Release Meeting Minutes/2011-05-10
From K5Wiki
Will Fiveash, Thomas Hardjono, Sam Hartman, Greg Hudson, Zhanna Tsitkova, Tom Yu
Solaris
- Will
- Finished integrating 1.8.3. Big struggle. Not a complete merge. Might have to revisit code organization. Solaris and MIT a little closer now.
PKINIT
- Greg
- Hash agility? Two hard dependencies of PKINIT on SHA1. DH KDF for reply key. Agility draft uses NIST KDF. nonces?
- Sam
- Don't want same reply key each time you reuse DH public keys. Idea is to reduce number of crypto ops. [mutual auth in KDC]
- Greg
- [client & KDC nonces] One of Love's inputs is...
- Sam
- Whole ticket
- Greg
- Has implications for KDC side. Would have to split processing (authdata must be collected for creating the ticket).
- Sam
- [PKINIT precomputation attack]]
- Greg
- PKINIT Otherinfo encoding
- Sam
- Gross hack to not emit tag in ASN.1 encoder.
- Tom
- Problems are in the decoder
- Sam
- Decoder not needed [it's a KDF input].
Tom will send mail to Tim Polk about KDF ambiguities in SP 800-56A.
Greg will propose solutions to the WG.
Other
- Thomas
- ISO 11770-2? Kerberos reinvented? Anyone heard of it? [No]
- Sam
- W3C. Identity in the browser. What advice to give application authors re acquiring credentials with password vs without password?
- Thomas
- Interop planning (next week)
- Greg
- Does IETF draft expiry mean anything now? [Camellia draft administrivia]