REFEDS Assurance wg telco
Friday 23 March 2018 at 14:30 CET/8:30 CDT
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg
Alan B
Eskil S
Jule Z
Pål A
Mikael L
Notes
- new SFA profile format: https://docs.google.com/document/d/1ZjpzyYWZhqjbTeIzxX9Vug9Whqb9YEkK29e1FBjL5VM/edit#
- participantes liked the new format better
- SFA is better than base which has already a meaning in InCommon
- discussion if “more secure” SFA will be needed later – no clear consensus
- section 4 first table
- asterisk not explained in table header
- memorized secrets. 62-71 –> 10 characters. Add example characterset pool (a-z and A-Z etc). Refrain from imposing character complexity requirements
- lifetime of the secrets in row 2 is not made explicit. Does an item in row 2 assume the secret is locked after a single wrong entry?
- does row 2 really exist as a single authentication factor?
- 2048 bit length for asymmetric keys
- check the length of ECC key
- section 4, replacement of lost factor
- replacement or recovery? Replacement works better.
- there must be a way to get a new password
-next call on Wednesday 4th April at 1500 CEST