Re: [Danish] Proposed WG Charter

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 13 June 2021 23:04 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE2DD3A139C for <danish@ietfa.amsl.com>; Sun, 13 Jun 2021 16:04:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BTp0O7oEokju for <danish@ietfa.amsl.com>; Sun, 13 Jun 2021 16:04:30 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071AE3A1399 for <danish@ietf.org>; Sun, 13 Jun 2021 16:04:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 693B738B1E for <danish@ietf.org>; Sun, 13 Jun 2021 19:05:31 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id M1xEyATkUkQI for <danish@ietf.org>; Sun, 13 Jun 2021 19:05:30 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id B83DF38AF1 for <danish@ietf.org>; Sun, 13 Jun 2021 19:05:30 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B57E3C9B for <danish@ietf.org>; Sun, 13 Jun 2021 19:04:26 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: danish@ietf.org
In-Reply-To: <YMZwG/l/pne2tHJF@straasha.imrryr.org>
References: <CAEfM=vRA4P7As25Krc64Q5QTEuQZidpmzWgXWivOxOm8x-9ZAw@mail.gmail.com> <YMZwG/l/pne2tHJF@straasha.imrryr.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 13 Jun 2021 19:04:26 -0400
Message-ID: <4978.1623625466@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/82_yLmpdnjB6Lepsz5zfaV6Kw-I>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jun 2021 23:04:35 -0000

Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
    >> The now closed DANE working group (WG) produced a mechanism that
    >> supported authentication of TLS server identities via a DNSSEC-secured
    >> infrastructure.  Operational experience with DANE has validated the
    >> utility of a DNS-enabled mechanism for discovering authenticated keys,
    >> but has also shown that reliance on DNSSEC is a significant barrier to
    >> adoption.

    > The term "discovering authentication keys" is not defined here.  It is
    > not clear that avoiding DNSSEC will make things simpler.  Which is the
    > more important barrier here, zone signing, or access to validating
    > resolvers?

I think that those are good questions, but it may be too much for a charter.
I don't think charters should worry about definitions :-)

We had a lot of nodding at the BOF.
Looking at the conflicts and having watched the conflicting WG sessions (and
who making noise there and not at our BOF) I'm sure that this at least party
due to some people being elsewhere :-)

    >> A Certificate Authority (CA) is one example of a PKI which can be used for

    > FWIW, the established term of art is "Certification Authority".

:-)
What a great discussion that was a year ago, eh?

    >> to enable the messaging security use case, in a manner which will work
    >> securely in the absence of DNSSEC.

    > Why is avoiding DNSSEC simpler than making it more compelling to deploy?

I see this as a sticking point.
Those who like DNSSEC will dislike working around it.
Those who think DNSSEC will never sail will use this to sink it.

    >> -Scope of work
    >> DANISH will specify the TLS session and message security use cases and an
    >> architecture describing the primary components and interaction patterns.

    > I think the charter should go some way to clarifying the intended use
    > cases.

I think that's actually more than a charter should say.
The charter needs to specific enough to tell people if they are interested in
the problem, and motivate them enough to read a use case document.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide