Re: [dix] DRAFT: WAE BOF minutes
Eliot Lear <lear@cisco.com> Sat, 15 July 2006 18:23 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1onx-0005ne-8X; Sat, 15 Jul 2006 14:23:53 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1onw-0005nY-0d for dix@ietf.org; Sat, 15 Jul 2006 14:23:52 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1ont-0001U8-Br for dix@ietf.org; Sat, 15 Jul 2006 14:23:51 -0400
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 15 Jul 2006 11:23:48 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6FINmBu006157 for <dix@ietf.org>; Sat, 15 Jul 2006 11:23:48 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k6FINmiB017924 for <dix@ietf.org>; Sat, 15 Jul 2006 11:23:48 -0700 (PDT)
Received: from [212.254.247.5] (ams3-vpn-dhcp40.cisco.com [10.61.64.40]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k6FIHcVs011232 for <dix@ietf.org>; Sat, 15 Jul 2006 11:17:39 -0700
Message-ID: <44B932B2.6030009@cisco.com>
Date: Sat, 15 Jul 2006 20:23:46 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] DRAFT: WAE BOF minutes
References: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
In-Reply-To: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-1.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=5841; t=1152987828; x=1153851828; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20DRAFT=3A=20WAE=20BOF=20minutes; X=v=3Dcisco.com=3B=20h=3Du6O0XrjMVW5x2+2Mslr7X/U9RYs=3D; b=sU4VeTirJ1y9XAteUIptU1jIoiIf55orjcKMWcjxtOWumBxmVtuubNarOrw5Do8wtOjtFYtx OJVTsg0ssWDzTNLRaPX0HTgwhSTMEf7Gr+o5WiFTn7pPeMMSKOBLPxoi;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: dbb8771284c7a36189745aa720dc20ab
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Dick,
Here are my notes from yesterday that you may wish to merge.
Eliot
Summary
There was a general concern that we could end up boiling the ocean.
There are four problems that we could work on:
1. Non-insane replacement for HTTP digest / anti-phishing
2. Cross Site Identity
3. Claim and Attribute Transferral
4. Eliot's Dad's Problem (EDP) of unhealthy password reuse / storage
or failure to remember !@#%.
There seem to be strong support for working on the first two, weak
support for the third, and a general agreement that 4 should not be
forgotten, although it was unclear whether 4 needed to be solved
separately from 1 and 2. There was discussion on dependency between 1
and 2.
There also seemed to be general agreement that we should focus our
efforts on fixing HTTP browsing first, non-browsing second, and not
worry about cross application credentials.
Lisa and the IESG now have to determine whether there should be another
BoF, separate BoFs for separate working groups or to do something else.
We also need to take into account work done by other organizations, such
as W3C, and we need to take note of UI concerns.
More Details
Pete kicked off the BoF with a discussion around common terminology,
with some attempts to define common terms like authentication,
authorization, and credentials. Required reading: RFC 2828; recommended
reading: http://identitygang.org/Lexicon and
draft-shirey-secgloss-v2-04.txt. One word that was considered out of
bounds was "identity". This caused some issues later. Jeffrey
Hutzelman suggested and there seemed to be general agreement that the
better approach would be to talk about concepts and then agree on
terms. Either way, we staggered through the terminology discussion.
Pete then took us through a menu of problems we *could* solve:
* Capture-Resistant Credentials (CRC)
* Hijack-Resistant Authentication (HRA)
* Portable Credentials (PC)
* Fill-in of Personal Information (FPI)
* Common User Credentials (CUC)
* Continuity of Identity (CI)
* User-Friendly Names (UFN)
* Assertion of External Claims (AEC)
* Independent Assertion of Claims (IAC)
* Private Authentication (PA)
* Single Site Unlinkability (SSU)
* Multiple Site Unlinkability (MSU)
* Attack Resistant Credentials (ARC)
* Claim Minimality (CM)
On the jabber there was some discussion as to whether CM is the same or
different from IAC.
Sam next presented. He first talked about the need for an unspoofable
UI. It was pointed out that simply having a little lock box icon
doesn't solve the problem. One possible solution would be for users to
brand computers in a way that would be used for sensitive transactions,
the idea being that no spoofer could know what this branding is. Within
the jabber there was a fair amount of discussion around SAKs (secure
attention keys), and whether they could help/solve the problem.
Next Sam talked about requirements for web authentication. MUST solve
the problem for passwords without the need for smart cards. Eliot
raised a concern about needing to support smart cards but not mandating
them as part of the architecture. This annoyed Sam ;-) Sam's
requirements also included not sending password equivalents, mandating
mutual authentication of the server, and binding authentication to the
returned web page. He went on to describe what his requirements buys.
One of the requirements that got raised on the jabber chat was one of
"supports existing infrastructure". According to the chat log, the
infrastructure in question is authentication infrastructure or - passwords.
Next Pete and Lisa organized discussion over what problems we could
solve. She wrote down three, which eventually became four. Here are
the four:
* EKR1 - anti-phishing / fixing HTTP authentication, GUI, Mutual
Authentication, passwords AND other. About 20 people in the room
indicated they were interested in working on this problem. This
is the one that also requires liaising with W3C. Layer/Arch TBD.
* EKR2 - cross site identitiers. About 15 people were interested in
working on this problem; while 10 people suggested that more
analysis was needed. This effort may required shared mechanisms
with EKR1 and definitely requires coordination. Only six people
want to work on it as a separate problem.
* EKR3 - claim and attribute exchange. Not limited to HTTP. We
rushed through this in 10 minutes. Twelve people indicated
interest in this problem.
* EKR4 - Eliot's Dad's Problem (EDP) of unhealthy password reuse /
storage. There was a view that done properly 1 and/or 2 would
capture this. Not clear how common that view was.
Lisa commented in the chat room and perhaps live that there's the
potential for a lot of commonality between EKR1 & EKR2. [I surmise the
same is the case for EKR4.]
There was a healthy discussion about UI and IETF involvement in which
EKR best summed it up by saying that there are three possible things we
could say:
1. Nothing;
2. "Implementations must clearly indicate to users when a password is
being typed into a trusted interface"; or
3. "This is how the dialogs must look..."
Eric argued that (2) was most appropriate and I didn't hear or read any
objection. Bob Morgan put it this way:
/"where [user makes security decision] and [info available to user
at that time] are things that can be written into protocol flows"
/
Eric suggested a loose bottom up hierarchy of EKR1, EKR4(EDP), EKR2, EKR3.
Throughout the entire BoF there was a side conversation of SASL v. GSS.
Eliot
_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix
- [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Eliot Lear
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- RE: [dix] DRAFT: WAE BOF minutes Hallam-Baker, Phillip
- [dix] the point of a standards process Joaquin Miller
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Joe Orton
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Gavin Baumanis
- Re: [dix] DRAFT: WAE BOF minutes Richard Megginson
- [dix] WAE BOF minutes (Final cut) Pete Resnick
- Re: [dix] WAE BOF minutes (Final cut) Pete Resnick