[Mcic] Web Obj Security bar BoF - Sunday Nov 9th

Salvatore Loreto <salvatore.loreto@ericsson.com> Tue, 04 November 2014 18:54 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: mcic@ietfa.amsl.com
Delivered-To: mcic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D26201A7017 for <mcic@ietfa.amsl.com>; Tue, 4 Nov 2014 10:54:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.2
X-Spam-Status: No, score=-6.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_INVITATION=-2, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id QtgFXk-4FUJJ for <mcic@ietfa.amsl.com>; Tue, 4 Nov 2014 10:54:43 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC7D1A6F9F for <mcic@ietf.org>; Tue, 4 Nov 2014 10:54:39 -0800 (PST)
X-AuditID: c1b4fb30-f79e66d000000ff1-76-545920ec1128
Received: from ESESSHC011.ericsson.se (Unknown_Domain []) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id EE.46.04081.CE029545; Tue, 4 Nov 2014 19:54:36 +0100 (CET)
Received: from ESESSMB109.ericsson.se ([]) by ESESSHC011.ericsson.se ([]) with mapi id 14.03.0174.001; Tue, 4 Nov 2014 19:54:36 +0100
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
To: Greg Wilkins <gregw@intalio.com>, Mark Nottingham <mnot@mnot.net>, "Simone Bordet" <sbordet@intalio.com>, Larry Masinter <masinter@adobe.com>, "Barry Leiba" <barryleiba@computer.org>, Pete Resnick <presnick@qualcomm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Jari Arkko <jari.arkko@ericsson.com>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>, Alissa Cooper <alissa@cooperw.in>, Richard Barnes <rlb@ipv.sx>, Sean Turner <turners@ieca.com>, "joe@salowey.net" <joe@salowey.net>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, "fielding@gbiv.com" <fielding@gbiv.com>, "kolkman@isoc.org" <kolkman@isoc.org>, "allison.mankin@gmail.com" <allison.mankin@gmail.com>, "ynir.ietf@gmail.com" <ynir.ietf@gmail.com>, "J.deBorst@F5.com" <J.deBorst@F5.com>, Peter Saint-Andre <stpeter@stpeter.im>, "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>, "emile.stephan@orange.com" <emile.stephan@orange.com>, "Brian Raymor (MS OPEN TECH)" <Brian.Raymor@microsoft.com>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>, Rob Trace <Rob.Trace@microsoft.com>, Roberto Peon <fenix@google.com>, Martin Nilsson <nilsson@opera.com>, "Eric Rescorla" <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, "dmitry.anipko@microsoft.com" <dmitry.anipko@microsoft.com>, Craig Taylor <craig.taylor@bbc.co.uk>, Mike Jones <Michael.Jones@microsoft.com>, "Simon Pietro Romano" <spromano@unina.it>
Thread-Topic: Web Obj Security bar BoF - Sunday Nov 9th
Thread-Index: AQHP+GDGo+SEqCaVVke0/uHUhwEkWg==
Date: Tue, 4 Nov 2014 18:54:34 +0000
Message-ID: <2770FB71-B99B-4B92-B78A-9EE336EE9C16@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_2770FB71B99B4B92B78A9EE336EE9C16ericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTYRTHed7rWglvmvVkELWCoIstizqhqfnppYhuQlZErXpRyWbsVTOK 8FYfnNrSMly2tC1ZMrNNXY402wotWXaBVpjlbWazIBMvmaipr4Hffuec3/k/58MjI/09dJAs Xp0kaNSqBAUjp4pixi9t+LnicLRyaCQMbrnHEXzUDhPgMr6nod3QRcAjexUCpzmTAPOPFhac DX8omMxRgsG+F5qKrCTocr9RcN/xlYbiv5ksvK5rYsFua2AhzZEID3+VsOBxTyCYaNOR0Fbz FEF94QAFlQPdCK6ZrAy8zfIxcDNvBzwY1zLQP+IjwH71Ewm36j0sNNZdI6G2RTf1QmM/EbmS LxzNIfmOKjPD3xiz0nxWeS7JD3p9BF+h/cDwprv1BG9pz2N5h/4LyxttDQxfYkvm24r7ad5k GiX4yZ5ili+w6im+rzCd3rf0iDzstJAQnyJoNoafkMe5vSPkufu7Uss62TRk2JGN5skwtwW/ HDQTEi/Gb79WMtlILvPnXiDc1epAUnEP4VKdm5m2GG4r7u2sJqcHi7iK+XiovpKcHpDcKny7 z0NPcwC3Gd8Zts7ELuIAj7V6SImDsc6hm+lT3Gr8+3r+DPtxEfhxV/qMg6bOGGm2EFLmEtzq vTt7HodNdW9IiQOxr3uClliB001eWvJPYW1zBiNlLsSviryUDgXo50Tp52j6OZrUX49Lngww Eq/DZaU/yP/sftY9uxuKJ50F1FynBMnKUaAoiCfPxoaEBAua+FOimKgOVgtJNjT1EZ3VY8pa 5Ovd6UKcDCkW+Cl3xkT706oU8cJZF1omoxRL/EpbDAf9uVhVknBGEM4JmuOa5ARBdCFCNi8o DQWO2lwdEY7lNevjatJ+HhpM2h1aOR6aM7x1+5qVn2MPVqmbFFeOnrwQvsVYVv7cndVrT3Qf qAjpiGr8vi/mjdwZnR/VVnzi8p93nyxKg/FMbdH+gtSAz8HVR8xx503bjzVs67mdp33frN7c bsygulrWRloSX/Zd7A/sSY+9I+Za6D0KSoxTbVpLakTVP8p2whNpAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/mcic/VtK5yjbLcezpRLXDhT5ufn8sUIQ
X-Mailman-Approved-At: Tue, 04 Nov 2014 10:56:23 -0800
Cc: "mcic@ietf.org" <mcic@ietf.org>
Subject: [Mcic] Web Obj Security bar BoF - Sunday Nov 9th
X-BeenThere: mcic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "MCIC \(Multiparty Content Integrity and Confidentiality\) > " <mcic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mcic>, <mailto:mcic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mcic/>
List-Post: <mailto:mcic@ietf.org>
List-Help: <mailto:mcic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mcic>, <mailto:mcic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 18:54:46 -0000


While you are getting ready for your next surfing adventure in the clear waters of Hawaii, an invisible shark is lurking ready to attack again.
This is not a joke. Pervasive monitoring is a threat and an attack as it has been clearly identified and articulated in RFC 7258( https://tools.ietf.org/html/rfc7258 )by the IETF community. It is a threat for individuals as it invades their privacy and a threat for organizations as it erodes their credibility in front of their customer constituency. It is a threat to the society as it challenges and inhibits the very basic rights like freedom of expression. We must stop it and it is in our power to act by providing the next generations' internet users with tools that make unlawful monitoring difficult if not impossible. Our role in the IETF community is to evolve the internet protocols in order to adapt to the society requirements and to fend off the new (or old) threats. We live in a digital world where everything we do and everything we say is one way or another captured, stored and shared in electronic format. The Internet plays a central role in our lives, our work and our social activities. It helps us connect, be informed and it has already shown us the potential to topple oppressive governments as it happened  in Egypt or to fund non-profit causes as it was the case for Ice Bucket challenge.

The IETF community rallied behind the commitment to improve and enforce better security in the protocols we develop to preserve and protect the privacy of the internet users, to regain their trust in an internet for everyone. We all got excited about this objective and while existing protocols like TLS, support strong client server e2e encryption they fail short at allowing more complex internet delivery methods to be implemented and deployed. From content distribution networks to interconnected web of things we are looking at a very sophisticated mesh where connections are optimized and enhanced by specialized intermediaries that improve efficiency and quality of experience. In fact RFC 7258 acknowledges that certain forms of monitoring like network management functions are necessary and should not be considered attacks.

On this premise, a few of us thought it would be useful to have a dialogue about the challenges we are faced in deploying e2e encryption over the internet, the use cases that require multi party negotiation for content integrity and confidentiality and the requirements for intermediary aware protocols and applications.
This informal session will try to identify the problem, scope the use cases, analyze existing solutions, present a few new proposals and most importantly facilitate the dialogue about the next steps we should take in order to accomplish our goals of building better and more secure protocols for the internet.
We compiled a short draft http://www.ietf.org/internet-drafts/draft-reschke-objsec-00.txt that attempts to touch some of the topics but it should only serve as a starting point for a more engaged dialogue that we expect to have during the bar bof session.

We have reserved Coral 2 room from 16:00 to 18:00 on Sunday Nov 9th and we hope to see you there.
Your RSVP is kindly requested in order to better plan for the session.

This is an open invitation so feel free to forward this to anybody that might be interested in contributing to the discussion and can bring additional use cases or security considerations to the table.

The right venue to discuss the draft and/or to send any question related to the topic is the MCIC (Multiparty Content Integrity and Confidentiality)
non wg mailing list.
You can subscribe here: https://www.ietf.org/mailman/listinfo/mcic

We are aware about the overlap with the newcomers meeting and while we understand that some of you might have obligations to be there, we hope that you can stop by and share some thoughts with us on this important topic.

Looking forward to hearing from you.

Best Regards,
Dan Druta, Salvatore Loreto