IETF Logo Mail Archive

Re: [Danish] Updated charter post BOF discussion

Roman Danyliw <rdd@cert.org> Wed, 01 September 2021 17:24 UTC

Return-Path: <rdd@cert.org>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8542E3A0E8E for <danish@ietfa.amsl.com>; Wed, 1 Sep 2021 10:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56xPhwWA6ACc for <danish@ietfa.amsl.com>; Wed, 1 Sep 2021 10:24:20 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0135.outbound.protection.office365.us [23.103.209.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6109A3A0E6D for <danish@ietf.org>; Wed, 1 Sep 2021 10:24:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=k8OVyzJ6lFzSY/O6DDLjJqTUBzKU+8jXLtA79O4exjxz16Vs7l+QQmWWsCsRkvqadHWLFQmoXWG9DPB1k67gSxkm6TsXrInXJVzAE3sPB45kB9KakWZsxZganh2cSaN69v3h3RRmsvRJmmHU79/pM3kLCLSKLnD7vqEit10Kyi2nBpVMeb2e2kTcNa7f1dc1nSObFkLg/6vY3wlXDy+LxWFU7dyYtK2Rse0YM/z823MptZ9/mMcC71KYWZH1p1K8+G1zHztm10xcT18tM9Z3b+vaSHsjDts8vCF6UbiaNWQ0fwbenMmEHLJbQ7dIgNuzUjb+/6R0PBAb99qTRGmMiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xbpd3WLSmfATjcDDoP7h4cnHhyQKqlWlo5a7zqrmMd8=; b=jBJQ6ETy62cfj5nkzG+rqLMy1/qcj6lZwKMuFLdkY3uenwL6u79NCiS6MDCMprVENRa/7iGI6vw30mFnK739wCZApTjaV2aq26mSlxCngkZywyl62ujXVM2I1nhw2NonK3bvtjOlXlszWoWSW0ui3/OuhJS9xsRLLnzG1JgpmiESRpcY+f4gN1q1IG1pSlel4ZtftqYgo610DrkaiglCUwHaNlaMAwV9zff+qy8DaDFyIPi8VOgQGwoEIx0WwRitXSadchxPNI1GW9sshco7nYpyUjt3aZk/08VrxW+6NDAyXfiCXW6V1VyfNyJYM5oT0dKKLqrZf1bhsVJ0fhP1iw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xbpd3WLSmfATjcDDoP7h4cnHhyQKqlWlo5a7zqrmMd8=; b=D4tMTwR885hqaF2x6gVbvKOJtxbtz9BviSYCKoO3X9OCECDB4Rd5hdsMe1gDfWGtWYJX53pGvEOALfxbjVmAX02hId7jVQf3PM7A6Z4bzvEFIYNqmhhaicqdqF1FulyupKG0O8x4mN/oUvealEjn79GvgsyPoYvl54uvIyoU0iM=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0738.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.23; Wed, 1 Sep 2021 17:24:12 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::93b:40b5:d4b6:9650]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::93b:40b5:d4b6:9650%5]) with mapi id 15.20.4436.029; Wed, 1 Sep 2021 17:24:12 +0000
From: Roman Danyliw <rdd@cert.org>
To: "danish@ietf.org" <danish@ietf.org>
CC: Wes Hardaker <wjhns1@hardakers.net>
Thread-Topic: [Danish] Updated charter post BOF discussion
Thread-Index: AQHXlTHAc6qX73hVFUiuhPwef7xSOauPfoCQ
Date: Wed, 01 Sep 2021 17:24:12 +0000
Message-ID: <BN1P110MB093936A7DE6FBE0A12986A50DCCD9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <yblh7fldy3z.fsf@w7.hardakers.net>
In-Reply-To: <yblh7fldy3z.fsf@w7.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d03d7013-f0ff-4aae-a6c9-08d96d6d509c
x-ms-traffictypediagnostic: BN1P110MB0738:
x-microsoft-antispam-prvs: <BN1P110MB0738BF7FAAE75D4EC91A0B39DCCD9@BN1P110MB0738.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Qs3mJ0UFnEt5OoD2Fzfo/CPc5vMyjT+AhzsqYxUYKP+iwmrSBVNHY5wQcd8z9OpyDc3FNqPgqqODKpARUG7KZDGqZL3ieKtL7wTJTL5Vh6xb68Ar7Dn3pQydXmgwa9UenSGwEnHdektP8+lkjJKKYFR0fCaZkeqHMwx7L+FR9cUkwt1W3P8TSjPaVBZITq7TIeRjss/VQxOf6O+AX6b4cqB8GXhyGHUvit9mwh6QgIniYIMjQzTyD8wc/DUoSwHGzvW8NVLIkqWLe2+6yPYJKc04EVFTq9kLQCy9bhnlRVhXR14XIfDSKNmFv2HO2SRrz9pDVmWqLSkT1+lfwutuaqZqJ+G357fEz1x/tKUhxCETUJSF4YTE8YmRxtQn1Y4M7T5hoU2gD6ETlNoXE2gJjPt7QyOjAfSazRelxJrCr8Rz5G+e1nlhACgDWSP9sb/IOUkeEvxZzUCgY2IQ+2u8QzCR0/m/Qt1gkJDZowWEgUDIrs/azT6x4DHgd8Cmkd0qf2yPeQlXCKc2x5IieXR/TNflJzaDHdsfwgD5phASR8iVMdTVub3fobYYS1kHyhUut0k4UgRC70wVGfzMeYfaAgxYBfGs8i3MVNPzryYXJpnZcTSuiquXCa4R6LjqL85VO5B9PPtGIKoNjOkpnMYewJrzuQCs3ZVQGKHNSDLRgCMI9durUQJsvqL4qoeqV1/9CpmwDInYUXDwsQPiYDmtgA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(5660300002)(9686003)(4326008)(55016002)(52536014)(38100700002)(66946007)(76116006)(66476007)(122000001)(66446008)(64756008)(66556008)(83380400001)(66574015)(86362001)(2906002)(6506007)(8936002)(8676002)(15650500001)(38070700005)(7696005)(966005)(26005)(71200400001)(186003)(53546011)(33656002)(6916009)(498600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vzmwdcshGFDtx+xRLRO/KnC8qR8bZqYTfOTobkNDoAllCL4XxXqO3Toi1n9FfTc0iV/jQAQcs0bP43WZsqlkLS8ebim9YXESr+Fr7PpyhpAtHyVc1KamN+BtIx5l0DlBBF/72JnPdJQSF3rRj4jzJp7DlTmBUSA2bFQy3iRVqzkqOZLCATPpPpdL5aF6VwptcrZZLcbAi4VYbe3YfjwM+nMSAIGJ0NmD2gESwefaM3TMVWARPNO2cwrP7MLbl3IZwj2hBlhuK8mONq61cnCscfM++h5hYfEh37FDJYVWIxKXX9h3ecmVxebUuvoQiGIdfBl8Hxm9NcVhd2kI4TmDMhAqls4AlvItXbM2qhlW3tCetq+vvjfr2u3ZK2LW177R48dVdHaaO1h9574ozNBdsxf4jJNxdFCQ2KaPJCJSkgjWLjuDz2vF0eFRr0mgLsf+puDcfrDkd5Goap8hAZcZKcE5dyrytcADpYOWAttbuf6U32yAggyWroiFrM17o+rxfxIZABU1ROACebl5qB9sZZOSAUZOKjLLfb+TgpykHCkj8OCnj32lWls3SewN1rk4DwtRBqeoieHXDrPiG/zKEWGQNHD4cIyTM89kvRjR8Xp3YC7usrWCn80y4G8QuCC8c1J3YQRpNV/qxCquHkMjYH0St6t1nWravfNpmYpMWamCV1CLlnZrRiP24OnYsXnauecMg5n2KyhO2QoVEUz390pAb36snFcoWOVdWAiWnHw=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d03d7013-f0ff-4aae-a6c9-08d96d6d509c
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2021 17:24:12.0432 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0738
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/EYNYvaRKE8X7AUKMpc3r9I0D6r4>
Subject: Re: [Danish] Updated charter post BOF discussion
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 17:24:26 -0000

Hi!

Based on the feedback to this specific charter text and the general support during the DANISH BOF at IETF 111, I'm going to be formally begin the chartering process.

Unlike the BOF name of DANISH, the proposed WG will be DANCE (DANE Authentication for Network Clients Everywhere).  The 00-00 version of the charter will be the text below.  To avoid future confusion on the associated mailing list (and after consultation with the chairs), we're going to sunset the DANISH mailing list (danish@ietf) in favor of a new DANCE mailing list (dance@ietf).

Thanks for all of the discussion and coordination to date to get us to this point.

Regards,
Roman

> -----Original Message-----
> From: Danish <danish-bounces@ietf.org> On Behalf Of Wes Hardaker
> Sent: Thursday, August 19, 2021 3:38 PM
> To: danish@ietf.org
> Subject: [Danish] Updated charter post BOF discussion
> 
> 
> Folks,
> 
> We've (Ash, Shumon, Todd and I) have taken the notes from the discussion to
> produce a new version of the charter that we hope addresses the points raised
> during the IETF111 BOF.  I've created a new pull request to Michael's repo here:
> 
>     https://github.com/mcr/danish-bof/pull/9
> 
> Please feel free to make any comments about the wording/etc as needed (soon
> please).
> 
> Note that we did change the name to DANCE per general agreement in the BOF
> chat, etc.  That brings some confusion, as people have pointed out, but it's
> better to do so now if possible rather than later to remove the more specific
> IoT component in the name.
> 
> Additionally, if you support the formation of this working group and haven't
> spoken up in support of it yet, please do so now (even a +1 is good and
> appreciated, but indicating you'll review/comment/implement is of course
> better).
> 
> 
> 
> Full text:
> 
> # Charter proposal for an DANCE WG
> 
> - Name: DANE Authentication for Network Clients Everywhere (DANCE) [TBD:
> verify]
> - Revision: 1.3.0
> 
> ## Objective
> 
> The DANE Authentication for Network Clients Everywhere (DANCE) WG seeks
> to extend DANE to encompass TLS client authentication using certificates or
> Raw Public Keys (RPK).
> 
> ## Problem Statement
> 
> The process of establishing trust in public-key-authenticated identity typically
> involves the use of a Public Key Infrastructure (PKI), and a shared PKI root of
> trust between the parties exchanging public keys. A Certification Authority (CA)
> is one example of a root of trust for a PKI, which can be then used for
> establishing trust in certified public keys.
> 
> The DNS namespace, together with DNSSEC, forms the most widely-recognized
> namespace and authenticated lookup mechanism on the Internet.
> DANE builds on this authenticated lookup mechanism to enable public key-
> based TLS authentication which is resilient to impersonation, but only for TLS
> server identities.
> However, DANE did not define authentication for TLS client identities.
> 
> <!-- defines a lookup mechanism for TLS -->
> <!-- server identities and a published trust-path to their public key. -->
> 
> In response to the challenges related to ambiguity between identically named
> identities issued by different CAs, application owners frequently choose to
> onboard client identities to a single private PKI with a limited CA set that is
> specific to that vertical.  This creates a silo effect where different parts of large
> deployment can not communicate.  Examples of where DANCE could be useful
> includes SMTP transport client authentication, authentication of DNS
> authoritative server to server zone file transfers over TLS, authentication to
> DNS recursive servers, and Internet of Things (IoT) device identification.
> 
> ## Scope of work
> 
> DANCE will specify the TLS client authentication use cases and an architecture
> describing the primary components and interaction patterns.
> 
> DANCE will define how DNS DANE records will represent client identities for
> TLS connections.
> 
> DANCE will coordinate with the TLS working group to define any required TLS
> protocol updates required to support client authentication using DANE.
> 
> The DANCE scope of work will be initially limited to just TLS client
> authentication.  Future work may include using client identifiers for other tasks
> including object security, or authenticating to other protocols.
> 
> ## Deliverables:
> 
> * DANCE architecture and use cases (IoT, SMTP client,
>   authentication to DNS services, ...) document (9 months)
> 
> * DANE client authentication and publication practices (current draft) (6
> months)
> 
> * A TLS extension to indicate DANE identification capability and the
>   client's DANE identity name (current draft) (6 months)
> 
> 
> 
> 
> --
> Wes Hardaker
> USC/ISI
> 
> --
> Danish mailing list
> Danish@ietf.org
> https://www.ietf.org/mailman/listinfo/danish

v2.23.0 | Report a Bug | By Email