Re: [Danish] Updated charter post BOF discussion
Tim Wicinski <tjw.ietf@gmail.com> Thu, 19 August 2021 23:17 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 086663A080C for <danish@ietfa.amsl.com>; Thu, 19 Aug 2021 16:17:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w_5G3a794-Aw for <danish@ietfa.amsl.com>; Thu, 19 Aug 2021 16:17:36 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77C6D3A0805 for <danish@ietf.org>; Thu, 19 Aug 2021 16:17:36 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id i28so14160153ljm.7 for <danish@ietf.org>; Thu, 19 Aug 2021 16:17:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rdwuUwnE8nJs4SZtEJDB0jzrnaHPlXvKo+s6GOO79vY=; b=TnDTkIcrcoWc+Zu8kvT93t8kHrgHbCUWH7+D8OFSfm9wRAsyPLuGfg1SWbqlm8E/vZ gqwwjWIQ9dlIVte48IDtJjM1NrEv88M50juarPlkjnmD7/EciNou0uZ3GLrA1kFuqAC8 TXPvi+dd+miyQT+Kjax1xs+BnJx4p9aX7QFWFgdTX6oy8jRDs3EgWp4Ns7B2QcUasKZ5 yHayx/f/ckiY2cw2ngUw4TdzmS7ezV9inmmaUVtQYVAmNaFniwk8UCCoKlBs0PUGaDqY IHcQjaLM5eFO5SROmtup99X11Git0EW/0Y1qyg/YZGzekorz4QbKfNL9PdtrL2HjijzL k8/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rdwuUwnE8nJs4SZtEJDB0jzrnaHPlXvKo+s6GOO79vY=; b=CmDmQTrrdTpAhoxqQ7JEVq2VOEjZ3949mwmKsEQocNBy1f63R+5jkXE6ZhJFBsvkVk rmdA+QYm6AbH5jahcSX4fAp6nEozmrXdep7ADgAmHl5TuwHoG28cosdvCZ9eoVp1/w8N s7bQMsBPYWlYsNu49ch7V4AoxOTzEJFsPjISuxSSpBNMreVGFtzywng+JFyIZb06HypE iRgemOYBu3qm86/29l8rx7LbSTmZ9GI5vdesU0Dsf1U5pLtVeRbuMfXF5KxUwWU4dNgr j7H6OGtaZBKWNJi8fP9Snjhx6DpQ1hh7LFOxyjgJKwHl3roQM3Sc9W/toE+TpIOVvg6z TFEA==
X-Gm-Message-State: AOAM5300jy3wyoIP57Xlkxh6Liz11NSlca646dHPyNPBsW26vi5kMeg5 2h8tYMfBaWMqRsmhtaztxNhXYhEzaEQ+rFzoOOH0z6iiA/s=
X-Google-Smtp-Source: ABdhPJzAZWyzTTan/1FLsjmoGTX6Rjb58gtHWTUXz68XMrTR1TUKLQGJUNd3ZVpWndukgQ8u4SzGXvxW3ZIXvMEAKGU=
X-Received: by 2002:a05:651c:106f:: with SMTP id y15mr13836861ljm.309.1629415053718; Thu, 19 Aug 2021 16:17:33 -0700 (PDT)
MIME-Version: 1.0
References: <yblh7fldy3z.fsf@w7.hardakers.net>
In-Reply-To: <yblh7fldy3z.fsf@w7.hardakers.net>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 19 Aug 2021 19:17:22 -0400
Message-ID: <CADyWQ+FgvEZa_jBNaAwK77sPJAZ0ZGmsgYE81JhB0GLj4icdJg@mail.gmail.com>
To: Wes Hardaker <wjhns1@hardakers.net>
Cc: danish@ietf.org
Content-Type: multipart/alternative; boundary="00000000000077fa8805c9f1c1e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/ru05BE-SnEE4i4p5nXuyVZewtMI>
Subject: Re: [Danish] Updated charter post BOF discussion
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2021 23:17:42 -0000
+1 on this working group. tim On Thu, Aug 19, 2021 at 3:38 PM Wes Hardaker <wjhns1@hardakers.net> wrote: > > Folks, > > We've (Ash, Shumon, Todd and I) have taken the notes from the discussion > to produce a new version of the charter that we hope addresses the > points raised during the IETF111 BOF. I've created a new pull request > to Michael's repo here: > > https://github.com/mcr/danish-bof/pull/9 > > Please feel free to make any comments about the wording/etc as needed > (soon please). > > Note that we did change the name to DANCE per general agreement in the > BOF chat, etc. That brings some confusion, as people have pointed out, > but it's better to do so now if possible rather than later to remove the > more specific IoT component in the name. > > Additionally, if you support the formation of this working group and > haven't spoken up in support of it yet, please do so now (even a +1 is > good and appreciated, but indicating you'll review/comment/implement is > of course better). > > > > Full text: > > # Charter proposal for an DANCE WG > > - Name: DANE Authentication for Network Clients Everywhere (DANCE) [TBD: > verify] > - Revision: 1.3.0 > > ## Objective > > The DANE Authentication for Network Clients Everywhere (DANCE) WG seeks to > extend DANE to encompass TLS client authentication using certificates or > Raw Public Keys (RPK). > > ## Problem Statement > > The process of establishing trust in public-key-authenticated identity > typically involves the use of a Public Key Infrastructure (PKI), and a > shared PKI root of trust between the parties exchanging public keys. A > Certification Authority (CA) is one example of a root of trust for a > PKI, which can be then used for establishing trust in certified public > keys. > > The DNS namespace, together with DNSSEC, forms the most widely-recognized > namespace and authenticated lookup mechanism on the Internet. > DANE builds on this authenticated lookup mechanism to enable public > key-based > TLS authentication which is resilient to impersonation, but only > for TLS server identities. > However, DANE did not define authentication for TLS client identities. > > <!-- defines a lookup mechanism for TLS --> > <!-- server identities and a published trust-path to their public key. --> > > In response to the challenges related to ambiguity between identically > named identities issued by different CAs, application owners > frequently choose to onboard client identities to a single private PKI > with a limited CA set that is specific to that vertical. This creates > a silo effect where different parts of large deployment can not > communicate. Examples of where DANCE could be useful includes SMTP > transport client authentication, authentication of DNS authoritative > server to server zone file transfers over TLS, authentication to DNS > recursive servers, and Internet of Things (IoT) device identification. > > ## Scope of work > > DANCE will specify the TLS client authentication use cases and an > architecture describing the primary components and interaction patterns. > > DANCE will define how DNS DANE records will represent client > identities for TLS connections. > > DANCE will coordinate with the TLS working group to define any > required TLS protocol updates required to support client > authentication using DANE. > > The DANCE scope of work will be initially limited to just TLS client > authentication. Future work may include using client identifiers for > other tasks including object security, or authenticating to other > protocols. > > ## Deliverables: > > * DANCE architecture and use cases (IoT, SMTP client, > authentication to DNS services, ...) document (9 months) > > * DANE client authentication and publication practices (current draft) (6 > months) > > * A TLS extension to indicate DANE identification capability and the > client's DANE identity name (current draft) (6 months) > > > > > -- > Wes Hardaker > USC/ISI > > -- > Danish mailing list > Danish@ietf.org > https://www.ietf.org/mailman/listinfo/danish >
- [Danish] Updated charter post BOF discussion Wes Hardaker
- Re: [Danish] Updated charter post BOF discussion Tim Wicinski
- Re: [Danish] Updated charter post BOF discussion Rose, Scott W.
- Re: [Danish] [EXT] Updated charter post BOF discu… Jacques Latour
- Re: [Danish] Updated charter post BOF discussion Olle E. Johansson
- Re: [Danish] Updated charter post BOF discussion Bill Woodcock
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw
- Re: [Danish] Updated charter post BOF discussion Paul Wouters
- Re: [Danish] Updated charter post BOF discussion Roman Danyliw