July 1992 Boston Trusted X minutes

mark@trident.att.com Wed, 05 August 1992 16:54 UTC

Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa06287; 5 Aug 92 12:54 EDT
Received: from wdl1.wdl.loral.com by NRI.Reston.VA.US id aa19135; 5 Aug 92 12:54 EDT
Received: by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA27550; Wed, 5 Aug 92 09:11:17 -0700
Received: from att-out.att.com by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA27544; Wed, 5 Aug 92 09:11:15 -0700
Message-Id: <9208051611.AA27544@wdl1.wdl.loral.com>
From: mark@trident.att.com
Date: Wed, 5 Aug 92 12:05 EDT
X-Mailer: Mail User's Shell (6.5.6 6/30/89)
To: att!tsig@wdl1.wdl.loral.com
Subject: July 1992 Boston Trusted X minutes
Sender: tsig-request@wdl1.wdl.loral.com

>>> Submissions to the tsig list: tsig@wdl1.wdl.loral.com
>>> Additions/deletions/questions: tsig-request@wdl1.wdl.loral.com
>>> Archive Server: listserv@wdl1.wdl.loral.com
Minutes from July 1992 TSIG X Windows Working Group ("trustedx"), Boston MA


Charles Blauner, Bellcore
Ed Cande, DEC
Al Hoover, ANS
Mark Smith, AT&T Bell Labs, chair & notes

The current thinking on secure X is divided into two separate approaches:

1.  The establishment of a core security policy derived from prior vendor

Vendors are still reluctant to publish their policies, although there
are signs that some will soon be published.  Inasmuch as there are no
current proposals in this area, no further discussion on this approach
was offered at the meeting.

2.  The abstraction of the security policy via a policy-free protocol.

The key here is the construction of a mechanism
for security-cognizant applications to determine what the security
policy is.  We briefly discussed the "RequestPolicy()" proposal (distributed
via email shortly before the meeting), which
allows a client to probe specific points of the policy, and agreed that
the approach is promising but that a proof of concept is needed.


The Boston TSIG X working group was not well attended.  For that
reason little progress was made other than the discussion on RequestPolicy()
above.  We need vendor support, especially in the form of new proposals
for (1) above, although more work in area (2) is very welcome also.

We need to have an idea of the attendees for the next TSIG meeting
in Minneapolis so that we can judge whether another "cooling off
period" is required.  Please let me or Mark Christianson know fairly
soon whether you'll be attending the next meeting.  I would like
to know whether this low attendence was an aberration or not.

Mark Smith