[Danish] Proposed DANISH charter
Ash Wilson <ash.wilson@valimail.com> Wed, 12 May 2021 21:54 UTC
Return-Path: <ash.wilson@valimail.com>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C37F3A16D5 for <danish@ietfa.amsl.com>; Wed, 12 May 2021 14:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADVFEYZz_BWJ for <danish@ietfa.amsl.com>; Wed, 12 May 2021 14:54:05 -0700 (PDT)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1DC03A40AD for <danish@ietf.org>; Wed, 12 May 2021 14:35:49 -0700 (PDT)
Received: by mail-qv1-xf34.google.com with SMTP id v18so2730748qvx.10 for <danish@ietf.org>; Wed, 12 May 2021 14:35:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=ZfEutjYQuQmEye0ZkhAfPgPL6UvWmdJCaf2Y8L9zndk=; b=CxQ8rcCxEb657gv6ln99TxKCVcuVnfD8P3pVIkVCc1TquFvX72LK9u5khXx0Nd98NW PxD5EXDXr4MP4f8KUM53BbbXR83cGWyXjRKyRK/Axlobz064zX04qkfAzN/Mptbrx/Uq 6fFYinsS7lRV5A62I7t2lrRL9pZ2rPwELE2IU6ahVfgULuvWbS1MTuNHGI9oyymz67Ab 4SlWlNOqrTaRHsDLm6rOnhbKUcJtCBtsFevuLZSoCjGIztmJCjeY9If0OKNLHhk25C// 02Amyph8FZJiHIoGnFKap46HF2IaLf7r1UAJKq8rmUYAWAkYA5CttY7R558bXDKTARBI qdEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZfEutjYQuQmEye0ZkhAfPgPL6UvWmdJCaf2Y8L9zndk=; b=axiatjQZWzuZVQPkveYqtKK+ZTTBdyxuFzAJGl7Azt++iYex26Se9z+sKGHfyb28yr vlWeJPOau4fxZb6d9QLPE/QXn4dVfK4du0/cSEJjEP1n1VomyeYfYXCFRZapPEyuIhgl YIOizQrWOzPI7neoKkQ+xB2prytpcym5RCQtNghUAGliAQ4b3qWbG8R3YEhWIvg9hyNI vdsYXwxQwurxO85qC1ISORcc5pJTA8k8k/nQWi6OU6W46Aqf5IH5MiVTeeBl7QSvdq5Y R+S3OeiwnyQvDNsiQT0VMqxv7QJfIRlYSjHhzWrgsUdRScCDfCrtk/uCVGoK437fmeN5 v1pQ==
X-Gm-Message-State: AOAM530Ib+J7c54zIJ1cdFGPfkncjHGGukKOEOLYynX0HsS/Ev4xcwgY C501KsLZdTT5iS5LX5Od10cj65+buPWhDoKujEtfQjklKWF81ZN6
X-Google-Smtp-Source: ABdhPJwWKYPTRwDkhxDwCKiCooKPfpmDqO32BX+ncmdxF41piFJi0103EEvfnxxGws5bKLK/4qaaT8EPJiq2UDfqM50=
X-Received: by 2002:a05:6214:21ef:: with SMTP id p15mr37776263qvj.20.1620855347788; Wed, 12 May 2021 14:35:47 -0700 (PDT)
MIME-Version: 1.0
From: Ash Wilson <ash.wilson@valimail.com>
Date: Wed, 12 May 2021 14:35:37 -0700
Message-ID: <CAEfM=vQ_6Osx=SR8wjSs6kFereChsDH+K9MqgZPi4uDQ=eGjuA@mail.gmail.com>
To: danish@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003cd24d05c228cb32"
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/SO5iWpvKj3YrPXJaZMjDy-lHNyw>
Subject: [Danish] Proposed DANISH charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 21:54:10 -0000
Hello everyone, Together with the BoF chairs, a few of us have been discussing what a charter for this working group might look like. We are pleased to present the following for your consideration: ----- Objective DANE’s original purpose only covered the coupling of PKI and DNS for server identity. The DANISH working group seeks to extend the DANE standard to encompass client identity and message sender identity use cases. DANISH also seeks to define a transitional mode for DANE, which will allow the safe adoption of DANE for domain owners who have not yet implemented DNSSEC.. Problem statement Using DANE for representing client identities safely allows authentication across CAs and prevents impersonation, because DNSSEC is used instead of a CA certificate and its associated trust hierarchy to bind an identity’s name to a public key. Everyone agrees on the DNS namespace and the DNS root zone’s DNSSEC trust anchor, eliminating the barrier to adoption for multiple private PKIs participating in application deployment. The greatest barrier to DANE adoption has been the DNSSEC requirement. DANISH will seek to provide a method of certificate and trust chain discovery for private PKIs, to enable the messaging security use case. This alternative mode will allow the use of Web PKI to securely discover certificates, in the absence of DNSSEC. This allows for a gradual DANE adoption where DNSSEC is not in the initial set of requirements. If the application owner wishes to use DANE for mutual TLS authentication, the application owner must then configure DNSSEC for the zone. Scope of work The DANISH group will produce an architecture document describing the primary application components, and their interaction patterns. DANISH will establish usage conventions for DANE DNS records to represent client identity for TLS connections and how to perform public key discovery for object security use cases. DANISH will also define any required TLS protocol updates to support client authentication using DANE. DANISH will define a method whereby Web PKI may be used in lieu of DNSSEC, using DANE DNS record types under specific use cases, as a transitional mode from Web PKI to the DNSSEC-based trust model. While modifications to the following standards are not within the scope of the DANISH charter, the DANISH working group will take care to ensure a potential path for interoperability with the following standards, enabling potential future work: JOSE, COSE, Oauth2, MLS, EAP-TLS, SMIMEA (RFC 8162), SIP (RFC 5922), Proxy headers (RFC 7239), IANA email authentication headers, and TCP proxy TLVs standardized by haproxy. -- *Ash Wilson* | Technical Director *e:* ash.wilson@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [Danish] Proposed DANISH charter Ash Wilson
- Re: [Danish] Proposed DANISH charter Paul Wouters
- Re: [Danish] [EXT] Re: Proposed DANISH charter Jacques Latour
- Re: [Danish] Proposed DANISH charter Ash Wilson
- Re: [Danish] [EXT] Re: Proposed DANISH charter Ash Wilson
- Re: [Danish] Proposed DANISH charter Paul Wouters
- Re: [Danish] Proposed DANISH charter Ash Wilson
- Re: [Danish] Proposed DANISH charter Ash Wilson
- Re: [Danish] Proposed DANISH charter Olle E. Johansson
- Re: [Danish] Proposed DANISH charter Roman Danyliw