Re: [Lurk] [E] LURK: proposed charter for review
"Mishra, Sanjay" <sanjay.mishra@verizon.com> Fri, 08 July 2016 00:33 UTC
Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7656A12D587 for <lurk@ietfa.amsl.com>; Thu, 7 Jul 2016 17:33:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=verizon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rl92WjaF4_ed for <lurk@ietfa.amsl.com>; Thu, 7 Jul 2016 17:33:04 -0700 (PDT)
Received: from omzsmtpe03.verizonbusiness.com (omzsmtpe03.verizonbusiness.com [199.249.25.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C577B12D5D7 for <lurk@ietf.org>; Thu, 7 Jul 2016 17:33:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1467937983; x=1499473983; h=from:to:cc:date:subject:message-id:references: in-reply-to:mime-version; bh=1CcjqgdzgYhsJ45QeY/zshIDyZEL8joou56Qz5SVuwA=; b=WDMR4NJBEEGosMNQkGg/OyHWWHjnUt6vIw6VupU8vcDGKyXaM+E5nI7K b6G9c9Em1G3Yi0fzznky3u9ZNu/V1T120OGyqvA9IfIqRC6pYkKOX9XuY 95GtG5a3oztQ+uSywjyMLiTuVRETJnrY7w5ignnqFbmSW1CnusuHU24IM U=;
X-IronPort-Anti-Spam-Filtered: false
Received: from omzsmtpi02.vzbi.com ([165.122.46.172]) by omzsmtpe03.verizonbusiness.com with ESMTP; 08 Jul 2016 00:33:02 +0000
From: "Mishra, Sanjay" <sanjay.mishra@verizon.com>
X-IronPort-AV: E=Sophos;i="5.28,326,1464652800"; d="scan'208,217";a="720418008"
Received: from fhdp1lumxc7hb05.verizon.com (HELO FHDP1LUMXC7HB05.us.one.verizon.com) ([166.68.59.192]) by omzsmtpi02.vzbi.com with ESMTP; 08 Jul 2016 00:33:02 +0000
Received: from fhdp1lumxc7v23.us.one.verizon.com ([169.254.3.92]) by FHDP1LUMXC7HB05.us.one.verizon.com ([166.68.59.192]) with mapi; Thu, 7 Jul 2016 20:33:00 -0400
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Thu, 07 Jul 2016 20:32:59 -0400
Thread-Topic: [E] [Lurk] LURK: proposed charter for review
Thread-Index: AdHYeCBYGsKXBcqnQNCFXj5+2R0XmwAMMT/Q
Message-ID: <900A1E2059ADB149B905E3C8FA0046A62CEBDB3CA1@FHDP1LUMXC7V23.us.one.verizon.com>
References: <577E965F.6060508@gmail.com>
In-Reply-To: <577E965F.6060508@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_900A1E2059ADB149B905E3C8FA0046A62CEBDB3CA1FHDP1LUMXC7V2_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/I-tBqwSycV-6ZiSIjUtz8nxq3-w>
Cc: LURK BoF <lurk@ietf.org>
Subject: Re: [Lurk] [E] LURK: proposed charter for review
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 00:33:06 -0000
Yaron,
On the charter text, I have one minor change as follows:
> Classic HTTPS authenticates the server by proving ownership of a private key …
Classic HTTPS authenticates the server by verifying ownership of a private key …
-Sanjay
From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Yaron Sheffer
Sent: Thursday, July 07, 2016 1:50 PM
To: LURK BoF
Subject: [E] [Lurk] LURK: proposed charter for review
Hi Everyone,
LURK is having a second BoF meeting in Berlin, and we hope to conclude it by forming a WG. Below is proposed charter text for this tentative WG. Eric and I would like to initiate the discussion before we meet in Berlin and then use the meeting for issues that require deeper discussion and/or to get feedback from people who are not regulars on this list.
Thanks,
Eric and Yaron
---
Classic HTTPS authenticates the server by proving ownership of a private key associated with a public-key certificate. Most trust models assume an HTTP server owns the private keys and the server is responsible for both the hosted content and network delivery. Although these assumptions were largely true in the past, today the deployment of services on the Internet largely relies on multiple, distributed instances of the service, not necessarily operated by the content owner. In such architectures, the application - like a web browser - expects to authenticate a content provider but is actually authenticating the node delivering the content. In this case, confusion results from using a secure transport layer to authenticate application layer content.
The WG will focus on a solution that allows offloading TLS termination to a content delivery network (CDN) without giving the content owner's private key to the CDN. In scope are TLS and DTLS, including TLS 1.0-1.2 and, when available, TLS 1.3. This working group will not propose any changes to the client side of the TLS protocol, and the solution should support all widely deployed TLS cipher suites.
The current work items include:
- An Informative "use cases" document, which will cover the CDN use case but may encompass additional use cases.
- A Standards Track document that defines the interface between an edge server and a content owner. Security is a key concern, specifically avoiding a "signing oracle" where possible. Provisioning/management/monitoring of the protocol's endpoint is out of scope of the working group.
Delegation of RSA/ECDSA keys for other purposes is out of the scope of the working group. Such work would require the working group to recharter.
- Re: [Lurk] LURK: proposed charter for review Salz, Rich
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] LURK: proposed charter for review Salz, Rich
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] LURK: proposed charter for review Yaron Sheffer
- Re: [Lurk] LURK: proposed charter for review Fossati, Thomas (Nokia - GB)
- Re: [Lurk] [E] LURK: proposed charter for review Mishra, Sanjay
- [Lurk] LURK: proposed charter for review Yaron Sheffer
- Re: [Lurk] LURK: proposed charter for review Erik Nygren
- Re: [Lurk] LURK: proposed charter for review Phillip Hallam-Baker
- Re: [Lurk] LURK: proposed charter for review Василий Долматов
- Re: [Lurk] LURK: proposed charter for review Yaron Sheffer