratable flaws?
Only because "it's been invented here"? In the same key (no pun intended :-), why in this day and age choose a
hash based on a 64-bit cipher?

I for one would like to see these issues commented on.

Thanks!

----- Original Message -----
From: cfrg-bounces <at> irtf.org <cfrg-bounces <at> irtf.org>
To: saag <at> ietf.org <saag <at> ietf.org>; cfrg <at> irtf.org <cfrg <at> irtf.org>
Sent: Sat Jun 13 04:29:07 2009
Subject: [Cfrg] GOST algorithms descriptions

Hello,

the fact that the GOST cryptography algorithms descriptions are not 
easily accessible in English was repeatedly mentioned when discussing 
related subjects.
Now, these descriptions are posted as I-Ds, we hope that will serve the 
community to get acquianted more closely with these sets of widely used 
algorithms.

http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost341194-00.txt

http://www.ietf.org/internet-drafts/draft-dolmatov-cryptocom-gost34102001-00.txt

(Continue reading)

Hugo Krawczyk | 17 Jun 23:29 2009
Picon

HKDF draft: draft-krawczyk-hkdf-00

Following my presentation at the San Francisco SAAG meeting,
Pasi and I have written a draft specifying an HMAC-based key derivation function
for use by application and protocol designers.

It is based on the design and analysis presented in
http://www.ee.technion.ac.il/~hugo/kdf/

Below is the link to the draft.
It is intended as informational.

Hugo

---------- Forwarded message ----------
From: IETF I-D Submission Tool <idsubmission <at> ietf.org>
Date: Wed, Jun 17, 2009 at 12:37 PM
Subject: New Version Notification for draft-krawczyk-hkdf-00
To: pasi.eronen <at> nokia.com
Cc: hugo <at> ee.technion.ac.il



A new version of I-D, draft-krawczyk-hkdf-00.txt has been successfuly submitted by Pasi Eronen and posted to the IETF repository.

Filename:        draft-krawczyk-hkdf
Revision:        00
Title:           HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
Creation_date:   2009-06-17
WG ID:           Independent Submission
Number_of_pages: 12

Abstract:
This document specifies a simple HMAC-based key derivation function
(HKDF) which can be used as a building block in various protocols and
applications.  The KDF is intended to support a wide range of
applications and requirements, and is conservative in its use of
cryptographic hash functions.



The IETF Secretariat.



<div>
<p>Following my presentation at the San Francisco SAAG meeting,<br>Pasi and I have written a draft specifying an HMAC-based key derivation function<br>for use by application and protocol designers. <br><br>It is based on the design and analysis presented in<br><a href="http://www.ee.technion.ac.il/~hugo/kdf/">http://www.ee.technion.ac.il/~hugo/kdf/</a><br><br>Below is the link to the draft.<br>It is intended as informational.<br><br>Hugo<br><br></p>
<div class="gmail_quote">---------- Forwarded message ----------<br>

From: IETF I-D Submission Tool <span dir="ltr">&lt;<a href="mailto:idsubmission <at> ietf.org" target="_blank">idsubmission <at> ietf.org</a>&gt;</span><br>
Date: Wed, Jun 17, 2009 at 12:37 PM<br>Subject: New Version Notification for draft-krawczyk-hkdf-00<br>To: <a href="mailto:pasi.eronen <at> nokia.com" target="_blank">pasi.eronen <at> nokia.com</a><br>Cc: <a href="mailto:hugo <at> ee.technion.ac.il" target="_blank">hugo <at> ee.technion.ac.il</a><br><br><br><br>
A new version of I-D, draft-krawczyk-hkdf-00.txt has been successfuly submitted by Pasi Eronen and posted to the IETF repository.<br><br>
Filename: &nbsp; &nbsp; &nbsp; &nbsp;draft-krawczyk-hkdf<br>
Revision: &nbsp; &nbsp; &nbsp; &nbsp;00<br>
Title: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HMAC-based Extract-and-Expand Key Derivation Function (HKDF)<br>
Creation_date: &nbsp; 2009-06-17<br>
WG ID: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Independent Submission<br>
Number_of_pages: 12<br><br>
Abstract:<br>
This document specifies a simple HMAC-based key derivation function<br>
(HKDF) which can be used as a building block in various protocols and<br>
applications. &nbsp;The KDF is intended to support a wide range of<br>
applications and requirements, and is conservative in its use of<br>
cryptographic hash functions.<br><br><br><br>
The IETF Secretariat.<br><br><br>
</div>
<br>
</div>
Pasi.Eronen | 18 Jun 21:58 2009
Picon

Pasi's AD Notes for June 2009

Here's again a short status update about what things are going on from
my point-of-view. If you notice anything that doesn't look right, let
me know -- miscommunication and mix-ups do happen.

Best regards,
Pasi

MISC NOTES

- I will be on parental leave/vacation (not reading email) starting
  from today; I'll be back on July 20, and the next AD notes will be
  posted in August.
- We received a liaison statement from ITU-T regarding identity
  management. Tim and I need to organize a reply.
- EAPFIX BOF proposal was discussed on the IESG BOF call (Jari 
  handled most of this)
- Looking into appointing security advisor for ROLL WG with Tim
  (currently Adrian has the ball)
- Preparing SAAG agenda for IETF75 with Tim
- (not wearing AD hat): Errata #1628 (for RFC 4742): waiting for
  NETCONF WG chairs/Dan to confirm this [since 2009-02-26] (some 
  emails in May, but not done yet)

WORKING GROUPS

DKIM
- draft-ietf-dkim-overview: was approved by IESG, now in RFC
  Editor queue
- draft-ietf-dkim-ssp: waiting for Magnus to get back from his
  leave and clear his DISCUSS [since 2009-06-08]
- I still need to review what to do about errata 1385, 1532, and 1596
- draft-ietf-dkim-rfc4871-errata: waiting for Adrian to clear his
  DISCUSS [since 2009-06-11], and Dave/Cullen/Barry/Stephen to tell 
  me when we have acceptable text for the introduction.

EMU
- Quiet month so far...

IPSECME
- draft-ietf-ipsecme-ikev2-redirect (not wearing AD hat; Tim 
  is handling this one): in IETF Last Call until 2009-06-30
- draft-ietf-ipsecme-ikev2-ipv6-config (not wearing AD hat): 
  I submitted an updated version; waiting for chairs to decide
  the next steps.
- Working on fixing the IANA registrations of RFC 4543; currently
  waiting for IANA [since 2009-06-11]
- Verified errata 1654 for RFC 4303

ISMS
- draft-ietf-isms-secshell, draft-ietf-isms-tmsm, and
  draft-ietf-isms-transport-security-model: in RFC Editor queue/AUTH48;
  should be published as RFCs in couple of days.
- draft-ietf-isms-radius-usage: was approved by IESG, now in 
  RFC Editor queue
- Recharter text sent for IETF review, might be approved
  on 2009-07-02 IESG telechat
- Looking for new co-chair...

KEYPROV
- WGLC for PSKC

PKIX
- draft-ietf-pkix-rfc4055-update: in RFC Editor queue, waiting for
  smime-3851bis draft (not a normative reference, but authors
  preferred it this way), which is waiting for several other drafts
  (including pkix-3281update and pkix-sha2-dsa-ecdsa).

SASL
- Change control for TLS channel bindings has been transferred
  to IETF (big thanks to Larry and Sam!), and Nico has revived 
  draft-altman-tls-channel-bindings to publish them as RFC. When 
  I'm back I need to talk with Nico to see what (if anything) 
  needs to happen before moving this draft forward.

SYSLOG
- draft-ietf-syslog-sign: waiting for authors to confirm what changes
  are still needed for version -26 [since 2009-06-17]
- Some discussions about rechartering

TLS
- draft-ietf-tls-extractor: in AD evaluation, waiting for Eric to 
  submit a revised draft [since 2009-05-27]
- draft-ietf-tls-rfc4366-bis: went through WGLC; waiting for
  authors to submit a revised draft, and WG chairs to send 
  a publication request soon...
- Looking into errata #117 (for RFC 4346)
- (not WG item yet) I need to talk with the chairs and Michael
  about what to do with Mobi-D

OTHER DOCUMENTS

- draft-lebovitz-kmart-roadmap: I need to read this and 
  comment/contribute.
- "Applicability guidance for security protocols": Tim and I have
  promised to write something that would help in determining which
  security mechanism (e.g. TLS, IPsec, SASL, GSS-API, ..) to use
  for a new higher-layer protocol.

DISCUSSES (active -- something happened within last month)

- draft-housley-aes-key-wrap-with-pad: waiting for Russ to
  talk with his coauthor to see how to support 1..8 octet plaintexts
  [since 2009-06-18]
- draft-ietf-dime-diameter-api: waiting for Dan to get WG's opinion 
  on whether this will be useful and if yes, why [since 2009-06-18]
- draft-ietf-ltans-dssc: waiting for authors to reply to my 
  comments [since 2009-06-18]
- draft-ietf-netlmm-pmip6-ipv4-support: waiting for authors
  to propose text or submit a revised ID [since 2009-06-11]
- draft-ietf-ntp-autokey: waiting for Ralph to get more
  information from WG [since 2009-06-18]
- draft-igoe-secsh-aes-gcm: text agreed, waiting for authors
  to submit a revised ID. I've cleared my DISCUSS so that my
  leave doesn't block this for additional month -- Tim will
  check that the text is as we agreed before approving this.

DISCUSSES (stalled -- I haven't heard anything from the authors
or document shepherd for over one month)

- draft-atlas-icmp-unnumbered: waiting for authors to reply to
  my comments [since 2009-04-21]
- draft-ietf-ipfix-file: waiting for authors to reply to my
  comments [since 2009-04-23]
- draft-ietf-ntp-ntpv4-proto: waiting for authors to reply to
  my email or submit a revised ID [since 2009-04-16]

DISCUSSES (presumed dead -- I haven't heard anything from the authors
or document shepherd for over three months)

- draft-cain-post-inch-phishingextns: authors have promised a new
  version some time in February [since 2009-01-29]
- draft-cheshire-dnsext-nbp: waiting for authors to reply to my
  comments [since 2008-12-03] (pinged again on 2009-04-30 and
  2009-06-09)
- draft-ietf-bfd-base: text agreed, waiting for authors to submit 
  a revised ID [since 2009-03-19] (pinged again on 2009-04-30
  and 2009-06-09)
- draft-ietf-vrrp-unified-spec: waiting for authors to propose
  text [since 2008-11-07] (but talked briefly with Radia at IETF74)
- draft-ietf-sipping-policy-package: waiting for draft-ietf-sipping-
  media-policy-dataset to progress (or more information from Robert)
  [since 2008-10-28]

--end--


Gmane