Re: [Ace] Charter discussion

Daniel Migault <mglt.ietf@gmail.com> Tue, 17 November 2020 23:02 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 901523A0E8B for <ace@ietfa.amsl.com>; Tue, 17 Nov 2020 15:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2wzQxUVvXAe for <ace@ietfa.amsl.com>; Tue, 17 Nov 2020 15:02:19 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 840DC3A0E83 for <ace@ietf.org>; Tue, 17 Nov 2020 15:02:19 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id f7so12034274vsh.10 for <ace@ietf.org>; Tue, 17 Nov 2020 15:02:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Fj/+JzImj7GPeJ2/mGr938UJWvkEFQCh4wSYRjyz+Sk=; b=L8SbLw3G7M/e8yUr58IIGfZUDbC8aw75+vvU8uWy7hlCkALgoWNBVtl0gAiP7KLt25 L4BHoowNIjvNtWPrlFQnCZiKuO7RX6iScUOwOY6O8Rr6BgymHzBPwURSXQ3VgqKrRAHT sivXG/vX3vtnh6VoLg1hdFhUtdnOQcpN97x3WC4Z6y1XgRk8AoY1Mu2D0TD7WRC2JYv5 +bbXn+EEHyiAL2GI+++/xsZX310cjZjBcxBGwBsnE64ClG0EPAVgbBUbGAnmfCkdruqy 7ElpVMrGZxy6dkxhVXVb//xIff4DFW1Jiw8/iJ0ZC3knmzUW8pgCQeYoTJE73ul6XRjO 5/xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Fj/+JzImj7GPeJ2/mGr938UJWvkEFQCh4wSYRjyz+Sk=; b=IfG7SdrJw1D0NrDnp3qpx4bNb4kzJaz6qoBXUNBCxh8hWRdYZzxolFDKCrxyXNgEWr +jsd0Ge5AWeHwZ/QnjUYkt3IU2BtpEaySKGgs5UHgmidkRNL3wrx1Fqf8A/EjWpjdy5a 91wYZu7ylmZrOIx9podfEjph4xEKwwyQFxvn01tLLH1D6cVLaKzg4EOxKVPWQex6xGse slcY5krcEFK25rMpOT9ovi3BhHTUIa0n3xgu/c9JVANUGHk0o1NpimGQM2AxuFTJ1J6T HC1m9rpEE3jyIjrlOeAeirkYM1KW648IRHHWY0o0pmBvIdM7sYL6maxEy/71rmXLHaAU qkhQ==
X-Gm-Message-State: AOAM533ROAT1Y11yatC3ztoRJAOCanDoIc7Fa7OUUNpIxLHpnRt9/iuJ QYCY1iwhar9HHiqsfP0mUzd1MUSTJIP+ta5hkju9n2NAh2Y7KA==
X-Google-Smtp-Source: ABdhPJyGxl8PC8bu3cx68qQFwGEC7pjrWgKku5g6WwzsCU072xi1msi1U+tRLz5ndCnrR51+SmOtbIzzKql2SuhJx7w=
X-Received: by 2002:a67:6981:: with SMTP id e123mr1678434vsc.40.1605654138511; Tue, 17 Nov 2020 15:02:18 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTkmnV_Dhb5iXzykUyEAskLDg7tj=80CbEBGmSyFQNS2FHw@mail.gmail.com> <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0702MB36740BAAFD7FDA2688564BF7F4E60@HE1PR0702MB3674.eurprd07.prod.outlook.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Tue, 17 Nov 2020 18:02:07 -0500
Message-ID: <CADZyTkkpLRvqD5Vx704u=qbRvE82o4cKk3Ff2Y2ZXes_B+nRbA@mail.gmail.com>
To: =?UTF-8?Q?G=C3=B6ran_Selander?= <goran.selander@ericsson.com>
Cc: Ace Wg <ace@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ee5d405b4557c8e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/gLF1jiw4j1zslwFhckMmU9JVlTQ>
Subject: Re: [Ace] Charter discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 23:02:22 -0000

Hi Goran,

I added the text to the charter we will discuss later.

Yours,
Daniel

On Fri, Nov 13, 2020 at 10:26 AM Göran Selander <goran.selander@ericsson.com>
wrote:

> Hi Daniel,
>
>
>
> Here’s another input to the charter.
>
>
>
> The current group key management solutions addresses the problem of
> authorized access to group keys and public keys of group members.
>
>
>
> A related problem is authorized access of public keys of other devices not
> necessarily part of a security group, in the sense of sharing a symmetric
> key used to protect group messages.
>
>
>
> Authorized access to raw public keys serves an important function in
> constrained settings where public key certificates may not be feasible due
> to the incurred overhead, e.g. for when authenticating using EDHOC
> (draft-ietf-lake-edhoc).
>
> This functionality is thus a subset of what is already supported, but
> since the current solution is geared towards groups a different solution
> may be needed (although it is probably possible to reuse parts from the
> existing schemes for provisioning and requesting public keys).
>
>
>
> With this in mind, I propose the following change (highlighted in boldface
> below):
>
>
>
> OLD
>
> The Working Group is charged with maintenance of the framework and
> existing profiles thereof, and may undertake work to specify profiles of
> the framework for additional secure communications protocols (that are not
> necessarily limited to constrained endpoints, though the focus remains on
> deployment ecosystems with a substantial portion of constrained devices).
>
>
>
> NEW
>
> The Working Group is charged with maintenance of the framework and
> existing profiles thereof, and may undertake work to specify profiles of
> the framework for additional secure communications protocols *and **for
> additional **support services **providing* *authorized access to crypto* *keys
> *(that are not necessarily limited to constrained endpoints, though the
> focus remains on deployment ecosystems with a substantial portion of
> constrained devices).
>
>
>
> Göran
>
>
>
>
>
>
>
> On 2020-10-15, 19:50, "Ace" <ace-bounces@ietf.org> wrote:
>
> Hi,
>
> I would like to start the charter discussion. Here is a draft of a
> proposed charter [1].
>
>
>
> It seems to be that additional discussion is needed with regard to the
> last paragraph related certificate management. In particular the discussion
> might revive a discussion that happened in 2017 [2] - when I was not
> co-chair of ACE -and considered other expired work such as [3]. Please make
> this discussion constructive on this thread.
>
>
>
> The fundamental question is whether we need certificate management at this
> stage. If the answer is yes, and we have multiple proposals, it would be
> good to clarify the position of the different proposals and evaluate
> whether a selection is needed or not before validating the charter.
>
>
>
> Please provide your inputs on the mailing list before October 30. Of
> course for minor edits, you may suggest them directly on the google doc.
>
>
>
> Yours,
>
> Daniel
>
>
>
> [1]
> https://docs.google.com/document/d/1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY/edit?usp=sharing
> <
> https://protect2.fireeye.com/v1/url?k=4f3d9c3b-118c475b-4f3ddca0-86e2237f51fb-627e48b069462d70&q=1&e=6924b2a6-e7e5-4ec1-a1af-c94637953dc5&u=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1RtxUSvUeBdZWoQkjSj2c3DtR8DuBwPM2BnBXhoDiptY%2Fedit%3Fusp%3Dsharing>
>
>
> [2]
> https://datatracker.ietf.org/doc/minutes-interim-2017-ace-03-201710191300/
>
> [3] https://datatracker.ietf.org/doc/draft-selander-ace-eals/
>
>
>
> --
>
> Daniel Migault
>
>
>
> Ericsson
>


-- 
Daniel Migault
Ericsson