Re: [Ace] Charter discussion

Göran Selander <goran.selander@ericsson.com> Fri, 13 November 2020 15:26 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DBC33A0DA2 for <ace@ietfa.amsl.com>; Fri, 13 Nov 2020 07:26:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k_N_T_pqgPxB for <ace@ietfa.amsl.com>; Fri, 13 Nov 2020 07:26:05 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150080.outbound.protection.outlook.com [40.107.15.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E0113A0DA5 for <ace@ietf.org>; Fri, 13 Nov 2020 07:26:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NIGFhg2StK+5sECV+jyGzQL/6eJ2FX1PYaJjR+6+A2ufP/pFIuLV9fxtSPStiVPK3OGFO5Z5lHAgO2Ag6HaVldc3ii/867zKgCvf+QIoWSh4vkfHXAdXcU5QQt9K3b6ZatwcJOYpZk8TAcjnfivfY7xUyu0l/1dTPe6EFOxb7zEXAVf5CcZqS6qYKLT47QBOudKNcOE1MOuZC82d8I9U6SX50Gobuk5HelAZoCksr3fO1RH5p4vhDGzwsHhkbz4OPPTIYrvveycBvWfOuUzG/XLkcQogidVU0egNHFwekCILzGEUlS1mgGfSCBy/XRnMWRBlLHgHsM/RcqfSjsXM0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SkGZxddJO1/nPdChwLKWDtC46XxMBBMx2Kbppvv4KBM=; b=RftqxwdGwfTJ+jbaJHwcAkyCwv6sod81ko1oX4qlMHxScIvDSxvQyKLvlzz3IqylKsaoE5OJGK9gd6JLFteqPyhAHcfad2X9tE6f3gOFmXzboroqOPDRc4D8slGakDMjSBeGuvloR1SxqaMZfxBrmWWACpDhkDgP44RA5yHSvzIC6WFlhBycrnukxKdvcPeepq2zbT16+QfblhyXw7549AEWklWJRvMf3qq4oTKiIO4HOtoW3gQ0DpspPDuwnXLP4+XvxmRck2nC0yofkTQ5Pq+GN+TQXs4mJvyXeTRQrzXwjow8Kf2TdDyDTXMllgPN1HOtmADIO///zmkAGQuwDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SkGZxddJO1/nPdChwLKWDtC46XxMBBMx2Kbppvv4KBM=; b=UgfsobJuAXa90tR+gUsfE5kvYOXWGetphP2LLxjo4AN/yBIhn07osH54E+UgrQROdiHuGfAG+z4LMjyR2BoKL35ba980RTonnKxNyHi8Fv9bGTjkC2FykcIEGehE9Afdp0HfbTurS4KB8fI+L678X2xOh9WJt/9RVWnuKaS7yEU=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR0702MB3609.eurprd07.prod.outlook.com (2603:10a6:7:83::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.10; Fri, 13 Nov 2020 15:26:00 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::c99c:9978:10bb:e231]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::c99c:9978:10bb:e231%3]) with mapi id 15.20.3541.015; Fri, 13 Nov 2020 15:26:00 +0000
From: =?Windows-1252?Q?G=F6ran_Selander?= <goran.selander@ericsson.com>
To: Daniel Migault <mglt.ietf@gmail.com>, Ace Wg <ace@ietf.org>
Thread-Topic: [Ace] Charter discussion
Thread-Index: AQHWoxucbAjxceIga0igx21acPgYqanGVvbU
Date: Fri, 13 Nov 2020 15:26:00 +0000
Message-ID: <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com>
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com>
In-Reply-To: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d21de6d9-52ab-41bc-0b0e-08d887e86d2d
x-ms-traffictypediagnostic: HE1PR0702MB3609:
x-microsoft-antispam-prvs: <HE1PR0702MB36093B8E41FF9CDF4CB1BB0AF4E60@HE1PR0702MB3609.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1ydI6JUVaNhZ9AyZDPlXtv1CnzbszdHKqrjCsqqBRFKcvvo6Ym2surnz3mfilybf28KsE711+wkx+YSRRdVkh6HCFRd5DWq3zXfNPNauqjdJKuV71gd1QKgtapD9Ma3CB0fBhFPAHBFw+8OKOHhoCHbto/gpuzvGk/tCwHp9nuTlsaHLz3VFy02BUWGwripu74ZwHRc6fmbRiwkM0eyh99LpVdxxNXLCWqUNhJCSdGSFXNATsE8Y53ClPw5qE3S8jEI8vdFZq4lnESQN5M58E1658ueRu7aoRgSBM48E6NqWa3w6KzV5TNS2jDTGo14AbTvvf8HhsHr265FCNqVCsKtuqLv0B8Px4p20tA5UYPTvBX45r576HTVUUXY0+aIv89y/6nvYtCqM89/IsyLM2nVq+DbWFgAgv/Ge9eL7XxX3ct6C0buGj5xlhnyZbeb+CTcCg6lr2yn47CU7ghtGpA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(366004)(396003)(39860400002)(346002)(26005)(66574015)(53546011)(83380400001)(71200400001)(7696005)(66446008)(52536014)(186003)(110136005)(4001150100001)(66476007)(66946007)(76116006)(66556008)(2906002)(166002)(316002)(9686003)(55016002)(86362001)(33656002)(5660300002)(8936002)(8676002)(966005)(478600001)(6506007)(64756008)(15940465004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FJ/RLYP/ARkhVTWBj0O2jrg6kd6M+zX5wGt5P6r3tKAUdujJ4kKi1s6Ymr/I8Fav7UQkVMEVaoEFHK+wCoev99HS8jdscVAzBYtgXPfL+9kX5jxCM30pHoh40tKOBIE5dmQIT7U736ECVRd7Q2IN7+rdZXtw8xEZJ8Ij7ZVMHqqWsQUj/iTos40xjhtyHz9mUNaE+p680WW1ohxHCZ1y7AsBihOP6NMYJuF5qgANsGeCDywnd75WAFvR5TLEIZNwgmqmzZtda4IBajvNdeYcZFz5ppoFiyq2wkSZNVhSGTeWAisR6xepSBJM6X2tU7ivs6CZ5Rqo/p/M9yrn1SPhMSrI3JaC6FHkvLpT+FOzWSy21Kgcf1BjSjzUYOTwhroOIYG69iWJ+LKK49eApmFqfO9AW/NwkAfC352+FHPAQcxDiIl0DzKPeutaHMe7Lu33rcVSjVcCEAGyWjRmxR4fx0UOqJsf6V3xz7BeerKBwY/7/y+uHa1f7lRbKGotptpW0LzjM2hWkSYWMibC5nU1cwQyfxzRM9M1/UZx2LZH7RVGYU6ytQp/tt3rtsf4ZJm9oJkdcvFu2nlvJeDRfjCrsp2cAa/koCDTKTf+O0u2/ZN8hdp6lUbsvGseE8X6V7eP3+X7tEvnsnv8BA/qMIYO7AHX7PKXxolZQprhcZmB/JacAHBjurHyxPmzaKJRMITD+iLPzKQxtcmRcQdT+XN8uG7B9ROk3oVeTNsg0GuCUmW2XvfCFUzKMZnvvp6KrEIV2mtBaC/CVXslN6pHjpMi7NUJUNZWIoXr/Yn2eKq3OglmDc+qCBPNm1yRDcsyeYVXR3eAE/pasEk4DYUYb/9EOmTfk2uV8bgsDckIgyBmC1FgoADV6IZGn7eoXFVQFQC9irJuqkrCoQmO8IZ3GJRjOw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60HE1PR0702MB3674_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d21de6d9-52ab-41bc-0b0e-08d887e86d2d
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2020 15:26:00.4887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jS7P29Q96dE73eN0z7esmCpRAFf3kR07NkzmQMp2WpfyXkhvkhtBtsexNmBTqO6qcL0wqAcnP/B7/hdl1xf8a+ln3dCxnou+aM6XKSadI+k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3609
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QgKjEjMQUoPLVU2ozHiewKeAKlg>
Subject: Re: [Ace] Charter discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 15:26:08 -0000

Hi Daniel,

Here’s another input to the charter.

The current group key management solutions addresses the problem of authorized access to group keys and public keys of group members.

A related problem is authorized access of public keys of other devices not necessarily part of a security group, in the sense of sharing a symmetric key used to protect group messages.

Authorized access to raw public keys serves an important function in constrained settings where public key certificates may not be feasible due to the incurred overhead, e.g. for when authenticating using EDHOC (draft-ietf-lake-edhoc).

This functionality is thus a subset of what is already supported, but since the current solution is geared towards groups a different solution may be needed (although it is probably possible to reuse parts from the existing schemes for provisioning and requesting public keys).

With this in mind, I propose the following change (highlighted in boldface below):



OLD

The Working Group is charged with maintenance of the framework and existing profiles thereof, and may undertake work to specify profiles of the framework for additional secure communications protocols (that are not necessarily limited to constrained endpoints, though the focus remains on deployment ecosystems with a substantial portion of constrained devices).



NEW

The Working Group is charged with maintenance of the framework and existing profiles thereof, and may undertake work to specify profiles of the framework for additional secure communications protocols and for additional support services providing authorized access to crypto keys (that are not necessarily limited to constrained endpoints, though the focus remains on deployment ecosystems with a substantial portion of constrained devices).


Göran




On 2020-10-15, 19:50, "Ace" <ace-bounces@ietf.org> wrote:
Hi,
I would like to start the charter discussion. Here is a draft of a proposed charter [1].

It seems to be that additional discussion is needed with regard to the last paragraph related certificate management. In particular the discussion might revive a discussion that happened in 2017 [2] - when I was not co-chair of ACE -and considered other expired work such as [3]. Please make this discussion constructive on this thread.

The fundamental question is whether we need certificate management at this stage. If the answer is yes, and we have multiple proposals, it would be good to clarify the position of the different proposals and evaluate whether a selection is needed or not before validating the charter.

Please provide your inputs on the mailing list before October 30. Of course for minor edits, you may suggest them directly on the google doc.

Yours,
Daniel

[1] https://docs.google.com/document/d/1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY/edit?usp=sharing <https://protect2.fireeye.com/v1/url?k=4f3d9c3b-118c475b-4f3ddca0-86e2237f51fb-627e48b069462d70&q=1&e=6924b2a6-e7e5-4ec1-a1af-c94637953dc5&u=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY%2Fedit%3Fusp%3Dsharing>
[2] https://datatracker.ietf.org/doc/minutes-interim-2017-ace-03-201710191300/
[3] https://datatracker.ietf.org/doc/draft-selander-ace-eals/

--
Daniel Migault

Ericsson