Re: [Lurk] [E] Re: Proposed Lurk Charter
"Mishra, Sanjay" <sanjay.mishra@verizon.com> Wed, 16 March 2016 02:45 UTC
Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0180312D59C for <lurk@ietfa.amsl.com>; Tue, 15 Mar 2016 19:45:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=verizon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6E9S_Q4zRZib for <lurk@ietfa.amsl.com>; Tue, 15 Mar 2016 19:45:03 -0700 (PDT)
Received: from fldsmtpe01.verizon.com (fldsmtpe01.verizon.com [140.108.26.140]) (using TLSv1.2 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACA8912DF0B for <lurk@ietf.org>; Tue, 15 Mar 2016 19:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1458096302; x=1489632302; h=from:to:date:subject:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=9HOW90z2StwP8qCQiY8uWWRx36t2dHYSZPZYTeeZMos=; b=VIaXc+2rf1TbxtUQPsKqhmtsY0Err7QZDev+o0bajCKAcUjgVxPcP1gL zX+Io6wjcI/W1/gMfObP9v+mCTl0HckSaPk6uk0h+Z7Fvo76vaB7BecyW FFmU2osW8f5G3W62fMxCu/qxSv+RPIQICZnsJjLSGfbj2LgpQQ81D/kRe 0=;
IronPort-PHdr: 9a23:kX99IxXs6yv1hRho6etBjX7ewqTV8LGtZVwlr6E/grcLSJyIuqrYZxWBt8tkgFKBZ4jH8fUM07OQ6PCwHzRZqsrQ+Fk5M7VyFDY9wf0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5K6zPF5LIiIzvjqbpq82VO1wD2Gv1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3SNp41Rr1ADTkgL3t9pIiy7UGCHkOz4S4xSGQd2jBVGQfI9lmuU53sqCT3rMJmxCCcMcTsQasoQz2p7OFgTxq+zG8jCgQauEvQpIQkiL9BozqgqgBxhYnOb9fGGuB5e/aXWNIBRXBIGo5qXipDC5L2J98UBuwDNPceqojmp0EHhQWzHwi+A+WpwThN0CyllZYm2vgsRFmVlDcrGMgD5TGN9I34
X-IronPort-Anti-Spam-Filtered: false
X-IPAS-Result: A2E0AQAKyOhW/5FHRKZeARgBAQEBDwEBAQEBCAEBAQGDCVRuuiEBDYEsQiOFagIcgSI4FAEBAQEBAQEBAmEngi0KOAoyAQEBAQEBAQEBAQEBAQEBGgIINhIBARkBAQEBAgEjEUoHBAIBBgINAQMBAwEBAwIjAwICAjAUAQIGCAEBBAESCAwHh3YBDQgFCZISi3QBAYcOihOPUQEBAQEBAQEBAQEBAQEBAQEBAQEXfIUfhEGECxEBBhiDACuBDwWHXYcOhBmERgUBhW6Jd0uDfoMaDIUxjn8eAQFChAFOAQEBiS6BMgEBAQ
Received: from unknown (HELO fldsmtpi03.verizon.com) ([166.68.71.145]) by fldsmtpe01.verizon.com with ESMTP; 16 Mar 2016 02:45:00 +0000
From: "Mishra, Sanjay" <sanjay.mishra@verizon.com>
X-IronPort-AV: E=Sophos;i="5.24,342,1454976000"; d="scan'208";a="120986502"
Received: from fhdp1lumxc7hb04.verizon.com (HELO FHDP1LUMXC7HB04.us.one.verizon.com) ([166.68.59.191]) by fldsmtpi03.verizon.com with ESMTP; 16 Mar 2016 02:44:27 +0000
Received: from fhdp1lumxc7v23.us.one.verizon.com ([166.68.59.159]) by FHDP1LUMXC7HB04.us.one.verizon.com ([166.68.59.191]) with mapi; Tue, 15 Mar 2016 22:44:26 -0400
To: Eric Burger <eburger@standardstrack.com>, LURK BoF <lurk@ietf.org>
Date: Tue, 15 Mar 2016 22:44:24 -0400
Thread-Topic: [E] Re: [Lurk] Proposed Lurk Charter
Thread-Index: AdF9ZyQ6fWneW/hjSXmm/ipT2WU6IwBxYKHw
Message-ID: <900A1E2059ADB149B905E3C8FA0046A62CE2081217@FHDP1LUMXC7V23.us.one.verizon.com>
References: <32732C6F-716B-40B0-AE00-FA926664CEBA@standardstrack.com> <D509D616-2358-46D9-923B-EF0D26B577E6@standardstrack.com>
In-Reply-To: <D509D616-2358-46D9-923B-EF0D26B577E6@standardstrack.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/NdKGJhP5mFFtXjSA1uF27VzClX4>
Subject: Re: [Lurk] [E] Re: Proposed Lurk Charter
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 02:45:05 -0000
Eric -- My suggested change to charter text is below > HTTPS in typical use authenticates the server by proving ownership of a private key Should you say " HTTPS in typical use authenticates the server by verifying ownership of a private key? > Although these assumptions were somewhat true in the past, today, the deployment of services on the current Internet largely relies on multiple distributed instances of the service. I think this assumption can still be true and not entirely in the past. If you agree then the tweak could be something like this: "Although these assumptions may still be true, today, the deployment of services on the current Internet largely relies on multiple distributed instances of the service." Thanks Sanjay -----Original Message----- From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Eric Burger Sent: Sunday, March 13, 2016 4:30 PM To: LURK BoF Subject: [E] Re: [Lurk] Proposed Lurk Charter I updated the draft charter with Stephen’s comments. Not hearing anything for a week tells me either no one has read the proposed charter, everyone thinks it is great, or everyone thinks it is a waste of time and would like their two hours back in BA (BOF scheduled for 2PM on Tuesday, 5 April, in Atlantico C). I’m trying something totally new and unknown in the IETF for the first deliverable. Let me know your opinions. This is one of those times when it is OK to simply say ‘OK’ or +1 or ‘Yuck’ or -1. Thanks. On Mar 6, 2016, at 9:40 AM, Eric Burger <eburger@standardstrack.com> wrote: It seems we are making progress on the scope discussion on the list, as much about what we want to do as we do not want to do. Given that, and with an eye to BA, let us tear apart the following charter. It would be fantastic to have some thought out text to show the broader IETF community in April. Note the charter references at least two different proposals for achieving the goals. I see this as a good thing: it means we are not researching science fiction (a hallmark of failed IETF work groups) and rather are doing engineering (a hallmark of successful IETF work groups). It also says we are not rubber-stamping some vendor’s proprietary protocol, which just tastes bad. Comments please! Description of Working Group: HTTPS in typical use authenticates the server by proving ownership of a private key, which is associated with a public-key certificate. Currently most trust models assume the HTTP server owns the private keys, and that the server is responsible for both the hosted content and for the network delivery. Although these assumptions were somewhat true in the past, today, the deployment of services on the current Internet largely relies on multiple distributed instances of the service. Similarly, the delivery of popular content often splits the roles of providing the content and delivering the content. In such architectures, the application - like a web browser - expects to authenticate a content provider but is actually authenticating the node delivering the content. In this case, the confusion mostly results from using a secure transport layer to authenticate application layer content. This work group will provide a solution to the "offload TLS without giving the CDN my private key" use-case. The work group may also provide support for DTLS in anticipation of future secure protocols. This work group will not address the Email and STIR use cases of an enterprise or individual delegating their private key to a service provider for signing messages on their behalf. Related Work: OASIS developed the Key Management Interoperability Protocol (KMIP) <http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html> as well as PCKS #11, Cryptographic Token Interface <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html>. Goals and Milestones: Oct 2016 Requirements and Use Cases Document stable with consensus to content Feb 2017 HTTPS delegated protocol Document to IESG Jun 2017 DTLS delegated protocol Document to IESG Oct 2016 Requirements and Use Cases Document to IESG Reading list • https://tools.ietf.org/html/draft-mglt-lurk-tls-requirements • https://tools.ietf.org/html/draft-mglt-lurk-tls-use-cases • https://tools.ietf.org/html/draft-cairns-tls-session-key-interface • https://tools.ietf.org/html/draft-hallambaker-mesh-architecture
- [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Stephen Farrell
- Re: [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Василий Долматов
- Re: [Lurk] Proposed Lurk Charter Dmitry Belyavsky
- Re: [Lurk] [E] Re: Proposed Lurk Charter Mishra, Sanjay
- Re: [Lurk] [E] Proposed Lurk Charter Eric Burger
- Re: [Lurk] [E] Proposed Lurk Charter Phillip Hallam-Baker