Release Meeting Minutes/2011-05-10
Will Fiveash, Thomas Hardjono, Sam Hartman, Greg Hudson, Zhanna Tsitkova, Tom Yu
- Finished integrating 1.8.3. Big struggle. Not a complete merge. Might have to revisit code organization. Solaris and MIT a little closer now.
- Hash agility? Two hard dependencies of PKINIT on SHA1. DH KDF for reply key. Agility draft uses NIST KDF. nonces?
- Don't want same reply key each time you reuse DH public keys. Idea is to reduce number of crypto ops. [mutual auth in KDC]
- [client & KDC nonces] One of Love's inputs is...
- Whole ticket
- Has implications for KDC side. Would have to split processing (authdata must be collected for creating the ticket).
- [PKINIT precomputation attack]]
- PKINIT Otherinfo encoding
- Gross hack to not emit tag in ASN.1 encoder.
- Problems are in the decoder
- Decoder not needed [it's a KDF input].
Tom will send mail to Tim Polk about KDF ambiguities in SP 800-56A.
Greg will propose solutions to the WG.
- ISO 11770-2? Kerberos reinvented? Anyone heard of it? [No]
- W3C. Identity in the browser. What advice to give application authors re acquiring credentials with password vs without password?
- Interop planning (next week)
- Does IETF draft expiry mean anything now? [Camellia draft administrivia]