►
From YouTube: IETF93-HTTPAUTH-20150720-1740
Description
HTTPAUTH meeting session at IETF93
2015/07/20 1740
A
C
B
B
B
Okay,
so
we
need
somebody
in
the
jabber
room.
I,
don't
think
we
have
any
remote
participants
that
we
know
about,
but
there
could
be
some
that
we
don't
know
about.
Ok,
we're
going
to
document
status.
Then
we're
going
to
see
a
presentation
about
our
current
working
group
document,
which
is
crammed
and
then
we're
going
to
see
a
couple
of
presentations
about
proposed
items
for
this
working
you
and
if
you
have
time
open
mic.
So
as
I
said,
blue
seats
no
clone
squad.
Oh
so
anybody
in
the
driver
room.
Anyone
at
all
come
on
people
CZ.
D
B
B
The
case
of
the
missing
chair,
as
you
can
see,
I'm
alone
here,
and
the
reason
for
that
is
that
Matt
Lapinskas
accepted
the
new
job,
as
he
has
a
teaching
position
in
some
colleges,
just
starting
a
computer
science
program.
So
good
luck
to
Matt
and
right
now
we
if
anyone
a
few
is,
has
some
experience
with
the
idea,
no
need
for
a
lot
and
is
somewhat
knowledgeable
about
HTTP.
Http
authentication
is
willing
to
do
it
and
is
not
a
current
working
group
document.
B
Mutual
off
we've
had
no
progress,
despite
a
lot
of
goodwill
at
the
meeting
last
time,
so
we're
going
to
try
a
new
plan.
The
other
is
going
to
prepare
an
issue
list.
They
already
started
so
we'll
post
two
to
three
issues
at
a
time
to
the
mailing
list-
and
this
is
something
that's
already
worked
in
another
working
group.
What
we're
going
to
do
is
say:
okay,
this
is
an
issue.
B
We
propose
to
close
it
by
making
this
change
or
disclosing
it,
not
making
any
change,
and
if
anybody
feels
that
this
is
not
the
wrong
conclusion
to
this
problem
then
speak
up
now
because
we're
going
to
close
the
issue
in
two
weeks,
then,
if
nobody
speaks,
we
closed
the
issue
in
two
weeks
as
well
as
proposed.
If,
during
the
discussion,
some
other
issue
comes
up,
we
add
that
to
the
list
and
when
the
list
goes
down
to
zero,
we
go
to
working
group
last
call.
Yes,
let's
see.
C
C
B
C
B
So
either
way
as
long
as
it's
successful
yeah
and
although
this
slide
says
that
it's
the
document
Arthur's
doing
it
and
I,
don't
think
that's
really
the
best
idea.
If
we
don't
get
a
second
chair,
we
can
get
somebody
to
be
a
working
up
secretary
and
do
this
on
the
list
thing.
That's
great
experience
for
somebody
who
hasn't
been
a
chair
before
and
well.
B
B
C
C
Initially,
the
HTTP
scram
was
slightly
different
from
sasal
scram,
so
you
couldn't
quite
reuse
the
libraries
disease.
So
now
there
is
an
extra
base,
64
encoding
or
scram
data,
but
then
you
can
use
existing
social
libraries
just
just
to
give
this
information
and
poly
HTTP
specifics
parameters
are
represented
as
HTTP
directives
for
ww
authenticator
authorization
directive.
C
The
other
changes
I've
changed
too
sharp
256,
as
mandatory
to
implement
sharen,
is
still
there
for
most
of
a
backward
compatibility
with
scram
SAS,
also
just
registering
both
of
these
maybe
never
got
updated
and
the
world
various
fix-ups
to
the
syndication
mode.
I
initially
sort
of
sketched
how
it's
going
to
look
like
and
then,
when
I
thought
about
it,
there
was
a
missing
bed
so
clarify,
though,.
B
C
Don't
have
strong
feelings
about
this,
however,
one
of
the
reasons
for
having
this
is
so
that
you
can,
you
know,
share
library,
so
existing
libraries,
mostly
support,
shall
run.
On
the
other
hand,
you
know
one
implementation
I
did
is
he
is
written
using
openssl,
so
changing
hash
is
very
easy,
so
I'm.
C
D
C
Maybe
bit
speculative
so
let's
say:
I
have
a
I'm
absorber
and
call
that
server
package
together,
calendaring
and
mail,
and
they
use
the
same
underlying
library
underneath
they
then
they
run,
can
implement.
Http
scrams
are
the
one
will
implement
regular
scram
scram
shall
run
but
I
suppose
might
not
be
good
enough
reason
not
to
not
to
not
oh
great.
So
this.
D
Is
chris
given
at
the
other
microphone
hi
Chris
yeah?
If
I
could
respond
to
that
again,
their
life
go
on
yeah,
so
I
was
going
to
say
the
I
think
the
real
advantage
to
using
the
scroll
scram
is
it
has
a
a
the
server-side
hash
that
now
has
two
functions.
Not
only
does
it
off
escape
password,
but
it
also
allows
a
non
play
text
authentication
where
you're
not
reusing
your
password
on
all
servers.
You
know
where
you
don't
have
that
weakness,
so
you
know
most
sites.
D
C
D
C
C
C
E
C
Difference
without
this,
the
directive,
when
the
server
responds
you
know
now,
you
need
to
do
for
handshake.
The
client
doesn't
know
what
it
needs
to
proper
dialogue
and
say
try
new
password
or
where
they
should
just
return
I
with
the
new
nonce.
So
probably
a
good
idea
to
add
this.
The
other
thing
is
username
password,
canonicalization
I
think
we're
discussing
of
referencing
social
prep.
This
document
and
it's
finally
I-
was
updating
slides.
You
know
it
was
a
sufferer
business,
Russian,
6
and
now
it's
18.
So
there
were
quite
a
lot
of
changes.
C
F
E
C
So
for
the
two
round-trip,
the
regular
mode
is
already
implemented
and
another
implementation.
Some
I
am
relatively
happy
that
this
the
way
it's
described
is
correct
for
your
authentication
mode.
I
want
to
make
sure
that
it's
correct
and
implementable
that
it's
not
missing
any
details
which
are
in
my
head
for
so.
D
Tony
Hanson
in
the
current
draft
you
have
in
your
examples,
you're
using
'too
data
equals
and
then
you
say
base64
of
yes,
whatever
are
those
placeholders
for
yes,
okay,
so
yeah!
My
wreck.
My
suggestion
is
that
you
actually
put
basic
the
basics
before
there
and
have
a
comment.
Yes
saying:
that's
the
I.
C
Didn't
want
to
leave
just
basic
c4
there
because
it
needs
to
be
by
64
valid
protocol
anyway.
So
because
I
will
ask
you
to
generate
new
examples,
then
I.
Can
you
know
if
you
just
do
the
correct
one
and
then
I
can
also
add
a
comment
saying
and
if
you
base64
decode,
that
this
is
what
it
looks
like,
so
that
people
can
verify
internal
state
states
and
stuff.
So,
oh.
D
B
F
Slightly
okay,
so,
during
that
very
you've
that
HTTP
they
just
draft
and
that's
a
gifted,
Directorate
and
and
the
general
to
you-
is
suggested
subway,
adding
support
for
H
Mac
a,
and
they
also
that
stunned
a
steam
and
suggested
adding
a
salted
hash
2
to
the
M.
Ok,
today
it
digests,
so
this
proposal
is
just
to
discuss
those
two
two
issues
here.
Next.
Why?
Please
so
currently
in
the
digest
mechanism,
a
difference,
two
functions:
one
is
H,
which
is
just
a
hash,
simple
hash.
Another
is
a
derived
key
or
a
or
key
a
key
keed.
F
I
keed
digest,
so
that
key
digest
is
supposed
to
be
a
kid
mechanism,
but
in
reality,
what
happens
right
now
is
that
it's
just
a
hash
of
that
concatenation
of
the
secret
and
the
data
with
that
new
mechanism.
If
we
support,
if
we
add
a
h
mac
support,
it
would
become
a
real,
a
kid
digest,
and
the
second
part
is
adding
that
salt
to
that
to
the
value
we
we
calculate,
which
is
a
one
right.
F
So
these
are
the
proposed
changes
to
a
to
the
existing
functions,
to
allow
us
to
support
those
h
mac
and
a
and
the
salt
XY.
Please
so
for
to
do
that.
We
need
to
act
a
to
prime
or
we
need
to
add.
One
parameter,
which
is
assault
in
this
case,
is
going
to
be
returned
in
the
challenge,
but
from
the
server
to
the
client
for
the
client
to
do
the
right
calculations
and
we
need
to
update
them
in
the
hash
algorithms
to
to
a
add
support
for
each
match.
Key
algorithms.
F
B
F
B
The
man
thing
so
we're
trying
to
discuss
it
here,
we've
allocated
about
10
minutes
for
this
and
it's
fine.
We
can
overflow
because
Alexei
kept
it
brief,
but
the
work
because
yet
to
decide
whether
it
wants
to
accept
it,
and
we
still
have
a
lot
of
other
work
to
do
before
you
got
new
stuff.
Having
said
that,
I
think
the
obvious
question
was
this
changes
the
crypto.
Has
anybody
looked
at
this
and
said?
Yes,
this
is
good
brittle
anybody
that
we
trust
I.
E
Utakata
speaking
so
before,
taking
this
past
need
some
to
clarify.
Actually
the
secret
implication
of
the
extension,
so
I
think
new
thing,
just
in
the
simple
way
to
her.
She
is
easy,
but
it
is
not
always
clear
that
the
such
modification
actually
gives
more
security
or
not
so
especially
for
salt.
We
need
the
Korean
aces
of
the
security
game
and
we
must
describe
it
clearly.
Intoxicated
consideration,
sections
I.
F
E
Five,
so
that's
very
honestly
speaking
it
it's
the
only
reason:
I,
don't
like
this
idea,
because
because
this
kind
of
hashing
is
always
the
victim
was
a
password
dictionary
attack.
So
so
the
use
of
the
same
person
said
name
just
changing,
assaulted,
a
dangerous
in
some
cases,
so
he
doesn't
be
decree
about
that.
I
think.
E
F
F
F
F
E
F
F
B
B
F
But
that
doesn't
change
anything,
that's
an
existing
situation
again.
There
is
no
claim
here
that
the
salt
would
add
any
security
value
here
right.
That's
not
what
the
claim
right.
The
claim
is
it's
for
convenient
reasons.
If
that
database
compromised,
they
don't
want
to
force
every
element
to
change
their
own
and
start
instead,
just
change
the
salt
on
the
server
write.
G
F
F
F
Ok,
so
again
that
the
idea
is
that
that
k,
deep
function
they
today
that
the
way
it
is
used
today
is
just
concatenate
in
back
hahha,
one
with
the
rest
right
and
then
hash.
It's
right.
Instead
of
doing
that,
because
there's
a
need
for
a
really
keyed
mechanism.
Instead
of
doing
that,
you
use
the
ha1
as
that
they're,
the
key
and
the
rest
as
as
that
message
itself
right.
So.
F
F
B
E
Again,
we
need
some
deer
and
of
introducing
in
the
creation
scripture,
so
without
that,
if
just
tickets
stirring
this
up
these
two
parameters,
a
similar
just
concatenating
it
hashing
is
fine.
So
we
need
a
clear
reason
why
we
put
H
one
direction
side
and
other
things
right
hand
side
and
for
the
solid
state
has
to
issue.
E
If
carrying
the
current
discussion,
I'm
strongly
against
adopting
this
technique,
because
it
gives
a
very
bad
in
but
confusion
to
the
user,
so
we
must
clearly
say
what
is
again
and
what
is
the
meaning
of
that
once
we
can.
So
if,
as
web
databases
leak,
we
should
do
in
this
way
instead
of
this
way,
so
that
security
issue
will
not
be
getting
worse.
So
is
that
such
kind
of
description
and
connected
against
taking
this
to
the
standard
read
by
any
stage
of
protocol
exchange.
D
The
assumption
that
the
only
secret
value
here
is
passport,
everything
else
is
known
to
the
bursary.
This
proposal
adds
no
extra
security
on
top
of
just
mashing.
Okay,
no
extra
security.
You
can
magic
up
entropy
out
of
nothing
like
your
only
secret
as
a
password,
so
maybe
there's
some
reason
why
you
want
to
have
a
key
derivation
function
here,
some
exterior
reason,
but
it
cannot
be
secured.
Okay,.
B
F
Okay,
so
yeah,
no,
no
no
I
have
been
discussing
different
options
for
a
replacing
digest
with
the
with
a
better
mechanism.
So
this
is
kind
of
a
result
of
that
discussion.
So
next
slide,
please
it
so
that
the
proposal
he
is
to
use
SLP
as
a
as
a
mechanism
to
to
replace
digest.
So
am
some
background
about
SF
visa
is
a
royalty-free,
a
protocol.
They
will
define
and
it's
been
defined
and
used
by
a
different
in
ITF
RFC's.
F
Next
slide,
please
so
a
secure,
remote
password
is
a
augmented,
take
password
that
is
used
to
authenticate
users
using
some
shared
key
or
shake
shipped
a
secret,
both
sides,
as
a
result
of
that
you
you
get
them
and
you
create
a
shed
a
key
at
the
end
of
that
process
a
and
it
doesn't
require
any
pkoi
or
throw
a
party.
This
high
level
next
slide,
please
so
a
at
a
high
level.
F
F
But
at
the
beginning,
that
is
a
setup
on
the
server
side
to
a
the
server
will
use
a
large
primary
generator
and
then,
when
a
user
account
is
created
and
that
server
select
a
hash
function
and
user
salt
in
this
case,
is
that
the
salt
is
a
user-specific
a
and
it
uses
the
realm
and
a
password
to
create
a
password
verifier.
The
password
very
vile
is
created.
It
created
using
two
steps.
F
The
first
one
is
derived
keep
a
private
key,
which
is
the
hash
of
username
or
password
and
salt,
and
then
that
password
verify
is
a
generator
to
the
power
of
that
derived
a
private
key,
a
modulo,
a
large
prime.
All
the
calculations
or
emerging
lot
farm
and
then
that
data
is
stored
in
the
database
notice
that
the
derived
private
key
is
not
stored
in
a
database,
so
so
that
nor
the
hash
over
the
passage
itself
is
not
stored
in
the
database
ring
next
like
these.
F
So
this
is
just
to
a
that.
The
authentication
process
requires
the
first
initial
request,
so
include
the
username.
So
if
that
user
name
is
not
known
to
a
the
client,
this
is
a
way
just
to
kind
of
discover
that
and
you're
talking
a
few
comments
about
this,
and
you
can-
and
you
can
adjust
it
to
to
that.
So
this
is
just
a
discovery
process.
Next,
next
one
please
so
that
the
authentication
process
starts
by
it
out
after
that
client
sending
that
they
use
a
name
to
to
a
server.
F
The
server
uses
that
service
public
key
to
associate
that
those
two
requests
and
then
verifies
that
point
p,
0,
p
and
a
it,
creates
that
that
a
session
locally
and
sends
a
service
top-2
back
to
him
to
the
client
and
the
clients
verifies
that
right,
but
at
the
high
level.
That's
that's
the
process
next
slide.
Please
so
I
benefits
a
resistant
to
a
passive
and
active
attacks.
It
provides
a
perfect
perfect,
a
forward
6
UC
and
again
it
never
stores,
passwords
or
hashes
on
the
database.
Only
the
password
verify
or
switch.
F
E
Neither
boiler
so
I
what,
as
far
as
I
have
from
you
it's
a
function,
a
subset
of
the
mutual
authentication.
Currently
so
so
the
user
authentication
is
actually
the
how
the
cake,
augmented
cake
can
be
implementing
the
HTTP
both
who
are
web
and
no
web
traffic.
So
because
I
already
constables
use
cases,
and
it's
also,
it
is
also
designed
as
a
algorithm
AJ
as
a
piece
or
you
can
use
a
therapy
just
by
putting
side
as
much
education
into
it.
So
please,
please
beat
my
draft
sure.
E
E
F
E
G
It
won't
show
for
I
think
this
is
so
technically.
I
agree
with
you
about
China
binding,
formally
anything
care,
you're
sort
of
extending
the
definition
of
fishing,
but
yeah
Jenna
funding
would
be
needed,
even
though
I
selfie,
as
is
resistant
to
fishing
and
one
more
technical
comment,
a
my
responsibility.
We
know
that
this
is
resistant
to
dictionary
attacks
on
the
server,
and
this
is
actually
infrared
but,
as
I
can
see,.
B
B
D
Tony
handsome,
when
you
do
right
this
episode,
graph,
I
suggest
you
follow
the
example
that
Alexei
did
with
the
basics
before
encoding
the
set
of
stuff
that
gets
passed
into
the
algorithm,
so
that
now
that
can
its
then
encapsulate
it
as
a
single
chunk
that
just
passed
through
the
implementations.
So.
E
Just
an
announcement
from
the
awesomest
arrow
syndication
and
as
oh
you
already
said,
I
perish
the
current
XMS
ourselves.
A
my
draft.
Does
a
github
so
of
course,
I'm
not
asking
every
you
to
delights
my
document,
but
if
you'll
find
it
is
helpful
for
you,
please
feel
free
to
use
it
in
some
it
to
email
requests
for
that.
But
of
course
you
can
ask
me
to
change
the
draft
XO
well.
B
Requests
are
fine,
and
we
did
mention
in
the
previous
session
that
the
drafts
needs
some
work
in
there
at
least
language
and,
though,
are
perfect
for
bullet
resto.
Anybody
volunteer
to
do
that.
They'll
think
we
have
some
stars
somewhere
here,
yeah,
so
anything
else
good
then
we'll
adjourn
early
and
we
can
get
at
the
cookies
before
all
the
others.