Re: [Secret] Call for consensus on updated charter
Brad Lassey <lassey@google.com> Thu, 16 June 2022 15:16 UTC
Return-Path: <lassey@google.com>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8942C14CF12 for <secret@ietfa.amsl.com>; Thu, 16 Jun 2022 08:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.609
X-Spam-Level:
X-Spam-Status: No, score=-17.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f84wrjDHcq7o for <secret@ietfa.amsl.com>; Thu, 16 Jun 2022 08:16:42 -0700 (PDT)
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 520CFC14F739 for <secret@ietf.org>; Thu, 16 Jun 2022 08:16:42 -0700 (PDT)
Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-31772f8495fso16102707b3.4 for <secret@ietf.org>; Thu, 16 Jun 2022 08:16:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nJTrxDEhCT825qxgKnPl4zFJdPy+iaEORdj4NQHb4m4=; b=Jj8qjbmMwqBJg1EchIpwKV+trgvG9rAAWJ4rZQNFs8EKiglTvcxRQOVIhGKJKl3s5N H76+LFL+ER+JxZ6lBx+IjcOYZ9J/vn6lzbvSQ/t14oqO/s+wXxkkVW+dpHDeErCvEcSK XD2PXTmKQjNTFAIGermL9425KytW9SwEQXPIO878dXEbiPMJ2EWAEOJ5kPG9vVsLeS8T B3XtonUsXcH5pm6GDEH0y652JTER/5Jc6KsVmFpRKrDUDY0dAZCSNWtoV7Ivw9sK+CBb 1g6zJliUpdwYHxK3zluY4phM8MUSWHP1WrACc64sLyOHjce73njoa7yBzcske2/gsMwo vMig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nJTrxDEhCT825qxgKnPl4zFJdPy+iaEORdj4NQHb4m4=; b=zLpA5WrEmqINdx2D62tSRIaBJ83TxIW3xlgSB5bJyz/Ux5b4Tz93bZ8FfLwmkiAm4J HEVhQQrPD1HDcHK2o1VBAdSAft5QtmZM1C5KGqwbm6rbrvNclJK/Ykdka2BLlH9dgm7D GZWLc71bFtjYKVxy7dCPEA2hGk8SGYkS1Tssk2Z5GLmVh/2xlElcv71G/jDZ7B6nRhPk gMmxLX1mqVEY5Kdei0fIae5/xgIctyxlN4GRKQBviAM+YEQugWNqk8Tgli3JoO+8GL24 d5pl0T8ffgLzs1d/oWB0h5DBjmAbY6zcXVkmrvdYkeO+JRlc15FJSfXYnRYuxvSsCZiV I6fg==
X-Gm-Message-State: AJIora9qePDkujWpe/rwvk6TiHxng8kulbVHrWcKzL0HhX0oIyucsddb hSHrqN2N2r5698gb8r9ltlL5hnYdibZ/FOkTA6SNag==
X-Google-Smtp-Source: AGRyM1vahPDeA3epGu5n0afZ+RBHNXPDJSrKwyvNzbi5CA4SOkmQ0GqZCXeYJnITTVw3U8J7GX6smBYnazUgMavugqw=
X-Received: by 2002:a81:1047:0:b0:313:b541:72a1 with SMTP id 68-20020a811047000000b00313b54172a1mr5964136ywq.314.1655392601072; Thu, 16 Jun 2022 08:16:41 -0700 (PDT)
MIME-Version: 1.0
References: <BN2P110MB1107927315F65D68D266C26EDCAA9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAA1-vB37_fiLuUEkfM+eL8Rh6MOoaYNCXt-yoR2h8k53FTnQcw@mail.gmail.com>
In-Reply-To: <CAA1-vB37_fiLuUEkfM+eL8Rh6MOoaYNCXt-yoR2h8k53FTnQcw@mail.gmail.com>
From: Brad Lassey <lassey@google.com>
Date: Thu, 16 Jun 2022 11:16:03 -0400
Message-ID: <CALjsk17BKUHf3xuVbfBiMZ4VWFBKswZT+29VUHU6YmWWZqOwYQ@mail.gmail.com>
To: Prachi Jain <prachi.jain1288@gmail.com>
Cc: Roman Danyliw <rdd@cert.org>, "secret@ietf.org" <secret@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f3c49805e1921f0d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/8V6maQDm-z0Urp6X0BnUwl55kf4>
Subject: Re: [Secret] Call for consensus on updated charter
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2022 15:16:44 -0000
I support the charter and I'm willing to review WG drafts. We (Google) are planning on implementing these drafts. -Brad On Thu, Jun 16, 2022 at 9:39 AM Prachi Jain <prachi.jain1288@gmail.com> wrote: > I support the charter and am willing to help with it. > > 1) Do you support the charter text? Or do you have objections or blocking > concerns (please describe what they might be)? > Yes and no concerns > If you do support the charter text: > (2) Are you willing to author or participate in the developed of the WG > drafts? yes > (3) Are you willing to review the WG drafts? yes > (4) Are you interested in implementing the WG drafts? yes > > > -Prachi > > On Tue, Jun 14, 2022 at 5:24 PM Roman Danyliw <rdd@cert.org> wrote: > >> Hi! >> >> In February 2022, the virtual SECRET BOF was convened [1]. We had a >> robust discussion on the scope of work and an initial charter presented -- >> see the minutes [2]. Polling of the BoF participants showed a healthy >> consensus on understanding of the problem and interest to solve it in the >> IETF. There also appeared to be a critical mass of energy to do this work. >> >> The BoF feedback and subsequent AD review pointed to a few places for >> refinement to the charter, to include changing the proposed name of the >> WG. That version is included below for your review. >> >> The participants in the BoF showed consensus to proceed with chartering a >> WG. Now with a revised charter, I'd like to continue this BoF conversion >> with an email thread to gauge interest to forming a WG to ensure we also >> capture views from those who were unable to attend the BoF or those who >> want to reiterate their positions. Please respond to the list: >> >> (1) Do you support the charter text? Or do you have objections or >> blocking concerns (please describe what they might be)? >> >> If you do support the charter text: >> (2) Are you willing to author or participate in the developed of the WG >> drafts? >> (3) Are you willing to review the WG drafts? >> (4) Are you interested in implementing the WG drafts? >> >> If you previously spoke of at the BoF, you are welcome to repeat yourself >> here. >> >> If you have been following along on the mailing list, the charter text >> below is the one that was being polished in GitHub ( >> https://github.com/dimmyvi/secure-credential-transfer/blob/main/charter.md) >> with the milestones moved to the end. >> >> This call for feedback will end on Monday, June 27. >> >> Thanks, >> Roman >> >> [1] >> https://datatracker.ietf.org/meeting/interim-2022-secret-01/session/secret >> [2] >> https://datatracker.ietf.org/meeting/interim-2022-secret-01/materials/minutes-interim-2022-secret-01-202202100900-00.html >> >> ==[ snip ]== >> WG Name = TIGRESS ("Transfer dIGital cREdentialS Securely") >> >> There are many situations in which it is desirable to transfer a copy of >> a digital credential to another person. For example, you may want to >> provide access to your vehicle to a friend or a family member. You may also >> want to provide access to your home to your cat sitter. Or, you may want to >> transfer a copy of a hotel key to your spouse. Today, no such standardized >> method exists in a cross-platform, credential type-agnostic capacity. >> >> The WG charter includes the definition and standardization of a protocol >> that will facilitate such credential transfers from one person's device to >> another person's device. The protocol will leverage a "relay server" to >> transfer data from sender to recipient. The scope of the transfer is >> limited to a single origin device and a single destination device. Note >> that neither private keys nor secret symmetric keys present on the sender's >> device are exchanged during the transfer operation. In the transfer >> protocol, the "credential" being transferred from sender to recipient >> comprises data both necessary and sufficient for the recipient to exchange >> with the credential authority for new digital key material granting the >> recipient a subset of the sender's capabilities or entitlements. >> >> Privacy goals include: >> * The relay server should not see sensitive details of the share >> * The relay server should not be able to provision the credential itself, >> acting as an intermediary for the recipient (person-in-the-middle, >> impersonation attack) >> * Aside from potentially the IP address, the relay server should not >> learn the identity of the sender or receiver >> >> Sufficient security measures should be embedded in the protocol in an >> effort to: >> * Ensure only the intended recipient is able to provision the credential >> * Ensure the credential can only be provisioned once (anti-replay) >> * Ensure the sender has intent to share (proof of the fact that the share >> initiation is attributed to a valid device and a user) >> >> The solution the WG comes up with must: >> * Allow a sender to initiate a share and define a relay server >> * Allow a recipient to view the share request, and provision the >> credential associated with the share upon receipt >> * Allow opaque message content based on the credential type (the protocol >> should be able to carry various types of credentials) >> * Allow sender device and receiver device to perform multiple round trip >> communications within a limited time frame. >> * Support a variety of types of credentials, to include those adhering to >> public standards (e.g., Car Connectivity Consortium) and proprietary (i.e., >> non-public or closed community) formats >> * Allow opaque message content based on the credential type >> >> Out of scope topics for the WG are: >> * Defining the mechanism the receiver will use in order to provision the >> credential with the credential authority >> * The User Interface (UI) that is displayed to the sender or receiver >> during sending or receiving - this will depend on the device OEM's UI and >> HI guidelines. >> * Defining the format or content of each field within the encrypted data >> (i.e., the provisioned credentials and associated information) stored on >> the relay server. >> >> The WG will deliver a protocol to facilitate secure credential transfer. >> The WG must consider all Privacy and Security considerations in an effort >> to perform the credential transfer in a secure manner. The protocol will >> use appropriate cryptographic mechanisms to protect the transferred >> credentials in accordance with the security and privacy goals described >> above. >> >> Planned Deliverables: >> >> 2022-12: WG adoption of the secure credential transfer protocol >> 2023-12: Submit secure credential transfer protocol to the IESG for >> publication >> ==[ snip ]= >> >> -- >> Secret mailing list >> Secret@ietf.org >> https://www.ietf.org/mailman/listinfo/secret >> > -- > Secret mailing list > Secret@ietf.org > https://www.ietf.org/mailman/listinfo/secret >
- [Secret] Call for consensus on updated charter Roman Danyliw
- Re: [Secret] Call for consensus on updated charter Tommy Pauly
- Re: [Secret] Call for consensus on updated charter Prachi Jain
- Re: [Secret] Call for consensus on updated charter Brad Lassey
- Re: [Secret] Call for consensus on updated charter Michael Richardson
- Re: [Secret] Call for consensus on updated charter Roman Danyliw