Re: [Atlas] Charter Text
Phil Hunt <phil.hunt@oracle.com> Tue, 06 February 2018 19:31 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E30E212785F for <atlas@ietfa.amsl.com>; Tue, 6 Feb 2018 11:31:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.039
X-Spam-Level:
X-Spam-Status: No, score=-0.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7s5R46gTWbg9 for <atlas@ietfa.amsl.com>; Tue, 6 Feb 2018 11:31:41 -0800 (PST)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5348A124B17 for <atlas@ietf.org>; Tue, 6 Feb 2018 11:31:41 -0800 (PST)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w16JR4Nb154616; Tue, 6 Feb 2018 19:31:35 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : content-transfer-encoding : from : mime-version : subject : date : message-id : references : cc : in-reply-to : to; s=corp-2017-10-26; bh=MEZZIkaZDYIG6l3YK6By81Ocso3i9OgDwiupwlSpfEU=; b=ngsR86Q/+5T83gYR4iH+0ThXCAIBFbn+REGfHsaBwhF1XRYcIbS6q2rq8ryugGROuC4O nvpTVXxTsKNOF9UueiiB2sxLCI+K6AQ5jBh+KB/4Jp5ejMRCgHNcE6SaHBiHZHppT4ix 19i/M3XAT6AsF9xubrnktM41E/EE6AOHqVqbC/wx2vBovbmZdym+BaZd+WBIOWN/J8G6 mfaZ5BRDLWRpOTxmPfVbjLdWh1Y1w1eho/oekHh0QRnuj9bN4j8WJoY9Ca61EcolfiY6 Q7LXR95V7lZOdwvxI231RoJa5U8jwA2EabsczUbPA6Kqot/IM3iLXH2dH/XZJ/Szaffs 2g==
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2fyje9r6jy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 06 Feb 2018 19:31:35 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w16JVXpj029284 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 6 Feb 2018 19:31:34 GMT
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w16JVXR8019445; Tue, 6 Feb 2018 19:31:33 GMT
Received: from [10.0.1.20] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Feb 2018 11:31:32 -0800
Content-Type: multipart/alternative; boundary="Apple-Mail-1B47D4A5-B34D-4277-916C-893E150B161D"
Content-Transfer-Encoding: 7bit
From: Phil Hunt <phil.hunt@oracle.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 06 Feb 2018 11:18:40 -0800
Message-Id: <23D70521-5EB6-4A8A-B26E-5FB8135DD8A2@oracle.com>
References: <AM4PR0801MB27068EB6FF489F4EE5A14040FAFD0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <BB42A0A6-9491-4E53-928C-148D4B00D762@tzi.org> <0DE1D01D-EDD0-46CC-9545-F3D0D7CF16D5@akamai.com> <7a3a5b7e0a5c4d788e3e5d6aaa4884b7@XCH-RCD-012.cisco.com> <8A870748-7E84-4AE8-89CD-39825B986499@oracle.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, Carsten Bormann <cabo@tzi.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "atlas@ietf.org" <atlas@ietf.org>
In-Reply-To: <8A870748-7E84-4AE8-89CD-39825B986499@oracle.com>
To: "Owen Friel (ofriel)" <ofriel@cisco.com>
X-Mailer: iPhone Mail (15D60)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8797 signatures=668663
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802060244
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/MR6Z5XASSBKDvb7Sq9WsB9o5QFY>
Subject: Re: [Atlas] Charter Text
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 19:31:50 -0000
By this I am assuming ATLAS over COAP/DTLS gatewayed to HTTP/TLS. Phil > On Feb 6, 2018, at 9:12 AM, Phil Hunt <phil.hunt@oracle.com> wrote: > > For good or bad, gatewaying (UDP-based to IP-based) seems to be a big part of IoT architecture. Having an end-to-end app-layer solution seems like a strong use case. > > Phil > > Oracle Corporation, Identity Cloud Services Architect > @independentid > www.independentid.com > phil.hunt@oracle.com > >> On Feb 6, 2018, at 8:26 AM, Owen Friel (ofriel) <ofriel@cisco.com> wrote: >> >> ATLS over HTTPS is one of the key use cases we are trying to address, specifically for bootstrapping trust in middleboxes, which is a problem we encounter today. >> >> https://tools.ietf.org/html/draft-friel-tls-atls-00#section-3.1 >> >> >> From: Atlas [mailto:atlas-bounces@ietf.org] On Behalf Of Salz, Rich >> Sent: Tuesday 6 February 2018 15:43 >> To: Carsten Bormann <cabo@tzi.org>; Hannes Tschofenig <Hannes.Tschofenig@arm.com> >> Cc: atlas@ietf.org >> Subject: Re: [Atlas] Charter Text >> >> I think HTTP is not something to work on, as HTTPS exists and this will only cause confusion. Something more applicable might be SNMP or CoAP. >> >> >> From: Carsten Bormann <cabo@tzi.org> >> Date: Tuesday, February 6, 2018 at 4:48 AM >> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com> >> Cc: "atlas@ietf.org" <atlas@ietf.org> >> Subject: Re: [Atlas] Charter Text >> >> I still believe Jun 2018 is an impossible target, more so for BLE work. (and it's not "smart" any more). >> >> Sent from mobile >> >> On 6. Feb 2018, at 10:08, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: >> >> Application Transport LAyer Security (ATLAS) >> ============================================ >> >> # Charter for Working Group >> >> ## Background >> >> The Transport Layer Security (TLS) protocol has been a hugely successful security protocol and it is used by developers to secure connection-oriented as well as connection-less transport protocols. Under the hood, both TLS and DTLS consist of sub-protocols, namely the handshaking protocols and the record protocol. The handshaking protocols offer an authenticated key exchange protocol that establishes the necessary keys and parameters for protecting application data via the record protocol. Years have been spent in improving both protocols and particularly the more sophisticated handshaking protocols. The IETF TLS working group published many extensions and ciphersuites so that TLS can be customized for different environment. This flexibility and the availability of source code is appreciated by developers writing web applications, smart phone apps, and also for securing backend communication. With the need to secure embedded devices communicating with the cloud-based infrastructure TLS and DTLS has even found traction in the Internet of Things (IoT) community. >> >> ## Problem Statement >> >> TLS and DTLS sit between the transport layer, such as TCP and UDP, and the applications. Hence, TLS and DTLS offer protection of application traffic exchanged between the endpoints of the transport layer. There are, however, deployments where security protection needs to be applied beyond these two transport layer endpoints. Use cases include deployments where proxies terminate connections along the path or where devices transmit data first over a non-IP transport, such as Bluetooth Smart, before IP communication starts at the smart phone towards a cloud-based infrastructure. >> >> While application layer security mechanisms already exist, such as CMS, JOSE, and COSE offering protection of application data those are focused on one-shot message exchanges. >> Securing one-shot payloads, such as firmware updates in an IoT context (such as work done in the IETF SUIT working group), is therefore outside the scope of this work. >> >> There is a need to offer application layer security for communication that is session based, i.e., where communication establishment is followed by an exchange of an arbitrary number of application data. This application layer security mechanism requires authentication of the endpoints, and a modern a key exchange protocol. The result of a positive handshake will lead to the establishment of keying material and negotiated algorithms for confidentiality, integrity and replay protection of application data. >> >> The TLS protocol has also been used in environments not initially anticipated by the TLS authors, such as in EAP-TLS/EAP-TTLS for network access authentication where the TLS handshake is carried over EAP payloads. Furthermore, with DTLS-SRTP the DTLS handshake has been used to establish security associations for protecting RTP. As such, there is also a precedence for embedding TLS in "applications" (whereby EAP would be here the network access authentication application). >> >> ## Goal of this Group >> >> This group will develop specifications that define embeddings for different application protocols, such as CoAP, HTTP, and Bluetooth Smart. Such embeddings come with appropriate security considerations. The group will also work on specifications that describe how to deriving keying material for protecting application payloads using JOSE and COSE. >> >> This group will maintain a close relationship with the TLS working group as well as with relevant application and IoT-relevant working groups in the IETF. >> >> # Milestones >> >> May 2018 Adopt "Architecture and Use Case" document as WG item >> >> Jun 2018 Adopt "Application Layer TLS Embedding in HTTP" specification as WG item >> >> Jun 2018 Adopt "Application Layer TLS Embedding in CoAP" specification as WG item >> >> Jun 2018 Adopt "Application Layer TLS Embedding in Bluetooth Smart" specification as WG item >> >> Oct 2018 Submit "Architecture and Use Case" document to the IESG for publication as an Informational Standard. >> >> Nov 2018 Submit "Application Layer TLS Embedding in HTTP" specification to the IESG for publication as an Proposed Standard. >> >> Nov 2018 Submit "Application Layer TLS Embedding in CoAP" specification to the IESG for publication as an Proposed Standard. >> >> Nov 2018 Submit "Application Layer TLS Embedding in Bluetooth Smart" specification to the IESG for publication as an Proposed Standard. >> >> # References: >> >> Currently available proposals include: >> - draft-schmertmann-dice-codtls-00 >> - draft-bhattacharyya-dice-less-on-coap-00 >> - draft-garcia-core-app-layer-sec-with-dtls-record-00 >> - draft-friel-tls-atls-00 >> >> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. >> _______________________________________________ >> Atlas mailing list >> Atlas@ietf.org >> https://www.ietf.org/mailman/listinfo/atlas >> _______________________________________________ >> Atlas mailing list >> Atlas@ietf.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_atlas&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=mNoVTryfwAw76glrLzdY2boQ-bCd4p9Wa8Udh57pm10&s=r3eqU9_996MIVpWez-8B-KtrKPbqz1aIdlXB17zDYKw&e= > > _______________________________________________ > Atlas mailing list > Atlas@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_atlas&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=3EEciKmhOOPIej7eP0FeKE7bCJmy4ShV0Uak-gy8Gjo&s=H4-7IQ5ACW3Cs_V0XA82SsZFd5ugLIk7rNsqqXUxNZk&e=
- Re: [Atlas] Charter Text Carsten Bormann
- [Atlas] Charter Text Hannes Tschofenig
- Re: [Atlas] Charter Text Hannes Tschofenig
- Re: [Atlas] Charter Text Carsten Bormann
- Re: [Atlas] Charter Text Salz, Rich
- Re: [Atlas] Charter Text Owen Friel (ofriel)
- Re: [Atlas] Charter Text Hannes Tschofenig
- Re: [Atlas] Charter Text Phil Hunt
- Re: [Atlas] Charter Text Phil Hunt