IETF Logo Mail Archive

[Atlas] Application Transport LAyer Security (ATLAS) Charter Text

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 22 January 2018 21:01 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: atlas@ietfa.amsl.com
Delivered-To: atlas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B40012D77B for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 13:01:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBHhRH0bzkPR for <atlas@ietfa.amsl.com>; Mon, 22 Jan 2018 13:01:00 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on0627.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0a::627]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23B012D77E for <atlas@ietf.org>; Mon, 22 Jan 2018 13:00:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XkvofqQ1102jY0voY6aqTh58EKeUX/QiHBCnusiWlPw=; b=OZ7+n8eiL3FNDsP4hsGO0IDxWdlnxPMME24gXaGGeCW/5D5K72byNujpzovZjRCuAVW19TXdHRY5nkPpM3YvD0I/1S9PMAJM0bmwIkNAy39EGfNZ5LJgWv0kKYdRhTEV8xetGdIjoQ5TsXrS0cSXXVJ8VH+7kmbFVqsd4Y4BEyc=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.428.17; Mon, 22 Jan 2018 21:00:56 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::b863:80d:692b:e64b%14]) with mapi id 15.20.0428.019; Mon, 22 Jan 2018 21:00:56 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "atlas@ietf.org" <atlas@ietf.org>
Thread-Topic: Application Transport LAyer Security (ATLAS) Charter Text
Thread-Index: AdOTwyPirW/e5/LOQWOr6hMZrGuG4w==
Date: Mon, 22 Jan 2018 21:00:55 +0000
Message-ID: <AM4PR0801MB2706895905D2634096D4A11BFAEC0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [217.140.111.135]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 7:vstzrZbYoyrIo2lrYwu4hYseD+zXvrCahzANxe7ExHEeuJqWPt0z/mlR7DUTKkyRgmbpoEtkj4SPbYR/fiJufpG55EAs1Ac4Ci+zYXkmgpwzHXZlXCnxRzL+Cyt8mgM77vsy9fX8rayOwYnTzq+7HdHdzBtk2Rfo9Rqei4Tm9VJvLGeFknbxLYHxDZKHTrDqAHITj+l+tA63Y3EeI/vYobWIEYMgqagCvE8aXblyPpOYXUIis8I1fwXxTT1Oh7+4
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 1a3f1473-e017-41d4-2e01-08d561db3b25
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(48565401081)(2017052603307)(7153060)(7193020); SRVR:AM4PR0801MB2708;
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB27083A7C64491E077554F4F8FAEC0@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(192374486261705)(211936372134217)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3231023)(2400081)(944501161)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041288)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AM4PR0801MB2708;
x-forefront-prvs: 0560A2214D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(39380400002)(346002)(366004)(39860400002)(199004)(189003)(53754006)(40434004)(59450400001)(478600001)(26005)(5640700003)(2351001)(105586002)(7736002)(72206003)(106356001)(14454004)(55016002)(9686003)(54896002)(6306002)(6436002)(53936002)(102836004)(99286004)(2900100001)(966005)(7696005)(74316002)(6506007)(5250100002)(3660700001)(97736004)(10710500007)(33656002)(2906002)(2501003)(3280700002)(86362001)(68736007)(8936002)(6116002)(8676002)(1730700003)(81156014)(81166006)(3846002)(790700001)(6916009)(66066001)(316002)(2420400007)(561944003)(15650500001)(5660300001)(5890100001)(5630700001)(7110500001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: L6NJCvl2NEraAMUvVdWY03GcTO3XudUidjlZV4XeTDSsUw/GDW1t0+ETcSAz8aLvAnw5ABcFTUXOhVJnwN2EpQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706895905D2634096D4A11BFAEC0AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1a3f1473-e017-41d4-2e01-08d561db3b25
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jan 2018 21:00:56.0036 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/atlas/jgKzCT5eSAWIwARBoqWSH537_UA>
Subject: [Atlas] Application Transport LAyer Security (ATLAS) Charter Text
X-BeenThere: atlas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Application Transport LAyer Security <atlas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atlas>, <mailto:atlas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/atlas/>
List-Post: <mailto:atlas@ietf.org>
List-Help: <mailto:atlas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atlas>, <mailto:atlas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2018 21:01:02 -0000

Hi all,

Below you can find a first strawman proposal for the charter text of the ATLAS group. Following the discussions around the Singapore IETF meeting the idea is to have time at the London IETF meeting to find out whether there is enough interest but also where this work should happen (i.e., new group or an existing group).

As you can see from the available drafts (see below) the use cases cover the Web as well as IoT environments.

Ciao
Hannes

-------

Application Transport LAyer Security (ATLAS)

Charter for Working Group

The Transport Layer Security (TLS) protocol has been huge successful protocol in the market place and it is used by developers to secure connection-oriented as well as connection-less transport protocols. Under the hood, both TLS and DTLS consist of sub-protocols, namely the handshaking protocols and the record protocol. The handshaking protocols offer an authenticated key exchange protocol that establishes the necessary keys and parameters for protecting application data via the record protocol. Years have been spent in improving both protocols and particularly the more sophisticated handshaking protocols. Through standardization in the IETF TLS working group many extensions and ciphersuites have been published and implemented that allow TLS to be customized for different environment. This flexibility and the availability of source code is appreciated by developers writing web applications, smart phone apps, and also for securing backend communication. With the need to secure embedded devices communicating with the cloud-based infrastructure TLS and DTLS has even found traction in the Internet of Things (IoT) community.

TLS and DTLS sit between the transport layer, such as TCP and UDP, and the applications. Hence, TLS and DTLS offer protection of application traffic exchanged between the endpoints of the transport layer. There are, however, deployments where security protection needs to be applied beyond these two transport layer endpoints. Use cases include deployments where proxies terminate connections along the path or where devices transmit data first over a non-IP transport, such as Bluetooth Smart, before IP communication starts at the smart phone towards a cloud-based infrastructure.

There is a need to offer application layer security for communication that is session based, i.e., where communication establishment is followed by an exchange of an arbitrary number of application data. Securing one-shot payloads, such as firmware updates in an IoT context, is outside the scope of this work. This application layer security mechanism requires authentication of the endpoints, and a modern a key exchange protocol. The result of a positive handshake will lead to the establishment of keying material and negotiated algorithms for confidentiality, integrity and replay protection of application data.

Instead of re-designing a key exchange protocol this group will re-use the TLS handshaking protocols at the application layer for establishing keying material to protect application data.

This group will maintain a close relationship with the TLS working group as well as with relevant application and IoT-relevant working groups in the IETF.

Milestones

May 2018    Adopt "Architecture and Use Case" document as WG item

Jun 2018    Adopt "Application Layer TLS" specification as WG item.
            Currently available proposals include:

-   draft-schmertmann-dice-codtls-00

-   draft-bhattacharyya-dice-less-on-coap-00

-   draft-garcia-core-app-layer-sec-with-dtls-record-00

-   draft-tschofenig-layered-tls-00

-   draft-friel-tls-over-http-00

-   and https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security

Oct 2018    Submit "Architecture and Use Case" document to the IESG for publication as an Informational Standard.

Nov 2018    Submit "Application Layer TLS" specification to the IESG for publication as an Proposed Standard.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email