IPSEC Minutes - December 1994
Paul_Lambert-P15452@email.mot.com Sat, 24 December 1994 20:18 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02462; 24 Dec 94 15:18 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa02458; 24 Dec 94 15:18 EST
Received: from interlock.ans.net by CNRI.Reston.VA.US id aa09318; 24 Dec 94 15:18 EST
Received: by interlock.ans.net id AA27625 (InterLock SMTP Gateway 1.1 for ipsec-out@ans.net); Sat, 24 Dec 1994 15:15:07 -0500
Received: by interlock.ans.net (Internal Mail Agent-5); Sat, 24 Dec 1994 15:15:07 -0500
Received: by interlock.ans.net (Internal Mail Agent-4); Sat, 24 Dec 1994 15:15:07 -0500
Received: by interlock.ans.net (Internal Mail Agent-3); Sat, 24 Dec 1994 15:15:07 -0500
Received: by interlock.ans.net (Internal Mail Agent-2); Sat, 24 Dec 1994 15:15:07 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Paul_Lambert-P15452@email.mot.com
Received: by interlock.ans.net (Internal Mail Agent-1); Sat, 24 Dec 1994 15:15:07 -0500
Date: Sat, 24 Dec 1994 13:07:00 -0600
To: minutes@CNRI.Reston.VA.US, ipsec@ans.net
Subject: IPSEC Minutes - December 1994
Message-Id: <M12954.002.c0550.1.941224201241Z.CC-MAIL*/OU=SECCG/OU=AZBH/PRMD=MOT/ADMD=MOT/C=US/@MHS>
CURRENT MEETING REPORT Reported by Paul Lambert/Motorola Minutes of the IP Security Working Group (IPSEC) The IP Security (IPSEC) working group met three times during the 31st IETF. The first meeting focused on the development of the IP Security Protocol (IPSP) specification. The next two sessions covered the development of the Internet Key Management Protocol (IKMP). IP Security Protocol (IPSP) The IPSP draft-in-progress was discussed with some debate on specific PDU format issues. Rough consensus was reached on the encapsulation techniques and formats. The baseline security transformations for IPSP will place the Next Protocol, PAD Length, and optional PAD fields at the end of the protected data. These formats will be documented and released late in December as a draft IPSP specification. Jim Hughes (NSC) gave a short presentation on an implementation of a network layer security device. This system used an ethertype field rather than an IP next protocol field and provided sequence integrity and packet compression. Internet Key Management Protocol (IKMP) Seven presentations were given (Monday and Wednesday) on specific key management approaches and proposals. o SESAME V3 o "IEEE Standard 802.10C - Key Management" IEEE 802.10C o "Modular Key Management Protocol (MKMP)" (draft-cheng-modular-ikmp-00.txt) o "Simple Key-Management For Internet Protocols (SKIP)" (draft-ietf-ipsec-aziz-skip-00.txt) o "Photuris Key Management Protocol" (draft-karn-photuris-00.txt) o "Group Key Management Protocol (GKMP)" (draft-harney-gkmp-spec-00.txt, draft-harney-gkmp-arch-00.txt) o "Yet Another Key Management Proposal (YAKMP)" (http://www.network.com/external/news_releases/security.shtml) A presentation on SESAME V3 was given by Piers V McMahon (ICL Enterprises). SESAME V3 provides an approach for the interoperability of asymmetric and symmetric systems - in particular Kerberos and RSA. SESAME V3 KM protocol appears to have similar scope to the key management work in IEEE 802.10. This presentation was informational and no proposal was made to directly use SESAME V3 as IKMP. Russ Housley (Spyrus) gave a presentation on the IEEE 802.10C Key Management specification. The latest version of IEEE 802.10C is available on line (ftp from atlas.arc.nasa.gov in two files /pub/sils/kmpd6.ps1 and kmpd6.ps2) IEEE 802.10C uses the ISO Generic Upper Layer Security (GULS) specification, the OSI Upper Layer Architecture, and the ACSE protocol. Concern was expressed about the complexity of the GULS specification, but this concern was counteracted when Russ indicated that the specification would be rewritten in Internet style if the IETF adopted IEEE 802.10c. IEEE 802.10c was the most complete specification presented at the meeting. It provides a generic framework for key management, but does not currently provide a worked example of the cryptographic processing. The Modular Key Management Protocol (MKMP) was presented by Amir Herzberg (IBM). MKMP has been documented as an I-D (draft-cheng-modular-ikmp-00.txt) as a specific proposal for IKMP. MKMP proposes a modular approach with an upper module in which a long-lived (``master'') key is exchanged between the communicating parties, and a lower module, in which the already shared (master) key is used for the derivation, sharing and/or refreshment of additional short-lived keys to be used for the cryptographic transformations applied to the data. Some of the techniques in this proposal are covered by IBM patents. IBM is working to grant "royalty-free right" to use of US Patent #5,148,479 "if the IBM proposal is included in the final Internet standard" and "parties who commit to grant IBM rights of similar scope under their patents that relate to the Internet standard in question." Ashar Aziz (Sun Microsystems, Inc.) presented a "Simple Key-Management For Internet Protocols" (SKIP). SKIP is available as an Internet-Draft (draft- ietf-ipsec-aziz-skip-00.txt). SKIP was designed to solve a specific multicast scenario. The demonstration implementation of SKIP was running a video application. SKIP provides a means to create a key with a unique "one- way" key establishment. SKIP does not provide any attribute negotiation. A patent has been applied for by SUN on the SKIP mechanism, but SUN has taken a position that: "The SKIP patents (when they issue) will be placed in the public domain. Anyone may use it if they wish, with no rights or dues pertaining to Sun. There will be no need to license SKIP patent rights." Phil Karn (Qualcomm) presented "Photuris and IKMP Requirements". Photuris is an experimental protocol that Photuris is an experimental key management protocol intended for use with the IP Security Protocol (IPSP) in a point-to- point mode. Photuris combines Diffie-Hellman key exchange with RSA authentication to provide perfect forward secrecy and is also designed to thwart certain types of active denial of service attacks on host resources. Photuris exchanges a "cookie" before initiating public-key operations, thwarting the saboteur from flooding the recipient using random IP source addresses. Photuris also provides anonymity for the identities of the peer systems. The flooding prevention and anonymity requirements were well received by the working group. The "Group Key Management Protocol" (GKMP) was described by Carl Muckenhirn. GKMP is being submitted to the Working Group for consideration as a method of key management for multicast internet services and is documented in two Internet-Drafts (draft-harney-gkmp-spec-00.txt, draft-harney-gkmp-arch- 00.txt). The GKMP architecture describes the management of cryptographic keys for multicast communications. GKMP provides the ability to create and distribute keys within arbitrary-sized groups without the intervention of a global/centralized key manager. The GKMP combines techniques developed for creation of pairwise keys with techniques used to distribute keys from a KDC (i.e., symmetric encryption of keys) to distribute symmetric key to a group of hosts. Jim Hughes (Network Systems Corporation) gave a presentation on "Yet Another Key Management Proposal". The signaling used by NSC in their secure router product was described. The device uses RSA for authentication, Diffie- Hellman for key exchange, a number of symmetric ciphers, MD5 for data integrity and also provides data compression. NSC provided detailed descriptions of their design and stated that they intend to follow the recommendations and implement the results of the IPSEC working group. (http://www.network.com/external/news_releases/security.shtml) IKMP Discussion and Issues A group discussion on the various proposals focused on a matrix of comparison criteria. These criteria included: Published Internet-Draft, Key Exchange Independence, Worked Public Key Based Key Exchange, Public Key Methods, Symmetric Key Methods, Attribute Negotiations (for SA, and during which phase?), Application Protocol (not Built into IPSP), Multicast Support, Defeat Bogus Initiates, Hiding Certificates Exchanged (Encrypting), Working Code / Implementation, Security Management Protocol (versus just session key establishment), one-way exchange, perfect forward secrecy, RSAREF implementable, performance, and revocation. Evaluation of the proposal features will be discussed on the net by evaluating and ranking IKMP requirements. The work on IKMP will focus over the next period on the comparison and consolidation of the proposals. Attendees of December 1994 IPSEC Working Group Meetings Ran Atkinson atkinson@itd.nrl.navy.mil Werner Atmesher atmesher@di.epf7.ch Madelyn Badger Madelyn@hs.com Ward Bathrick ward@mls.hac.com Doug Bayer dbayer@microsoft.com Shaun Bharrat bharrat@dss.com Kym Blair kdblair@dockmaster.ncsc.mil Eric Blossom eb@comsec.com Uri Blumenthal uri@watson.ibm.com Ed Brencovich edb@dss.com Tip Brisco brisco@rutgers.edu David Carrel carrel@crisco.com Brett Chappell bchappe@relay.nswc.navy.mil Pau-Chan Cheng pau@watson.ibm.com Corwin corwin@asylum.sf.ca.us Hadmut Danisch danisch@isa.uka.de Whitfield Diffie whitfield.diffie@eng.sun.com Dale Drew ddrew@mci.net Steve Dussse Steve@rsa.com Donald Eastlake Dee@lkg.dec.com Greg Edwards edwardsg@lmsc.lockheed.com Mark Eichin eichin@cygnus.com David Ferenz Dferenz@shl.com Antonio Fernandez afa@bellcore.com Rich Fox kck@netcom.com Craig Fox craig@ftp.com Barbara Fraser byf@cert.org Jerome Freedman Jr. jfjr@mbunix.mitre.org Dan Frommer danf@radmail.rad.co.il Atsuchi Fujioko jun@sucaba.isl.ntt.jp Alexander Galitsky sasha@elivs.msk.su Maria Gallagher mgallagh@atlas.are.nasa.gov Juan A. Garay garay@watson.ibm.com Dale Geesey geeseyd@bah.com Jisoo Geiter geiter@mitre.org Rob Glenn glenn@snad.ncsl.nist.gov Dragan Grebaich dragan@bnr.ca Daniel T. Green dtgreen@relay.nswc.navy.mil Per-Olof Haeffner poh@fmu.se Neil Haller nmh@bellcore.com Dan Hanson hanson@afc4a.safb.af.mil Dewayne Hendricks dewayne@tetherless.com Amir Herzberg amir@watson.ibm.com Marc Horowitz marc@cam.ov.com Russell Housley housley@spyrus.com Jim Hughes Hughes@network.com Dale Johnson dmj@mitre.org LaMont Jones lamont@hp.com Phil Karn Karn@qualcomm.com Charlie Kaufman charlieskaufman@iris.com Kevin Kim kkim@rch.mci.com Katsumi Kobayashi Klaus-Peter Kossabrowski kpk@cert.dfn.de Hugo Krawczyk hugo@watson.ibm.com Craig Labovitz labovit@merit.edu Paul Lambert Paul_Lambert@email.mot.com Ying-Da Lee ylee@syl.dl.nec.com Marcus Leech mleech@bnr.ca John Linn linn@ceng.ov.com John Lowry jlowry@bbn.com Betty Machmar machmar@hydra.dra.hug.gb Cheryl Madson cmadson@baynetworks.com Phil Maier Phil@lmsc.lockheed.com Louis Mamakos LOUIE@UUNET.UU.NET Shawn Mamras mamras@ftp.com Jeff Marcus marcus@jvnc.net Tom Markson markson@incog.com Antony Martin Martin@hydra.dra.hmg.gb Douglas Maughan wdmaugh@tycho.ncsc.mil Piers McMahon p.v.mcmahon@rea0803.wins.icl.co.uk Tod McQuillin devin@lm.com Perry Metzger perry@piermont.com Bob Moskowitz rgm3@is.chrysler.com Toni Murase murase@sumitomo.com Andrew Myles andrewm@mpce.mg.edu.ca Dan Nessett nessett@eng.sun.com Michael Oehler mjo@tycho.ncsc.mil Mark Oliver oli@hyperk.com Hilarie Orman ho@cs.arizona.edu Bill Owens owens@utd.rochester.edu Martin Patterson martinp@france.sun.com Charles Perkins perk@watson.ibm.com Bad Phan phan@itd.nrl.navy.mil Joseph Ramus Ramus@nersc.com Eric Rescorla ekr@eit.com Randy Rettberg rettberg@apple.com Carl Rigney cdr@livingston.com Aviel Rubin rubin@bellcore.com Vipin Samar vipin@eng.sun.com Mark Schertler MJS@tycho.ncsc.mil Allan M. Schiffman ams@eit.com Jeff Schiller jis@mit.edu John Scudder jgs@merit.edu Chris Seabrook cds@ossi.com Nachum Shacham shacham@csl.sri.com Bill Simpson BSimpson@morningstar.com Phil Smiley psmiley@lobby.ti.com Charles Smith chas@act.acu.oig.au David Solo solo@bbn.com Bill Sommerfield sommerfld@apollo.hp.com Don Stephenson dons@eng.sun.com Oscar Strohacker strog@vnet.ibm.com Kwang-Pill Sung scc@netcom.com Steve Sweeney Steven_Sweeney@3mail.3com.com Jagannadh S. Tangirala c1jaggu@watson.ibm.com John Taus taus@unet.ibm.com Ted Ts'o tytso@mit.edu Carolyn Turbyfmi turby@eng.sun.com Tony Valle tvalle@orlando.loral.com Paul Van Oorschot paulv@bnr.ca Dale Walters walters@snad.ncsl.nist.gov Howard Weiss hsw@columbia.sparta.com David Woodgate davidw@its.csiro.au Suguru Yamaguchi suguru@is.ais-nara.ac.jp Shin Yoshida yoshida@sumitomo.com Jim Zmuda zmuda@spyrus.com Glen Zorn gwz@cybersafe.com
- IPSEC Minutes - December 1994 Paul_Lambert-P15452