Trusted Sessions Working Group Minutes 9/24/92
"Doug Barlow, ZSO; (DTN)548-8552" <barlow@decwet.enet.dec.com> Mon, 28 September 1992 21:06 UTC
Received: from NRI.RESTON.VA.US by IETF.NRI.Reston.VA.US id aa17605; 28 Sep 92 17:06 EDT
Received: from wdl1.wdl.loral.com by NRI.Reston.VA.US id aa26968; 28 Sep 92 17:10 EDT
Received: by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA19056; Mon, 28 Sep 92 13:16:01 -0700
Received: from enet-gw.pa.dec.com by wdl1.wdl.loral.com (5.65a/WDL-3.12) id AA19050; Mon, 28 Sep 92 13:15:45 -0700
Received: by enet-gw.pa.dec.com; id AA14968; Mon, 28 Sep 92 13:14:26 -0700
Message-Id: <9209282014.AA14968@enet-gw.pa.dec.com>
Received: from decwet.enet; by decwrl.enet; Mon, 28 Sep 92 13:14:31 PDT
Date: Mon, 28 Sep 1992 13:14:31 -0700
From: "Doug Barlow, ZSO; (DTN)548-8552" <barlow@decwet.enet.dec.com>
To: tsig@wdl1.wdl.loral.com
Apparently-To: tsig@wdl1.wdl.loral.com
Subject: Trusted Sessions Working Group Minutes 9/24/92
Sender: tsig-request@wdl1.wdl.loral.com
================================================================== >>> Submissions to the tsig list: tsig@wdl1.wdl.loral.com >>> Additions/deletions/questions: tsig-request@wdl1.wdl.loral.com >>> Archive Server: listserv@wdl1.wdl.loral.com ================================================================== Minutes of the Trusted Sessions Working Group September 22-24, 1992 Minneapolis, Minnesota Since the appointed chair, Julie LeMoine (Mitre), was unable to attend, Doug Barlow (Digital) acted as Chairperson pro tem. In attendance at this meeting were the following: Dick Newton Harris CSD (703)448-5425 rnewton@csd.harris.com Stan Wisseman Oracle Corp (415)506-2621 swissema@oracle.com Paul Vazquez DIA/DSDIA (703)284-0795 vazquez@dockmaster.ncsc.mil John Adams SecureWare (404)315-6296 adams@sware.com Jim Hurley Sun Mirco Federal (408)276-1229 hurley@EBay.sun.com Dan Vukelich Mitre (617)271-2943 dfv@mbunix.mitre.org Doug Barlow Digital (206)562-8552 barlow@decwet.enet.dec.com Teodora Ngo Sun Micro Federal (408)276-3204 pingn@EBay.sun.com Narayan Makaram Amdahl Corp (408)737-5657 rayan@uts.amdahl.com Bill Middlecamp Cray (612)894-7499 wjm@cray.com Joe Thompson IBM Federal Systems Co (301)240-7303 thompsnj@wmavm7.vnet.ibm.com The minutes from the last meeting were reviewed and approved. Paul Vazquez noted that several DIA RFQ's have gone out specifying DNSIX V2.1, so that his comment at the last meeting, that there were no V2.1 installed sites with which DNSIX V3.0 needed to be backwards compatible, was no longer true. Hence the original requirement that DNSIX V3.0 be backwards compatible with DNSIX V2.1 remains a requirement. We reviewed outstanding homework. Bill Griffeth (USL) had completed the requested edits to the Framework Document and submitted it to the TSIG archive. John Adams had also completed the requested edits to the MaxSix Proposal for DNSIX Profile. Julie LeMoine was not present to report on her progress with the Auditable Events List and IETF working group draft charter. A homework item, a survey of privileges available on the known trusted system platforms, has been incomplete for several meetings, as the designated responsible individual has not been attending. The purpose of the homework item, to help clarify our understanding of how to map privilege sets between heterogeneous trusted systems, was reviewed. The group felt the work was important to continue, and Paul Vazquez and Stan Wisseman volunteered to do the work. Paul will provide a survey of CMW's, and Stan will survey non-CMW systems. It was noted that code used to be available from Mitre that provided the interpretations of the DNSIX encodings file. Paul Vazquez pointed out that several holes had existed in that code, and that it was no longer being distributed. However, the DIA had no objections to people who still had copies passing it along. Paul will also check into whether or not code updated for the DNSIX V2.1 encodings file will be made available. As an assignment from the opening TSIG plenary, the Trusted Sessions group discussed their plans for future IETF involvement. Judging from the response to the presentation on trusted sessions given to the IETF Security Area Advisory Group at the last joint meeting, the trusted sessions group felt that it would be very unlikely that a session-level security protocol would fall within the IETF security architecture, and that even getting an IETF charter approved would be difficult. Since the purpose of TSIG was to provide simple interoperability, the group did not feel it necessary to push our work into the standards track at this time. The group is interested in the new IETF Prototype RFC status for documents, and will consider going this route when the method of submitting such a thing into IETF becomes clear. The group also felt that it would be a good idea for future documents to conform to the IETF RFC format (RFC 1111). Also, the group supported the suggestion that TSIG form its own document registry for completed working group documents. This removed the outstanding homework assignment to Julie LeMoine to write a Draft IETF Charter. Dan Vukelich pointed out that the name of our working group (trusted SESSIONS) conjures up pictures of soaring OSI towers, and is likely to inflame IETF participants even before any content is presented. He suggested a different approach, such as defining our work as a trusted application library providing secured communication services. We decided not to change our name within TSIG, but took his advice under consideration for when and if we release our work as IETF Prototype RFCs. Having finished the old business, TSWG enumerated the options for new business, and prioritized them. The options, their priorities, and resulting discussions were as follows: 1. Help other groups to use Trusted Sessions (priority undecided). While this sounded good, there was concern that we'd decided not to pursue IETF membership, but at the time, every other TSIG working group except Trusted X Windows was also an IETF working group. It would be unlikely that they would be able to depend on a non-IETF protocol for their operation. We decided that a discussion with the Trusted Admin group was in order. 2. Move existing applications such as rsh, telnet, etc., onto trusted sessions in such a way as to ensure interoperability (priority undecided). The possibility of looking at SNMP was also discussed. The group suggested that an Application Developers' Guide be a part of any TSIG Architecture Document. 3. Gain an understanding and solve the privilege bit mapping issue (high priority). Any work on this depends on the Privilege Mapping Survey, discussed above. The POSIX.6 work may make a good base for a minimal supported set. 4. Gain an understanding and solve the outstanding token mapping issues (high priority). The problems included adding support for token multicast, and authenticating the token mapping service. The group felt that either moving to a central token server, or else moving to sender-based tokens would help with the multicast issue. However, it was noted that trying to support both sender- and receiver- based tokens for backwards compatibility made it difficult to resolve which of the schemes was being used at the time, resulting in possible token ambiguity. 5. Examine the issues surrounding multicast (high priority). The problems with this included token multicast, discussed above, and also authentication multicast. The group agreed that they did not want to develop a new authentication scheme that supported multicast. 6. Begin work on the TSIG Architecture Framework (medium priority). 7. Develop MIB definitions for the trusted sessions protocols (low priority). The group felt this was important, but had no idea how to do it. We decided that we would talk with the Trusted Admin group about this as well. 8. Work on the DNSIX V4.0 Profile (high priority). It was noted that all the previous high priority items (numbers 3, 4, & 5) fell under this topic. The following morning, the TSWG met jointly with the Trusted Admin working group. The issues we identified for discussion, and their outcome, are as follows: 1. TSWG needs help with our directions for what to manage and how to manage it. Management includes both setting operational parameters and getting operational statistics, simply referred to as `instrumentation'. The TAWG were currently investigating SNMP MIB definitions for hosts, users, and audit. They will help us define MIBs for our work if we can decide what we need managed. 2. The TSWG recognized that we were not the only group who would have problems with privilege set mappings, and wanted to hear the concerns the TAWG might have, and try and coordinate our work to ensure that multiple incompatible solutions did not come out of TSIG. TAWG agreed that it was a problem, but TSWG had gotten further in understanding the problem. 3. What are TAWG's needs and expectations from TSWG? This flowed from the previous discussion, that common issues need to be raised to the group. It's OK for one group to work on a solution, but the other groups should be apprised through the plenary of the activity and progress in order to coordinate TSIG-wide concerns. With that, the TSWG settled down into working on the DNSIX V4.0 Profile. The list of identified issues to be solved was: o Which authentication mechanism to use by default. o Authenticating the token mapping. o Multicast/Broadcast message issues (tokens, authentication). o MIB definitions. o Cross-DoI token resolution. The group then set out to identify a list of possible goals in order to focus the work. We reviewed previous and planned versions of DNSIX, and built on that. DNSIX V2.1 provides: o Sensitivity Labeling in the IP header o Session management o Common audit formats DNSIX V3.0 adds: o Token Mapping o Attribute modulation o Common API Possibilities for DNSIX V4.0: o An XTI-based API o System and User authentication o Privacy and/or integrity options on labels and data o Better label range controls o Broadcast/Multicast support on tokens o Authenticated token resolution o CIPSO migration o MIB definitions It was agreed that a simple approach would be to take the attribute modulation labels used in DNSIX V3.0 and use them in the label field provided by TREES. This would maintain backwards compatibility for labels, and provide the system and user authentication. TSWG didn't mind writing up a simple profile describing how to combine work from other documents, but balked at writing the entire DNSIX V4.0 specification. We suggested that that might be a better job for Mitre. Paul Vazquez will look into it. We added the working DNSIX V4.0 profile to the TSWG numbering system, and at the same time, corrected the title of TSIG-TSESS-3. In addition, although the TSIG-TSESS-6 document is the minutes from the January `92 meeting, we agreed that minutes are not appropriate documents to be placed in the numbering registry. So, the complete registry at this time is: Document Title Author ---------------- ---------------------------------- ------------- TSIG-TSESS-1-1.2 TSIG Framework for Trusted Session Protocols Bill Griffeth TSIG-TSESS-2-1.1 TSIG Commercial Multi-level Distributed Security Profile Doug Barlow TSIG-TSESS-3-1.1 MaxSix Proposal for DNSIX V3.0 Profile Perry Flynn TSIG-TSESS-4-1.0 Trusted Realm Environment Exchange Service (TREES) Doug Barlow TSIG-TSESS-5-1.0 TSIG Auditable Events for Trusted Sessions Julie LeMoine TSIG-TSESS-6-1.0 Minutes of January 1992 TSWG Meeting Bill Griffeth TSIG-TSESS-7-1.0 TSIG DNSIX V4.0 Security Profile Doug Barlow Finally, the group unanimously reaffirmed Julie LeMoine as the group chair based solely on her outstanding performance to date.
- Trusted Sessions Working Group Minutes 9/24/92 Doug Barlow, ZSO; (DTN)548-8552