►
From YouTube: IETF95-KITTEN-20160407-1620
Description
KITTEN meeting session at IETF95
2016/04/07 1620
A
B
Alright,
so
the
blue
sheets
should
be
going
around.
Thank
you
again
to
our
minute
taker
and
our
jabber
scribe
for
volunteering,
such
as
it
is
this,
is
today's
agenda
will
be
starting
out
by
going
over
the
existing
working
group
items
we
have
or
had,
and
then
briefly
touching
on
some
potential
new
work
that
that
we
could
be
taking
on
and
once
we've
gone
over.
That
will
be
talking
about
priorities
and
then,
if
whatever
time
is
left
anything
it
doesn't
cover,
this
would
be
open
mic.
B
C
B
B
For
active
items,
so
the
eight
the
CTS
H
max
shot
too
that's
right
now,
pending
a
shepherd
review
and
right
up,
I
believe.
A
A
Know
it's
been
Struth
a
lot
of
slow
progress
on
that
one
and
we
were
supposed
to
I
think
we
had
people
that
wrote
up
sample
entries
that
would
go
in
the
registry
and
there
was
a
general
agreement
that
was
a
reasonable
format.
The
intent
is
not
to
pre-populate
the
entire
registry
in
the
document,
or
so
we're
just
going
to
make
a
short
document
that
creates
the
registry
and
then
will
populate
it
later.
To
avoid
the
burden
on
the
working
group.
Since
getting
working
group
energy
can
be
difficult
at
times.
A
A
And
there's
I
a
curb
which
had
needed
an
editor
for
a
long
time
and
I
picked
it
up,
but
we
may
also
before
putting
this
in
last
call.
We
may
want
to
reconsider
if
we
actually
want
it
to
be
a
working
group
document,
but
it
does
have
an
at
least
one
implementation,
but
you're
in
the
intervening
time
since
when
it
was
first
proposed,
it's
become
less
clear
that
it's
actually
a
good
idea,
so
we
may
finish
it
off.
We
might
just
drop.
A
The
document
could
potentially
even
publisher
this
historic,
but
we
still
need
to
figure
out
what
to
do
there.
6112
biz
needed
some
revisions.
Revisions
have
been
made,
but
we
weren't
able
to
actually
publish
the
new
document.
Sean
Emery
has
been
working
on
that
and
there's
some
technical
details,
because
that
has
a
older
sort
of
IPR
declaration
boilerplate
that
we
need
to
preserve.
A
He
can
it
algorithm
agility.
We
actually
have
to
peaking
at
documents
that
are
underway
for
this
one.
We
actually
had
a
new
version
come
out
yesterday
and
resolved
the
remaining
questions.
So
we
think
that
that
is
now
Elsa
ready
for
group
last
call
makes
you
can
sort
of
see
where
I'm
asking
this
large
list
of
things
that
we
think
are
ready
for
roofing.
Your
glass
call,
so
we're
going
to
start
trickling
those
out
soon
and
hopefully
reduce
the
length
of
that
list.
B
B
Right
then,
we've
got
the
auth
indicator
that
we
again
we
can't.
A
A
Quite
large,
this
is
the
Java
bindings
for
gssapi
right
and
we
had
needed
to
do
the
biz,
because
there
was
no
way
for
the
security
context.
Negotiation
functions
to
both
return,
an
error
and
an
error
token.
So
there's
the
sort
of
GSS
negotiation
loop
where
you
are
communicating
with
appear
and
you
exchange
these
contexts
tokens.
But
you
also
need
to
report
success
or
failure
or
continue
needed
to
your
local
side
and
because
of
the
way
that
yet
the
Java
bindings
were
written.
A
You
had
to
pick
whether
you
got
the
error
or
you
got
the
token
to
send
to
the
pier,
and
so
because
of
that,
you
could
not
indicate
to
the
pier
why
you
failed
with
the
old
version,
so
that
was
a
mean
update
in
5653
biz,
but
because
the
whole
document
was
open,
we
noticed
there
were
some
other
structural
problems
and
that
sort
of
laid
processing
at
the
document
for
a
long
time.
While
we
figured
out
what
to
do,
but
we
believe
we've
got
everything
settled
out
and
we
can
run
it
through
last
call
now
and.
A
A
B
A
Yeah,
you
speak
a
net
for
your
cross
from
stuff.
Then
there's
the
five
extra
round
trip
so
I'm.
Currently
the
Kerberos
protocol
exchange
has
this
fixed
number
of
packets
and
round
trips,
but
it
turns
out
it
would
be
useful
to
add
additional
round
trips
to
sort
communicate
certain
errors
to
bootstrap
some
potential
other
he
derivation
steps.
You
would
need
an
extra
round
trip.
I.
Think
if
you
were
going
to
shoehorn.
B
B
B
A
B
A
The
first
one
is
a
fake
based,
pre
authentication
scheme,
and
so
the
idea
here
is
that
currently
in
Kerberos,
when
you're
doing
password-based
keys,
you're
literally
taking
the
hashed
password
and
using
that
as
a
key
and
that's
directly
being
used
to
encrypt
the
network
traffic.
And
so,
if
your
pass,
where
your
users
passwords,
are
not
very
good,
then
that
gives
an
attacker
who
can
observe
the
network,
some
ciphertext,
that
they
can
attack
offline.
We
had
Kenny
Peterson
who's,
a
CFR
G
co-chair
here
at
ITF
92.
A
He
was
pointing
out
that
this
is
in
fact
a
really
bad
thing,
and
you
should
stop
doing
that,
and
so
this
pig
Cree
off
scheme
would
be
a
good
way
to
stop.
Requiring
the
password
drive
key
is
to
be
used
for
encrypting
stuff
that
an
attacker
can
see
the
second
document.
There
is
one
that
I
wrote
to
deprecate:
Triple
DES
Narcy
for
their
sort
of
a
general
trend
of
moving
away
from
RC
4
among
all
Internet
protocols.
Triple
deaths
is
perhaps
less
urgent,
but
has
a
small
block
size.
A
A
A
Unfortunately,
you
can't
do
this
for
kerberos
directly,
because
in
Kerberos
see
how
of
long-term
keys
that
can
be
used
by
potentially
by
multiple
parties
without
synchronization
between
them
and
so
mostly
aad
modes.
Have
a
non
sir
account
a
requirement,
and
you
just
can't
meet
the
then.
This
is
a
necessity
of
not
reusing
the
counters
across
all
the
different
usages,
and
so
it's
not
really
safe
to
use
a
EAD
for
long-term
Kerberos
keys,
but
with
the
gssapi.
You
know
that
you
have
a
single
short
use
contacts
between
exactly
two
peers.
A
In
that
case
you
can
control
the
sequence
number
and
so
that
AE
ad
become
safe
and
you
can
get
the
performance
gains
from
that
and
this
last
one
is
for
especially
using
the
DNS
for
service
discovery
for
kerberos
shoving
things
in
the
DNS
can
be
useful
and
there's
some
potential
things
you
could
do
there.
So
that's
it
for
this
slide
right.
Yes,.
B
You're
all
just
waiting
to
get
to
a
meeting
venue.
Ok,
so
with
this
there
is
like
we
show,
there's
a
bunch
of
work.
That's
already
slated
for
the
working
group,
there's
a
bunch
of
items
that
we
could
be
taking
on,
but,
as
I
think
is
been
evidence
fairly
clearly,
both
from
the
chairs
activity
and
the
list.
There's
not
a
lot
of
energy
in
here.
So
we
need
that.
We
need
to
think
about
what
it
is.
We
really
want
to
get
done
and
how
we
can
best
prioritize
things.
A
To
get
there
yeah,
we
had
two
pages
of
slides
of
working
group
documents
that
are
probably
ready
for
working
group
last
call
and
that's
kind
of
a
lot.
If
we
think
we
can
only
do
one
last
call
at
a
time
and
we
do
to
a
class
call.
That
might
be
enough
time
to
get
enough
feedback
to
be
confident
move
on.
A
But
if
we
just
if
we
make
a
working
group
last
call
and
their
silence
on
the
list,
it
sort
of
puts
us
in
the
awkward
position
where
we're
not
really
comfortable
moving
the
document
forward,
because
we
don't
know
that
enough
people
have
reviewed
it
on.
So
we
could.
We
have
the
potential
for
stalling
there.
A
So
on
one
hand,
we
have
all
these
documents
that
you
are
already
working
group
documents
and
we
should
be
moving
forward.
We
should
work
on
that,
but
we
also
have
these
new
topics
that
are
potential
candidates
for
adoption
that
perhaps
have
more
energy,
more
excitement
about
them
and
it
sort
of
seems
like
an
appropriate
balance,
would
be
to
try
and
get
a
few
of
these.
Existing
documents
published
that
we
know,
there's
been
so
amount
of
interest
in
and
we
think
we
can
finish
up
and
actually
get
get
the
energy
to
finish
them
up.
A
A
I
have
a
question
in
Java
how
many
people
are
typically
needed
to
review
I
think
if
we
get
two
or
three
people
that
you
know
have
really
gone
through
the
document
and
the
understand
what's
going
on?
That's
at
this
point.
That's
probably
enough
for
us.
We
don't.
We
don't
really
have
enough
people
to
try
and
insist
on
more.
You
can
see
that
the
room
itself
there's
only
15
20
people
here.
A
B
A
B
A
A
A
D
There's
a
it
was
quite
a
bit
going
on
from
Greg
here
which
you're
saying
it.
So
it
seems
to
be
a
conversation
that
he
wants
to
have
with
you,
but
he
says
that
he's
happy
to
prioritize
I,
a
curb
and
Microsoft
is
hoping
for
a
PA
day,
the
number
assignment
for
PK
in
it
freshness
ASAP.
So
they
can
ship
an
invitation.
He
thinks
I
guess.
D
B
More
people
for
review
is
certainly
helpful,
so
if
he's
got
people
that
would
be
willing
to
try
to
help
out
with
that,
that
would
be
thou
definitely
be
worthwhile.
Yes,
I'm.
B
A
A
B
A
B
D
E
E
So
if
you
guys
can
think
of
a
way
that
makes
you
happy
to
kind
of
that,
there
is
consensus
for
a
piece
of
work,
then
it
doesn't
have
to
be
day
to
working
with
pascal
type
thing
indeed
like,
for
example,
if
you
had
a
if
you
maintained
a
you,
know
a
wiki
or
something
or
a
webpage
or
some
Palestinian
after
its
got
like
two
or
three
reviews
and
some
please
implemented,
then
maybe
you'll
decide
it.
If
there's
nobody
objecting
to
it
progressing,
then
then,
maybe
that's
kind
of
good
enough
for
you,
yeah.
B
E
B
E
I
think
you
can
make
a
good
case
to
say
that
the
you
know
there's
a
lot
of
this
stuff
for
it,
it's
a
small
number
of
implementers
and
are
the
ones
who
really
count.
And
if
you,
you
know,
if
you
can
sort
of,
if
you're
happy
that
Toby's
your
managed
to
implement
something
and
are
the
right
people
and
nobody's
objecting
and
yeah
I,
think
probably
we
get
a
bit
stuck
up
by
prioritizing
things
by
by
list
and
order.
B
Yeah
sure,
the
only
reason
we
were
thinking
working,
good
blast
calls
because
that's
easy
to
put
it
that
line
around
yeah.
C
E
I
mean
so,
but
Sir
anybody,
Billy
I
mean
what
you
might
want
to
do
is
if
you
had
sort
of
such
of
their.
You
know
something
has
gotten
the
three
reviews
or
links
on
a
wiki
page
or
something,
and
then
then
your
work,
your
last
call
it
might
be
kind
of
turned
around
and
say
we're
pushing
this
ahead
on
meh,
co-direct
sure.
E
B
Here's
here's
my
review
and
we'll
take
note
of
it
will
Ben
and
I
will,
confer
and
see
where
best
put
this
likely
be
somewhere
on
the
ITF
wiki's
somewhere
on
will
pass
we'll
get
that
onto
the
list
as
soon
as
we
find
a
place
to
put
it
yep.
A
A
B
B
B
A
My
comments
in
the
Java
room
have
convinced
people
that
they
won't
speak
pre
off
more
than
the
other
preferences.
All.