[Secdispatch] Requesting agenda time for draft-krose-multicast-security

"Holland, Jake" <jholland@akamai.com> Wed, 27 October 2021 00:16 UTC

Return-Path: <jholland@akamai.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC5A3A195C for <secdispatch@ietfa.amsl.com>; Tue, 26 Oct 2021 17:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcwV8JElTyu3 for <secdispatch@ietfa.amsl.com>; Tue, 26 Oct 2021 17:16:54 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 801AC3A195A for <secdispatch@ietf.org>; Tue, 26 Oct 2021 17:16:54 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.1.2/8.16.1.2) with SMTP id 19R07jIo016183 for <secdispatch@ietf.org>; Wed, 27 Oct 2021 01:16:51 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=MBmmnOOwVqzY9fk/Ip8w/zeEb9tLYwNmaIfCJ/c9y9Y=; b=A/y8V0wcAF4Zi7eJoj+m3iZHy1OvUtLq4FBL+xEmiiA+aWk+FWEz/a8OSnd5YM1GtsF5 htlwfqcUny+tX91t/MmWy7R/CaHkojq+JD5/AHwOFXMT7IYNrBcCjdobbPdYGBqwt4+S zi1PlN7ki/NNBT+3xuwRJIAUNjYsQpzkA8I6FJXRGvejRR9tGe6wAQUxloEaMqiBn6ve 2OfAFhuQqzuJMNJFOiCUS1BnicUqRLIjLj/iChvnMznsr51JIL94my+/1E6tbE4xWf9g hezdrySzGorIysBxhoTQ79NjvO8UY2BbQu+56FmI+DTPV5+K2lf/U3CIuVwHl6dcdP8M bw==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050095.ppops.net-00190b01. with ESMTP id 3bxsbfdafp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <secdispatch@ietf.org>; Wed, 27 Oct 2021 01:16:51 +0100
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 19R04DeQ019882 for <secdispatch@ietf.org>; Tue, 26 Oct 2021 20:16:50 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint7.akamai.com with ESMTP id 3bx573yx9a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <secdispatch@ietf.org>; Tue, 26 Oct 2021 20:16:50 -0400
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.165.122) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.165.120) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Tue, 26 Oct 2021 19:16:49 -0500
Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.165.122]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.165.122]) with mapi id 15.00.1497.024; Tue, 26 Oct 2021 19:16:49 -0500
From: "Holland, Jake" <jholland@akamai.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: Requesting agenda time for draft-krose-multicast-security
Thread-Index: AQHXysfvqNU+fYdr3U6RFCkpKpFXZQ==
Date: Wed, 27 Oct 2021 00:16:49 +0000
Message-ID: <898062F9-1B8F-46D7-96AE-1C7769F162A9@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.53.21091200
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <93DDBA9CF90C88498F3605D52848F395@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.790 definitions=2021-10-26_07:2021-10-26, 2021-10-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=780 mlxscore=0 adultscore=0 bulkscore=0 phishscore=1 malwarescore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110260130
X-Proofpoint-ORIG-GUID: jZnIULhgj40ZlVcQrGNZM5PM8Jfj4Bki
X-Proofpoint-GUID: jZnIULhgj40ZlVcQrGNZM5PM8Jfj4Bki
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-26_07,2021-10-26_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 adultscore=0 clxscore=1011 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxlogscore=660 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110260131
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/N1jDh7MRHupuPIf1S5BiLDecGGY>
Subject: [Secdispatch] Requesting agenda time for draft-krose-multicast-security
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2021 00:16:59 -0000

Hi secdispatch,

I hope some of you had a chance to take a look at the document
Kyle sent about the security model for multicast for web traffic[0]:
https://datatracker.ietf.org/doc/html/draft-krose-multicast-security

I'm requesting a slot to talk about it for IETF 112, and hoping we
can get it dispatched to an appropriate venue.

Some background:

We've been doing some work on making multicast viable for web
traffic.  I'm chairing a W3C community group chartered to incubate
it[1].  We have a straw-man API[2] with a demo implementation[3]
(without the proposed authentication scheme[4] implemented yet)
that can support an app ported to wasm playing video[5].  As the
charter states, we're aiming to get into webtransport first in a
way functionally similar to the demo (server-to-client datagrams), 
and into other APIs like fetch/xhr, the h5 download attribute, and
webrtc afterwards.

We had hoped to do some further experimentation behind a command-
line flag, but my understanding of the key feedback we got when we
suggested this to chromium[6] was that we need a better security
model with wider consensus before we can do anything like this.
In particular, proposals for web traffic that have different
security properties from TLS will need robust review.

So we're looking for the right venue (and reviewers!) to establish
a well-considered IETF consensus on what it takes to make multicast
safe enough for the modern internet, particularly including web
traffic.

We're hoping the final version of this doc will serve as the
foundation for guiding any necessary extensions to the appropriate
protocols, in much the same role that RFC 8826 played for WebRTC.

Thanks and regards,
Jake

PS:  Please note that it may also be appropriate and valuable,
depending on the answer, to move draft-ietf-mboned-ambi to the same
venue, as some of the discussion in mboned made me suspect it may
not be the right home for discussion of its security properties.

[0] https://mailarchive.ietf.org/arch/msg/secdispatch/LRMHRKiHfk3vgV43KRbG31x-y4I/
[1] https://www.w3.org/community/multicast/
[2] https://github.com/GrumpyOldTroll/wicg-multicast-receiver-api/blob/master/explainer.md 
[3] https://github.com/GrumpyOldTroll/chromium_fork
[4] https://datatracker.ietf.org/doc/html/draft-ietf-mboned-ambi
[5] https://www.w3.org/2021/10/TPAC/demos/multicast.html
[6] https://groups.google.com/a/chromium.org/g/net-dev/c/TjbMyPKuRHs/m/_Syfhri7AAAJ