Re: [Danish] Updated charter post BOF discussion
"Rose, Scott W." <scott.rose@nist.gov> Fri, 20 August 2021 11:55 UTC
Return-Path: <scott.rose@nist.gov>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BF653A24DC for <danish@ietfa.amsl.com>; Fri, 20 Aug 2021 04:55:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.165
X-Spam-Level:
X-Spam-Status: No, score=-3.165 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.612, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1E2pGMQPhTw for <danish@ietfa.amsl.com>; Fri, 20 Aug 2021 04:55:21 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2117.outbound.protection.outlook.com [40.107.91.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B972C3A24D9 for <danish@ietf.org>; Fri, 20 Aug 2021 04:55:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WYYPqCyVcQ8xsAoSHZyFmws9wVA4CC+gqUhi6eCxGtZ2CmCM0nmy1YuK+tRZJYz219YkplXB9rwmj4E7yGgxfuJ4y2AEYlih0J2svaZVfMLhQVFX6e4sY3+/1yyuVpsemdxG6X2K+fmjTj3MMiI/lGe11vaW0/II4UjfjkJc2P7lhwil9T7l/EJy68Kr2/zQU95yOMTaL0MonzqW22SPCmZzegiYBp257qD5vxIXudb4MOK0e18M1L4L/dpw7qlb4eufgUq4vKVULEes2NCLgTHM95Uqm8ZhTSO2a4hGbxym5WwJc6utgsNjw1gALx/bAYWQXYegU33ItrjZIL3Nyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tr+oleqA7ABKnx+cy6R9odY4DwL0RPdlwHEOi/m2qGk=; b=KxHYgBVZ7SfLhj0T2Xl38AUtWiZMlCIIiIRwhVCNTwOlvy6kQHUYgJfMzjBCvsMoRem66DcBCdiHBEPl98wwNydT7m4FuQwEcFsUalC+NcUOMQ8IwhKvmhFgQO3VPIvGpAzH3I4eqPF9xilbVgGNGq65aj4V511f0Pi8TGX5G5LPL5VbKt8XL6qdlfa7le+tWfMYj7W6FwGRIcsCazTTNDrZ58265IL5bmV6Wov7+6m32PuL92MqOPmbMhjB4+vdR+VtKJHEeFwT4d5Z10E8hUk8KE2PrN4E74soIr0rDkPjkYyQknYaRv2fgtm7NKjcmUBG6v3Hzu2ucPgUTUs4tA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 129.6.18.29) smtp.rcpttodomain=ietf.org smtp.mailfrom=nist.gov; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nist.gov; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tr+oleqA7ABKnx+cy6R9odY4DwL0RPdlwHEOi/m2qGk=; b=M+zK+/ie7P/zfoTpxun9zgaQNPma/iznwsRNSDy/1WT2iQN+WH2sBrsgqStk3WvQ+otTdfpcA1z4yYrEsQlgFmS3LrFR+k8GBFM1yF9kyOgg09LBSD+DmsWv8gHgQAeckztubsv5sS5Qvk1AOIRG/n45GWp233vGIVYZJ5HOo58=
Received: from DM6PR09CA0031.namprd09.prod.outlook.com (2603:10b6:5:160::44) by BLAPR09MB6691.namprd09.prod.outlook.com (2603:10b6:208:2ab::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Fri, 20 Aug 2021 11:55:19 +0000
Received: from DM3GCC02FT001.eop-gcc02.prod.protection.outlook.com (2a01:111:f400:7d04::203) by DM6PR09CA0031.outlook.office365.com (2603:10b6:5:160::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Fri, 20 Aug 2021 11:55:19 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 129.6.18.29) smtp.mailfrom=nist.gov; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=nist.gov;
Received-SPF: Pass (protection.outlook.com: domain of nist.gov designates 129.6.18.29 as permitted sender) receiver=protection.outlook.com; client-ip=129.6.18.29; helo=smtp1.nist.gov;
Received: from smtp1.nist.gov (129.6.18.29) by DM3GCC02FT001.mail.protection.outlook.com (10.97.8.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend Transport; Fri, 20 Aug 2021 11:55:18 +0000
Received: from [129.6.219.32] ([129.6.219.32]) by smtp1.nist.gov with Microsoft SMTPSVC(10.0.14393.4169); Fri, 20 Aug 2021 07:55:16 -0400
From: "Rose, Scott W." <scott.rose@nist.gov>
To: danish@ietf.org
Date: Fri, 20 Aug 2021 07:55:16 -0400
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <35D39AFF-F038-4B7D-B11D-DFCF9C496E11@nist.gov>
In-Reply-To: <yblh7fldy3z.fsf@w7.hardakers.net>
References: <yblh7fldy3z.fsf@w7.hardakers.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 20 Aug 2021 11:55:16.0821 (UTC) FILETIME=[3E0CF050:01D795BA]
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 85c351ba-d288-4479-119f-08d963d1617c
X-MS-TrafficTypeDiagnostic: BLAPR09MB6691:
X-Microsoft-Antispam-PRVS: <BLAPR09MB66916A614B4DB6CAE2C9DE68F0C19@BLAPR09MB6691.namprd09.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 2nDxB21H55o78cfA05h0Dee6DrEd2JNwuvEJP6W7gPlD+EaKqDC4JoXFqhHbXcTgR7aCrv8F3BD3qgcnFssOSckRu1dswgeYyaPzpO3+jdutETv1JLGDrka95+7/G9NRWA0CzjHL3jSi2NVhQv3kDsCViHNj8T09tNP6xnbLCJAauHnkjdRU3T/i421WQP+JznahJmHxPwNaXwcTiJQjnv8AA+y8ZR4XK5Q+TCuOfONTLVgEX8sTbRS4EkfLSDt5pJM6OcJaUsKaxoXR5PlXCfCrni8C6R2b488XeIqoi+DYuUCq6lFEsuOAnc1OZxNVjhybgnDvh7sQAP++rsM1DtDPkDITSyF8QcMIu5gACC6s+CZXFwk4vu9nYRJcuBMrzfHUy8O54cKCr6p9hZp0gGdedeuW1m3rSyPVfANdfPcmioXbqIYlAYS3DqIlc9To3AF4PzfVHKq7FCx4KFVuxqnYBbDFBCExnrMaRr188CjvwAnMtH7npoabhE8kAWr7+ZGuwD90W78ISJyffyO+jEp7vGYHYpYnpXUkQH9uGBpQEpA4Z+C2+nFdnhd/qO1TCsDFP/qnxQMZ520OWnhWUdhFjojNNHlSACs1ZXavwj8U/cHy4NVzV7h9mzOQbN+o7PF3XgcDF77D1W1/15FEM9OB6h6pq8dPepo/CwtYoGTnare9PHPKK/AG5R1hU3My7HIrOKRbhOMYpL7hpmUOwI2ANH2EgxyqoiZ4ILyF4bHHkZFTiW5apWAIhRYuOFmF9rBwAMwutVEU47VuXDm837sLagHYVFxp8UcU86nsPnU=
X-Forefront-Antispam-Report: CIP:129.6.18.29; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:smtp1.nist.gov; PTR:smtp1.nist.gov; CAT:NONE; SFS:(4636009)(376002)(346002)(39860400002)(396003)(136003)(46966006)(36840700001)(6706004)(956004)(15650500001)(6916009)(2616005)(86362001)(36860700001)(53546011)(966005)(82310400003)(33656002)(8676002)(186003)(336012)(426003)(316002)(66574015)(26005)(83380400001)(2906002)(5660300002)(70206006)(478600001)(356005)(82740400003)(7636003)(7596003)(47076005)(36756003)(45080400002)(8936002); DIR:OUT; SFP:1102;
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Aug 2021 11:55:18.3911 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 85c351ba-d288-4479-119f-08d963d1617c
X-MS-Exchange-CrossTenant-Id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2ab5d82f-d8fa-4797-a93e-054655c61dec; Ip=[129.6.18.29]; Helo=[smtp1.nist.gov]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-DM3GCC02FT001.eop-gcc02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR09MB6691
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/kKZ8ADIHck68is4R54o541juQ0k>
Subject: Re: [Danish] Updated charter post BOF discussion
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2021 11:55:28 -0000
I support the formation of the WG. I have read the drafts and supplied some minor wording comments to the authors. Scott On 19 Aug 2021, at 15:37, Wes Hardaker wrote: > Folks, > > We've (Ash, Shumon, Todd and I) have taken the notes from the > discussion > to produce a new version of the charter that we hope addresses the > points raised during the IETF111 BOF. I've created a new pull request > to Michael's repo here: > > https://github.com/mcr/danish-bof/pull/9 > > Please feel free to make any comments about the wording/etc as needed > (soon please). > > Note that we did change the name to DANCE per general agreement in the > BOF chat, etc. That brings some confusion, as people have pointed > out, > but it's better to do so now if possible rather than later to remove > the > more specific IoT component in the name. > > Additionally, if you support the formation of this working group and > haven't spoken up in support of it yet, please do so now (even a +1 is > good and appreciated, but indicating you'll review/comment/implement > is > of course better). > > > > Full text: > > # Charter proposal for an DANCE WG > > - Name: DANE Authentication for Network Clients Everywhere (DANCE) > [TBD: verify] > - Revision: 1.3.0 > > ## Objective > > The DANE Authentication for Network Clients Everywhere (DANCE) WG > seeks to > extend DANE to encompass TLS client authentication using certificates > or Raw Public Keys (RPK). > > ## Problem Statement > > The process of establishing trust in public-key-authenticated identity > typically involves the use of a Public Key Infrastructure (PKI), and a > shared PKI root of trust between the parties exchanging public keys. A > Certification Authority (CA) is one example of a root of trust for a > PKI, which can be then used for establishing trust in certified public > keys. > > The DNS namespace, together with DNSSEC, forms the most > widely-recognized > namespace and authenticated lookup mechanism on the Internet. > DANE builds on this authenticated lookup mechanism to enable public > key-based > TLS authentication which is resilient to impersonation, but only > for TLS server identities. > However, DANE did not define authentication for TLS client identities. > > <!-- defines a lookup mechanism for TLS --> > <!-- server identities and a published trust-path to their public key. > --> > > In response to the challenges related to ambiguity between identically > named identities issued by different CAs, application owners > frequently choose to onboard client identities to a single private PKI > with a limited CA set that is specific to that vertical. This creates > a silo effect where different parts of large deployment can not > communicate. Examples of where DANCE could be useful includes SMTP > transport client authentication, authentication of DNS authoritative > server to server zone file transfers over TLS, authentication to DNS > recursive servers, and Internet of Things (IoT) device identification. > > ## Scope of work > > DANCE will specify the TLS client authentication use cases and an > architecture describing the primary components and interaction > patterns. > > DANCE will define how DNS DANE records will represent client > identities for TLS connections. > > DANCE will coordinate with the TLS working group to define any > required TLS protocol updates required to support client > authentication using DANE. > > The DANCE scope of work will be initially limited to just TLS client > authentication. Future work may include using client identifiers for > other tasks including object security, or authenticating to other > protocols. > > ## Deliverables: > > * DANCE architecture and use cases (IoT, SMTP client, > authentication to DNS services, ...) document (9 months) > > * DANE client authentication and publication practices (current draft) > (6 months) > > * A TLS extension to indicate DANE identification capability and the > client's DANE identity name (current draft) (6 months) > > > > > -- > Wes Hardaker > USC/ISI > > -- > Danish mailing list > Danish@ietf.org > https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdanish&data=04%7C01%7Cscott.rose%40nist.gov%7Cb506b9121d6f445125d008d96348e1ab%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637649986940384886%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=p6sQUSfNHAd9jJKq0dPmfQlMsUXFBiFe1lPMpmjDmdE%3D&reserved=0 ================= Scott Rose, NIST/ITL scott.rose@nist.gov ph: +1-301-975-8439 GVoice: +1-571-249-3671
- [Danish] Updated charter post BOF discussion Wes Hardaker
- Re: [Danish] Updated charter post BOF discussion Tim Wicinski
- Re: [Danish] Updated charter post BOF discussion Rose, Scott W.
- Re: [Danish] [EXT] Updated charter post BOF discu… Jacques Latour
- Re: [Danish] Updated charter post BOF discussion Olle E. Johansson
- Re: [Danish] Updated charter post BOF discussion Bill Woodcock
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw
- Re: [Danish] Updated charter post BOF discussion Paul Wouters
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw