IETF Logo Mail Archive

Re: [therightkey] Draft charter for a Transparency Working Group

Lucy Lynch <lynch@isoc.org> Wed, 11 December 2013 22:18 UTC

Return-Path: <lynch@isoc.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9170F1AE0DC for <therightkey@ietfa.amsl.com>; Wed, 11 Dec 2013 14:18:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8_jgI_e-1da for <therightkey@ietfa.amsl.com>; Wed, 11 Dec 2013 14:18:50 -0800 (PST)
Received: from hans.rg.net (hans.rg.net [IPv6:2001:418:1::42]) by ietfa.amsl.com (Postfix) with ESMTP id 196D11ADDD2 for <therightkey@ietf.org>; Wed, 11 Dec 2013 14:18:50 -0800 (PST)
Received: from hiroshima.bogus.com (hiroshima.bogus.com [IPv6:2001:418:1::80]) (authenticated bits=0) by hans.rg.net (8.14.7/8.14.7) with ESMTP id rBBMIMP7008734 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 Dec 2013 22:18:22 GMT (envelope-from lynch@isoc.org)
Date: Wed, 11 Dec 2013 14:18:22 -0800
From: Lucy Lynch <lynch@isoc.org>
X-X-Sender: llynch@hiroshima.bogus.com
To: Warren Kumari <warren@kumari.net>
In-Reply-To: <937401BC-9270-45D9-AD3E-FC7656439C14@kumari.net>
Message-ID: <alpine.BSF.2.00.1312111418040.21206@hiroshima.bogus.com>
References: <52A89F9F.70604@cs.tcd.ie> <10229F86C86EB444898E629583FD4171EDEAB12A@PACDCEXMB06.cable.comcast.com> <CABrd9SRhqCfH8GNu7Z-+_6ZSkRSyj7v+=qM+orYZLmJpsqq5OQ@mail.gmail.com> <937401BC-9270-45D9-AD3E-FC7656439C14@kumari.net>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Wed, 11 Dec 2013 14:19:39 -0800
Cc: Jason Livingood <Jason_Livingood@cable.comcast.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Ben Laurie <benl@google.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [therightkey] Draft charter for a Transparency Working Group
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: lynch@isoc.org
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2013 22:18:52 -0000

On Wed, 11 Dec 2013, Warren Kumari wrote:

>
> On Dec 11, 2013, at 1:29 PM, Ben Laurie <benl@google.com> wrote:
>
>> On 11 December 2013 17:44, Livingood, Jason
>> <Jason_Livingood@cable.comcast.com> wrote:
>>> I totally understand the problem statement. But what concrete things can
>>> you enumerate as goals/output of the WG?
>>
>> I already did enumerate the one current output: RFC 6962-bis.
>>
>> Other interesting targets include DNSSEC transparency, email-to-key
>> mappings and binary transparency. All implicitly already in the
>> charter.
>>
>
> I’m in — I think that there is still much work / firming up the “charter” needed, but the effort seems useful and needed.
> W

Count me in as well -

Lucy

>>>
>>>
>>> Jason
>>>
>>> On 12/11/13, 12:23 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>>>
>>>>
>>>> Thanks Ben,
>>>>
>>>> So folks know what we're thinking and in case all the
>>>> process gibberish isn't clear to you all...
>>>>
>>>> Sean and I like the idea of doing this, and the more that
>>>> it seems to get broader support, the more we'll like it.
>>>>
>>>> Since there was already a BoF on this back at IETF-85 [1]
>>>> that concluded this was work that's relevant to do in
>>>> the IETF, we're thinking that if a crisp enough charter
>>>> can be crafted on this list then this wouldn't need another
>>>> BoF but would be ok to just be pushed into the IESG/IETF
>>>> approval process.
>>>>
>>>> What that means is that when Sean and I think we have a
>>>> good enough charter draft, then we'll put that into the
>>>> datatracker and the IESG will do an IESG-internal review
>>>> to decide if its ready to be sent out for IETF review.
>>>> If/when the IESG are ok with that going for IETF-wide
>>>> review then a mail will go to the IETF discuss list so's
>>>> anyone can comment on the proposed new WG. Then the IESG
>>>> get to look at it again, and any comments we've gotten,
>>>> and approve the new WG or not. Charter text tweaks can
>>>> be expected at each stage.
>>>>
>>>> All going well, that could result in a new WG for this
>>>> being formed early in the new year, before IETF-89
>>>> with the WG having a first f2f meeting there presumably.
>>>>
>>>> So please comment on Ben's text and the above with that
>>>> in mind. I assume Ben will hold the pen on draft charter
>>>> text and update that as comments are received.
>>>>
>>>> And please use this list for now, since this is the
>>>> one we used for RFC 6962 so probably has the right
>>>> people. When/if we form a WG we can make a new list
>>>> or use this one if folks prefer that.
>>>>
>>>> Thanks,
>>>> S.
>>>>
>>>> [1] http://www.ietf.org/proceedings/85/certrans.html
>>>>
>>>> On 12/11/2013 04:55 PM, Ben Laurie wrote:
>>>>> Who's in?
>>>>>
>>>>> "Problem statement: many Internet protocols require a mapping between
>>>>> some kind of identifier and some kind of key, for example, HTTPS,
>>>>> SMTPS, IPSec, DNSSEC and OpenPGP.
>>>>>
>>>>> These protocols rely on either ad-hoc mappings, or on authorities
>>>>> which attest to the mappings.
>>>>>
>>>>>
>>>>> History shows that neither of these mechanisms is entirely
>>>>> satisfactory. Ad-hoc mappings are difficult to discover and maintain,
>>>>> and authorities make mistakes or are subverted.
>>>>>
>>>>>
>>>>> Cryptographically verifiable logs can help to ameliorate the problems
>>>>> by making it possible to discover and rectify errors before they can
>>>>> cause harm.
>>>>>
>>>>>
>>>>> These logs can also assist with other interesting problems, such as
>>>>> how to assure end users that software they are running is, indeed, the
>>>>> software they intend to run.
>>>>>
>>>>>
>>>>> Work items: Specify a standards-track mechanism to apply verifiable
>>>>> logs to HTTP/TLS (i.e. RFC 6962-bis).
>>>>>
>>>>>
>>>>> Discuss mechanisms and techniques that allow cryptographically
>>>>> verifiable logs to be deployed to improve the security of protocols
>>>>> and software distribution. Where such mechanisms appear sufficiently
>>>>> useful, the WG will re-charter to add relevant new work items."
>>>>> _______________________________________________
>>>>> therightkey mailing list
>>>>> therightkey@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/therightkey
>>>>>
>>>>>
>>>> _______________________________________________
>>>> therightkey mailing list
>>>> therightkey@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/therightkey
>>>
>> _______________________________________________
>> therightkey mailing list
>> therightkey@ietf.org
>> https://www.ietf.org/mailman/listinfo/therightkey
>>
>
>

v2.23.0 | Report a Bug | By Email