Re: [kitten] taking on new work?
Benjamin Kaduk <kaduk@mit.edu> Wed, 05 April 2017 15:29 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A81512941C for <kitten@ietfa.amsl.com>; Wed, 5 Apr 2017 08:29:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQnQ0TKB466n for <kitten@ietfa.amsl.com>; Wed, 5 Apr 2017 08:29:30 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E76C12945C for <kitten@ietf.org>; Wed, 5 Apr 2017 08:29:24 -0700 (PDT)
X-AuditID: 1209190c-30fff70000005d5d-7b-58e50d53ae60
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id D0.F2.23901.35D05E85; Wed, 5 Apr 2017 11:29:24 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v35FTMWQ007231 for <kitten@ietf.org>; Wed, 5 Apr 2017 11:29:23 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v35FTJkm012640 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <kitten@ietf.org>; Wed, 5 Apr 2017 11:29:22 -0400
Date: Wed, 05 Apr 2017 10:29:19 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: kitten@ietf.org
Message-ID: <20170405152919.GL30306@kduck.kaduk.org>
References: <20170405045550.GJ30306@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20170405045550.GJ30306@kduck.kaduk.org>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrEIsWRmVeSWpSXmKPExsUixG6nohvC+zTCYOkZZoujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoEro7X1JkvBXI6K9ubbLA2Mt9m6GDk4JARMJC4u4+1i5OIQEmhj ktj08Co7hHOMUWLi309sEM4rJolLLZPZQTpYBFQktuzm6mLk5GADMhu6LzOD2CICwhK7t74D s4UFNCWaH29iArF5gRas7WgDs4WA7H39T9gg4oISJ2c+YQGxmQW0JG78e8kEMp5ZQFpi+T8O EJNTwFTi71EpkApRAWWJhhkPmCcw8s9C0jwLSfMshOYFjMyrGGVTcqt0cxMzc4pTk3WLkxPz 8lKLdA31cjNL9FJTSjcxgoKOU5JnB+OZN16HGAU4GJV4eBc8fRIhxJpYVlyZe4hRkoNJSZRX wQcoxJeUn1KZkVicEV9UmpNafIhRgoNZSYQ3lftphBBvSmJlVWpRPkxKmoNFSZxXQqMxQkgg PbEkNTs1tSC1CCYrw8GhJMF7BaRRsCg1PbUiLTOnBCHNxMEJMpwHaLg92PDigsTc4sx0iPwp RkUpcd7pIAkBkERGaR5cLygpSGTvr3nFKA70ijAvCw9QFQ8wocB1vwIazAQ0+MmdhyCDSxIR UlINjKdOHyq+8HiVXdjscC/hGvaNOjncXN+Vdu85yJm158PpY8X3VadLyWrPy7kzQfL67OfO r3fLpX49F7dZ/gLLpza7mZOFUjYsi+7mljvLsXuxLG+BwPqemXtmBXFtSZjowfL1a9nZt6VB h3wN1OsXeH67NTtjQ78065MvtRaR+Zsu3lwvefvjGlMlluKMREMt5qLiRACaZzRq5QIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/re5xGj_sWsaWyZyiavwkiWc1ryQ>
Subject: Re: [kitten] taking on new work?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 15:29:32 -0000
On Tue, Apr 04, 2017 at 11:55:50PM -0500, Benjamin Kaduk wrote: > > What do people currently feel are the top one or two highest > priority items for the WG to consider? (Such items need not be > limited to the above list, of course; note that, e.g., > draft-schmaus-kitten-sasl-ht-00 has recently appeared on the list of > related internet-drafts.) Taking off my chair hat, I think that draft-mccallum-kitten-krb-spake-preauth is the most pressing item. Currently, our claims to security rely on users selecting strong passwords, which is a laughable assumption given dumps from password database leaks/etc. Being able to close off avenues for offline attacks, which also providing an integrated way to include a second factor that cannot be attacked separately from the password, seems like a huge security win. When I talked to Kenny Paterson about the potential impact of RC4 weaknesses on Kerberos, he said that directly using password-derived keys is a far bigger problem than the statistical weakenesses of RC4. -Ben
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Benjamin Kaduk
- [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Rick van Rein
- Re: [kitten] taking on new work? Jeffrey Altman
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Jeffrey Altman
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Jeffrey Altman
- Re: [kitten] taking on new work? Greg Hudson
- Re: [kitten] taking on new work? Nico Williams
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Nico Williams
- Re: [kitten] taking on new work? Benjamin Kaduk
- Re: [kitten] taking on new work? Robbie Harwood
- Re: [kitten] taking on new work? Cantor, Scott
- Re: [kitten] taking on new work? Matt Rogers