[pkng] Notes from the informal lunch in Hirohshima
Paul Hoffman <paul.hoffman@vpnc.org> Mon, 07 December 2009 19:13 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: pkng@core3.amsl.com
Delivered-To: pkng@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EFE83A690F for <pkng@core3.amsl.com>; Mon, 7 Dec 2009 11:13:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.688
X-Spam-Level:
X-Spam-Status: No, score=-4.688 tagged_above=-999 required=5 tests=[AWL=-1.242, BAYES_50=0.001, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQMUs9GTXgt8 for <pkng@core3.amsl.com>; Mon, 7 Dec 2009 11:13:45 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 606553A690C for <pkng@irtf.org>; Mon, 7 Dec 2009 11:13:45 -0800 (PST)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id nB7IwwgE053770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <pkng@irtf.org>; Mon, 7 Dec 2009 11:59:00 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240800c74300c21ee6@[206.173.146.196]>
Date: Mon, 07 Dec 2009 10:58:56 -0800
To: pkng@irtf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [pkng] Notes from the informal lunch in Hirohshima
X-BeenThere: pkng@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Public Key Next Generation \(PKNG\) Research Group" <pkng.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/pkng>
List-Post: <mailto:pkng@irtf.org>
List-Help: <mailto:pkng-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pkng>, <mailto:pkng-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2009 19:13:47 -0000
Very informal (and very delayed) notes of a very informal PKNG lunch 2009-11-11, Hiroshima The lunch was organized as a last-minute affair, spurred by Leif Johansson. ISOC (through Lucy Lynch) kindly found us a room and paid for box lunches. Those in attendance were: 'Bob' Morgan Carl Wallace Jeff Hodges Karen O'Donoghue Leif Johansson Lucy Lynch Masaki Shimaoka Paul Hoffman Peter Saint-Andre Russ Housley Ryu Inada Sam Hartman Sean Turner Stephen Farrell Tim Polk Yasuo Miyakawa These brief notes were just snippets of the conversation. The following should make it clear that there are many ideas floating around for this work, and some need to be fleshed out more in this RG. People who made statements that sound like something below that want to expand or correct them should do so in a separate thread. Leif: Let's turn the certificate structure inside out Sam: Is this an xmf with some public keys? Leif: A trust infrastructure with entities can be in multiple rings Stephen: Our work might include symmetric keys Paul: How? This is about public keys Russ: Enrollment approaches that create a binding Sam: Wants terminology for following bindings Sam: In SAML, hard to follow chain of trust and consequences of running the protocol Carl: Define migration from current certs, then come up with another term Bob: Don't start with glossary, start with a model Jeff: What are our use cases? Lucy: Start with box of TinkerToys Peter: Make the Internet a higher trust environment Peter: Want more use of certificate auth Leif: Your relationship with Wikipedia is different than employer; use different keys Leif: But there is one identity holder Sam: But there are privacy concerns Leif: There is a difference between your credential and what you send to the relying party Stephen: Maybe you only send the key, and the other party gets the auth in some other way Russ: Try to bind attributes to different contexts Yasuo: There are federation back-end databases that are not just identity Russ: SPKI uses the public key is your identifier: what happens next is up to the relying party Russ: In HIP, you have an easy proof that the public key is yours Ryu: A device has security and identity; maybe we should have a PKI version of DHCP Ryu: But it must be easy to provision Leif: Is naming in scope? If we extend far, how will it affect our mission? Sam: We'll have to pick some form of naming Sam: Some choices will impact what we can do with this work Sam: People have different trust in attribute names and attribute values Stephen: We can look into embedding names in keys Jeff: Understanding proper terms: names, identifiers, identities Lucy: We can pass information about where something succeeded or failed Lucy: Also, can glue information about interactions Peter: How will our technology change so that people can use this stuff? --Paul Hoffman, Director --VPN Consortium
- [pkng] Notes from the informal lunch in Hirohshima Paul Hoffman