Re: [dix] DRAFT: WAE BOF minutes
Eliot Lear <lear@cisco.com> Sat, 15 July 2006 18:23 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1onx-0005ne-8X; Sat, 15 Jul 2006 14:23:53 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1onw-0005nY-0d for dix@ietf.org; Sat, 15 Jul 2006 14:23:52 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1ont-0001U8-Br for dix@ietf.org; Sat, 15 Jul 2006 14:23:51 -0400
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 15 Jul 2006 11:23:48 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6FINmBu006157 for <dix@ietf.org>; Sat, 15 Jul 2006 11:23:48 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k6FINmiB017924 for <dix@ietf.org>; Sat, 15 Jul 2006 11:23:48 -0700 (PDT)
Received: from [212.254.247.5] (ams3-vpn-dhcp40.cisco.com [10.61.64.40]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k6FIHcVs011232 for <dix@ietf.org>; Sat, 15 Jul 2006 11:17:39 -0700
Message-ID: <44B932B2.6030009@cisco.com>
Date: Sat, 15 Jul 2006 20:23:46 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530)
MIME-Version: 1.0
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] DRAFT: WAE BOF minutes
References: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
In-Reply-To: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-1.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=5841; t=1152987828; x=1153851828; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20DRAFT=3A=20WAE=20BOF=20minutes; X=v=3Dcisco.com=3B=20h=3Du6O0XrjMVW5x2+2Mslr7X/U9RYs=3D; b=sU4VeTirJ1y9XAteUIptU1jIoiIf55orjcKMWcjxtOWumBxmVtuubNarOrw5Do8wtOjtFYtx OJVTsg0ssWDzTNLRaPX0HTgwhSTMEf7Gr+o5WiFTn7pPeMMSKOBLPxoi;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: dbb8771284c7a36189745aa720dc20ab
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Dick, Here are my notes from yesterday that you may wish to merge. Eliot Summary There was a general concern that we could end up boiling the ocean. There are four problems that we could work on: 1. Non-insane replacement for HTTP digest / anti-phishing 2. Cross Site Identity 3. Claim and Attribute Transferral 4. Eliot's Dad's Problem (EDP) of unhealthy password reuse / storage or failure to remember !@#%. There seem to be strong support for working on the first two, weak support for the third, and a general agreement that 4 should not be forgotten, although it was unclear whether 4 needed to be solved separately from 1 and 2. There was discussion on dependency between 1 and 2. There also seemed to be general agreement that we should focus our efforts on fixing HTTP browsing first, non-browsing second, and not worry about cross application credentials. Lisa and the IESG now have to determine whether there should be another BoF, separate BoFs for separate working groups or to do something else. We also need to take into account work done by other organizations, such as W3C, and we need to take note of UI concerns. More Details Pete kicked off the BoF with a discussion around common terminology, with some attempts to define common terms like authentication, authorization, and credentials. Required reading: RFC 2828; recommended reading: http://identitygang.org/Lexicon and draft-shirey-secgloss-v2-04.txt. One word that was considered out of bounds was "identity". This caused some issues later. Jeffrey Hutzelman suggested and there seemed to be general agreement that the better approach would be to talk about concepts and then agree on terms. Either way, we staggered through the terminology discussion. Pete then took us through a menu of problems we *could* solve: * Capture-Resistant Credentials (CRC) * Hijack-Resistant Authentication (HRA) * Portable Credentials (PC) * Fill-in of Personal Information (FPI) * Common User Credentials (CUC) * Continuity of Identity (CI) * User-Friendly Names (UFN) * Assertion of External Claims (AEC) * Independent Assertion of Claims (IAC) * Private Authentication (PA) * Single Site Unlinkability (SSU) * Multiple Site Unlinkability (MSU) * Attack Resistant Credentials (ARC) * Claim Minimality (CM) On the jabber there was some discussion as to whether CM is the same or different from IAC. Sam next presented. He first talked about the need for an unspoofable UI. It was pointed out that simply having a little lock box icon doesn't solve the problem. One possible solution would be for users to brand computers in a way that would be used for sensitive transactions, the idea being that no spoofer could know what this branding is. Within the jabber there was a fair amount of discussion around SAKs (secure attention keys), and whether they could help/solve the problem. Next Sam talked about requirements for web authentication. MUST solve the problem for passwords without the need for smart cards. Eliot raised a concern about needing to support smart cards but not mandating them as part of the architecture. This annoyed Sam ;-) Sam's requirements also included not sending password equivalents, mandating mutual authentication of the server, and binding authentication to the returned web page. He went on to describe what his requirements buys. One of the requirements that got raised on the jabber chat was one of "supports existing infrastructure". According to the chat log, the infrastructure in question is authentication infrastructure or - passwords. Next Pete and Lisa organized discussion over what problems we could solve. She wrote down three, which eventually became four. Here are the four: * EKR1 - anti-phishing / fixing HTTP authentication, GUI, Mutual Authentication, passwords AND other. About 20 people in the room indicated they were interested in working on this problem. This is the one that also requires liaising with W3C. Layer/Arch TBD. * EKR2 - cross site identitiers. About 15 people were interested in working on this problem; while 10 people suggested that more analysis was needed. This effort may required shared mechanisms with EKR1 and definitely requires coordination. Only six people want to work on it as a separate problem. * EKR3 - claim and attribute exchange. Not limited to HTTP. We rushed through this in 10 minutes. Twelve people indicated interest in this problem. * EKR4 - Eliot's Dad's Problem (EDP) of unhealthy password reuse / storage. There was a view that done properly 1 and/or 2 would capture this. Not clear how common that view was. Lisa commented in the chat room and perhaps live that there's the potential for a lot of commonality between EKR1 & EKR2. [I surmise the same is the case for EKR4.] There was a healthy discussion about UI and IETF involvement in which EKR best summed it up by saying that there are three possible things we could say: 1. Nothing; 2. "Implementations must clearly indicate to users when a password is being typed into a trusted interface"; or 3. "This is how the dialogs must look..." Eric argued that (2) was most appropriate and I didn't hear or read any objection. Bob Morgan put it this way: /"where [user makes security decision] and [info available to user at that time] are things that can be written into protocol flows" / Eric suggested a loose bottom up hierarchy of EKR1, EKR4(EDP), EKR2, EKR3. Throughout the entire BoF there was a side conversation of SASL v. GSS. Eliot _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Eliot Lear
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- RE: [dix] DRAFT: WAE BOF minutes Hallam-Baker, Phillip
- [dix] the point of a standards process Joaquin Miller
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Joe Orton
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Gavin Baumanis
- Re: [dix] DRAFT: WAE BOF minutes Richard Megginson
- [dix] WAE BOF minutes (Final cut) Pete Resnick
- Re: [dix] WAE BOF minutes (Final cut) Pete Resnick