Re: [Danish] [EXT] Updated charter post BOF discussion
Jacques Latour <Jacques.Latour@cira.ca> Fri, 20 August 2021 13:58 UTC
Return-Path: <prvs=0859967fd6=jacques.latour@cira.ca>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 975EF3A07D0 for <danish@ietfa.amsl.com>; Fri, 20 Aug 2021 06:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPg4ihJXInrO for <danish@ietfa.amsl.com>; Fri, 20 Aug 2021 06:58:54 -0700 (PDT)
Received: from mx-relay04-hz10.hornetsecurity.com (mx-relay04-hz10.hornetsecurity.com [108.163.133.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 960AE3A07C7 for <danish@ietf.org>; Fri, 20 Aug 2021 06:58:54 -0700 (PDT)
Received: from nat.crp.cira.ca ([192.228.22.11]) by mx-relay04-hz10.hornetsecurity.com; Fri, 20 Aug 2021 09:58:51 -0400
Received: from CRP-EX16-02.CORP.CIRA.CA (10.2.36.121) by CRP-EX16-02.CORP.CIRA.CA (10.2.36.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2242.10; Fri, 20 Aug 2021 09:58:45 -0400
Received: from CRP-EX16-02.CORP.CIRA.CA ([fe80::f81d:1300:91bd:144c]) by CRP-EX16-02.CORP.CIRA.CA ([fe80::f81d:1300:91bd:144c%14]) with mapi id 15.01.2242.010; Fri, 20 Aug 2021 09:58:45 -0400
From: Jacques Latour <Jacques.Latour@cira.ca>
To: Wes Hardaker <wjhns1@hardakers.net>, "danish@ietf.org" <danish@ietf.org>
Thread-Topic: [EXT] [Danish] Updated charter post BOF discussion
Thread-Index: AQHXlTHPoi9/uz7ygki0t9xnfy73c6t8bIGA
Date: Fri, 20 Aug 2021 13:58:45 +0000
Message-ID: <5419a3bf1ff04a09bc67531a14a0f946@cira.ca>
References: <yblh7fldy3z.fsf@w7.hardakers.net>
In-Reply-To: <yblh7fldy3z.fsf@w7.hardakers.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_ActionId=8286c47c-b7e1-40ca-96ef-df701b4bf269; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_ContentBits=0; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_Enabled=true; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_Method=Standard; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_Name=Confidential; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_SetDate=2021-08-20T13:58:26Z; MSIP_Label_ee0e450f-d653-41c9-9b6c-2295bb19e3b2_SiteId=f349b30c-7550-4f17-88da-269417631f54;
x-originating-ip: [10.2.36.1]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-cloud-security-sender: jacques.latour@cira.ca
X-cloud-security-recipient: danish@ietf.org
X-cloud-security-Virusscan: CLEAN
X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mx-relay04-hz10.hornetsecurity.com with 85D4713628C0
X-cloud-security-connect: nat.crp.cira.ca[192.228.22.11], TLS=1, IP=192.228.22.11
X-cloud-security-Digest: 1da2efce05433e66f6de7348cfee848f
X-cloud-security: scantime:3.619
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/MmNDCPso_iJ-T11ZJfIPTmeaNvg>
Subject: Re: [Danish] [EXT] Updated charter post BOF discussion
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2021 13:59:00 -0000
+1 looks good > -----Original Message----- > From: Danish <danish-bounces@ietf.org> On Behalf Of Wes Hardaker > Sent: August 19, 2021 3:38 PM > To: danish@ietf.org > Subject: [EXT] [Danish] Updated charter post BOF discussion > > > Folks, > > We've (Ash, Shumon, Todd and I) have taken the notes from the discussion to > produce a new version of the charter that we hope addresses the points raised > during the IETF111 BOF. I've created a new pull request to Michael's repo > here: > > https://github.com/mcr/danish-bof/pull/9 > > Please feel free to make any comments about the wording/etc as needed > (soon please). > > Note that we did change the name to DANCE per general agreement in the > BOF chat, etc. That brings some confusion, as people have pointed out, but > it's better to do so now if possible rather than later to remove the more > specific IoT component in the name. > > Additionally, if you support the formation of this working group and haven't > spoken up in support of it yet, please do so now (even a +1 is good and > appreciated, but indicating you'll review/comment/implement is of course > better). > > > > Full text: > > # Charter proposal for an DANCE WG > > - Name: DANE Authentication for Network Clients Everywhere (DANCE) [TBD: > verify] > - Revision: 1.3.0 > > ## Objective > > The DANE Authentication for Network Clients Everywhere (DANCE) WG seeks > to extend DANE to encompass TLS client authentication using certificates or > Raw Public Keys (RPK). > > ## Problem Statement > > The process of establishing trust in public-key-authenticated identity typically > involves the use of a Public Key Infrastructure (PKI), and a shared PKI root of > trust between the parties exchanging public keys. A Certification Authority > (CA) is one example of a root of trust for a PKI, which can be then used for > establishing trust in certified public keys. > > The DNS namespace, together with DNSSEC, forms the most widely-recognized > namespace and authenticated lookup mechanism on the Internet. > DANE builds on this authenticated lookup mechanism to enable public key- > based TLS authentication which is resilient to impersonation, but only for TLS > server identities. > However, DANE did not define authentication for TLS client identities. > > <!-- defines a lookup mechanism for TLS --> > <!-- server identities and a published trust-path to their public key. --> > > In response to the challenges related to ambiguity between identically named > identities issued by different CAs, application owners frequently choose to > onboard client identities to a single private PKI with a limited CA set that is > specific to that vertical. This creates a silo effect where different parts of large > deployment can not communicate. Examples of where DANCE could be useful > includes SMTP transport client authentication, authentication of DNS > authoritative server to server zone file transfers over TLS, authentication to > DNS recursive servers, and Internet of Things (IoT) device identification. > > ## Scope of work > > DANCE will specify the TLS client authentication use cases and an architecture > describing the primary components and interaction patterns. > > DANCE will define how DNS DANE records will represent client identities for > TLS connections. > > DANCE will coordinate with the TLS working group to define any required TLS > protocol updates required to support client authentication using DANE. > > The DANCE scope of work will be initially limited to just TLS client > authentication. Future work may include using client identifiers for other > tasks including object security, or authenticating to other protocols. > > ## Deliverables: > > * DANCE architecture and use cases (IoT, SMTP client, > authentication to DNS services, ...) document (9 months) > > * DANE client authentication and publication practices (current draft) (6 > months) > > * A TLS extension to indicate DANE identification capability and the > client's DANE identity name (current draft) (6 months) > > > > > -- > Wes Hardaker > USC/ISI > > -- > Danish mailing list > Danish@ietf.org > https://www.ietf.org/mailman/listinfo/danish
- [Danish] Updated charter post BOF discussion Wes Hardaker
- Re: [Danish] Updated charter post BOF discussion Tim Wicinski
- Re: [Danish] Updated charter post BOF discussion Rose, Scott W.
- Re: [Danish] [EXT] Updated charter post BOF discu… Jacques Latour
- Re: [Danish] Updated charter post BOF discussion Olle E. Johansson
- Re: [Danish] Updated charter post BOF discussion Bill Woodcock
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw
- Re: [Danish] Updated charter post BOF discussion Paul Wouters
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw