[Lurk] Proposed Lurk Charter
Eric Burger <eburger@standardstrack.com> Sun, 06 March 2016 15:40 UTC
Return-Path: <eburger@standardstrack.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6945E1A03A6 for <lurk@ietfa.amsl.com>; Sun, 6 Mar 2016 07:40:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.887
X-Spam-Level:
X-Spam-Status: No, score=0.887 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pi-n8bFPzdCF for <lurk@ietfa.amsl.com>; Sun, 6 Mar 2016 07:40:54 -0800 (PST)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A911A038C for <lurk@ietf.org>; Sun, 6 Mar 2016 07:40:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject: Content-Type:From; bh=EL+ZCfnnkrA6iFMR8I80xaKgeDHNrZ4rT1bxsqtL34k=; b=cBfx8k4 uABx9XBH3OZFN2IBDduBXrh8XntNvQLzga//0pP2CCQWkuUIwuPuwNidzw6xI37CCY6SS9HA5cZwR 4ircULlwHRqNnVB5MksfA55YN2o1ufjC/yXG9LiFYmlrvnfCDA9PapADDTKkAGIcqC34s/1HSK5Cx StOksBi1gk=;
Received: from 24-35-237-78.fidnet.com ([24.35.237.78]:61667 helo=[192.168.100.144]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from <eburger@standardstrack.com>) id 1acanZ-0006fj-Fa for lurk@ietf.org; Sun, 06 Mar 2016 07:40:53 -0800
From: Eric Burger <eburger@standardstrack.com>
X-Pgp-Agent: GPGMail 2.6b2
Content-Type: multipart/signed; boundary="Apple-Mail=_8652BD33-E1BA-452E-812D-7F7B25ADD50D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Date: Sun, 06 Mar 2016 09:40:48 -0600
Message-Id: <32732C6F-716B-40B0-AE00-FA926664CEBA@standardstrack.com>
To: LURK BoF <lurk@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Mailer: Apple Mail (2.3112)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/lurk/tJBcaRJlYBGaOe1X6Hsc-smt4OU>
Subject: [Lurk] Proposed Lurk Charter
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2016 15:40:55 -0000
It seems we are making progress on the scope discussion on the list, as much about what we want to do as we do not want to do. Given that, and with an eye to BA, let us tear apart the following charter. It would be fantastic to have some thought out text to show the broader IETF community in April. Note the charter references at least two different proposals for achieving the goals. I see this as a good thing: it means we are not researching science fiction (a hallmark of failed IETF work groups) and rather are doing engineering (a hallmark of successful IETF work groups). It also says we are not rubber-stamping some vendor’s proprietary protocol, which just tastes bad. Comments please! Description of Working Group: HTTPS in typical use authenticates the server by proving ownership of a private key, which is associated with a public-key certificate. Currently most trust models assume the HTTP server owns the private keys, and that the server is responsible for both the hosted content and for the network delivery. Although these assumptions were somewhat true in the past, today, the deployment of services on the current Internet largely relies on multiple distributed instances of the service. Similarly, the delivery of popular content often splits the roles of providing the content and delivering the content. In such architectures, the application - like a web browser - expects to authenticate a content provider but is actually authenticating the node delivering the content. In this case, the confusion mostly results from using a secure transport layer to authenticate application layer content. This work group will provide a solution to the "offload TLS without giving the CDN my private key" use-case. The work group may also provide support for DTLS in anticipation of future secure protocols. Email has a related use case, specifically how to off-load DKIM signing. However, DKIM already has fielded solutions to address this problem and there does not appear to be a significant need. SIP has a related use case, specifically the STIR use case of an enterprise or individual delegating their private key to a service provider for signing messages on their behalf. However, the use and management of the keys in that case are sufficiently different from the LURK use cases that it is not in scope for this work group. Related Work: OASIS developed the Key Management Interoperability Protocol (KMIP) <http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html> as well as PCKS #11, Cryptographic Token Interface <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html>. Goals and Milestones: Oct 2016 Requirements and Use Cases Document to IESG Feb 2017 HTTPS delegated protocol Document to IESG Jun 2017 DTLS delegated protocol Document to IESG Reading list • https://tools.ietf.org/html/draft-mglt-lurk-tls-requirements • https://tools.ietf.org/html/draft-mglt-lurk-tls-use-cases • https://tools.ietf.org/html/draft-cairns-tls-session-key-interface • https://tools.ietf.org/html/draft-hallambaker-mesh-architecture
- [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Stephen Farrell
- Re: [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Eric Burger
- Re: [Lurk] Proposed Lurk Charter Василий Долматов
- Re: [Lurk] Proposed Lurk Charter Dmitry Belyavsky
- Re: [Lurk] [E] Re: Proposed Lurk Charter Mishra, Sanjay
- Re: [Lurk] [E] Proposed Lurk Charter Eric Burger
- Re: [Lurk] [E] Proposed Lurk Charter Phillip Hallam-Baker