Re: [dix] DRAFT: WAE BOF minutes
"Ben Laurie" <benl@google.com> Tue, 18 July 2006 12:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2p5c-0003bO-Du; Tue, 18 Jul 2006 08:54:16 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2p5a-0003Zm-OG for dix@ietf.org; Tue, 18 Jul 2006 08:54:14 -0400
Received: from smtp-out.google.com ([216.239.33.17]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2p5Z-0007jQ-3O for dix@ietf.org; Tue, 18 Jul 2006 08:54:14 -0400
Received: from chris.corp.google.com (chris.corp.google.com [172.24.0.146]) by smtp-out.google.com with ESMTP id k6ICs2ee006799 for <dix@ietf.org>; Tue, 18 Jul 2006 13:54:04 +0100
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=received:message-id:date:from:to:subject:in-reply-to: mime-version:content-type:content-transfer-encoding: content-disposition:references; b=CltbY7MWu2QUMfcUtQAJxArHV+atjSU4jmNQY1B8Cxx9PYHHc5ZuSFgUJeX4slCOz c3l371weV3dgT4HfTflQw==
Received: from smtp-out2.google.com (fpx33.prod.google.com [10.253.24.33]) by chris.corp.google.com with ESMTP id k6ICj27U031218 for <dix@ietf.org>; Tue, 18 Jul 2006 05:54:00 -0700
Received: by smtp-out2.google.com with SMTP id 33so29684fpx for <dix@ietf.org>; Tue, 18 Jul 2006 05:53:58 -0700 (PDT)
Received: by 10.253.15.5 with SMTP id 5mr555484fpo; Tue, 18 Jul 2006 05:53:57 -0700 (PDT)
Received: by 10.253.14.2 with HTTP; Tue, 18 Jul 2006 05:53:57 -0700 (PDT)
Message-ID: <1b587cab0607180553mfd7f636r235f41e9f27a8987@mail.google.com>
Date: Tue, 18 Jul 2006 13:53:57 +0100
From: Ben Laurie <benl@google.com>
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] DRAFT: WAE BOF minutes
In-Reply-To: <44B932B2.6030009@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <630749EE-9B10-4F84-A3DB-2D83C1D5C2DC@sxip.com> <44B932B2.6030009@cisco.com>
X-Spam-Score: -4.3 (----)
X-Scan-Signature: 789c141a303c09204b537a4078e2a63f
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
On 7/15/06, Eliot Lear <lear@cisco.com> wrote: > Dick, > > Here are my notes from yesterday that you may wish to merge. > > Eliot > > Summary > > There was a general concern that we could end up boiling the ocean. > There are four problems that we could work on: > > 1. Non-insane replacement for HTTP digest / anti-phishing > 2. Cross Site Identity > 3. Claim and Attribute Transferral > 4. Eliot's Dad's Problem (EDP) of unhealthy password reuse / storage > or failure to remember !@#%. > > There seem to be strong support for working on the first two, weak > support for the third, and a general agreement that 4 should not be > forgotten, although it was unclear whether 4 needed to be solved > separately from 1 and 2. There was discussion on dependency between 1 > and 2. > > There also seemed to be general agreement that we should focus our > efforts on fixing HTTP browsing first, non-browsing second, and not > worry about cross application credentials. > > Lisa and the IESG now have to determine whether there should be another > BoF, separate BoFs for separate working groups or to do something else. > We also need to take into account work done by other organizations, such > as W3C, and we need to take note of UI concerns. > > > More Details > > > Pete kicked off the BoF with a discussion around common terminology, > with some attempts to define common terms like authentication, > authorization, and credentials. Required reading: RFC 2828; recommended > reading: http://identitygang.org/Lexicon and > draft-shirey-secgloss-v2-04.txt. One word that was considered out of > bounds was "identity". This caused some issues later. Jeffrey > Hutzelman suggested and there seemed to be general agreement that the > better approach would be to talk about concepts and then agree on > terms. Either way, we staggered through the terminology discussion. > > Pete then took us through a menu of problems we *could* solve: > > * Capture-Resistant Credentials (CRC) > * Hijack-Resistant Authentication (HRA) > * Portable Credentials (PC) > * Fill-in of Personal Information (FPI) > * Common User Credentials (CUC) > * Continuity of Identity (CI) > * User-Friendly Names (UFN) > * Assertion of External Claims (AEC) > * Independent Assertion of Claims (IAC) > * Private Authentication (PA) > * Single Site Unlinkability (SSU) > * Multiple Site Unlinkability (MSU) > * Attack Resistant Credentials (ARC) > * Claim Minimality (CM) > > > On the jabber there was some discussion as to whether CM is the same or > different from IAC. For the record, I'd note that CM is about providing properties of claims (e.g. proving you are over 21 given a claim of your date of birth, without revealing the date) whereas IAC is about separating claims. > > Sam next presented. He first talked about the need for an unspoofable > UI. It was pointed out that simply having a little lock box icon > doesn't solve the problem. One possible solution would be for users to > brand computers in a way that would be used for sensitive transactions, > the idea being that no spoofer could know what this branding is. Within > the jabber there was a fair amount of discussion around SAKs (secure > attention keys), and whether they could help/solve the problem. > > Next Sam talked about requirements for web authentication. MUST solve > the problem for passwords without the need for smart cards. Eliot > raised a concern about needing to support smart cards but not mandating > them as part of the architecture. This annoyed Sam ;-) Sam's > requirements also included not sending password equivalents, mandating > mutual authentication of the server, and binding authentication to the > returned web page. He went on to describe what his requirements buys. > > One of the requirements that got raised on the jabber chat was one of > "supports existing infrastructure". According to the chat log, the > infrastructure in question is authentication infrastructure or - passwords. > > Next Pete and Lisa organized discussion over what problems we could > solve. She wrote down three, which eventually became four. Here are > the four: > > * EKR1 - anti-phishing / fixing HTTP authentication, GUI, Mutual > Authentication, passwords AND other. About 20 people in the room > indicated they were interested in working on this problem. This > is the one that also requires liaising with W3C. Layer/Arch TBD. > * EKR2 - cross site identitiers. About 15 people were interested in > working on this problem; while 10 people suggested that more > analysis was needed. This effort may required shared mechanisms > with EKR1 and definitely requires coordination. Only six people > want to work on it as a separate problem. > * EKR3 - claim and attribute exchange. Not limited to HTTP. We > rushed through this in 10 minutes. Twelve people indicated > interest in this problem. > * EKR4 - Eliot's Dad's Problem (EDP) of unhealthy password reuse / > storage. There was a view that done properly 1 and/or 2 would > capture this. Not clear how common that view was. > > Lisa commented in the chat room and perhaps live that there's the > potential for a lot of commonality between EKR1 & EKR2. [I surmise the > same is the case for EKR4.] > > There was a healthy discussion about UI and IETF involvement in which > EKR best summed it up by saying that there are three possible things we > could say: > > 1. Nothing; > 2. "Implementations must clearly indicate to users when a password is > being typed into a trusted interface"; or > 3. "This is how the dialogs must look..." > > Eric argued that (2) was most appropriate and I didn't hear or read any > objection. Bob Morgan put it this way: > > /"where [user makes security decision] and [info available to user > at that time] are things that can be written into protocol flows" > > / > > Eric suggested a loose bottom up hierarchy of EKR1, EKR4(EDP), EKR2, EKR3. > > > Throughout the entire BoF there was a side conversation of SASL v. GSS. > > Eliot > > > _______________________________________________ > dix mailing list > dix@ietf.org > https://www1.ietf.org/mailman/listinfo/dix > _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Eliot Lear
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- RE: [dix] DRAFT: WAE BOF minutes Hallam-Baker, Phillip
- [dix] the point of a standards process Joaquin Miller
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Nicolas Williams
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Eric Rescorla
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Dick Hardt
- Re: [dix] DRAFT: WAE BOF minutes Joe Orton
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Jeffrey Altman
- Re: [dix] DRAFT: WAE BOF minutes Ben Laurie
- Re: [dix] DRAFT: WAE BOF minutes Gavin Baumanis
- Re: [dix] DRAFT: WAE BOF minutes Richard Megginson
- [dix] WAE BOF minutes (Final cut) Pete Resnick
- Re: [dix] WAE BOF minutes (Final cut) Pete Resnick