IETF Logo Mail Archive

Re: [Secret] Call for consensus on updated charter

Prachi Jain <prachi.jain1288@gmail.com> Thu, 16 June 2022 13:39 UTC

Return-Path: <prachi.jain1288@gmail.com>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 620D0C147921 for <secret@ietfa.amsl.com>; Thu, 16 Jun 2022 06:39:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F7ma2HDMlQE0 for <secret@ietfa.amsl.com>; Thu, 16 Jun 2022 06:39:42 -0700 (PDT)
Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9294DC14F741 for <secret@ietf.org>; Thu, 16 Jun 2022 06:39:42 -0700 (PDT)
Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-31756c8143aso13949507b3.12 for <secret@ietf.org>; Thu, 16 Jun 2022 06:39:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZsPG3CEkWPxhipsulUcr5AGAJdvQDfsmqatBgaEv/AA=; b=pQQyM7oS3Kcizb8AjqNP2/ifWqVK2j9IkMJG9h3e19DhC5E0wXLOdyt8Va/hXCeigv 2W8UezqNNRxOQ83uCeQLxJK9ORpoW2DTf9RupFSW6OqD2vg1OpKstXUD0twpmXSGx/RQ QM+maaCI01rpvPR4+yYfVC5QGNZqeDt6Fvd4O9pP1xqj+TsfSDm7PIX1fjF8svuONOkJ gamYJ86sgyJ5xMhWsl4sVW+JkU4qOqqpASDi7Yf5i3QRsb6Q9gF7x42/cP71M+akOIyk Pu8NehVMuPn48+aj6HH3aLaGCSfwU8ZzgtYO9mKernb85qrJQKgYsxXoRcZ7m+pqw3c5 X9bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZsPG3CEkWPxhipsulUcr5AGAJdvQDfsmqatBgaEv/AA=; b=Rf4qs8gbpQ23XumbSuUg8D/hMT1HUAHCqGaYAl5YOZkyLZA1xEhtL3MepngZoCBs5C SJ1P1sHW6Q091/bfVD19IPXwlugMIINhEw0HvEFR1FyTXCWfn6mMolSq3tW03nONI0XQ P8TSxnyaJbk4lfv5Z8bN85CYHgGJ/Jnc2wNVkZqygq9AA+D5rbu0rgy/ZC+Sr4rS64hA Iq6YInxaJ9FWDMMtFxWWwXaWFTidXVkoU41HZx1tkd3Hxi07Uyc3HtuOX85c3GHvVkgy Q7k9Ed8/5jUb7THkhfwQvS92MxVgJ4Qn8eNm9JBG6gm55sjFEoiWl7qAVsDj4o6k9BxT 1HNA==
X-Gm-Message-State: AJIora9jlOUxt7VeSnH2zZIUV3fFYv5zKl2XJci/3LdzMBvaeULdD15x cMu1F781x0FukZoSiowRtT2LGTZslYrCQFIaAJyMUCyrRvXDOQ==
X-Google-Smtp-Source: AGRyM1vdzIyY76Iwh4OZ4Gc+NWMXRM/3ZdIU4bECJElW/vNDs5cJrt1Pl0N8+wlJpbzg7ZsxHpzxlSjNA0mfUN8wlwo=
X-Received: by 2002:a81:10cf:0:b0:313:aa13:ed0a with SMTP id 198-20020a8110cf000000b00313aa13ed0amr5728848ywq.40.1655386781563; Thu, 16 Jun 2022 06:39:41 -0700 (PDT)
MIME-Version: 1.0
References: <BN2P110MB1107927315F65D68D266C26EDCAA9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107927315F65D68D266C26EDCAA9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Prachi Jain <prachi.jain1288@gmail.com>
Date: Thu, 16 Jun 2022 08:39:30 -0500
Message-ID: <CAA1-vB37_fiLuUEkfM+eL8Rh6MOoaYNCXt-yoR2h8k53FTnQcw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "secret@ietf.org" <secret@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000014be3505e190c5cb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/6DfbxLD44p-0tZk3dxo7cNLjhO4>
Subject: Re: [Secret] Call for consensus on updated charter
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 13:39:46 -0000

I support the charter and am willing to help with it.

1) Do you support the charter text? Or do you have objections or blocking
concerns (please describe what they might be)?
Yes and no concerns
If you do support the charter text:
(2) Are you willing to author or participate in the developed of the WG
drafts? yes
(3) Are you willing to review the WG drafts? yes
(4) Are you interested in implementing the WG drafts? yes


-Prachi

On Tue, Jun 14, 2022 at 5:24 PM Roman Danyliw <rdd@cert.org> wrote:

> Hi!
>
> In February 2022, the virtual SECRET BOF was convened [1].  We had a
> robust discussion on the scope of work and an initial charter presented --
> see the minutes [2].  Polling of the BoF participants showed a healthy
> consensus on understanding of the problem and interest to solve it in the
> IETF.  There also appeared to be a critical mass of energy to do this work.
>
> The BoF feedback and subsequent AD review pointed to a few places for
> refinement to the charter, to include changing the proposed name of the
> WG.  That version is included below for your review.
>
> The participants in the BoF showed consensus to proceed with chartering a
> WG.  Now with a revised charter, I'd like to continue this BoF conversion
> with an email thread to gauge interest to forming a WG to ensure we also
> capture views from those who were unable to attend the BoF or those who
> want to reiterate their positions.  Please respond to the list:
>
> (1) Do you support the charter text? Or do you have objections or blocking
> concerns (please describe what they might be)?
>
> If you do support the charter text:
> (2) Are you willing to author or participate in the developed of the WG
> drafts?
> (3) Are you willing to review the WG drafts?
> (4) Are you interested in implementing the WG drafts?
>
> If you previously spoke of at the BoF, you are welcome to repeat yourself
> here.
>
> If you have been following along on the mailing list, the charter text
> below is the one that was being polished in GitHub (
> https://github.com/dimmyvi/secure-credential-transfer/blob/main/charter.md)
> with the milestones moved to the end.
>
> This call for feedback will end on Monday, June 27.
>
> Thanks,
> Roman
>
> [1]
> https://datatracker.ietf.org/meeting/interim-2022-secret-01/session/secret
> [2]
> https://datatracker.ietf.org/meeting/interim-2022-secret-01/materials/minutes-interim-2022-secret-01-202202100900-00.html
>
> ==[ snip ]==
> WG Name = TIGRESS ("Transfer dIGital cREdentialS Securely")
>
> There are many situations in which it is desirable to transfer a copy of a
> digital credential to another person. For example, you may want to provide
> access to your vehicle to a friend or a family member. You may also want to
> provide access to your home to your cat sitter. Or, you may want to
> transfer a copy of a hotel key to your spouse. Today, no such standardized
> method exists in a cross-platform, credential type-agnostic capacity.
>
> The WG charter includes the definition and standardization of a protocol
> that will facilitate such credential transfers from one person's device to
> another person's device. The protocol will leverage a "relay server" to
> transfer data from sender to recipient. The scope of the transfer is
> limited to a single origin device and a single destination device. Note
> that neither private keys nor secret symmetric keys present on the sender's
> device are exchanged during the transfer operation. In the transfer
> protocol, the "credential" being transferred from sender to recipient
> comprises data both necessary and sufficient for the recipient to exchange
> with the credential authority for new digital key material granting the
> recipient a subset of the sender's capabilities or entitlements.
>
> Privacy goals include:
> * The relay server should not see sensitive details of the share
> * The relay server should not be able to provision the credential itself,
> acting as an intermediary for the recipient (person-in-the-middle,
> impersonation attack)
> * Aside from potentially the IP address, the relay server should not learn
> the identity of the sender or receiver
>
> Sufficient security measures should be embedded in the protocol in an
> effort to:
> * Ensure only the intended recipient is able to provision the credential
> * Ensure the credential can only be provisioned once (anti-replay)
> * Ensure the sender has intent to share (proof of the fact that the share
> initiation is attributed to a valid device and a user)
>
> The solution the WG comes up with must:
> * Allow a sender to initiate a share and define a relay server
> * Allow a recipient to view the share request, and provision the
> credential associated with the share upon receipt
> * Allow opaque message content based on the credential type (the protocol
> should be able to carry various types of credentials)
> * Allow sender device and receiver device to perform multiple round trip
> communications within a limited time frame.
> * Support a variety of types of credentials, to include those adhering to
> public standards (e.g., Car Connectivity Consortium) and proprietary (i.e.,
> non-public or closed community) formats
> * Allow opaque message content based on the credential type
>
> Out of scope topics for the WG are:
> * Defining the mechanism the receiver will use in order to provision the
> credential with the credential authority
> * The User Interface (UI) that is displayed to the sender or receiver
> during sending or receiving - this will depend on the device OEM's UI and
> HI guidelines.
> * Defining the format or content of each field within the encrypted data
> (i.e., the provisioned credentials and associated information) stored on
> the relay server.
>
> The WG will deliver a protocol to facilitate secure credential transfer.
> The WG must consider all Privacy and Security considerations in an effort
> to perform the credential transfer in a secure manner. The protocol will
> use appropriate cryptographic mechanisms to protect the transferred
> credentials in accordance with the security and privacy goals described
> above.
>
> Planned Deliverables:
>
> 2022-12: WG adoption of the secure credential transfer protocol
> 2023-12: Submit secure credential transfer protocol to the IESG for
> publication
> ==[ snip ]=
>
> --
> Secret mailing list
> Secret@ietf.org
> https://www.ietf.org/mailman/listinfo/secret
>

v2.23.0 | Report a Bug | By Email