IETF Logo Mail Archive

Re: [Atlas] Charter Text

"Salz, Rich" <rsalz@akamai.com> Tue, 06 February 2018 15:43 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3407112D84C for <atlas@ietfa.amsl.com>; Tue, 6 Feb 2018 07:43:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.71
X-Spam-Level:
X-Spam-Status: No, score=-0.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-yiqt_RubcE for <atlas@ietfa.amsl.com>; Tue, 6 Feb 2018 07:43:31 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8D012E055 for <atlas@ietf.org>; Tue, 6 Feb 2018 07:43:28 -0800 (PST)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w16FhPxf014075; Tue, 6 Feb 2018 15:43:25 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=trFPL8qCxv7FYGQzAJN6jFzlb8W6GHqiviW52/8CeKI=; b=LnokWkuCLaihKLcaw9tsh/RQDEt/xN82EKxhiNZSMFHKoYpFVFHl3diizzZ88pGiPVIx wLQSH38md4qKS8Or3whPexCwcH2mG2Fn3oiZ3qQfnttdAwJLEeqkQdUswAmxKg1clTGD CDXiRT+N5YPXyhzym7mXr9BSNrZFpLdtPTah3BVvZOpwEzrc7ZTLYFGZFF9aeDnBPdZr TDahG0xvesl4RHyd4L97NxLxFlcnydZyBqNmRELLhh3agt2F/LJ7w18FD6ojSJgOWXt/ QOdnARaOMHHMLiOgZmWTJmc1x7ZH+qcAkVxVJJ35TWpVWnLs+mZuygSUx+3GV2vM1xBm Jg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050096.ppops.net-00190b01. with ESMTP id 2fw6cahqxk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Feb 2018 15:43:24 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w16FfDSS009935; Tue, 6 Feb 2018 10:43:24 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2fw9a022e0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 06 Feb 2018 10:43:23 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 6 Feb 2018 10:43:22 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Tue, 6 Feb 2018 10:43:23 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Carsten Bormann <cabo@tzi.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "atlas@ietf.org" <atlas@ietf.org>
Thread-Topic: [Atlas] Charter Text
Thread-Index: AdOfKeYW6yeRFqRbQSOHRJKvG3bKxAAL5WYAAAxpOgA=
Date: Tue, 06 Feb 2018 15:43:22 +0000
Message-ID: <0DE1D01D-EDD0-46CC-9545-F3D0D7CF16D5@akamai.com>
References: <AM4PR0801MB27068EB6FF489F4EE5A14040FAFD0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <BB42A0A6-9491-4E53-928C-148D4B00D762@tzi.org>
In-Reply-To: <BB42A0A6-9491-4E53-928C-148D4B00D762@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.36.204]
Content-Type: multipart/alternative; boundary="_000_0DE1D01DEDD046CC9545F3D0D7CF16D5akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-06_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802060198
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-06_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802060198
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/JiAXQMFk8-kLdMXM0Gs1qww7Ztc>
Subject: Re: [Atlas] Charter Text
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 15:43:34 -0000

I think HTTP is not something to work on, as HTTPS exists and this will only cause confusion.  Something more applicable might be SNMP or CoAP.


From: Carsten Bormann <cabo@tzi.org>
Date: Tuesday, February 6, 2018 at 4:48 AM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "atlas@ietf.org" <atlas@ietf.org>
Subject: Re: [Atlas] Charter Text

I still believe Jun 2018 is an impossible target, more so for BLE work. (and it's not "smart" any more).
Sent from mobile

On 6. Feb 2018, at 10:08, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:
Application Transport LAyer Security (ATLAS)
============================================

# Charter for Working Group

## Background

The Transport Layer Security (TLS) protocol has been a hugely successful security protocol and it is used by developers to secure connection-oriented as well as connection-less transport protocols. Under the hood, both TLS and DTLS consist of sub-protocols, namely the handshaking protocols and the record protocol. The handshaking protocols offer an authenticated key exchange protocol that establishes the necessary keys and parameters for protecting application data via the record protocol. Years have been spent in improving both protocols and particularly the more sophisticated handshaking protocols. The IETF TLS working group published many extensions and ciphersuites so that TLS can be customized for different environment. This flexibility and the availability of source code is appreciated by developers writing web applications, smart phone apps, and also for securing backend communication. With the need to secure embedded devices communicating with the cloud-based infrastructure TLS and DTLS has even found traction in the Internet of Things (IoT) community.

## Problem Statement

TLS and DTLS sit between the transport layer, such as TCP and UDP, and the applications. Hence, TLS and DTLS offer protection of application traffic exchanged between the endpoints of the transport layer. There are, however, deployments where security protection needs to be applied beyond these two transport layer endpoints. Use cases include deployments where proxies terminate connections along the path or where devices transmit data first over a non-IP transport, such as Bluetooth Smart, before IP communication starts at the smart phone towards a cloud-based infrastructure.

While application layer security mechanisms already exist, such as CMS, JOSE, and COSE offering protection of application data those are focused on one-shot message exchanges.
Securing one-shot payloads, such as firmware updates in an IoT context (such as work done in the IETF SUIT working group), is therefore outside the scope of this work.

There is a need to offer application layer security for communication that is session based, i.e., where communication establishment is followed by an exchange of an arbitrary number of application data.  This application layer security mechanism requires authentication of the endpoints, and a modern a key exchange protocol. The result of a positive handshake will lead to the establishment of keying material and negotiated algorithms for confidentiality, integrity and replay protection of application data.

The TLS protocol has also been used in environments not initially anticipated by the TLS authors, such as in EAP-TLS/EAP-TTLS for network access authentication where the TLS handshake is carried over EAP payloads. Furthermore, with DTLS-SRTP the DTLS handshake has been used to establish security associations for protecting RTP. As such, there is also a precedence for embedding TLS in "applications" (whereby EAP would be here the network access authentication application).

## Goal of this Group

This group will develop specifications that define embeddings for different application protocols, such as CoAP, HTTP, and Bluetooth Smart. Such embeddings come with appropriate security considerations. The group will also work on specifications that describe how to deriving keying material for protecting application payloads using JOSE and COSE.

This group will maintain a close relationship with the TLS working group as well as with relevant application and IoT-relevant working groups in the IETF.

# Milestones

May 2018    Adopt "Architecture and Use Case" document as WG item

Jun 2018    Adopt "Application Layer TLS Embedding in HTTP" specification as WG item

Jun 2018    Adopt "Application Layer TLS Embedding in CoAP" specification as WG item

Jun 2018    Adopt "Application Layer TLS Embedding in Bluetooth Smart" specification as WG item

Oct 2018    Submit "Architecture and Use Case" document to the IESG for publication as an Informational Standard.

Nov 2018    Submit "Application Layer TLS Embedding in HTTP" specification to the IESG for publication as an Proposed Standard.

Nov 2018    Submit "Application Layer TLS Embedding in CoAP" specification to the IESG for publication as an Proposed Standard.

Nov 2018    Submit "Application Layer TLS Embedding in Bluetooth Smart" specification to the IESG for publication as an Proposed Standard.

# References:

Currently available proposals include:
- draft-schmertmann-dice-codtls-00
- draft-bhattacharyya-dice-less-on-coap-00
- draft-garcia-core-app-layer-sec-with-dtls-record-00
- draft-friel-tls-atls-00

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
Atlas mailing list
Atlas@ietf.org<mailto:Atlas@ietf.org>
https://www.ietf.org/mailman/listinfo/atlas<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_atlas&d=DwMCaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=njNAxyrfzDwrzrtyETvuLKnCTuH_KmwAYxNHvQM_F68&s=fgZeowldfUecrs7gFM2PNjqexSlQKvtnJ2gHYZ8Hhhk&e=>

v2.23.0 | Report a Bug | By Email