Re: [Lurk] LURK: proposed charter for review
"Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com> Fri, 08 July 2016 08:02 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69ED512D537 for <lurk@ietfa.amsl.com>; Fri, 8 Jul 2016 01:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-v9Idyd2cEq for <lurk@ietfa.amsl.com>; Fri, 8 Jul 2016 01:02:08 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EB2712D513 for <lurk@ietf.org>; Fri, 8 Jul 2016 01:02:07 -0700 (PDT)
Received: from fr712umx3.dmz.alcatel-lucent.com (unknown [135.245.210.42]) by Websense Email Security Gateway with ESMTPS id 2A7482B3B13A; Fri, 8 Jul 2016 08:02:04 +0000 (GMT)
Received: from fr711usmtp1.zeu.alcatel-lucent.com (fr711usmtp1.zeu.alcatel-lucent.com [135.239.2.122]) by fr712umx3.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u6882520010804 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 8 Jul 2016 08:02:05 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id u68824fa006726 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 8 Jul 2016 10:02:05 +0200
Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.136]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Fri, 8 Jul 2016 10:02:02 +0200
From: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, LURK BoF <lurk@ietf.org>
Thread-Topic: [Lurk] LURK: proposed charter for review
Thread-Index: AQHR2HgSg0tTsN/a/0GtEc0s5rOi76AOHE2A
Date: Fri, 08 Jul 2016 08:02:02 +0000
Message-ID: <D3A5155E.6C012%thomas.fossati@alcatel-lucent.com>
References: <577E965F.6060508@gmail.com>
In-Reply-To: <577E965F.6060508@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-originating-ip: [135.239.27.39]
Content-Type: multipart/alternative; boundary="_000_D3A5155E6C012thomasfossatialcatellucentcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/BbYXCENRQxeUw2n2Pr57VGtDH5E>
Subject: Re: [Lurk] LURK: proposed charter for review
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 08:02:10 -0000
Hi Yaron, Eric,
Looks good, thanks.
A note: LURK should have a good capability discovery mechanism as well. This is key to allow protocol extensions & to accommodate other use cases that may come up in the future. I would say this is in scope, and should be spelled out clearly in the charter?
Cheers, t
From: Lurk <lurk-bounces@ietf.org<mailto:lurk-bounces@ietf.org>> on behalf of Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>>
Date: Thursday, 7 July 2016 18:50
To: LURK BoF <lurk@ietf.org<mailto:lurk@ietf.org>>
Subject: [Lurk] LURK: proposed charter for review
Hi Everyone,
LURK is having a second BoF meeting in Berlin, and we hope to conclude it by forming a WG. Below is proposed charter text for this tentative WG. Eric and I would like to initiate the discussion before we meet in Berlin and then use the meeting for issues that require deeper discussion and/or to get feedback from people who are not regulars on this list.
Thanks,
Eric and Yaron
---
Classic HTTPS authenticates the server by proving ownership of a private key associated with a public-key certificate. Most trust models assume an HTTP server owns the private keys and the server is responsible for both the hosted content and network delivery. Although these assumptions were largely true in the past, today the deployment of services on the Internet largely relies on multiple, distributed instances of the service, not necessarily operated by the content owner. In such architectures, the application - like a web browser - expects to authenticate a content provider but is actually authenticating the node delivering the content. In this case, confusion results from using a secure transport layer to authenticate application layer content.
The WG will focus on a solution that allows offloading TLS termination to a content delivery network (CDN) without giving the content owner's private key to the CDN. In scope are TLS and DTLS, including TLS 1.0-1.2 and, when available, TLS 1.3. This working group will not propose any changes to the client side of the TLS protocol, and the solution should support all widely deployed TLS cipher suites.
The current work items include:
- An Informative "use cases" document, which will cover the CDN use case but may encompass additional use cases.
- A Standards Track document that defines the interface between an edge server and a content owner. Security is a key concern, specifically avoiding a "signing oracle" where possible. Provisioning/management/monitoring of the protocol's endpoint is out of scope of the working group.
Delegation of RSA/ECDSA keys for other purposes is out of the scope of the working group. Such work would require the working group to recharter.
- Re: [Lurk] LURK: proposed charter for review Salz, Rich
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] LURK: proposed charter for review Salz, Rich
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] LURK: proposed charter for review Yaron Sheffer
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] [E] LURK: proposed charter for review Mishra, Sanjay
- [Lurk] LURK: proposed charter for review Yaron Sheffer
- Re: [Lurk] LURK: proposed charter for review Erik Nygren
- Re: [Lurk] LURK: proposed charter for review Phillip Hallam-Baker
- Re: [Lurk] LURK: proposed charter for review Василий Долматов
- Re: [Lurk] LURK: proposed charter for review Yaron Sheffer