IETF Logo Mail Archive

Re: [Lurk] Proposed Lurk Charter

Василий Долматов <vdolmatov@gmail.com> Mon, 14 March 2016 06:31 UTC

Return-Path: <vdolmatov@gmail.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2493F12DA16 for <lurk@ietfa.amsl.com>; Sun, 13 Mar 2016 23:31:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.93
X-Spam-Level:
X-Spam-Status: No, score=-1.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FR3u55nK7Su for <lurk@ietfa.amsl.com>; Sun, 13 Mar 2016 23:31:29 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E967D12D9CB for <lurk@ietf.org>; Sun, 13 Mar 2016 23:31:25 -0700 (PDT)
Received: by mail-lb0-x22a.google.com with SMTP id k15so226882591lbg.0 for <lurk@ietf.org>; Sun, 13 Mar 2016 23:31:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=B5+hs8CnxJsHip7SulU8BpzXlomDgwlONB7XT620t2U=; b=aHavw4Gv5BXkpAbfaAHJRxz84sgk+Q+hk027xhIB6gcnlcIuzaGECH/83JYSuVFZ4r y3+mfdPFvGNJVqkZVvvL8elypv4pRIn69e6GS+qawtyjw/xxKc9j1KeJF4K4nZLwSW9x alAbUvhIPg0hZ07FqPJ+gLcFcMOfZP/lXJzhV/fnxiNV6Z5IRKDNnlDWE09Q+WCf2Ij8 qnrj17EYohsqTd2Hbmjkg8jKXWV8JnjmO5GApkKGLpLMC8LX62mB5X5M0MY9YpclspCo nWoJIyn2StTf/7pesXrVtPORQTb2fZNi3WfpYre9Z8dL6NWE1I7eywHFriU7qGftRBeb fBhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=B5+hs8CnxJsHip7SulU8BpzXlomDgwlONB7XT620t2U=; b=mbeKvqrEbtcj3v2y2GKNE/Q+5pmfj9mv/tQg3jVWyUDAWWwtuZM96IWXe2s+UdzShG 14Ma7uUU6tYQ1IFLG3Z2dMb1UxSjfcc2YLOCTuiDXYOc8G/ePHIiTf7WCor3ODtLkE90 bSN1auDwd+BpkDRRVhZNTI3cQ0Cngq3hXXBX/23S22f4ov1q6LQh3s8NIpNlBtxmSI8R d/2iX5jdiAOy8PsVwCqA9EduCdYCysyVMUbkPjJSaL4i8Jc/4bji73s4+ix/r3NoYsYY 6hlbBrhzWR//hBsLCfj4S1yBKZfoag0VR20+b53I5XgAE04M8hNVzZlq0h+UkgZ12rls l9uQ==
X-Gm-Message-State: AD7BkJKHGmJbBvRg2HGr9m5RzHv5bikLOGbDPdroUYE17mGvZEInj/snb41+obYRLvEDlw==
X-Received: by 10.112.160.232 with SMTP id xn8mr5819596lbb.22.1457937084044; Sun, 13 Mar 2016 23:31:24 -0700 (PDT)
Received: from [192.168.85.3] (relay.mininform.ru. [195.161.125.4]) by smtp.gmail.com with ESMTPSA id r20sm3236713lfd.4.2016.03.13.23.31.19 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 13 Mar 2016 23:31:23 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_3502A9C2-815A-4740-9EE9-C6B5002CC43F"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Василий Долматов <vdolmatov@gmail.com>
In-Reply-To: <D509D616-2358-46D9-923B-EF0D26B577E6@standardstrack.com>
Date: Mon, 14 Mar 2016 09:31:11 +0300
Message-Id: <4FF393DC-3BBB-447D-AFD4-8F2E0B786AF6@gmail.com>
References: <32732C6F-716B-40B0-AE00-FA926664CEBA@standardstrack.com> <D509D616-2358-46D9-923B-EF0D26B577E6@standardstrack.com>
To: Eric Burger <eburger@standardstrack.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/baYjl-pvpB7ZWuyrGwL1o_5iv2Y>
Cc: LURK BoF <lurk@ietf.org>
Subject: Re: [Lurk] Proposed Lurk Charter
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2016 06:31:31 -0000

> 13 марта 2016 г., в 23:29, Eric Burger <eburger@standardstrack.com> написал(а):
> 
> I updated the draft charter with Stephen’s comments.  Not hearing anything for a week tells me either no one has read the proposed charter, everyone thinks it is great, or everyone thinks it is a waste of time and would like their two hours back in BA (BOF scheduled for 2PM on Tuesday, 5 April, in Atlantico C).
> 
> I’m trying something totally new and unknown in the IETF for the first deliverable.  Let me know your opinions.
> 
> This is one of those times when it is OK to simply say ‘OK’ or +1 or ‘Yuck’ or -1.

OK for the start

dol@

> 
> Thanks.
> 
> 
> 
> On Mar 6, 2016, at 9:40 AM, Eric Burger <eburger@standardstrack.com> wrote:
> 
> It seems we are making progress on the scope discussion on the list, as much about what we want to do as we do not want to do. Given that, and with an eye to BA, let us tear apart the following charter. It would be fantastic to have some thought out text to show the broader IETF community in April.
> 
> Note the charter references at least two different proposals for achieving the goals. I see this as a good thing: it means we are not researching science fiction (a hallmark of failed IETF work groups) and rather are doing engineering (a hallmark of successful IETF work groups). It also says we are not rubber-stamping some vendor’s proprietary protocol, which just tastes bad.
> 
> Comments please!
> 
> 
> 
> 
> Description of Working Group:
> HTTPS in typical use authenticates the server by proving ownership of a private key, which is associated with a public-key certificate. Currently most trust models assume the HTTP server owns the private keys, and that the server is responsible for both the hosted content and for the network delivery. Although these assumptions were somewhat true in the past, today, the deployment of services on the current Internet largely relies on multiple distributed instances of the service. Similarly, the delivery of popular content often splits the roles of providing the content and delivering the content. In such architectures, the application - like a web browser - expects to authenticate a content provider but is actually authenticating the node delivering the content. In this case, the confusion mostly results from using a secure transport layer to authenticate application layer content.
> 
> This work group will provide a solution to the  "offload TLS without giving the CDN my private key" use-case. The work group may also provide support for DTLS in anticipation of future secure protocols.
> 
> This work group will not address the Email and STIR use cases of an enterprise or individual delegating their private key to a service provider for signing messages on their behalf.
> 
> Related Work:
> OASIS developed the Key Management Interoperability Protocol (KMIP) <http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html> as well as PCKS #11, Cryptographic Token Interface <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html>.
> 
> 
> Goals and Milestones:
> Oct 2016	  Requirements and Use Cases Document stable with consensus to content
> Feb 2017   HTTPS delegated protocol Document to IESG
> Jun 2017   DTLS delegated protocol Document to IESG
> Oct 2016	  Requirements and Use Cases Document to IESG
> 
> 
> 
> Reading list
> • ​https://tools.ietf.org/html/draft-mglt-lurk-tls-requirements
> • ​https://tools.ietf.org/html/draft-mglt-lurk-tls-use-cases
> • ​https://tools.ietf.org/html/draft-cairns-tls-session-key-interface
> • ​https://tools.ietf.org/html/draft-hallambaker-mesh-architecture
> 
> _______________________________________________
> Lurk mailing list
> Lurk@ietf.org
> https://www.ietf.org/mailman/listinfo/lurk

v2.23.0 | Report a Bug | By Email